Home / Tools / recon

Packets for the gathering information and reconnaissance.

Tool count: 461

Name Version Description Category Website
activedirectoryenum 1:0.5.0 Enumerate AD through LDAP. recon
ad-ldap-enum 88.60bc5bb An LDAP based Active Directory user and group enumeration tool. recon
ad-miner v1.2.0.r0.g05a399a Active Directory audit tool that extract data from Bloodhound to uncover security weaknesses and generate an HTML report recon windows
adfind 1:v1.0.3.r0.g3a6a055 Admin Panel Finder. webapp recon
adidnsdump 25.8bbb4b0 Active Directory Integrated DNS dumping by any authenticated user. recon
aiodnsbrute 38.e773a4c Python 3 DNS asynchronous brute force utility. recon
altdns 76.8c1de0f Generates permutations, alterations and mutations of subdomains and then resolves them. recon
amass 2:2143.5f1f7176 In-depth subdomain enumeration written in Go. scanner recon
anubis 1.1.3.r0.g9ea89fa Subdomain enumeration and information gathering tool. blackawrch-scanner recon
api-dnsdumpster 59.eda15d6 Unofficial Python API for recon scanner
apkstat 18.81cdad3 Automated Information Retrieval From APKs For Initial Analysis. mobile recon
aquatone 142.2daa022 a set of tools for performing reconnaissance on domain names. recon scanner
assetfinder 19.4e95d87 Find domains and subdomains potentially related to a given domain. scanner recon
atear 139.245ec8d Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration. wireless recon scanner
atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. windows scanner forensic cracker sniffer recon
attacksurfacemapper 47.8a402ed Tool that aims to automate the reconnaissance process. recon automation
automato 33.0561b59 Should help with automating some of the user-focused enumeration tasks during an internal penetration test. automation recon
autorecon 281.5dd2fd4 A multi-threaded network reconnaissance tool which performs automated enumeration of services. automation recon scanner
autosint 236.25d292c Tool to automate common osint tasks. recon
aws-iam-privesc 11.2983efd AWS IAM policy scanner that helps determine where privilege escalation can be achieved. scanner recon exploitation automation
aws-inventory 19.9a2fa8e Discover resources created in an AWS account. recon
aztarna 1.2.1 A footprinting tool for ROS and SROS systems. recon fingerprint
badkarma 85.2c46334 Advanced network reconnaissance toolkit. scanner networking recon
badministration 16.69e4ec2 A tool which interfaces with management or administration applications from an offensive standpoint. webapp scanner recon fingerprint
barq 35.6f1a68c An AWS Cloud Post Exploitation framework. exploitation backdoor automation recon
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. recon scanner
belati 72.49577a1 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 53.18fb0b5 An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
billcipher 32.97fba59 Information Gathering tool for a Website or IP address. recon scanner
bind 9.18.27 The ISC DNS Server networking recon
bind-tools 9.16.5 The ISC DNS tools networking recon
bing-ip2hosts 1.0.5 Enumerates all hostnames which Bing has indexed for a specific IP address. recon
birp 65.b2e108a A tool that will assist in the security assessment of mainframe applications served over TN3270. scanner recon fuzzer
blackbox-scanner 4:1.7a25220 Dork scanner & bruteforcing & hash cracker tool with blackbox penetration testing framework. scanner recon cracker
bloodhound 1665.0d36459 Six Degrees of Domain Admin recon windows
bloodhound-python v1.0.1.r137.g15d4697 Bloodhound python data collector recon windows
bluto 1:142.25cad7a Recon, Subdomain Bruting, Zone Transfers. scanner recon
bridgekeeper 57.55c390c Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format. recon social
browselist 1.4 Retrieves the browse list ; the output list contains computer names, and the roles they play in the network. windows recon
buster 92.131437e Find emails of a person and return info associated with them. social recon
c5scan 30.be8845c Vulnerability scanner and information gatherer for the Concrete5 CMS. webabb scan recon
canari 3.3.10 A transform framework for maltego forensic recon scanner
cantoolz 1:425.82d330b Framework for black-box CAN network analysis automobile recon fuzzer scanner
cardpwn 32.166abf9 OSINT Tool to find Breached Credit Cards Information. social recon
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information forensic recon scanner
catnthecanary 7.e9184fe An application to query the data set for leaked data. recon
ccrawldns 6.92525b6 Retrieves from the CommonCrawl data set unique subdomains for a given domain name. recon
cero v1.3.0.r19.gb73125b Scrape domain names from SSL certificates of arbitrary hosts. scanner recon
certgraph 172.465bddc Crawl the graph of certificate Alternate Names. recon
chaos-client 283.17a19d7 Go client to communicate with Chaos dataset API. recon
chaosmap 1.3 An information gathering tool and dns / whois / web server scanner forensic scanner recon
citadel 95.3b1adbc A library of OSINT tools. recon social
clairvoyance 2.5.2 Obtain GraphQL API Schema even if the introspection is not enabled. webapp recon scanner
cloud-buster 194.b55e4a1 A tool that checks Cloudflare enabled sites for origin IP leaks. recon
cloudfail 79.7982c7d Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network. recon
