This is absolutely insane.
The prompt: "Set up a lab for Log4Shell at localhost:8080 and find all nuclei templates for this vulnerability. Use OAST detection to demonstrate the JNDI injection exploit with live callback verification."
Sign up for Neo today π
https://projectdiscovery.io/request-demo
An AI just found a CVE in a library with 1.1 billion downloads.
No human guidance. No custom rules. Neo reviewed Faraday's code, traced the URL logic, and found an SSRF that Snyk and Semgrep both missed.
Read the full breakdown: projectdiscovery.io/blog/how-neo...
Neo Security Engineer is like having a pro hacker in your pocket.
Just ask it what you want, it will download and use the necessary tools to achieve it.
In this video, I just asked Neo to find all subdomains and check which are live.
And, it did.
Did you know Subfinder has a "Deep Mode"? π΅οΈββοΈ
By adding -recursive, you aren't just looking for subdomains; you're looking for subdomains of subdomains.
Give it a try today!π
Got questions about our tools or anything security-related? π
Join our Discord community and ask away!
Weβd love to have you. π
Don't just find subdomains, find out where they came from.
Use the -cs flag to identify the specific source behind every lead and prioritize your targets.π
Your PRs are getting pentested by attackers anyway. Why not test them first?
Neo runs full exploit chains on every pull request:
β’ Real browser sessions
β’ Actual exploit attempts
β’ Proof in PR comments
β’ Verified remediations
See Neo in action β projectdiscovery.io/solutions/pr...
Threat models shouldnβt go stale the moment you ship.
Neo builds living threat models from your architecture + APIs, updates them as code changes, and even validates threats at runtime (with evidence).
projectdiscovery.io/solutions/th...
We just leveled up Neo.
Claude Opus 4.6 is officially here!
Ready to build? projectdiscovery.io/request-demo
πPro-Tip for httpx:
If you are using the screenshot feature, remember that it integrates seamlessly with the rest of the ProjectDiscovery ecosystem.
You can pipe your findings directly into other tools to filter by status code or technology before you even look at a single image.
Stop inspecting every active host manually. Let httpx automate visual checks and capture screenshots, enabling rapid review and deeper analysis at scale.
Ever feel like you're missing something when researching domains? π
You might be! Private TLDs are often overlooked and #tldfinder will help you discover them!
https://github.com/projectdiscovery/tldfinder
PR security reviews werenβt designed for AI-generated code and nonstop merges.
The State of AppSec Report shows why teams are moving beyond static findings and toward runtime proof of exploitability.
Less guessing. Fewer debates. Faster decisions.
projectdiscovery.io/whitepapers/...
Tired of manually managing your security tools?
Meet PDTM the tool that lets you install, update, and uninstall all your project discovery tools with a single command.
β
Get started here: https://github.com/projectdiscovery/pdtm
π We just launched the ProjectDiscovery OSS Bounty Program! Contribute to our open source security tools, get your PRs merged & earn rewards! π₯
Read more π
π projectdiscovery.io/blog/announc...
#OpenSource #BugBounty #Infosec #ProjectDiscovery
Whatβs your biggest AppSec bottleneck right now?
A) too many findings
B) low dev adoption
C) slow remediation / unclear ownership
D) tool sprawl
We cover what teams are doing to fix these in the Neo State of AppSec Report.
π₯ projectdiscovery.io/whitepapers/...
#AppSec #SecurityEngineering
π The State of AppSec Report | Security at Engineering Speed is live: projectdiscovery.io/whitepapers/...
Trying to improve AppSec without slowing dev teams down? This is for you:
β’ trends shaping modern AppSec
β’ whatβs driving noise + delays
β’ practical moves to improve adoption + remediation
Maximize your endpoint discovery by digging into JavaScript files. Using the -jc flag allows you to parse and crawl JS files to find hidden paths and APIs that standard crawls might miss
Use this commandπ
katana -jc -u https://target(.)com
Move beyond simple discovery. Pair Subfinder with httpx to instantly profile your attack surface by extracting tech stacks, status codes, and page titles at scale.
Commandπ subfinder -d target(.)com | httpx -sc -td -title
Reply with your answer! π
ShuffleDNS is a fast Go tool for finding subdomains. It uses brute-force to identify valid targets and automatically filters out messy wildcard results
Commandπ shuffledns -d example(.)com -list wordlist(.)txt -r resolvers(.)txt
-r: Your list of DNS resolvers.
-list: Your subdomain wordlist.
To see Neo in your environment, request a demo: projectdiscovery.io/request-demo
See Neo in action for yourself: neo.projectdiscovery.io/share/79a2dc...
Vuln backlog triage is mostly mechanical. Neo pulls findings, clusters + prioritizes with your context, reproduces in an isolated sandbox, captures evidence, drafts remediation, and updates tickets until closure. See it: projectdiscovery.io
Stop just finding subdomains. Start finding endpoints. πΈοΈ
Recon doesn't end with a list of domains. By piping subfinder and httpx into katana, you can automatically crawl and map out the entire attack surface of a target in seconds.π
#Recon #Katana #Subfinder
Security work doesnβt fit in a 15βminute coding loop. Neo is an AI security copilot that plans + executes longβrunning security tasks (recon, threat modeling, testing, triage) with real tools (browser, terminal, APIs.) See Neo in action: projectdiscovery.io
Hereβs a technical look at discovery methods that adapt over time, including cert-based discovery and recursive subdomain expansion. If youβre doing recon or external asset discovery, this is a solid overview of techniques beyond basic DNS bruteforce.
π projectdiscovery.io/blog/surfaci...
πNaabu + Nmap = Port scan faster and inspect deeper.
Stop wasting time with slow, full-range scans!
Scan a host for open ports and use Nmap to detect the service versions.
Use this π
naabu -host projectdiscovery(.)io -nmap-cli βnmap -sVβ
#naabu #hackwithautomation #portscan
Welcome, 2026!
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
For 2026, the next generation of Attack Surface Management isn't just about seeing more; it's about knowing what's real.
Want to learn why your security strategy needs proof?
β‘οΈ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
