Home / Tools / recon

Packets for the gathering information and reconnaissance.

Tool count: 286

Name Version Description Category Website
ad-ldap-enum 44.1386673 An LDAP based Active Directory user and group enumeration tool. recon
adfind 29.179602f Admin Panel Finder. webapp recon
altdns 58.319404d Generates permutations, alterations and mutations of subdomains and then resolves them. recon
amass 2:332.18d4be1 In-depth subdomain enumeration written in Go. scanner recon
api-dnsdumpster 59.eda15d6 Unofficial Python API for recon scanner
apkstat 18.81cdad3 Automated Information Retrieval From APKs For Initial Analysis. mobile recon
aquatone 92.0e70504 a set of tools for performing reconnaissance on domain names. recon scanner
atear 139.245ec8d Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration. wireless recon scanner
atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. windows scanner forensic cracker sniffer recon
automato 26.0aa769d Should help with automating some of the user-focused enumeration tasks during an internal penetration test. automation recon
autosint 234.e1f4937 Tool to automate common osint tasks. recon
aws-inventory 8.58eb448 Discover resources created in an AWS account. recon
aztarna 1.0 A footprinting tool for ROS and SROS systems. recon fingerprint
badkarma 85.2c46334 Advanced network reconnaissance toolkit. scanner networking recon
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. recon scanner
belati 72.49577a1 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 50.2d0516c An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
billcipher 28.3d3322a Information Gathering tool for a Website or IP address. recon scanner
bind-tools 9.14.0 The ISC DNS tools networking recon
bing-ip2hosts 0.4 Enumerates all hostnames which Bing has indexed for a specific IP address. recon
birp 65.b2e108a A tool that will assist in the security assessment of mainframe applications served over TN3270. scanner recon fuzzer
blackbox-scanner 4:1.7a25220 Dork scanner & bruteforcing & hash cracker tool with blackbox penetration testing framework. scanner recon cracker
bloodhound 658.1503905 Six Degrees of Domain Admin recon windows
bluto 1:129.b74a182 Recon, Subdomain Bruting, Zone Transfers. scanner recon
browselist 1.4 Retrieves the browse list ; the output list contains computer names, and the roles they play in the network. windows recon
c5scan 29.33a500c Vulnerability scanner and information gatherer for the Concrete5 CMS. webabb scan recon
canari 3.3.9 A transform framework for maltego forensic recon scanner
cantoolz 1:424.bc4c2bf Framework for black-box CAN network analysis automobile recon fuzzer scanner
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information forensic recon scanner
catnthecanary 7.e9184fe An application to query the data set for leaked data. recon
certgraph 140.97a2803 Crawl the graph of certificate Alternate Names. recon
chaosmap 1.3 An information gathering tool and dns / whois / web server scanner forensic scanner recon
cloudfail 60.86e8cc3 Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network. recon
cnamulator 5.4667c68 A phone CNAM lookup utility using the OpenCNAM API. mobile recon
cr3dov3r 46.99a1660 Search for public leaks for email addresses + check creds against 16 websites. social recon
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
creepy 1:137.9f60449 A geolocation information gatherer. Offers geolocation information gathering through social networking platforms. scanner social recon
ct-exposer 21.aa8d817 An OSINT tool that discovers sub-domains by searching Certificate Transparency logs scanner recon
cutycapt 3:10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page. recon
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
datasploit 1:367.a270d50 A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data. recon scanner
davscan 28.13ae481 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
detectem 228.c40e39a Detect software and its version on websites. fingerprint webapp recon
dga-detection 78.0a3186e DGA Domain Detection using Bigram Frequency Analysis. recon
dns-parallel-prober 56.99a7b83 PoC for an adaptive parallelised DNS prober. recon
dns2geoip 0.1 A simple python script that brute forces DNS and subsequently geolocates the found subdomains. scanner recon
dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads. recon scanner
dnsenum Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. recon scanner
dnsgrep 5.c982dc7 A utility for quickly searching presorted DNS names. recon
dnsrecon 2:0.8.13 Python script for enumeration of hosts, subdomains and emails from a given domain using google. recon
dnssearch 20.e4ea439 A subdomain enumeration tool. recon
dnsspider 1.1 A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation. recon scanner
