mantis: automates the workflow of discovery, reconnaissance, and vulnerability scanning


Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, and then seamlessly progresses to discovering corresponding assets, including subdomains and certificates. The tool performs reconnaissance on active assets and concludes with a comprehensive scan for vulnerabilities, secrets, misconfiguration, and phishing domains – all powered by a blend of open-source and custom tools.

automate scanning

Mantis is a security framework engineered to provide exceptional value and convenience to both product security teams and bug bounty hunters alike.

  • Our innovative framework offers unparalleled ease-of-use and customizable automation for all your recon needs
  • With Mantis, you can take advantage of our advanced alerting capabilities and faster scanning times to fortify your defenses and stay ahead of the game


  • Automated Discovery, Recon & Scan
  • Distributed Scanning (split a single scan across multiple machines)
  • Super-Easy Scan Customisation
  • Dashboard Support
  • Vulnerability Management
  • Advanced Alerting
  • DNS Service Integration
  • Integrate new tools (existing and custom) in minutes


  • Discovery
    • Subdomains
    • Certificates
  • Recon
    • Open Ports
    • Technologies
    • CDN
    • WAF
    • Web Server
    • IP
    • ASN Information
    • Location
  • Scan
    • Domain Level Vulnerabilities and Misconfigurations
    • Secrets Scanning
    • Phishing Domains


Mantis supports multiple installation types. Installing Mantis via Docker would be a good start to get a hang of the framework.

Considering that Mantis also includes MongoDB and AppSmith, we have provided a shell script that installs all the components.

Install & Use

Copyright (C) 2024 PhonePe