Pre-collected bug bounty recon data so you skip the scanning phase.
Bug bounty hunters and security researchers
Shodan · SecurityTrails · Subfinder
Neobotnet collects intel data from companies on HackerOne and Bugcrowd — subdomains, DNS records, web servers with status codes, indexed/crawled URLs, JS files, and exposed secrets/paths (still building this last part). The data is already there when you need it. No scans to run.
Currently tracking 41 companies, 63,878 web servers, and 1.8M+ URLs.
Long term I want to expand this to startups that depend on cloud infrastructure so they can see what's publicly accessible.
Made a free sample with Capital One's data (and other companies) so you can see what it looks like without signing up: https://freerecon.com
Original Page: https://neobotnet.com
Feedback very welcome.
Pulls together passive sources — crt.sh, Wayback, GitHub search, Shodan and Hunter — into a single HTML+JSON output so you can run recon without touching the target. It isn't reinventing OSINT, but the combination of multi-source subdomain enumeration, built-in WHOIS/JSON export and a ready-to-share dark report plus Docker support makes it an immediately useful tool for quick triage.
Autonomous hunting with Burp MCP integration beats manual recon workflows.
Offline plugin catalog + Semgrep SAST combo saves researchers hours; WordPress ecosystem niche.
Recruits unpaid scouts to source pre-revenue AI startups outside traditional networks.
AI triage and console logs beat Jira's native Issue Collector for context.
Gumroad link to template pack; no actual product shown.
