🔍 [Project] I built a Telegram bot for automated pentesting & recon — looking for feedback!

Hey everyone 👋

For the past few months I’ve been working on a side project called WebSecAnalyst_Bot, a Telegram-based pentest assistant that automates common reconnaissance and vulnerability checks directly from chat.

The idea came from my own bug bounty workflow — I wanted a quick, portable way to run small recon tasks (like subdomain or port scans) without setting up Burp, Nmap, or a full VPS.

Now the MVP is complete, and I’m opening it up for feedback from the community (especially bug bounty hunters, pentesters, and websec researchers).

⚙️ What the bot currently does

• 🌐 Subdomain enumeration
• 🧩 Directory brute-force (common paths)
• 🔌 Port scanning (non-intrusive)
• 🔒 SSL & security header analysis
• 🛡️ WAF and CMS detection
• 🔗 Broken link & SEO audits
• 💰 Credit system + free daily scan (Stripe integration)

All scans are performed through controlled, rate-limited API calls — nothing destructive or intrusive.

🧪 I’m mainly looking for feedback on

• Accuracy of recon results compared to your usual tools (Amass, Nmap, etc.)
• Response structure — is the Telegram output clear and actionable?
• Feature ideas: API fuzzing? tech fingerprinting? passive DNS?
• Performance (especially latency and concurrency issues)

💎 For testers

Everyone who participates and sends useful feedback will get free credits and early access to new features (like async scans and vulnerability checks).

🚀 Try it out

You can test it directly on Telegram here:
👉 Telegram Web

Commands available:
/subdomains, /ssl, /dirs, /portscan, /cms, /waf, /headers, /brokenlinks

⚠️ Ethical note

Please use the bot only on domains you own or have permission to test.
This is strictly for educational, security, and bug bounty purposes — no illegal use tolerated.

Any kind of feedback (technical, UX, or even critique) is super appreciated 🙏
This project is open for honest reviews and suggestions — I’ll gladly iterate based on what the community says.

Thanks for reading, and I hope some of you find it useful or interesting to test! 🚀

#BugBounty #EthicalHacking #CyberSecurity #Pentesting #TelegramTools #Recon #Automation #WebSecAnalyst_Bot