neobotnet_

mapping the web from an attacker's view

the web intel platform that organizes the web the way an attacker would.

5
companies
12,000
web servers
500,000
urls
700
vulnerability signals
external url in param200param: redirect_uriDemo
https://auth.example.com/oauth/authorize?client_id=app-1&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&response_type=code
numeric id (short)200param: user_idDemo
https://api.example.com/v2/orders?user_id=4827&status=open
jwt200param: access_tokenDemo
https://app.example.com/dashboard?access_token=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2Mj…

sign in to explore all data

Data → Pre-scanned. Indexed. Filterable.

what is this

neobotnet collects reconnaissance data from companies that run bug bounty programs on HackerOne and Bugcrowd. the goal is to map exposed web infrastructure for security research, following each company's rules of engagement.

how it works

neobotnet runs popular open-source tools to collect subdomains, DNS records, web servers, URLs, and JavaScript bundles. every URL collected is signal-typed and filterable — query by status code, technology, content type, parameter, or vulnerability class. it won't replace your own process if you have one — but it handles the repetitive groundwork so you can skip straight to analysis.

vulnerability signals indexed

Vulnerability signals are URL parameters and values that match patterns commonly tied to security flaws. neobotnet detects them through parameter-name and value-pattern analysis across every URL collected — a parameter named redirect_uri pointing to an external host, a value matching a JWT pattern, a numeric user_id. each is a candidate entry point a researcher can investigate, not a confirmed vulnerability.

available signal types

same taxonomy you'll filter on inside /urls — click a category to see the subtypes

    • uuid (v4)
    • uuid (v1)
    • mongodb objectid
    • numeric id (short)
    • numeric id (snowflake)
    • md5 hash
    • sha-1 hash
    • sha-256 hash
    • sha-512 hash

choose your plan

free

for everyone

$0
forever

See what's been discovered.

  • Browse public programs
  • Subdomains, DNS & HTTP probes
  • 1,337 URL views
pro

for researchers

$16.66/mo
billed $200/year
save $40/year

Pre-scanned. Indexed. Filterable.

  • Vulnerability signals
    • Identifiers (UUID, MongoDB ID, MD5/SHA hashes)
    • Credentials & tokens (JWT, API keys, cloud secrets)
    • Personal data (email, phone, external IP)
    • URLs & assets (cross-domain, redirects, internal targets)
    • Files (config / secret files, path traversal, office docs)
  • Everything in Free
  • Unlimited URL data
  • Submit any public bug bounty program for indexing
  • Full data exports (CSV/JSON)
  • API access (100 req/min)
enterprise

for companies & startups

$166.66/mo
billed $2,000/year
save $400/year

Know what's exploitable.

  • Everything in Pro
  • Confirmed findings
  • On-demand scans for your assets
  • Severity & context for every finding
  • Biweekly / monthly reports
  • Priority scan queue
  • Dedicated support
cancel anytime·secure checkout via stripe

// who's behind this

Built by Sam Paredes — security engineer and perpetual builder.

sam@neobotnet.com

neobotnet 2026