cloudlist 575.ebe1127 A tool for listing Assets from multiple Cloud Providers. recon
cloudmare 108.9c5a39f A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS. recon scanner
cloudunflare 14.b91a8a7 Reconnaissance Real IP address for Cloudflare Bypass. recon scanner
cmsscan 43.f060b4b CMS scanner to identify and find vulnerabilities for Wordpress, Drupal, Joomla, vBulletin. webapp scanner recon fingerprint
cmsscanner CMS Scanner Framework. webapp scanner recon fingerprint
cnamulator 5.4667c68 A phone CNAM lookup utility using the OpenCNAM API. mobile recon
commonspeak 36.f0aad23 Leverages publicly available datasets from Google BigQuery to generate wordlists. automation recon
cr3dov3r 46.99a1660 Search for public leaks for email addresses + check creds against 16 websites. social recon
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
creepy 1:137.9f60449 A geolocation information gatherer. Offers geolocation information gathering through social networking platforms. scanner social recon
crosslinked 1:42.c69b092 LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping. social recon
ct-exposer 24.71252ac An OSINT tool that discovers sub-domains by searching Certificate Transparency logs scanner recon
cutycapt 3:10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page. recon
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
darkscrape 68.2ca0e37 OSINT Tool For Scraping Dark Websites. webapp scanner recon
datasploit 1:367.a270d50 A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data. recon scanner
davscan 30.701f967 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
dcdetector 0.0.1.r51.g4a2ce77 Spot all domain controllers in a Microsoft Active Directory environment. Find computer name, FQDN, and IP address(es) of all DCs. networking recon windows
detectem 276.bc5f073 Detect software and its version on websites. fingerprint webapp recon
dga-detection 78.0a3186e DGA Domain Detection using Bigram Frequency Analysis. recon
dns-parallel-prober 68.422db61 PoC for an adaptive parallelised DNS prober. recon
dns2geoip 0.1 A simple python script that brute forces DNS and subsequently geolocates the found subdomains. scanner recon
dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads. recon scanner
dnscobra 1.0 DNS subdomain bruteforcing tool with Tor support through torsocks recon
dnsenum Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. recon scanner
dnsgrep 14.3f4fa7c A utility for quickly searching presorted DNS names. recon
dnsprobe 56.7120008 Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. recon
dnsrecon 2:1.2.0 Python script for enumeration of hosts, subdomains and emails from a given domain using google. recon
dnssearch 20.e4ea439 A subdomain enumeration tool. recon
dnsspider 1.4 A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation. recon scanner
dnstracer 1.10 Determines where a given DNS server gets its information from, and follows the chain of DNS servers recon
dnstwist 626.2562e2f Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. scanner recon
dnswalk 2.0.2 A DNS debugger. recon scanner
dnsx 861.6a5d788 Fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. recon
domain-analyzer 0.8.1 Finds all the security information for a given domain name. recon
domain-stats 169.759c52c A web API to deliver domain information from whois and alexa. recon
domained 80.d9d079c Multi Tool Subdomain Enumeration. recon automation
domainhunter 51.38cb7ef Checks expired domains for categorization/reputation and history to determine good candidates for phishing and C2 domain names. recon social
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dorkscout 1.0.r13.gdd87daf Golang tool to automate google dork scan against the entire internet or specific targets. automation recon
dradis 3.0.0.rc1 An open source framework to enable effective information sharing. recon misc
dradis-ce 5575.ed72071c An open source framework to enable effective information sharing. recon misc
dsstore-crawler 7.efa51f5 A parser + crawler for .DS_Store files exposed publically. webapp recon
dumpusers 1.0 Dumps account names and information even though RestrictAnonymous has been set to 1. windows recon
eapeak 130.9550d1c Analysis Suite For EAP Enabled Wireless Networks. wireless recon
easyda 7.0867f9b Easy Windows Domain Access Script. automation scanner recon
eigrp-tools 0.1 This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol. sniffer networking recon scanner
elevate 27.1272d51 Horizontal domain discovery tool you can use to discover other domains owned by a given company. recon
email2phonenumber 29.9df9dbe A OSINT tool to obtain a target's phone number just by having his email address. social recon
enteletaor 68.a975b5c Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. exploitation scanner recon
enum4linux 0.9.1 A tool for enumerating information from Windows and Samba systems. recon scanner
enum4linux-ng 418.1fe4760 A next generation version of enum4linux. recon scanner
enumerate-iam 14.4529114 Enumerate the permissions associated with an AWS credential set. recon scanner
enumerid 33.82e1676 Enumerate RIDs using pure Python. recon
exitmap 373.8155029 A fast and modular scanner for Tor exit relays. recon
expimp-lookup 4.79a96c7 Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree. binary recon
