discover Review

Discover: A Workflow Companion for Kali

You know Nmap, dig, WHOIS, and msfvenom. You can run them by hand. Discover won't teach you new skills. Its value lies elsewhere.

Discover compresses your workflow. It is a bash wrapper with a menu. It sits on top of the classic Kali toolchain. It cuts down on repetitive work between recon, scanning, enumeration, and payload generation.

Discover fits in the offensive tooling stack as a helper for Kali users. You want to move fast through standard phases. You do not want to manually chain commands, folders, and output files. Discover does that job.

You use Discover to speed up engagements. It reduces glue work. It lets you focus on results.

What discover Is

discover is a set of bash scripts for Kali Linux. The goal is to automate tedious penetration testing tasks. You take standard Kali tools, add a menu, and turn manual steps into a guided process.

The scripts cover a lot of ground, including passive and active recon, DNS enumeration, Nmap port scans, web app recon, and Metasploit payloads. Passive recon, active recon, DNS enumeration, Nmap port scans, web app recon, and Metasploit payloads.

discover only works on Kali, by design. It assumes you already have Kali set up and working. It is an orchestration layer on top of tools you trust. You do not need to learn new tools or verify new dependencies. This is part of its appeal. It structures what you already use.

It works because you are already familiar with the underlying tools. You know how to use Nmap and Metasploit. discover helps you use them more efficiently.

Your workflow gets more efficient. You save time. That is discover.

Core Script Categories

The passive recon pieces cover early-stage footprinting tasks. These scripts pull together WHOIS data, DNS records, certificate-related information, and other publicly available data sources about a target domain without directly touching the target infrastructure. This is useful for an engagement kickoff. You can quickly build a target picture before moving into noisier phases.

The active recon and scanning scripts take over once you are ready to touch the target. Nmap is central here, with preconfigured scans used to identify open ports and service exposure. The results feed into follow-on enumeration steps that probe discovered services for version and configuration detail. The scripts save time when running standard engagement patterns repeatedly.

The payload generation scripts are the most obviously “classic Kali” part of the project. They wrap msfvenom to generate common payload types with options prefilled or simplified through prompts. For users familiar with msfvenom syntax, this is a convenience layer. For occasional users, it saves time by avoiding the need to dig through old notes or man pages to remember staging and format flags.

Menu Interface and Workflow

discover's menu-driven interface ties the tool together. It's more than a folder of scripts.

You start at a central menu. Categories guide you through engagement phases: passive, active, web, and payload operations. No need to recall script names, no hunting around.

This changes how you work. Many lightweight pentest automation projects fail. They dump scripts into a repository, no workflow.

discover expects a sequence: Gather passive intel, identify targets, scan, enumerate services, decide on payloads.

The tool tames file chaos. Scripts ask for target information and output locations. Results go into structured directories. You know the mess: scattered Nmap XML, greppable output, screenshots, notes, shell history. discover imposes structure. It keeps a run organized.

The best part is phase handoffs. Passive recon feeds active scanning. Active scan output feeds enumeration. No manual reformatting, no retyping. You avoid shell busywork.

discover vs reconFTW and bbot

discover feels old compared to reconFTW and bbot, because it is. Not a bad thing, just the right perspective.

discover is a veteran Kali bash script set. It has a simple menu and low setup. It fits the classic Kali toolkit mold, offering fast access over customization. It works in that lane.

reconFTW is broader and more modern. It chains tools like subfinder, amass, nuclei, ffuf. Current web recon and bug bounty practices are covered. It offers more control over modes and configs. If you're into modern passive coverage and automation depth, reconFTW is stronger.

bbot goes further into modular automation. It is better for broad workflows where repeatability and flexible modules matter more than menu-driven bash flows.

So where's discover's spot? Its simplicity. In Kali, there are no YAML configs, and it offers a clear recon-to-enum path. discover is still attractive. It is less capable than new frameworks, but easy to use for a standard job. That's it.

Limitations and Honest Assessment

Limitations

Kali Linux is required. discover assumes the standard toolchain is installed and in your path. You could port parts to another distro if you want, but that's not the plan.

The bigger issue is the workflow. discover follows a classic pentest model: Nmap, Metasploit, dig. That still works, but it's not cutting-edge anymore.

Modern recon uses certificate transparency, ProjectDiscovery tools, and cloud-aware enumeration. discover doesn't compete there.

The bash design limits it. There is no database, no history, and no web UI, just flat files. For small gigs, that's okay. For recurring work, it feels basic.

The tradeoff is that discover eases workflow but doesn't upgrade your ops.

Verdict

Discover still works for Kali pentesters who want a simple menu to speed up recon and enumeration. It sits on top of existing tools, making them easier to use. No more hunting for commands — it's all there.

New testers benefit from its structured workflow. Seasoned pros use it for quick, native recon without the bloat. Either way, it's about convenience.

For cutting-edge passive enum or cloud-aware discovery, try reconFTW or bbot. But if you want a basic, native Kali tool that doesn't get in the way, discover still works. It does its job. That's it.