- AWS Route53 - This task hits the Route53 API for enumerating Dns Records for

1. - AWS Route53 - This task hits the Route53 API for enumerating Dns Records for a specific domain
2.  
3. - Cloudflare Zones - This task hits the Cloudflare API for a domain name along with its subdomains and other identities
4.  
5. - DNS Search TLS Cert Names - Search @erbbysam's TLS Cert repository (gathered from connecting for matches.
6.  
7. - Naabu Scan - This task runs an naabu scan on the target host or domain.
8.  
9. - SaaS ServiceNow Check - Checks to see if hosted ServiceNow account exists for a given domain or org
10.  
11. - SaaS ServiceNow Open KB Articles - Given a servicenow slug, this task checks to see if the account is exposed to the miconfiguration documented by Th3G3nt3lman in early June 2020. The misconfiguration allows KB articles to be bruteforced by guessing the last digits of articles. The existence of an article results in an issue being created.
12.  
13. - Search 42matters API for Android/iOS apps - Searches through the 42matters API to find relevant mobile applications.
14.  
15. - Search Apptweak API for Android/iOS apps - Searches through the Apptweak API to find relevant mobile applications.
16.  
17. - Search Azure Blob - This task takes a UniqueKeyword or Domain name to determine if there is any exposed Azure blob and attempts to lists its files
18.  
19. - Search BinaryEdge Open Databases - This task hits the BinaryEdge API, looking for for open databases and creating the entities
20.  
21. - Search c99 Subdomainfinder - This task queries the c99 API for subdomains.
22.  
23. - Search DnSimple - This task hits Dnsimple API for getting all the DnsRecord and Domains related the domain to investigate
24.  
25. - Search Farsight DNSDB - This task searches DNSDB by domain.
26.  
27. - Search Hostio - This task hits the Host.io API for Metadata scraped from a domain homepage, DNS records, AnalyticsId and related domains
28.  
29. - Search Mnemonic - This task offers passive DNS data by querying passive DNS data collected in malware lab.
30.  
31. - Search NeutrinoAPI - This task hits NeutrinoAPI.
32.  
33. - Search Recon.dev - Search @nahamsec's Recon.dev API for DnsRecords and Uris. This API was released at DEFCON Safe Mode (2020)
34.  
35. - Search Spyse - This task hits Spyse API for subdomains, IP / Port lookup, DNS records and SslCertificate information
36.  
37. - Search Spyse Cert - This task hits Spyse API for discovring domains registered with the same certificate
38.  
39. - Search Spyse Domain - This task hits Spyse API for domains registered with the same IP and related subdomains
40.  
41. - Search WhoisXMLAPI (Reverse Whois) - This task hits the WhoisXMLAPI reverse whois API and returns records that match the given email or keywoard
42.  
43. - Subfinder - This task uses subfinder to find domains.
44.  
45. - URI Brute Generic Content - Check for content common to web and application servers
46.  
47. - URI Bruteforce Vhosts - Bruteforce vhosts for a given URI.
48.  
49. - URI Check API Endpoint - This task uses a variety of heuristics to determine if this is an api endpoint.
50.  
51. - URI Check Retire.js - This task checks a url against the retire.js databasee.
52.  
53. - URI Extract Linked Hosts - This task analyzes and extracts hosts from links.
54.  
55. - URI Extract Tokens - This task analyzes and extracts tokens and analytics ids from the page.
56.  
57. - URI Ffuf Content Discovery - This task fuzzes a base-level uri for content.
58.  
59. - Wordpress Enumerate Leaked Logs - If the target's running Wordpress, this'll enumerate known leaked logfiles