eyewitness 1102.7ed494c Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebookosint 21.656a04a OSINT tool to replace facebook graph search. social recon
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
fav-up 54.089aa11 IP lookup by favicon using Shodan. recon
favfreak 27.8acea5e Weaponizing favicon.ico for BugBounties , OSINT and what not. recon fingerprint
fbi 28.0f94e99 An accurate facebook account information gathering. social recon
fbid 16.1b35eb9 Show info about the author by facebook photo url. recon social
fernmelder 8.030212e Asynchronous mass DNS scanner. scanner recon
fileintel 33.a0bff38 A modular Python application to pull intelligence about malicious files. malware recon
finalrecon 167.fd6c220 OSINT Tool for All-In-One Web Reconnaissance. recon
findmyiphone 19.aef3ac8 Locates all devices associated with an iCloud account mobile recon
findomain 9.0.4 A tool that use Certificate Transparency logs to find subdomains. scanner recon
flare-floss 1:v3.1.0.r24.gb5590ea Obfuscated String Solver - Automatically extract obfuscated strings from malware. recon
flashlight 109.90d1dc5 Automated Information Gathering Tool for Penetration Testers. recon
forager 115.7439b0a Multithreaded threat Intelligence gathering utilizing. recon
fping 5.2 A utility to ping multiple hosts at once networking recon scanner
fport 2.0 Identify unknown open ports and their associated applications. windows recon fingerprint
gasmask 172.2527371 All in one Information gathering tool - OSINT. recon
gatecrasher 2.3ad5225 Network auditing and analysis tool developed in Python. recon scanner
gau 161.046a59f Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. webapp recon
genisys 53.d53bb0c Powerful Telegram Members Scraping and Adding Toolkit. social recon
geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). recon
geoip 1.6.12 Non-DNS IP-to-country resolver C library & utils networking recon
gh-dork 3.799f86f Github dorking tool. recon social
git-hound 174.1d20536 Pinpoints exposed API keys on GitHub. A batch-catching, pattern-matching, patch-attacking secret snatcher. recon social
git-wild-hunt 16.6495672 A tool to hunt for credentials in github wild AKA git*hunt. recon
gitdorker 113.8199375 Python program to scrape secrets from GitHub through usage of a large repository of dorks. recon scanner
gitem 104.d40a1c9 A Github organization reconnaissance tool. recon
gitgraber 78.8278c02 Monitor GitHub to search and find sensitive data in real time for different online services. recon
githack 16.a3d70b1 A `.git` folder disclosure exploit. recon
githound v1.7.1.r15.g1d20536 Find secret information in git repositories. code-audit recon
github-dorks 82.d50a677 Collection of github dorks and helper tool to automate the process of checking dorks. recon social
gitleaks 8.18.1 Audit Git repos for secrets and keys. recon
gitmails 71.8aa8411 An information gathering tool to collect git commit emails in version control host services. recon social
gitminer 54.16ada58 Tool for advanced mining for content on Github. recon
gitrecon 30.6467e78 OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits. recon social
gloom 1:93.cd6e927 Linux Penetration Testing Framework. scanner exploitation recon fuzzer social
go-windapsearch v0.3.0.r22.ged05587 Utility to enumerate users, groups and computers from a Windows domain through LDAP queries. recon windows
goddi 1.2 Dumps Active Directory domain information. recon windows
gomapenum v1.1.0.r110.g8b344df User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin. cracker recon social windows
goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. recon
goofile 1.5 Command line filetype search recon
goofuzz 1.2.5.r2.g6ba4cc5 A Bash script that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. fuzzer recon scanner
goog-mail 1.0 Enumerate domain emails from google. recon
goohak 31.815a31e Automatically Launch Google Hacking Queries Against A Target Domain. recon automation scanner
goop 12.39b34eb Perform google searches without being blocked by the CAPTCHA or hitting any rate limits. Note: It no longer works. recon
gosint 196.9c86ed2 OSINT framework in Go. recon
gowitness 299.6b10eae A golang, web screenshot utility using Chrome Headless. webapp recon
gplist 1.0 Lists information about the applied Group Policies. windows recon
grabing 11.9c1aa6c Counts all the hostnames for an IP adress recon
graphinder 1.11.6 GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. recon scanner webapp
gsd 1.1 Gives you the Discretionary Access Control List of any Windows NT service you specify as a command line option. windows recon
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
h8mail 344.ee31c8f Email OSINT and password breach hunting. recon social
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
hakrevdns 43.c63f7f8 Small, fast tool for performing reverse DNS lookups en masse. recon
halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository. recon
handle 1:0.1 An small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,.. windows recon
harpoon 383.8021994 CLI tool for open source and threat intelligence. automation recon
hasere 1.0 Discover the vhosts using google and bing. recon scanner
hashcheck 2.72b0c6e Search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. crypto social recon
hatcloud 33.3012ad6 Bypass CloudFlare with Ruby. recon
