diff --git a/Dockerfile b/Dockerfile
index f522ce2..924eb72 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -146,8 +146,6 @@ RUN git clone --depth 1 https://github.com/rastating/dnmasscan.git $TOOLS/dnmass
   chmod a+x dnmasscan && \
   ln -sf $TOOLS/dnmasscan/dnmasscan /usr/local/bin/dnmasscan
 
-# dnsprobe
-RUN go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
 
 # exploitdb (searchsploit)
 RUN git clone --depth 1 https://github.com/offensive-security/exploitdb.git $TOOLS/exploitdb && \
@@ -161,8 +159,6 @@ RUN go install github.com/ffuf/ffuf@latest
 RUN go install github.com/lc/gau/v2/cmd/gau@latest && \
   echo "alias gau='/go/bin/gau'" >> ~/.zshrc
 
-# httpx
-RUN go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
 
 # interlace
 RUN git clone --depth 1 https://github.com/codingo/Interlace.git $TOOLS/interlace && \
@@ -210,9 +206,8 @@ RUN mkdir $TOOLS/metasploit && \
   chmod 755 msfinstall && \
   ./msfinstall
 
-# nuclei
-RUN go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest && \
-  git clone --depth 1 https://github.com/projectdiscovery/nuclei-templates.git $ADDONS/nuclei
+# nuclei templates (nuclei itself installed via pdtm)
+RUN git clone --depth 1 https://github.com/projectdiscovery/nuclei-templates.git $ADDONS/nuclei
 
 # pagodo
 RUN git clone --depth 1 https://github.com/opsdisk/pagodo.git $TOOLS/pagodo && \
@@ -236,8 +231,6 @@ RUN git clone --depth 1 https://github.com/trustedsec/social-engineer-toolkit $T
   python3 -m pip install --break-system-packages -r requirements.txt || : && \
   python3 setup.py || :
 
-# subfinder
-RUN go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
 
 # subjs
 RUN go install -v github.com/lc/subjs@latest
@@ -254,10 +247,7 @@ RUN git clone --depth 1 https://github.com/aboul3la/Sublist3r.git $TOOLS/sublist
 # Note: it needs to be installed in /etc/ as there are absolute refs in the code
 RUN git clone --depth 1 https://github.com/laramies/theHarvester /etc/theHarvester && \
   cd /etc/theHarvester && \
-  python3 -m pip install --break-system-packages pipenv && \
-  python3 -m pip install --break-system-packages -r requirements/base.txt && \
-  sed -i 's^#!/usr/bin/env python3^#!/usr/bin/python3^g' theHarvester.py && \
-  chmod a+x theHarvester.py && \
+  python3 -m pip install --break-system-packages . && \
   ln -sf /etc/theHarvester/theHarvester.py /usr/local/bin/theharvester
 
 # unfurl
@@ -285,12 +275,26 @@ RUN git clone --depth 1 https://github.com/s0md3v/XSStrike.git $TOOLS/xsstrike &
   chmod a+x xsstrike.py && \
   ln -sf $TOOLS/xsstrike/xsstrike.py /usr/local/bin/xsstrike
 
+# pdtm - ProjectDiscovery Tool Manager
+# Install pdtm first, then use it to install all ProjectDiscovery tools
+RUN go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest && \
+  pdtm -install-all && \
+  pip uninstall httpx --break-system-packages -y || true
+
+# feroxbuster
+RUN ARCH=$(uname -m) && \
+  curl -sL "https://github.com/epi052/feroxbuster/releases/latest/download/${ARCH}-linux-feroxbuster.zip" -o /tmp/feroxbuster.zip && \
+  unzip -o /tmp/feroxbuster.zip -d /usr/local/bin && \
+  chmod +x /usr/local/bin/feroxbuster && \
+  rm /tmp/feroxbuster.zip
+
 # ------------------------------
 # --- Wordlists ---
 # ------------------------------
 
 # seclists
-RUN  git clone --depth 1 https://github.com/danielmiessler/SecLists.git $WORDLISTS/seclists
+RUN git clone --depth 1 https://github.com/danielmiessler/SecLists.git $WORDLISTS/seclists && \
+  ln -sf $WORDLISTS/seclists /usr/share/seclists
 
 # rockyou
 RUN curl -L https://github.com/praetorian-code/Hob0Rules/raw/db10d30b0e4295a648b8d1eab059b4d7a567bf0a/wordlists/rockyou.txt.gz \
@@ -298,7 +302,7 @@ RUN curl -L https://github.com/praetorian-code/Hob0Rules/raw/db10d30b0e4295a648b
   gunzip $WORDLISTS/rockyou.txt.gz
 
 # Symlink other wordlists
-RUN ln -sf $( find /go/pkg/mod/github.com/\!o\!w\!a\!s\!p/\!amass -name wordlists ) $WORDLISTS/amass && \
+RUN ln -sf $(find /go/pkg/mod/github.com -type d -name wordlists -path "*amass*" 2>/dev/null | head -1) $WORDLISTS/amass || true && \
   ln -sf /usr/share/brutespray/wordlist $WORDLISTS/brutespray && \
   ln -sf /usr/share/dirb/wordlists $WORDLISTS/dirb && \
   ln -sf /usr/share/setoolkit/src/fasttrack/wordlist.txt $WORDLISTS/fasttrack.txt && \
@@ -345,6 +349,7 @@ RUN sed -i 's^ZSH_THEME="robbyrussell"^ZSH_THEME="bira"^g' ~/.zshrc && \
   sed -i 's^# DISABLE_AUTO_UPDATE="true"^DISABLE_AUTO_UPDATE="true"^g' ~/.zshrc && \
   sed -i 's^plugins=(git)^plugins=(tmux nmap)^g' ~/.zshrc && \
   echo 'export EDITOR="nano"' >> ~/.zshrc && \
+  echo 'export PATH="$PATH:/root/.pdtm/go/bin"' >> ~/.zshrc && \
   git config --global oh-my-zsh.hide-info 1
 