dnstracer 1.9 Determines where a given DNS server gets its information from, and follows the chain of DNS servers recon
dnstwist 214.ca6fd8c Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. scanner recon
dnswalk 2.0.2 A DNS debugger. recon scanner
domain-analyzer 0.8.1 Finds all the security information for a given domain name. recon
domain-stats 28.033375f A web API to deliver domain information from whois and alexa. recon
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dradis 3.0.0.rc1 An open source framework to enable effective information sharing. recon misc
dradis-ce 857.692d172 An open source framework to enable effective information sharing. recon misc
dumpusers 1.0 Dumps account names and information even though RestrictAnonymous has been set to 1. windows recon
eapeak 130.9550d1c Analysis Suite For EAP Enabled Wireless Networks. wireless recon
easyda 7.0867f9b Easy Windows Domain Access Script. automation scanner recon
eigrp-tools 0.1 This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol. sniffer networking recon scanner
enteletaor 64.399d107 Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. exploitation scanner recon
enum4linux 0.8.9 A tool for enumerating information from Windows and Samba systems. recon scanner
enumerid 13.4853066 Enumerate RIDs using pure Python. recon
exitmap 358.2e0f62e A fast and modular scanner for Tor exit relays. recon
expimp-lookup 4.79a96c7 Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree. binary recon
eyewitness 758.902509a Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
fbid 16.1b35eb9 Show info about the author by facebook photo url. recon social
fernmelder 6.c6d4ebe Asynchronous mass DNS scanner. scanner recon
fileintel 29.9749332 A modular Python application to pull intelligence about malicious files. malware recon
findmyiphone 19.aef3ac8 Locates all devices associated with an iCloud account mobile recon
flare-floss 1.5.0 Obfuscated String Solver - Automatically extract obfuscated strings from malware. recon
flashlight 109.90d1dc5 Automated Information Gathering Tool for Penetration Testers. recon
forager 115.7439b0a Multithreaded threat Intelligence gathering utilizing. recon
fping 4.2 A utility to ping multiple hosts at once networking recon scanner
fport 2.0 Identify unknown open ports and their associated applications. windows recon fingerprint
gasmask 149.9d26cb5 All in one Information gathering tool - OSINT. recon
gatecrasher 2.3ad5225 Network auditing and analysis tool developed in Python. recon scanner
geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). recon
geoip 1.6.12 Non-DNS IP-to-country resolver C library & utils networking recon
gitem 85.b8937c0 A Github organization reconnaissance tool. recon
githack 7.dad9d5c A `.git` folder disclosure exploit. recon
gitleaks 349.5d68b48 Audit Git repos for secrets and keys. recon
gitmails 70.ee11da1 An information gathering tool to collect git commit emails in version control host services. recon social
gitminer 53.3f81161 Tool for advanced mining for content on Github. recon
gloom 95.607162b Linux Penetration Testing Framework. scanner exploitation recon fuzzer social
goddi 1.2 Dumps Active Directory domain information. recon windows
goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. recon
goofile 1.5 Command line filetype search recon
goog-mail 1.0 Enumerate domain emails from google. recon
goohak 26.ee593c7 Automatically Launch Google Hacking Queries Against A Target Domain. recon automation scanner
gosint 104.07b811c OSINT framework in Go. recon
gplist 1.0 Lists information about the applied Group Policies. windows recon
grabing 11.9c1aa6c Counts all the hostnames for an IP adress recon
gsd 1.1 Gives you the Discretionary Access Control List of any Windows NT service you specify as a command line option. windows recon
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
h8mail 28.c4b8b2e Email OSINT and password breach hunting. recon social
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository. recon
handle 1:0.1 An small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,.. windows recon
hasere 1.0 Discover the vhosts using google and bing. recon scanner
hatcloud 33.3012ad6 Bypass CloudFlare with Ruby. recon
hoper 12.3951159 Trace URL's jumps across the rel links to obtain the last URL. recon
hoppy 1.8.1 A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. scanner recon
howmanypeoplearearound 122.776082c Count the number of people around you by monitoring wifi signals. recon wireless
htrosbif 134.9dc3f86 Active HTTP server fingerprinting and recon tool. fingerprint recon
http-traceroute 0.5 This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality. networking recon