hellraiser 279.bea43e2 Vulnerability Scanner. scanner recon
holehe 429.bdacc5e A tool for Efficiently finding registered accounts from emails. social recon
homepwn 31.0803981 Swiss Army Knife for Pentesting of IoT Devices. scanner recon fuzzer exploitation
hookshot 199.3258c3e Integrated web scraper and email account data breach comparison tool. webapp scanner recon social
hoper 15.8d5dbd9 Trace URL's jumps across the rel links to obtain the last URL. recon
hoppy 1.8.1 A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. scanner recon
hosthunter 158.553f1c7 A recon tool for discovering hostnames using OSINT techniques. recon
howmanypeoplearearound 123.b05e06a Count the number of people around you by monitoring wifi signals. recon wireless
htrosbif 134.9dc3f86 Active HTTP server fingerprinting and recon tool. fingerprint recon
http-traceroute 0.5 This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality. networking recon
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httping 3.6 A ping-like tool for http-requests networking recon
id-entify 34.dd064a5 Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records. recon
idswakeup 1.0 A collection of tools that allows to test network intrusion detection systems. recon networking scanner
infoga 3:33.79a1c03 Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers). recon
inquisitor 1:28.12a9ec1 OSINT Gathering Tool for Companies and Organizations. recon social
instagramosint 20.94213fd An Instagram Open Source Intelligence Tool. social recon
intelplot 12.4dd9fc0 OSINT Tool to Mark Points on Offline Map. recon
intrace 1.5 Traceroute-like application piggybacking on existing TCP connections recon
inzider 1.2 This is a tool that lists processes in your Windows system and the ports each one listen on. windows recon
ip-tracer 91.8e2e3dd Track and retrieve any ip address information. recon
ip2clue 0.0.95 A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6). recon
iptodomain 18.f1afcd7 This tool extract domains from IP address based in the information saved in virustotal. recon
ipv666 182.ad45ae8 Golang IPv6 address enumeration. ipv666 is a set of tools that enables the discovery of IPv6 addresses both in the global IPv6 address space and in more narrow IPv6 network ranges. These tools are designed to work out of the box with minimal knowledge of their workings. recon networking
ircsnapshot 94.cb02a85 Tool to gather information from IRC servers. recon scanner
isme 0.12 Scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. voip recon scanner
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
ivre 0.9.20.dev195 Network recon framework. recon networking
ivre-docs 0.9.20.dev195 Network recon framework (documentation) recon networking
ivre-web 0.9.20.dev195 Network recon framework (web application) recon networking
jackdaw 416.1c3a4c2 Collect all information in your domain, show you graphs on how domain objects interact with each-other and how to exploit these interactions recon windows
jast 17.361ecde Just Another Screenshot Tool. webapp recon misc
jsearch 44.87cf9c1 Simple script that grep infos from javascript files. recon webapp
juumla 106.130565e Python tool created to identify Joomla version, scan for vulnerabilities and search for config files. webapp scanner recon fingerprint
kacak 1.0 Tools for penetration testers that can enumerate which users logged on windows system. recon
kamerka 1:40.be17620 Build interactive map of cameras from Shodan. recon
katana A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). exploitation dos cracker scanner recon
katana-framework A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). exploitation dos cracker scanner recon
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences. recon webapp
kiterunner 19.7d5824c Contextual Content Discovery Tool. webapp scanner recon
knock 2:92.0ea3c81 Subdomain scanner. scanner recon
lanmap2 1:127.1197999 Passive network mapping tool. recon
lbd 20130719 Load Balancing detector recon
ldapenum 1:0.1 Enumerate domain controllers using LDAP. recon scanner
ldeep 1:1.0.53.r0.ge131096 In-depth ldap enumeration utility. recon
legion 61.ca99853 Automatic Enumeration Tool based in Open Source tools. recon automation
lft 1:3.91 A layer four traceroute implementing numerous other features. recon networking
lhf 40.51568ee A modular recon tool for pentesting. recon
linenum 75.c47f9b2 Scripted Local Linux Enumeration & Privilege Escalation Checks scanner recon
linkedin2username 1:144.8889f30 OSINT Tool: Generate username lists for companies on LinkedIn. social recon misc
linkfinder 168.1debac5 Discovers endpoint and their parameters in JavaScript files. webapp recon
linux-exploit-suggester 32.9db2f5a A Perl script that tries to suggest exploits based OS version number. recon 171.2063aeb Linux privilege escalation auditing tool. recon
littlebrother 112.338cf82 OSINT tool to get informations on French, Belgian and Swizerland people. recon social
loot 51.656fb85 Sensitive information extraction tool. recon
lte-cell-scanner 57.5fa3df8 LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure). scanner mobile recon
lulzbuster 1.3.2 A very fast and smart web-dir/file enumeration tool written in C. webapp scanner recon
machinae 197.9ef3e6c A tool for collecting intelligence from public sites/feeds about various security-related pieces of data. recon
