> Build faster. Test smarter. Hack ethically.
// Welcome to the nexus of innovation and security.
const mission = 'To craft open-source tools that empower security professionals and developers worldwide.';
const motto = 'Sniff the weak, strike with precision.';
function explore() {
return 'Dive into our projects and blog posts below.';
}
Explore Our Work
Forging the future of cyber security, one tool at a time.
HyperGod-X, led by Neeraj Sah (nxneeraj), is a collective focused on developing high-performance, open-source tools for the cyber security community. Our projects are born from real-world needs in security research, red teaming, and bug bounty hunting.
We blend speed, clarity, and beautiful design to simplify complex security tasks. Our mission is to empower developers, security professionals, and enthusiasts with tools that are not only powerful but also a pleasure to use.
> Keep Moving Forward
Hx-H.A.W.K.S - High Accuracy Web Keywords Scanner
-------------------------------------------------
"Scan. Detect. Dominate."
A high-performance CLI and API-based tool built for security researchers, red teamers, and bug bounty hunters. It scans thousands of URLs, searches for specified keywords in the HTTP responses, and detects possible vulnerability footprints.
██╗ ██╗██╗ ██╗ ███████╗ ██████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗
██║ ██║╚██╗██╔╝ ██╔════╝██╔════╝██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██╗
███████║ ╚███╔╝█████╗ ███████╗██║ ███████║██╔██╗ ██║██╔██╗ ██║█████╗ ██████╔╝
██╔══██║ ██╔██╗╚════╝ ╚════██║██║ ██╔══██║██║╚██╗██║██║╚██╗██║██╔══╝ ██╔══██╗
██║ ██║██╔╝ ██╗ ███████║╚██████╗██║ ██║██║ ╚████║██║ ╚████║███████╗██║ ██║
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝
A powerful and futuristic HTTP status code scanner that takes a list of IPs or URLs and classifies their responses into structured folders and files. Designed for speed, clarity, and beauty.
An intelligent tool written in Go to split, shorten, and fuzz URLs for automation, testing, and security purposes. Automate recon, parameter manipulation, and payload injection quickly and effectively.
Insights, tutorials, and announcements from our team.
Oct 15, 2025
Discover Hx-H.A.W.K.S, an ultra-fast, concurrent vulnerability scanner written in Go. Learn how it scans thousands of URLs for specific keywords, detects vulnerability footprints, and provides customizable, color-coded output for efficient analysis.
Sep 28, 2025
HyperScanner (hxscanner) revolutionizes HTTP response analysis. This post explores its powerful features, including organized output based on status codes, detailed logging, and the integrated CORS misconfiguration checker.
Sep 10, 2025
Unleash the power of URL manipulation for security testing. URLShort intelligently splits, varies, and appends payloads to URLs, creating a massive list of test cases for fuzzing, XSS, IDOR, and path traversal vulnerabilities from a simple input file.
Open-source tools built for the community.
High-Accuracy Web Keywords Scanner. A high-performance CLI and API-based tool to find vulnerability footprints in web responses.
Learn More →A powerful HTTP status code scanner that organizes responses into structured folders and includes a CORS vulnerability checker.
Learn More →Advanced URL shortener and parameter generator for creating fuzzing vectors, testing for XSS, IDORs, and more.
Learn More →Have a question, suggestion, or want to collaborate?
High Accuracy Web Keywords Scanner
Hx-H.A.W.K.S - High Accuracy Web Keywords Scanner
-------------------------------------------------
"Scan. Detect. Dominate."
Hx-H.A.W.K.S is a high-performance CLI and API-based tool built for security researchers, red teamers, and bug bounty hunters. It scans thousands of URLs, searches for specified keywords in the HTTP responses, and detects possible vulnerability footprints. All with color-coded terminal output, powerful concurrency options, and customizable formats.
“Scan. Detect. Dominate.”
Hx-H.A.W.K.S is a high-performance CLI and API-based tool built for security researchers, red teamers, and bug bounty hunters. It scans thousands of URLs, searches for specified keywords in the HTTP responses, and detects possible vulnerability footprints. All with color-coded terminal output, powerful concurrency options, and customizable formats.
