Security Tool Developer

Building recon
tools that find
real bugs.

Solo developer behind the Openxos ecosystem. Open-source reconnaissance tools validated on production infrastructure — finding actual vulnerabilities, not theoretical ones.

View Projects GitHub Org →
openxos — bash
$openxos-ghost -d microsoft.com -o subs.txt
[+] WAF detected: Azure WAF
[+] Found 7 subdomains
$openxos-probe -i subs.txt --fast
[~] Probing 7 targets concurrently...
[✓] 7/7 alive · completed in ~20s
[!] HIGH Source maps exposed
[!] MEDIUM PUT/DELETE/TRACE enabled
[+] Total findings: 36
[✓] Saved → scan.db
0
Active Tools
0
Tests Passing
0
Real Findings
MIT
Open Source
About Me

Who is
Xeyronox

I am a solo security tool developer and bug bounty hunter building the Openxos ecosystem — open-source reconnaissance tools designed for real security research.

Every tool I ship is validated against production infrastructure before release. Tools prove themselves by finding actual vulnerabilities, not demonstrating theoretical capabilities.

My approach mirrors professional red team methodology: surgical initial reconnaissance followed by large-scale analysis executed with precision and efficiency.

RustBug Bounty ReconnaissanceWeb Security API SecurityOSINT Penetration TestingAsync / Tokio SQLite
v0.1.2
Current release across both tools
10+
Production domains tested including Stripe, GitHub, Microsoft, Sentry, Docker
200+
Technology signatures in detection engine
Solo
Independent developer, no corporate backing, MIT licensed forever
Projects

The Openxos
Ecosystem

Two purpose-built tools that work together as a complete reconnaissance pipeline. Each solves a distinct problem in the bug bounty workflow.

👻
v0.1.2RustMIT
Openxos-ghost
github.com/Openxosdev/openxos-ghost

What does it do?

Ghost is your surgical scout. Before any large-scale scan, ghost probes the target to understand its defensive posture — detecting WAFs, identifying safe request patterns, and producing intelligence that tells you exactly how to approach the target without triggering defenses.

  • WAF detection and vendor fingerprinting with evasion strategy recommendations
  • Subdomain enumeration with modern styled output and color coding
  • Safe request pattern identification for downstream tool configuration
  • Professional markdown reports explaining significance of every finding
  • Header rotation and request jitter for stealth operations
  • Multiple export formats: JSON, CSV, TXT for pipeline integration
View on GitHub
🔍
v0.1.2Rust144 tests
Openxos-probe
github.com/Openxosdev/openxos-probe

What does it do?

Probe is your high-volume reconnaissance engine. After ghost establishes safe operational parameters, probe executes comprehensive security analysis across all discovered targets — mapping technology stacks, identifying misconfigurations, detecting vulnerabilities, and discovering API attack surface concurrently.

  • Parallel HTTP/HTTPS probing with async execution and connection pooling
  • Technology detection across 200+ signatures using SIMD-accelerated matching
  • Security headers, cookies, TLS/SSL, and cache analysis
  • Subdomain takeover detection for S3, Heroku, GitHub Pages, GitLab
  • GraphQL introspection, WebSocket, and OpenAPI discovery
  • HTTP method enumeration including dangerous PUT, DELETE, TRACE
  • SSRF vector detection across 23 parameters and 5 internal targets
  • SQLite persistence with continuous monitoring and webhook notifications
2
HIGH
17
MEDIUM
28
LOW

findings across 10 production domains during testing

View on GitHub

Combined Reconnaissance Pipeline

Both tools work together, mirroring professional red team methodology.

openxos-ghost
Scout target, detect WAF, establish safe parameters
openxos-probe
Large-scale analysis using ghost intelligence
Security Findings
Actionable vulnerabilities ready for reporting
# Complete pipeline — discovery to findings
openxos-ghost -d target.com -o subs.txt && openxos-probe -i subs.txt --format json -o results.json
Validation

Real Findings on
Real Infrastructure

Validated against major production targets before release. Confirmed vulnerabilities discovered during testing.

sentry.io
HIGH
Source Maps Exposed
Production deployment exposes webpack source maps, allowing full application source code reconstruction and internal architecture disclosure.
api.stripe.com
HIGH
Security Misconfiguration
Critical security misconfiguration identified in production API infrastructure during systematic reconnaissance analysis.
api.github.com
MEDIUM
Dangerous HTTP Methods
PUT, DELETE, TRACE, and CONNECT methods enabled. Aggressive mode confirmed 9 HTTP methods including all dangerous WebDAV methods.
auth.docker.io
MEDIUM
Sensitive Endpoint Caching
Authentication endpoint responses cached without no-store directive, creating risk of credential caching at intermediary proxies.
microsoft.com
MEDIUM
36 Findings in ~20 Seconds
Complete reconnaissance of 7 microsoft.com subdomains in approximately 20 seconds. 36 security issues identified across multiple severity levels.
grafana.com
LOW
Missing Security Headers
Multiple security headers absent including Content-Security-Policy and Permissions-Policy, indicating security posture improvement opportunities.
Get In Touch

Find Me Online

Follow the Openxos ecosystem for tool updates, new releases, and security research findings.

GitHub Org Openxos-probe Openxos-ghost Instagram