maigret 905.03900b0 Collect a dossier on a person by username from a huge number of sites. recon
mail-crawl 0.1 Tool to harvest emails from website. recon
maltego 4.7.0 An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. forensic recon scanner
manspider 66.b8fcc7f Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported! scanner recon
maryam 2:819.99ae85a Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
massbleed 20.44b7e85 Automated Pentest Recon Scanner. recon automation scanner
mbenum 1.5.0 Queries the master browser for whatever information it has registered. windows recon
mdns-recon 11.69b864e An mDNS recon tool written in Python. recon
metabigor 78.607b2c9 Intelligence Tool but without API key. recon
metafinder v1.2.r2.g30c8475 Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata. recon
metagoofil 81.11878c8 An information gathering tool designed for extracting metadata of public documents. recon
metasploit 6.4.7 Advanced open-source platform for developing, testing, and using exploit code exploitation fuzzer scanner recon networking
mildew 11.df49c23 Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs. recon
mingsweeper 1.00 A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. windows recon scanner
missidentify 1.0 A program to find Win32 applications. recon windows
modscan 0.1 A new tool designed to map a SCADA MODBUS TCP based network. scanner recon
monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. recon networking
mptcp-abuse 6.b0eeb27 A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014. networking recon scanner
mqtt-pwn 43.40368e5 A one-stop-shop for IoT Broker penetration-testing and security assessment operations. scanner recon
msmailprobe 1.c01c8bf Office 365 and Exchange Enumeration tool. scanner recon
mylg 659.faba867 Network Diagnostic Tool. networking recon sniffer
nasnum 5.df5df19 Script to enumerate network attached storages. recon
nbname 1.0 Decodes and displays all NetBIOS name packets it receives on UDP port 137 and more! windows sniffer recon dos scanner
nbtenum 3.3 A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. windows scanner recon
nbtool 1:2.bf90c76 Some tools for NetBIOS and DNS investigation, attacks, and communication. networking recon scanner
nbtscan 1.7.2 NBTscan is a program for scanning IP networks for NetBIOS name information. scanner recon
necromant 4.53930c2 Python Script that search unused Virtual Hosts in Web Servers. recon
neglected 1:8.68d02b3 Facebook CDN Photo Resolver. recon
netdiscover 218.ff28964 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. recon wireless
netkit-bsd-finger 0.17 BSD-finger ported to Linux. recon
netkit-rusers 0.17 Logged in users; Displays who is logged in to machines on local network. recon
netmask 2.4.4 Helps determine network masks recon
netreconn 1.78 A collection of network scan/recon tools that are relatively small compared to their larger cousins. networking recon scanner
netscan2 1:60.3d02ba1 Active / passive network scanner. scanner recon
nettacker 0.3.3.r35.gfacf823c Automated Penetration Testing Framework. automation scanners recon
nexfil 43.4d93c57 OSINT tool for finding profiles by username. social recon
nipper 0.11.7 Network Infrastructure Parser recon networking
nohidy 67.22c1283 The system admins best friend, multi platform auditing tool. recon networking defensive
nsec3map 20.1263537 A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain. scanner recon
nsec3walker 20101223 Enumerates domain names using DNSSEC recon
ntlmrecon 76.41ee1db A tool to enumerate information from NTLM authentication enabled web endpoints. scanner recon
ntp-ip-enum 0.1 Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. recon
nullinux 123.a647159 Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. recon scanner
nullscan 1.0.1 A modular framework designed to chain and automate security tests. automation scanner recon fingerprint networking fuzzer exploitation
o-saft 6090.57719fa6 A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. scanner recon
o365enum 19.522a54c Username enumeration and password enuming tool aimed at Microsoft O365. cracker recon windows
o365spray 158.0e506ca Auto Scanning to SSL Vulnerability. cracker recon windows
omnibus 129.88dbf5d OSINT tool for intelligence collection, research and artifact management. recon social
onioff 84.34dc309 An onion url inspector for inspecting deep web links. recon recon
osi.ig 101.4debaa2 Instagram OSINT Tool gets a range of information from an Instagram account. social recon
osint-spy 25.03dcf48 Performs OSINT scan on email/domain/ip_address/organization. recon social
osinterator 3.8447f58 Open Source Toolkit for Open Source Intelligence Gathering. recon
osintgram 1.3.r9.g3c61e53 OSINT tool offering an interactive shell to perform analysis on Instagram account of any users by its nickname. recon
osrframework 840.e02a6e9 A project focused on providing API and tools to perform more accurate online researches. recon social
pagodo 143.7b81d4b Google dork script to collect potentially vulnerable web pages and applications on the Internet. scanner recon
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parsero 81.e5b585a A robots.txt audit tool. recon
pass-station v1.4.0.r58.g5691dba CLI & library to search for default credentials among thousands of Products / Vendors. misc recon