Make sure you have Go installed. Then install Hx-H.A.W.K.S using:
| Flag | Description |
|---|---|
-f <file> | Input file of URLs (one per line) |
--ck "<k1>,<k2>" | Comma-separated keywords |
--ck "<k1>,<k2>" | Comma-separated keywords to check for |
-o <file> | Plain text output (vulnerable URLs only) |
-o-json <file> | Save vulnerable data as JSON |
-o-response <file> | Save response with each vulnerable URL |
-o-all <file> | Save all data (safe + vulnerable) |
-o-all-json <file> | JSON output with metadata, IP, status |
--threads <num> | Goroutines to use (default 10) |
--threads <num> | Number of goroutines to use (default 10) |
--timeout <s> | Timeout per URL (default 5s) |
--delay <ms> | Delay between requests |
--api | Enable API server mode |
--port <num> | Set custom API port (default 8080) |
--verbose | Print all scanning details |
Start the server with your desired scan parameters:
| Endpoint | Method | Description |
|---|---|---|
/scan/start | POST | Start new scan (JSON payload) |
/scan/status/{jobID} | GET | Get scan progress |
/scan/result/{jobID} | GET | Get full results |
/scan/stream/{jobID} | GET | Real-time events via SSE |
# Basic keyword scan
hx-hawks -f urls.txt --ck "admin,password"
# Save matched responses
hx-hawks -f urls.txt -o-response match.txt --ck "error,flag{"
# API mode on port 9000
hx-hawks --api -f urls.txt --ck "sql,injection" --port 9000
IP/Domain/URL Scanner with CORS Check
██╗ ██╗██╗ ██╗ ███████╗ ██████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗
██║ ██║╚██╗██╔╝ ██╔════╝██╔════╝██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██╗
███████║ ╚███╔╝█████╗ ███████╗██║ ███████║██╔██╗ ██║██╔██╗ ██║█████╗ ██████╔╝
██╔══██║ ██╔██╗╚════╝ ╚════██║██║ ██╔══██║██║╚██╗██║██║╚██╗██║██╔══╝ ██╔══██╗
██║ ██║██╔╝ ██╗ ███████║╚██████╗██║ ██║██║ ╚████║██║ ╚████║███████╗██║ ██║
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝
HyperScanner is a powerful and futuristic HTTP status code scanner that takes a list of IPs or URLs and classifies their responses into structured folders and files. Designed for speed, clarity, and beauty, HyperScanner simplifies HTTP response analysis with an organized and efficient workflow.
Make sure you have Go 1.19+ installed. Then install HyperScanner using:
Prepare a text file (`ips.txt`) containing a list of IPs or URLs, one per line. Run HyperScanner with:
You can also specify an output directory:
| Option | Description |
|---|---|
-i <file> | Input file with targets (IPs/Domains/URLs), one per line. |
-f <file> | Alias for -i. |
-w <number> | Number of concurrent scanning workers (default: number of CPU cores). |
-w <number> | Number of concurrent workers (default: number of CPU cores). |
-t <duration> | HTTP request timeout (default: 5s). |
-q | Quiet mode: suppress individual results (except errors/warnings). |
--cors | Perform basic CORS vulnerability check on successful targets. |
-h | Show the help message. |
A Futuristic HTTP Status & CORS Scanner
██╗ ██╗██╗ ██╗ ███████╗ ██████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗
██║ ██║╚██╗██╔╝ ██╔════╝██╔════╝██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██╗
███████║ ╚███╔╝█████╗ ███████╗██║ ███████║██╔██╗ ██║██╔██╗ ██║█████╗ ██████╔╝
██╔══██║ ██╔██╗╚════╝ ╚════██║██║ ██╔══██║██║╚██╗██║██║╚██╗██║██╔══╝ ██╔══██╗
██║ ██║██╔╝ ██╗ ███████║╚██████╗██║ ██║██║ ╚████║██║ ╚████║███████╗██║ ██║
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝
HyperScanner is a powerful and futuristic HTTP status code scanner that takes a list of IPs or URLs and classifies their responses into structured folders and files. Designed for speed, clarity, and beauty, HyperScanner simplifies HTTP response analysis with an organized and efficient workflow.
Make sure you have Go 1.19+ installed. Then install HyperScanner using:
Prepare a text file (`ips.txt`) containing a list of IPs or URLs, one per line. Run HyperScanner with:
| Option | Description |
|---|---|
-i <file> | Input file with targets (IPs/Domains/URLs), one per line. |
-f <file> | Alias for -i. |
-w <number> | Number of concurrent scanning workers (default: number of CPU cores). |
-t <duration> | HTTP request timeout (default: 5s). |
-q | Quiet mode: suppress individual results (except errors/warnings). |
--cors | Perform basic CORS vulnerability check on successful targets. |
-h | Show the help message. |
HyperScanner organizes the output beautifully:
output/ ├── 1xx/ │ └── 100.txt ├── 2xx/ │ ├── 200.txt │ └── ... ├── 3xx/ │ └── 301.txt ├── 4xx/ │ └── 404.txt ├── 5xx/ │ └── 500.txt ├── ip_exist.txt ├── ip_invalid.txt ├── log.txt └── cors_detected.txt
Advanced URL Shortener & Parameter Generator
URLShort is a powerful and intelligent tool written in Go to split, shorten, and fuzz URLs for automation, testing, and security purposes. It's built to automate recon, parameter manipulation, and payload injection quickly and effectively. URLShort is a powerful and intelligent tool written in Go to split, shorten, and fuzz URLs for automation, testing, and security purposes. Built with ❤️ by Neeraj Sah to help you automate recon, parameter manipulation, and payload injection — quickly and effectively.
Make sure you have Go installed. Then install URLShort using:
Ensure your $GOPATH/bin is in your system PATH:
| Flag | Description |
|---|---|
-f | Input file with URLs (required) |
-f | Input file with URLs (required) |
-o | Output file to save results |
-x | Delimiters for splitting (e.g., `"=&"`) (default: `=`) |
-p | Enable splitting on path segments (`/`) |
-a | Append a string to each URL variation |
-F | File of strings to append (overrides `-a`) |
-D | Remove duplicate URLs |
-Q | Quiet mode (suppress output) |
-Q | Quiet mode (suppress output, show only final messages) |
-h | Display help message |
Given an input like https://example.com/page?user=admin and a payload, the output will include:
https://example.com/ https://example.com/page? https://example.com/page?user= https://example.com/page?user=admin<script>alert(1)</script> ... and many more variations