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httping 2.5 A ping-like tool for http-requests networking recon
id-entify 16.8e6c566 Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records. recon
idswakeup 1.0 A collection of tools that allows to test network intrusion detection systems. recon networking scanner
infoga 3:13.f02cdb0 Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers). recon
inquisitor 1:28.12a9ec1 OSINT Gathering Tool for Companies and Organizations. recon social
intrace 1.5 Traceroute-like application piggybacking on existing TCP connections recon
inzider 1.2 This is a tool that lists processes in your Windows system and the ports each one listen on. windows recon
ip-tracer 76.ce07e93 Track and retrieve any ip address information. recon
ip2clue 0.0.94 A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6). recon
iptodomain 18.f1afcd7 This tool extract domains from IP address based in the information saved in virustotal. recon
ircsnapshot 94.cb02a85 Tool to gather information from IRC servers. recon scanner
isme 0.12 Scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. voip recon scanner
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
ivre 1:0.9.12.dev77 Network recon framework. recon networking
ivre-docs 1:0.9.12.dev77 Network recon framework (documentation) recon networking
ivre-web 1:0.9.12.dev77 Network recon framework (web application) recon networking
kacak 1.0 Tools for penetration testers that can enumerate which users logged on windows system. recon
katana A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). exploitation dos cracker scanner recon
knock 1:274.231c1b6 Subdomain scanner. scanner recon
lanmap2 1:127.1197999 Passive network mapping tool. recon
lbd 20130719 Load Balancing detector recon
ldapenum 1:0.1 Enumerate domain controllers using LDAP. recon scanner
lft 1:3.8 A layer four traceroute implementing numerous other features. recon networking
lhf 40.51568ee A modular recon tool for pentesting. recon
linenum 54.ddfd743 Scripted Local Linux Enumeration & Privilege Escalation Checks scanner recon
linux-exploit-suggester 32.9db2f5a A Perl script that tries to suggest exploits based OS version number. recon 117.28a2ace Linux privilege escalation auditing tool. recon
loot 51.656fb85 Sensitive information extraction tool. recon
lte-cell-scanner 57.5fa3df8 LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure). scanner mobile recon
machinae 165.cdee15f A tool for collecting intelligence from public sites/feeds about various security-related pieces of data. recon
mail-crawl 0.1 Tool to harvest emails from website. recon
maltego An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. forensic recon scanner
maryam 2:443.7f63d59 Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
massbleed 16.cf7c5d6 Automated Pentest Recon Scanner. recon automation scanner
mbenum 1.5.0 Queries the master browser for whatever information it has registered. windows recon
mdns-recon 10.81ecf94 An mDNS recon tool written in Python. recon
metagoofil 1.4b An information gathering tool designed for extracting metadata of public documents. recon
metasploit 5.0.9 Advanced open-source platform for developing, testing, and using exploit code exploitation fuzzer scanner recon networking
mingsweeper 1.00 A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. windows recon scanner
missidentify 1.0 A program to find Win32 applications. recon windows
modscan 0.1 A new tool designed to map a SCADA MODBUS TCP based network. scanner recon
monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. recon networking
mptcp-abuse 6.b0eeb27 A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014. networking recon scanner
mylg 656.616fd53 Network Diagnostic Tool. networking recon sniffer
nasnum 5.df5df19 Script to enumerate network attached storages. recon
nbname 1.0 Decodes and displays all NetBIOS name packets it receives on UDP port 137 and more! windows sniffer recon dos scanner
nbtenum 3.3 A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. windows scanner recon
nbtool 1:2.bf90c76 Some tools for NetBIOS and DNS investigation, attacks, and communication. networking recon scanner
nbtscan 1.5.1 NBTscan is a program for scanning IP networks for NetBIOS name information. scanner recon
necromant 3.acbc448 Python Script that search unused Virtual Hosts in Web Servers. recon
neglected 1:8.68d02b3 Facebook CDN Photo Resolver. recon
netdiscover 0.3 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. recon wireless
netkit-bsd-finger 0.17 BSD-finger ported to Linux. recon
netmask 2.4.4 Helps determine network masks recon
netreconn 1.78 A collection of network scan/recon tools that are relatively small compared to their larger cousins. networking recon scanner
