igotyou
Sign in
Beta · Swiss-Army Knife for Web Recon

See your attack surface
the way hackers do.

IGotYou maps everything an outsider can learn about your infrastructure — leaked credentials, exposed subdomains, open ports, frontend secrets, takeover-able assets — and turns it into a fix list before someone weaponizes it.

Sign in to start See the toolkit

10 free scan credits on signup · No credit card · Dark-mode native

The hacker's first 10 minutes

Here's what they do before you even notice.

  1. 00:00
    Pull breach dumps

    Search your domain in known credential leaks. Free, instant.

  2. 02:30
    Map your perimeter

    Enumerate subdomains, open ports, server versions, certs.

  3. 05:00
    Scrape your frontend

    Dig through bundled JS for hardcoded keys, debug flags, configs.

  4. 08:00
    Hunt takeovers

    Look for stale DNS, dangling subdomains, expired certs.

IGotYou runs the same four moves — then ships you the report.

Use only on domains you own or are authorized to test

Scanning websites without permission may violate computer-misuse laws in your jurisdiction. IGotYou is provided for security research on your own properties or with explicit written authorization from the owner.

The toolkit

Four tools. One workspace. Every angle covered.

Each tool mirrors a phase of real-world reconnaissance — used together, they reproduce what a professional bug-bounty hunter does in a full afternoon.

Search Exposure

"What credentials of yours are already on the dark web?"

  • Breach-intel sweep by domain
  • Employee, customer, and third-party compromise counts
  • Recent compromised data preview (masked)
  • Cross-checks public credential leak datasets
Enumerate

"What does your perimeter look like from the outside?"

  • Subdomain discovery (up to 50 results)
  • Open ports + server banners + version detection
  • Detected technologies & frameworks
  • TLS certificate metadata & SANs
Frontend Scanner

"What did your build accidentally ship to the browser?"

  • 100+ secret signatures (AWS, Stripe, OpenAI, Supabase service-role, JWTs, private keys…)
  • Security posture: HTTPS/HSTS, headers, cookies, CORS, SRI
  • Recon: DNS, endpoint discovery, exposed .env / .git / source maps
  • Tech stack fingerprint + letter grade
  • Cost-of-leak estimator (AWS key → unbounded crypto-mining spend)
AI Pentest

"An autonomous red-teamer that chains it all together."

  • Agentic LLM loop with live plan sidebar
  • Cascade scan over user-selected subdomains
  • Subdomain takeover detection + certificate analysis
  • Port → version → known-CVE reasoning
  • MITRE ATT&CK mapping + attack-chain graph
  • PDF & Markdown bug-bounty-ready reports + Bug Bounty mode
From an attacker's perspective

Why outside-in matters.

Recon is free for them.

Subdomains, ports, leaked creds, bundled JS — all public. We surface the same view.

You only need to miss one.

One forgotten .env, one stale subdomain, one hardcoded key = full compromise.

Fix the report, not the symptom.

Every finding ships with remediation and, where applicable, a PoC for bounty triage.

More tools coming

The toolkit keeps growing.

On the roadmap — what we're shipping next based on bug-bounty hunter feedback.

Coming soon
Continuous monitoring

Diff alerts when something new appears on your perimeter.

Coming soon
Email & webhook alerts

Get pinged the moment a new secret or subdomain shows up.

Coming soon
Slack / Discord integration

Push findings straight into your team's incident channel.

Coming soon
API access + CI hooks

Run scans on every deploy. Fail the build on critical leaks.

Coming soon
Team workspaces

Shared history, role-based access, pooled credits.

Coming soon
Custom scan profiles

Bring your own wordlists, signatures, and target scope.

Coming soon
Re-scan on deploy

Webhook-driven re-runs the second a new build ships.

Pricing

Start free. Upgrade when you're hunting full-time.

Free
$0/ forever

For curious devs and single-domain checks.

  • 10 scan credits on signup, daily refill
  • All 4 tools unlocked
  • Masked findings + CSV export
  • Community support
Start free
Founding price
Hacker-Assistant
$29/ month

For bounty hunters, founders, and small security teams.

  • ~1,500 credits/mo (15–20 full AI Pentests)
  • Unlimited PDF + Markdown reports
  • Full subdomain cascade (no selection cap)
  • Priority queue + extended history
  • Bug Bounty mode + PoC export
  • Early access to upcoming tools
Join the waitlist

Locks in for the beta cohort.

Need team pricing or SSO? Contact us.

Ready to see what's exposed?

Sign in and burn your first 10 credits on the toolkit.

Sign in to start