pastemonitor 10.abbceb9 Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match.. recon automation misc
pasv-agrsv 57.6bb54f7 Passive recon / OSINT automation script. automation recon
pdfgrab 15.1327508 Tool for searching pdfs withthin google and extracting pdf metadata. recon
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
pentestly 1798.93d1b39 Python and Powershell internal penetration testing framework. scanner recon automation
pepe 13.b81889b Collect information about email addresses from Pastebin. social recon
photon 326.d4af460 Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
pmap 1.10 Passively discover, scan, and fingerprint link-local peers by the background noise they generate (i.e. their broadcast and multicast traffic). windows recon scanner fingerprint
pmapper 82.91d2e60 A tool for quickly evaluating IAM permissions in AWS. recon
postenum 116.9cd9d7e Clean, nice and easy tool for basic/advanced privilege escalation techniques. recon scanner exploitation
pown 332.0e32edf Security testing and exploitation toolkit built on top of Node.js and NPM. webapp recon scanner social proxy
pret 108.a04bd04 Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. exploitation fuzzer recon scanner
protosint 26.1ee6ee4 Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses. recon social
proxmark 2413.61163344 A powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. radio recon scanner
proxmark3 4.17768 A general purpose RFID tool for Proxmark3 hardware. radio recon scanner
pspy 159.2312eed Monitor linux processes without root permissions. misc recon
ptf 1491.f87dfa8 The Penetration Testers Framework is a way for modular support for up-to-date tools. exploitation scanner recon automation
punter 45.97b7bed Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare. recon
puredns v2.1.1.r1.g9d94e50 Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering. recon scanner
pwndora 248.d3f676a Massive IPv4 scanner, find and analyze internet-connected devices in minutes, create your own IoT search engine at home. scanner recon
pwned 2422.1688cf0 A command-line tool for querying the 'Have I been pwned?' service. recon
pwned-search 40.04c1439 Pwned Password API lookup. recon social
pwnedornot 150.d25d3fa Tool to find passwords for compromised email addresses. recon social
pymeta 13.fa74e64 Auto Scanning to SSL Vulnerability. recon
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-api-dnsdumpster 79.0f8ba2b Unofficial Python API for recon scanner
python-ivre 0.9.20.dev195 Network recon framework (library) recon networking
python-witnessme 1:1.5.0 Web Inventory tool, takes screenshots of webpages using Pyppeteer. webapp recon
python2-api-dnsdumpster 79.0f8ba2b Unofficial Python API for recon scanner
python2-ivre 0.9.16.dev26 Network recon framework (library) recon networking
python2-webtech 1.2.12 Identify technologies used on websites. webapp recon scanner fingerprint
quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. recon scanner
raccoon 187.9cf6c11 A high performance offensive security tool for reconnaissance and vulnerability scanning. recon scanner
ranger-scanner 149.3aae5dd A tool to support security professionals to access and interact with remote Microsoft Windows based systems. scanner recon
rapidscan 221.296a20b The Multi-Tool Web Vulnerability Scanner. webapp scanner recon fingerprint fuzzer exploitation
rasenum 1.0 A small program which lists the information for all of the entries in any phonebook file (.pbk). windows recon
raven 1:33.8646a58 A Linkedin information gathering tool used to gather information. recon
rbac-lookup v0.10.2.r0.ga3654cb A CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user. scanner recon
rdwarecon 1.2.r0.g9675200 A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application. recon windows
recon-ng 1:1025.470f4c1 A full-featured Web Reconnaissance framework written in Python. recon
reconnoitre 441.f62afba A security tool for multithreaded information gathering and service enumeration. recon
reconscan 61.afbcfc0 Network reconnaissance and vulnerability assessment tools. recon scanner
recsech 123.1fc298a Tool for doing Footprinting and Reconnaissance on the target web. recon scanner webapp fingerprinting
red-hawk 36.fa54e23 All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
reverseip 13.42cc9c3 ReverseIP is a ruby-based reverse IP-lookup tool, which finds all domains hosted on a web server and returns the HTTP status code of those domains. recon
revipd 5.2aaacfb A simple reverse IP domain scanner. recon scanner
ridrelay 34.f2fa99c Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. recon spoof networking
rifiuti2 1:0.7.0 A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file. forensic recon
ripdc 0.3 A script which maps domains related to an given ip address or domainname. recon scanner
rita 847.423287f Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis. recon
rpctools 1.0 Contains three separate tools for obtaining information from a system that is running RPC services windows recon scanner
rusthound 55.6d7b945 Active Directory data collector for BloodHound. recon windows
sawef 32.e5ce862 Send Attack Web Forms. webapp recon
sb0x 19.04f40fe A simple and Lightweight framework for Penetration testing. scanner fuzzer cracker backdoor recon