netscan2 1:54.262bffe Active / passive network scanner. scanner recon
nipper 0.11.7 Network Infrastructure Parser recon networking
nohidy 67.22c1283 The system admins best friend, multi platform auditing tool. recon networking defensive
nsec3map 20.1263537 A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain. scanner recon
nsec3walker 20101223 Enumerates domain names using DNSSEC recon
ntp-ip-enum 0.1 Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. recon
nullinux 95.9155b58 Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. recon scanner
o-saft 3104.3505da3 A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. scanner recon
omnibus 126.d73c1e7 OSINT tool for intelligence collection, research and artifact management. recon social
onioff 84.34dc309 An onion url inspector for inspecting deep web links. recon recon
osint-spy 13.76f2c7a Performs OSINT scan on email/domain/ip_address/organization. recon social
osinterator 3.8447f58 Open Source Toolkit for Open Source Intelligence Gathering. recon
osrframework 789.83437f4 A project focused on providing API and tools to perform more accurate online researches. recon social
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parsero 81.e5b585a A robots.txt audit tool. recon
pasv-agrsv 57.6bb54f7 Passive recon / OSINT automation script. automation recon
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
pentestly 1798.93d1b39 Python and Powershell internal penetration testing framework. scanner recon automation
photon 307.c7326a6 Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
pmap 1.10 Passively discover, scan, and fingerprint link-local peers by the background noise they generate (i.e. their broadcast and multicast traffic). windows recon scanner fingerprint
pmapper 15.d38a5de A tool for quickly evaluating IAM permissions in AWS. recon
pown 91.d3457e4 Security testing and exploitation toolkit built on top of Node.js and NPM. webapp recon scanner social proxy
pret 81.4f3820a Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. exploitation fuzzer recon scanner
proxmark 2256.1511ea28 A powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. radio recon scanner
ptf 1132.8302a29 The Penetration Testers Framework is a way for modular support for up-to-date tools. exploitation scanner recon automation
punter 45.97b7bed Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare. recon
pwned 585.8e60c39 A command-line tool for querying the 'Have I been pwned?' service. recon
pymeta 13.fa74e64 Auto Scanning to SSL Vulnerability. recon
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-ivre 1:0.9.12.dev77 Network recon framework (library) recon networking
python2-ivre 1:0.9.12.dev77 Network recon framework (library) recon networking
quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. recon scanner
raccoon 183.985797f A high performance offensive security tool for reconnaissance and vulnerability scanning. recon scanner
ranger-scanner 149.3aae5dd A tool to support security professionals to access and interact with remote Microsoft Windows based systems. scanner recon
rasenum 1.0 A small program which lists the information for all of the entries in any phonebook file (.pbk). windows recon
raven 1:0.3 A Linkedin information gathering tool used to gather information. recon
recon-ng 1:4.9.6 A full-featured Web Reconnaissance framework written in Python. recon
reconnoitre 396.e1027ec A security tool for multithreaded information gathering and service enumeration. recon
reconscan 37.d321842 Network reconnaissance and vulnerability assessment tools. recon scanner
red-hawk 27.f560071 All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
reverseip 13.42cc9c3 ReverseIP is a ruby-based reverse IP-lookup tool, which finds all domains hosted on a web server and returns the HTTP status code of those domains. recon
revipd 5.2aaacfb A simple reverse IP domain scanner. recon scanner
rifiuti2 1:0.6.1 A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file. forensic recon
ripdc 0.3 A script which maps domains related to an given ip address or domainname. recon scanner
rpctools 1.0 Contains three separate tools for obtaining information from a system that is running RPC services windows recon scanner
sawef 28.e65dc9f Send Attack Web Forms. webapp recon
sb0x 19.04f40fe A simple and Lightweight framework for Penetration testing. scanner fuzzer cracker backdoor recon
scamper 20180504 A tool that actively probes the Internet in order to analyze topology and performance. scanner recon networking
scrapy 1.6.0 A fast high-level scraping and web crawling framework. webapp recon scanner
sctpscan 34.4d44706 A network scanner for discovery and security. recon scanner
sdn-toolkit 1.21 Discover, Identify, and Manipulate SDN-Based Networks networking scanner recon
