← Docs

Tool Reference

All 17 tools organized by tier.

Free — 12 tools Pro — +5 tools

Free Tier

Core HTTP workflow. Available to all users.

hunt free

Create/load hunt database.

Parameters: target (domain or label)

hunt target: "target.com"
  → Hunt created: target.com (hunt-target-com.sqlite)

send free

Send HTTP request, store in DB.

Parameters: method, url, --header, --data, --json

send method: "GET", url: "https://target.com/api/users"
  → 200 OK | 142ms | 2.3kb | application/json

fetch free

Retrieve stored request/response.

Parameters: name_or_id

fetch name_or_id: "login-attempt"

save free

Name a request for quick retrieval.

Parameters: request_id, name

save request_id: 42, name: "login-attempt"

search free

Regex search through stored requests.

Parameters: pattern, --in (url|body|headers)

search pattern: "api_key=[A-Za-z0-9]+", in: "body"

scope free

Manage scope rules (include/exclude).

Parameters: --include, --exclude, --preset

scope exclude: "*.js,*.css,*.png"

chain free

Multi-step request chains with variable extraction.

Parameters: --steps (YAML/JSON), --extract

chain steps: "login-flow.yaml"

encode free

Encode/decode payloads (url, base64, html, unicode, hex).

Parameters: value, --chain (base64|url|hex|html|unicode)

encode value: "<script>alert(1)</script>",
       chain: "url,base64"

export free

Export request to curl, python, go, httpie, har, raw.

Parameters: request_id, --format (curl|python|go|httpie|har|raw)

export request_id: 42, format: "curl"

import free

Import raw HTTP from Burp/DevTools.

Parameters: --burp, --har, --curl

import burp: "exported_requests.xml"

profile free

Variable profile management (save/load/switch configs).

Parameters: save|load|list, profile_name

profile action: "save", name: "user-alice"
profile action: "load", name: "user-bob"

session free

Cookie jar management (set, import, get, clear).

Parameters: create|switch|list|clear, session_name

session action: "create", name: "admin-session"

Pro Tier

Advanced attack tools. $19/mo or $114/yr.

intruder pro

Burp-style fuzzing: sniper, battering ram, pitchfork, cluster bomb.

Parameters: request_id, --positions, --wordlist, --filter, --mode

intruder request_id: 42, positions: "$param$",
         wordlist: "common-params.txt"

oob pro

Out-of-band detection via Interactsh (blind SSRF, XXE, etc.).

Parameters: --generate, --poll, --server

oob action: "generate"
  → Payload: {{OOB}}.your-id.oast.fun

parallel pro

Send multiple different requests simultaneously.

Parameters: request_ids, --mode (single-packet|batch)

parallel request_ids: [42, 43, 44],
         mode: "single-packet"

race pro

Race condition testing: burst, single_packet, staggered timing.

Parameters: request_id, -n (count), --window-ms, --mode

race request_id: 42, n: 20
  → RACE DETECTED | 3/20 succeeded | 2ms window

send_h2 pro

HTTP/2 over TLS with raw_mode for smuggling.

Parameters: method, url, --raw-mode, --frames

send_h2 method: "POST", url: "https://target.com",
        raw_mode: true