scamper 20230323 A tool that actively probes the Internet in order to analyze topology and performance. scanner recon networking
scavenger 103.75907e8 Crawler (Bot) searching for credential leaks on different paste sites. recon social
scrapy 2.11.1 A fast high-level scraping and web crawling framework. webapp recon scanner
scrying 234.caa233c Collect RDP, web, and VNC screenshots smartly. webapp recon
sctpscan 34.4d44706 A network scanner for discovery and security. recon scanner
scylla 98.d738a75 The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc recon social
sdn-toolkit 1.21 Discover, Identify, and Manipulate SDN-Based Networks networking scanner recon
seat 0.3 Next generation information digging application geared toward the needs of security professionals. It uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. scanner recon
secretfinder 1:14.a0283cb A python script to find sensitive data (apikeys, accesstoken, jwt,..) in javascript files. webapp recon
seeker 1:376.692e531 Accurately Locate People using Social Engineering. social recon
server-status-pwn 12.841d55d A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. recon
shard 1.5 A command line tool to detect shared passwords. recon
sherlock 2244.f794e23 Find usernames across social networks. social recon
shhgit 66.53e656c Find committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time. recon
shodanhat 13.e5e7e68 Search for hosts info with shodan. recon
shosubgo 2.0.r19.g6e8d48c Small tool to Grab subdomains using Shodan API. recon
simple-lan-scan 1.0 A simple python script that leverages scapy for discovering live hosts on a network. scanner recon networking
simplyemail 1:1.4.10.r7.6a42d37 Email recon made fast and easy, with a framework to build on recon
sipi 13.58f0dcc Simple IP Information Tools for Reputation Data Analysis. recon misc
skiptracer 1:123.ca40957 OSINT python2 webscraping framework. Skipping the needs of API keys. social recon
slackpirate 142.9788be6 Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace. social recon
smap-scanner 0.1.12.r1.g90dfe74 Passive port scanner built with shodan free API. scanner recon
smbcrunch 12.313400e 3 tools that work together to simplify reconaissance of Windows File Shares. recon scanner
smbexec 2:59.a54fc14 A rapid psexec style attack with samba tools. scanner recon fuzzer exploitation
smbmap 1:v1.10.2.r2.g910ab63 A handy SMB enumeration tool. scanner recon
smbsr 50.7f86241 Lookup for interesting stuff in SMB shares. scanner recon
smod 53.7eb8423 A modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. scanner fuzzer recon dos
smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. recon scanner
sn00p 0.8 A modular tool written in bourne shell and designed to chain and automate security tools and tests. automation scanner recon fingerprint networking fuzzer exploitation
sn1per 1:598.7326756 Automated Pentest Recon Scanner. recon automation scanner cracker
snmpcheck 1.9 A free open source utility to get information via SNMP protocols. networking recon
snoopbrute 17.589fbe6 Multithreaded DNS recursive host brute-force tool. scanner recon
snscrape A social networking service scraper in Python. recon social
social-analyzer 0.45 Analyzing & finding a person's profile across social media websites. social recon
social-mapper 190.92be8da A social media enumeration and correlation tool. social recon
social-vuln-scanner 11.91794c6 Gathers public information on companies to highlight social engineering risk. social recon
socialpwned v2.0.1.r5.g6af3563 OSINT tool that allows to get the emails, from a target, published in social networks. social recon
socialscan 128.5ae42d0 Check email address and username availability on online platforms. recon
sooty 333.6cb15e6 The SOC Analysts all-in-one CLI tool to automate and speed up workflow. defensive recon social
spade 114 A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. windows scanner recon
spfmap 8.a42d15a A program to map out SPF and DKIM records for a large number of domains. recon
spiderfoot 4.0 The Open Source Footprinting Tool. recon
spoofcheck 16.8cce591 Simple script that checks a domain for email protections. recon social
spray365 42.58fd193 Makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. cracker recon windows
spyse 47.cd11ba9 Python API wrapper and command-line client for the tools hosted on recon
ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS. recon scanner
stardox 41.95b0a97 Github stargazers information gathering tool. recon
striker 85.87c184d An offensive information and vulnerability scanner. scanner recon webapp
subdomainer 1.2 A tool designed for obtaining subdomain names from public sources. recon scanner
subfinder 1:v2.6.3.r365.gf5ce14e Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. recon
subjs 45.76ce9ec Fetches javascript file from a list of URLS or subdomains. webapp recon
sublert 67.56d2a12 A security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate. recon
sublist3r 138.729d649 A Fast subdomains enumeration tool for penetration testers. recon scanner
subover 71.3d258e2 A Powerful Subdomain Takeover Tool. scanner recon
subscraper 2:32.d20dcb7 Tool that performs subdomain enumeration through various techniques. recon scanner
superscan 4.1 Powerful TCP port scanner, pinger, resolver. windows scanner recon
