Login

u/X3r0DayHQ

▲ 2 r/AiAutomations

which is best api gateway for building claude agents?

our team has been developing Claude agents and building a SaaS backend. We are currently selecting a suitable API gateway. Spiky workloads mean our traffic is not a smooth, linear growth. Some days, our agents send massive requests to the API, followed immediately by dead periods. If we get tied to fixed subscription plans, we are simply burning money on idle compute resources.so a payg plan is a hard requirement for us.

This is our review after evaluating some popular options Openrouter: ideal for developers experimenting with multiple models who need a unified, flexible API for routing. Its flexibility allows you to route between different models, set fallbacks, and manage a unified budget, with highly adaptable payment options like crypto and bank transfers. Anthropic-compatible endpoint easily plugs into existing codebases.

However, while strong for multi-model routing, full compatibility for advanced, Claude-specific native features often depends on the underlying provider and is most reliable using first-party nodes. Zenmux: more lightweight and cost-focused. It did not add extra platform fees on top of token usage, which made costs easier to reason about for spiky workloads.

The fallback experience also felt solid in practice, but I would not describe it as a unique feature. It is more that Zenmux handled the basic gateway expectations well without adding too much configuration overhead. For our use case, it felt like a practical middle ground: less complex than a full control plane, but still good enough for routing, api/cost/usage tracking, and handling unstable upstreams.

Portkey: designed for production-heavy teams requiring high level observability, strict compliance, and advanced routing logic. It acts as a massive control plane, offering detailed logging, cost-saving caching, and great fallback to ensure smooth transitions if endpoints fail.

However, this heavyweight gateway introduces real configuration overhead and complexity to your codebase. If you only need a simple proxy, configuring their extensive tracking, load balancing, and caching rules can feel like overkill and might add an extra latency hop. For us, the decision mainly came down to workload pattern.

If you are experimenting with lots of models, openrouter is still the most flexible starting point. If your team has spiky agent traffic and wants simple routing and high obervability without extra platform fees or heavy setup, zenmux is the cleaner fit.

If you are running a larger production system and need deep observability, compliance, caching, and advanced routing logic, Portkey makes more sense Our main takeaway: the “best” API gateway depends less on feature lists and more on your traffic pattern, engineering bandwidth, and how much control you actually need

reddit.com
u/X3r0DayHQ — 1 day ago
▲ 10 r/hacking

I wrote an async scanner that runs about 9x faster than nmap for discovery.

I've been working on a recon tool called Specter to speed up my initial scans on larger scopes. It's written in Python using asyncio to handle concurrent TCP connections.

I benchmarked it against nmap for raw port discovery and it's consistently about 9.4x faster. To be clear, it isn't meant to replace nmap's scripts or OS detection. It's just built to be a lot more efficient at the "find what is open" phase by stripping away the extra weight and focusing on high concurrency.

The tool handles a few different parts of the recon process:

- Subdomain enumeration through passive sources like crt.sh, alienvault, and hackertarget.

- Active bruteforcing if you want to use a wordlist.

- Automatic IP resolution and port scanning for any discovered hosts.

- Scrapes page titles and server headers so you can see what is actually running.

I set up a web version so you can try it out without installing anything: https://scan.x3r0day.me

The full source is on GitHub here: https://github.com/X3r0Day/X3r0Day-Specter

It is free and open source. If you use it for bug bounties or pentesting, let me know how it performs for you. I'm looking for feedback on any bugs or features you think are missing.

u/X3r0DayHQ — 4 days ago
▲ 2 r/Hacking_Tutorials

I Built X3r0Hunter An Pentest Platform That Automates Discovery + Nuclei Scanning + Exploitation

Main Interface

Been building this for a while and wanted to share what it does and how the pipeline works.

X3r0Hunter is a terminal-based platform that wires together multiple techniques from discovery, nuclei scanning, and exploit execution into a single workflow. You pick a CVE, discover targets, scan them, and launch exploits - all from one TUI.

The pipeline:

  1. Profile system - each CVE has a config entry which helps me get the targets and, a nuclei template path, and a hit-matcher function that parses nuclei output
  2. Discovery - spins up Docker containers with X3r0IPRotator to rotate IPs while scanning for targets. Saves them to a target list. Finds 10k ip under 10 seconds lol.
  3. Scanning - feeds targets into nuclei with the CVE's template. Tracks scanned vs pending vs vulnerable. Handles checkpointing, resume, IP rotation
  4. Exploitation - Python exploits for each CVE (RCE shells, interactive mode, etc.), launchable from a menu

Currently supports ~15 CVEs including:

- CVE-2025-55182 (React2Shell)

- CVE-2022-26134 (Confluence OGNL injection)

- CVE-2024-27198 (TeamCity auth bypass)

- CVE-2024-3400 (PAN-OS GlobalProtect)

- CVE-2026-42945 (NGINX Rift (Most recent one) )

- Various others (Tomcat, ActiveMQ, FortiOS, Ivanti, etc.)

the niche is automated scan-to-exploit without context switching between tools.

really had fun building this beast!

reddit.com
u/X3r0DayHQ — 8 days ago