Skip to main content
Beyond the command line, Neo ships over 40 purpose-built tools designed by ProjectDiscovery for security work. These are written and maintained in-house, given typed inputs and outputs, and handle the mechanical parts of an assessment natively so the model does not have to script them by hand.

What it includes

  • Terminal and files: run commands, execute Python scripts, and read, write, edit, list, and search files in the sandbox
  • Web and research: live web search, content retrieval, and deep research for advisories, exploits, and documentation
  • Browser automation: navigate, interact with, and extract from real pages for client-side testing and screenshots
  • Network traffic: capture HTTP traffic across the browser, CLI, and scripts, then search, inspect, and replay requests with auth preserved
  • Code analysis: structural code maps and documentation for gray-box understanding of a target
  • Knowledge search: index and search captured data and reference material
  • Out-of-band testing: SSRF canaries, XSS payloads, DNS rebinding, and OAST callbacks for confirming blind vulnerabilities
  • Issue management: file and manage findings, with quality gates that block low-confidence or false-positive reports
  • Memory: recall and update working memory across steps and agents

How it fits in

Each agent receives only the purpose-built tools relevant to its role, which keeps reasoning focused and reduces mistakes. The LLM reasons about what to do and why, and these tools do the how natively without burning tokens on hand-written scripts. You do not configure these tools directly, but custom agents let you choose which of them an agent can access.