swamp 59.3c8be65 An OSINT tool for discovering associated sites through Google Analytics Tracking IDs. recon
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
syborg 36.5cd010b Recursive DNS Subdomain Enumerator with dead-end avoidance system. recon
sysdig 0.37.1 Open source system-level exploration and troubleshooting tool recon
tactical-exploitation 91.fdc84c9 Modern tactical exploitation toolkit. scanner exploitation recon sniffer
teamsuserenum v1.0.r1.g0c8b6c2 User enumeration with Microsoft Teams API recon
thc-ipv6 3.8 Complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6 networking recon dos spoof scanner
thcrut 1.2.5 Network discovery and OS Fingerprinting tool. fingerprint recon scanner
thedorkbox 7.43852d3 Comprehensive collection of Google Dorks & OSINT techniques to find Confidential Data. recon
theharvester 3621.1bf65d86 Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). recon
tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup. recon
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
token-hunter 343.3358a33 OSINT Tool - Search the group and group members' snippets, issues, and issue discussions for sensitive data that may be included in these assets. social recon
traceroute 2.1.5 Tracks the route taken by packets over an IP network recon
trape 132.6baae24 People tracker on the Internet: OSINT analysis and research tool by Jose Pino. social recon
treasure 1:2.b3249be Hunt for sensitive information through githubs code search. recon
trufflehog 2:v3.76.3.r4.g4f833cbfa Searches through git repositories for high entropy strings, digging deep into commit history. recon
trusttrees 102.a9b7399 A Tool for DNS Delegation Trust Graphing. recon
tweets-analyzer 55.8d6bd3c Tweets metadata scraper & activity analyzer. social recon
twint 1:845.e7c8a0c7 An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. social recon
twofi 2.0 Twitter Words of Interest. recon
ubiquiti-probing 5.c28f4c1 A Ubiquiti device discovery tool. recon scanner
udork 102.1a0aab0 Python script that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications. recon scanner
uhoh365 26.110277a Script to enumerate Office 365 users without performing login attempts recon
ultimate-facebook-scraper 236.5661bdc A bot which scrapes almost everything about a Facebook user's profile. social recon
uncover v1.0.2.r2.g4b929e0 Discover exposed hosts on the internet using multiple search engines. recon
upnp-pentest-toolkit 1.1 UPnP Pentest Toolkit for Windows. windows scanner recon fuzzer
urlextractor 19.739864d Information gathering & website reconnaissance. webapp recon
userrecon 10.3b56891 Find usernames across over 75 social networks. recon social fingerprint
userrecon-py 1:15.eebd422 Recognition usernames in 187 social networks. social recon
vault 297.593e046 Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. scanner fingerprint recon networking
vault-scanner 299.0303cf4 Swiss army knife for hackers. scanner fingerprint recon networking
vbrute 1.11dda8b Virtual hosts brute forcer. recon scanner
vlan-hopping 21.a37ba4e Easy 802.1Q VLAN Hopping automation networking recon
vpnpivot 22.37bbde0 Explore the network using this tool. recon networking
vulmap 95.a167c47 Vulmap Online Local Vulnerability Scanners Project scanner fingerprint recon
vulnx 321.bcf451d Cms and vulnerabilites detector & An intelligent bot auto shell injector. webapp scanner fingerprint recon
waldo 29.ee4f960 A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. recon scanner
waybackpack 113.3616aee Download the entire Wayback Machine archive for a given URL. webapp recon
waybackurls 11.89da10c Fetch all the URLs that the Wayback Machine knows about for a domain. recon
wce 1.41beta A security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). windows recon
webanalyze 121.707f3a4 Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. webapp recon scanner fingerprint
webkiller 42.d680598 Tool Information Gathering Write By Python. webapp fingerprint recon
websearch 4.cb7ef8e Search vhost names given a host range. Powered by Bing.. recon
webtech 1.3.3 Identify technologies used on websites. webapp recon scanner fingerprint
weebdns 14.c01c04f DNS Enumeration with Asynchronicity. recon
whatbreach 42.dad6b9f OSINT tool to find breached emails and databases. social recon
whatsmyname 2320.52b5d69 Tool to perform user and username enumeration on various websites. webapp recon
whatweb 4910.efee4d80 Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
windapsearch 28.7724ec4 Script to enumerate users, groups and computers from a Windows domain through LDAP queries. recon
windows-exploit-suggester 41.776bd91 This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. recon
winfo 2.0 Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. windows recon scanner
wpsweep 1.0 A simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply. windows recon
xray 91.ca50a32 A tool for recon, mapping and OSINT gathering from public networks. recon
yasat 848 Yet Another Stupid Audit Tool. scanner recon fingerprint
yeti 3298.ea8d74cd A platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. defensive recon
zeus-scanner 414.21b8756 Advanced dork searching utility. recon
zgrab 804.59a517f Grab banners (optionally over TLS). recon
zgrab2 622.0bf098e Go Application Layer Scanner. fingerprint recon