 # Clean up space - remove version control
diff --git a/README.md b/README.md
index 35c191e..fcd0f1d 100644
--- a/README.md
+++ b/README.md
@@ -111,9 +111,11 @@ docker run -it mcnamee/huntkit
 | [dirb](https://tools.kali.org/web-applications/dirb) | _Looks for existing (and/or hidden) Web Objects, by launching a dictionary based attack against a web server and analyzing the response._ <br> `dirb https://kali.org $WORDLISTS/seclists/Discovery/Web-Content/CommonBackdoors-PHP.fuzz.txt` |
 | [dnmasscan](https://github.com/rastating/dnmasscan) | _dnmasscan is a bash script to automate resolving a file of domain names and subsequentlly scanning them using masscan._ <br> `dnmasscan listofdomains.txt dns.log -p80,443 - oG masscan.log` |
 | [dnsx](https://github.com/projectdiscovery/dnsx) | _Allows you to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers._ <br> <code>cat domains.txt &#124; dnsx</code> |
+| [feroxbuster](https://github.com/epi052/feroxbuster) | _A fast, simple, recursive content discovery tool written in Rust._ <br> `feroxbuster -u https://example.com` |
 | [ffuf](https://github.com/ffuf/ffuf) | _A fast web fuzzer._ <br> - `ffuf -w /path/to/postdata.txt -X POST -d "username=admin\&password=FUZZ" -u https://target/login.php -fc 401` |
 | [gau](https://github.com/lc/gau) | _getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain._ <br> - `gau example.com` |
 | [httpx](https://github.com/projectdiscovery/httpx) | _Take a list of domains and probe for working http and https servers._ <br> <code>cat domains.txt &#124; httpx</code> |
+| [katana](https://github.com/projectdiscovery/katana) | _A next-generation crawling and spidering framework._ <br> `katana -u https://example.com` |
 | [linkfinder](https://github.com/GerbenJavado/LinkFinder) | _Discover endpoints and their parameters in JavaScript files._ <br> `linkfinder -i https://example.com -d -o cli` |
 | [masscan](https://github.com/robertdavidgraham/masscan) | _An Internet-scale port scanner._ <br> `masscan -p1-65535 -iL listofips.txt --max-rate 1800 -oG masscan.log` |
 | [meg](https://github.com/robertdavidgraham/masscan) | _A tool for fetching lots of URLs but still being 'nice' to servers._ <br> `meg paths.txt hosts.txt` |
@@ -128,6 +130,7 @@ docker run -it mcnamee/huntkit
 | [sublist3r](https://github.com/aboul3la/Sublist3r) | _Enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and more._ <br> `sublist3r -d kali.org` |
 | [sqlmap](http://sqlmap.org/) | _Automates the process of detecting and exploiting SQL injection flaws and taking over of database servers_ <br> `sqlmap -u https://example.com --forms --crawl=10 --level=5 --risk=3` |
 | [theharvester](https://tools.kali.org/information-gathering/theharvester) | _Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database._ <br> <code>theharvester -d kali.org -b "bing, certspotter, dnsdumpster, dogpile, duckduckgo, google, hunter, linkedin, linkedin_links, twitter, yahoo"</code> |
+| [uncover](https://github.com/projectdiscovery/uncover) | _Quickly discover exposed hosts on the internet using multiple search engines._ <br> `uncover -q "ssl.cert.subject.CN:example.com"` |
 | [wafw00f](https://github.com/enablesecurity/wafw00f) | _Web Application Firewall Fingerprinting Tool._ <br> `wafw00f resound.ly` |
 | [whatweb](https://github.com/urbanadventurer/WhatWeb) | _Scans websites and highlights the CMS used, JavaScript libraries, web servers, version numbers, email addresses, account IDs, web framework modules, SQL errors, and more._ <br> `whatweb kali.org` |
 | [wpscan](https://github.com/wpscanteam/wpscan) | _WordPress Security Scanner._ <br> `wpscan --url kali.org` |
@@ -158,6 +161,7 @@ docker run -it mcnamee/huntkit
 | [NodeJS](https://nodejs.org/) | _Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine._ |
 | [Oh My Zsh](https://ohmyz.sh/) | _Zsh is a framework for managing your zsh configuration, bundled with thousands of helpful functions, helpers, plugins, themes._ |
 | [OpenVPN](https://openvpn.net/) | _Connect to a VPN._ <br> Add `--cap-add=NET_ADMIN --device=/dev/net/tun` to the `docker run` to use OpenVPN. |
+| [pdtm](https://github.com/projectdiscovery/pdtm) | _ProjectDiscovery Tool Manager - install and manage all ProjectDiscovery tools._ <br> `pdtm -install-all` |
 | [Perl](https://www.perl.org/) | _Perl is a highly capable, feature-rich programming language with over 30 years of development._ |
 | [PHP](https://www.php.net/) | _The PHP scripting language._ |
 | [Proxychains](https://github.com/haad/proxychains) | _Redirects connections through SOCKS4a/5 or HTTP proxies._ |