urlX is a high-performance reconnaissance tool designed for bug bounty hunters, penetration testers, and security researchers.
It combines:
- Passive URL discovery from 11+ intelligence sources
- Live host probing (DNS, TCP, TLS, HTTP)
- Active web crawling for hidden endpoints
- Smart file & extension filtering
- Fast, concurrent processing using Go routines
urlX helps you quickly discover attack surface, hidden assets, and live endpoints with minimal setup.
Built for speed, scale, and real-world recon workflows.
Created by Alham Rizvi
- Go 1.19 or higher
- Linux / macOS (Windows supported with Go environment)
- Internet access for passive sources
Verify Go installation:
go versiongo install github.com/alhamrizvi-cloud/urlx@latestMake sure $GOPATH/bin is in your PATH:
export PATH=$PATH:$(go env GOPATH)/binVerify:
urlx -hgit clone https://github.com/alhamrizvi-cloud/urlx.git
cd urlx
go build -o urlx main.goMove binary system-wide (optional):
sudo mv urlx /usr/local/bin/Verify:
urlx -hcurl -sSfL https://raw.githubusercontent.com/alhamrizvi-cloud/urlx/main/install.sh | shdocker build -t urlx .
docker run --rm urlx -hurlX works without API keys, but adding them increases coverage and accuracy.
Supported providers:
- URLScan.io
- AlienVault OTX
- VirusTotal
- GitHub
- Censys
- SecurityTrails
Keys can be passed via CLI flags or environment variables.
This tool is intended only for authorized security testing and legal research.
You are responsible for ensuring you have explicit permission before scanning any target.
Misuse may be illegal.
MIT License – see LICENSE
Pull requests, feature ideas, and source additions are welcome. See CONTRIBUTING.md.
If you find urlX useful, please consider giving it a ⭐ on GitHub.
👉 https://github.com/alhamrizvi-cloud/urlx
Built with ❤️ by Alham Rizvi Happy Hunting 🎯