Photon OSINT Scanner: A Fast and Flexible Tool for Ethical Reconnaissance
Gathering information online about a target system or organization can be a time-consuming task. Security professionals, researchers, and bug bounty hunters often need only specific pieces of information such as subdomains, emails, or API keys — not an entire data dump.
This is where Photon, an open-source OSINT (Open-Source Intelligence) scanner, proves extremely valuable. Photon automates the process of crawling through URLs, extracting useful information, and organizing it in a way that saves time and effort.
What is Photon?
Photon is a Python-based OSINT tool that scans websites to extract valuable data for reconnaissance. Instead of manually sifting through hundreds of web pages, Photon does the heavy lifting by crawling subdomains, detecting files, grabbing email addresses, and even identifying leaked keys.
It is widely used in:
- Bug bounty hunting – to map targets efficiently
- Penetration testing – for the recon phase
- Cybersecurity research – to understand attack surfaces
- Defensive security – helping organizations see what information is exposed
Key Features of Photon
- Data Extraction
Photon can automatically extract:
- URLs (both in-scope and out-of-scope)
- URLs with parameters (e.g.,
example.com/page.php?id=10) - Emails and social media accounts
- Files such as PDF, PNG, or JPEG
- API keys, hashes, and other sensitive tokens
- Subdomains and DNS records
- Strings matching custom regex patterns
All this data is saved in an organized structure and can be exported as JSON for further analysis.
- Flexibility
Photon gives you control over how the scan runs:
- Set timeouts and delays
- Add custom seeds
- Exclude specific URLs with regex patterns
- Adjust depth levels and threads for faster crawling
This flexibility makes Photon suitable for both lightweight scans and large-scale recon projects.
- Plugins
Photon includes useful plugins to extend its functionality:
- Wayback – retrieves archived pages from the Wayback Machine
- DNSDumpster – gathers DNS data
- Exporter – organizes results into different formats
Installing Photon
Before installing Photon, make sure you have Python3 installed on your system.
Step 1: Install dependencies
pip install tld requests
Step 2: Clone Photon
git clone https://github.com/s0md3v/Photon
cd Photon
Step 3: Run Photon help menu
python3 photon.py -h
Using Photon: Practical Examples
- Basic Scan
python3 photon.py -u https://example.com/
- Generate a DNS Map
python3 photon.py -u https://example.com/ --dns
This will visualize subdomains, MX records, and the overall domain structure.
- Find Emails and Keys
python3 photon.py -u https://example.org/ --keys -t 10 -l 3
Here:
-t 10runs 10 threads for faster crawling-l 3crawls 3 levels deep
Why Photon is Valuable
Photon helps security professionals by:
- Saving time during recon
- Finding hidden vulnerabilities such as exposed keys
- Organizing results in JSON for further automation
- Scaling recon across multiple targets
For defenders, Photon provides insights into what sensitive data is leaking publicly — helping organizations fix these issues before attackers exploit them.
Important Note
Photon is a powerful tool, but it must be used responsibly. Only run scans on systems that you own or have explicit permission to test. Unauthorized scanning is illegal and unethical.
Conclusion
Photon is a lightweight, flexible, and powerful OSINT scanner that simplifies the reconnaissance phase of cybersecurity work. With features like DNS mapping, email/key extraction, and JSON exports, it allows both attackers and defenders to understand the online exposure of a system.
Whether you are a bug bounty hunter, a penetration tester, or part of a defensive security team, Photon can significantly improve the speed and quality of your reconnaissance efforts.