XowiaScan
Home Tools Pricing API Docs About Sign in Get started
← All tools

Wayback URL Extractor

Recon & Discovery

Recover a domain’s historical URLs from the Wayback Machine — then mine them for parameters, subdomains and sensitive files.

What is Wayback URL Extractor?

Wayback URL Extractor queries the Internet Archive’s CDX index to recover every URL the archive has seen for a domain — including pages, parameters and endpoints that may no longer be linked anywhere on the live site. The lookup hits a fixed third-party API, so nothing is sent to the target.

Old URLs are gold for testers: they reveal forgotten parameters, deprecated API routes and legacy files that often still work and are rarely patched. This tool doesn’t just dump the list — it extracts the testable surface for you.

What it does

  • Historical URL recovery — archived URLs for the host and, optionally, all its subdomains.
  • Parameter mining — unique parameter names with frequency, plus FUZZ-collapsed endpoints ready for your fuzzer.
  • Open-redirect / SSRF / LFI hints — flags parameter names commonly tied to those bug classes.
  • Sensitive-file detection — surfaces archived .sql, .env, .bak, .config, .log, key/cert files and more.
  • Subdomain & JS extraction — pulls hosts and JavaScript files out of the archive.
  • Filters & export — “200 only”, regex + file-type filtering, copy/download per view.

Where it fits in your workflow

  • Seed a parameter-fuzzing run with real, previously valid endpoints (collapsed to FUZZ).
  • Hunt for leaked backups/configs that were archived and may still be live.
  • Expand scope via discovered subdomains, then pivot into SiteMapper or the Vulnerability Scanner.
Use Wayback URL Extractor

Run it from your dashboard.

Create free account Sign in Use via API

At a glance

CategoryRecon & Discovery
RunsServer-side
Token cost 5 / run (free tier)
AccessFree · no login to try
Status● Live

Frequently asked questions

Why are some URLs dead?

These are historical snapshots — many will 404 today. That is the point: test which old endpoints still respond, as they are frequently left unpatched. Use the “200 only” toggle to focus on captures that were live.

What are “parameterized endpoints”?

URLs that carry query parameters, de-duplicated and collapsed so each parameter value becomes FUZZ — a clean, ready-to-fuzz list of injectable endpoints.

Explore more tools →