seat 0.3 Next generation information digging application geared toward the needs of security professionals. It uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. scanner recon
server-status-pwn 7.0c02af0 A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. recon
shard 1.5 A command line tool to detect shared passwords. recon
shodanhat 13.e5e7e68 Search for hosts info with shodan. recon
simple-lan-scan 1.0 A simple python script that leverages scapy for discovering live hosts on a network. scanner recon networking
simplyemail 1:1.4.10.r7.6a42d37 Email recon made fast and easy, with a framework to build on recon
sipi 13.58f0dcc Simple IP Information Tools for Reputation Data Analysis. recon misc
slackpirate 111.0c15149 Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace. social recon
smbcrunch 12.313400e 3 tools that work together to simplify reconaissance of Windows File Shares. recon scanner
smbexec 1:148.7827616 A rapid psexec style attack with samba tools. scanner recon fuzzer exploitation
smbmap 67.b55fc05 A handy SMB enumeration tool. scanner recon
smod 53.7eb8423 A modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. scanner fuzzer recon dos
smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. recon scanner
sn00p 0.8 A modular tool written in bourne shell and designed to chain and automate security tools and tests. automation scanner recon fingerprint networking fuzzer exploitation
sn1per 1:306.2703495 Automated Pentest Recon Scanner. recon automation scanner cracker
snmpcheck 1.8 A free open source utility to get information via SNMP protocols. networking recon
snoopbrute 17.589fbe6 Multithreaded DNS recursive host brute-force tool. scanner recon
social-mapper 73.c227f4f A social media enumeration and correlation tool. social recon
social-vuln-scanner 11.91794c6 Gathers public information on companies to highlight social engineering risk. social recon
spade 114 A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. windows scanner recon
spfmap 8.a42d15a A program to map out SPF and DKIM records for a large number of domains. recon
spiderfoot 2.12.0 The Open Source Footprinting Tool. recon
spoofcheck 16.8cce591 Simple script that checks a domain for email protections. recon social
ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS. recon scanner
stardox 41.95b0a97 Github stargazers information gathering tool. recon
striker 66.c28a88a An offensive information and vulnerability scanner. scanner recon webapp
subdomainer 1.2 A tool designed for obtaining subdomain names from public sources. recon scanner
subfinder 410.357c340 Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. recon
sublist3r 124.69fdd12 A Fast subdomains enumeration tool for penetration testers. recon scanner
subover 71.3d258e2 A Powerful Subdomain Takeover Tool. scanner recon
subscraper 18.aa377e0 Tool that performs subdomain enumeration through various techniques. recon scanner
superscan 4.1 Powerful TCP port scanner, pinger, resolver. windows scanner recon
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
sysdig 0.25 Open source system-level exploration and troubleshooting tool recon
tactical-exploitation 78.66f8e2b Modern tactical exploitation toolkit. scanner exploitation recon sniffer
thc-ipv6 3.6 Complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6 networking recon dos spoof scanner
theharvester 703.5f8e32e Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). recon
tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup. recon
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
traceroute 2.1.0 Tracks the route taken by packets over an IP network recon
trape 103.9dd8f8e People tracker on the Internet: OSINT analysis and research tool by Jose Pino. social recon
treasure 6.a91d52b Hunt for sensitive information through githubs code search. recon
trufflehog 135.a4c69fa Searches through git repositories for high entropy strings, digging deep into commit history. recon
trusttrees 7.0665877 A Tool for DNS Delegation Trust Graphing. recon
tweets-analyzer 50.0251238 Tweets metadata scraper & activity analyzer. social recon
twofi 2.0 Twitter Words of Interest. recon
ubiquiti-probing 5.c28f4c1 A Ubiquiti device discovery tool. recon scanner
upnp-pentest-toolkit 1.1 UPnP Pentest Toolkit for Windows. windows scanner recon fuzzer
userrecon 10.3b56891 Find usernames across over 75 social networks. recon social fingerprint
vbrute 1.11dda8b Virtual hosts brute forcer. recon scanner
vlan-hopping 21.a37ba4e Easy 802.1Q VLAN Hopping automation networking recon
vpnpivot 22.37bbde0 Explore the network using this tool. recon networking
waldo 29.ee4f960 A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. recon scanner
waybackpack 49.36db906 Download the entire Wayback Machine archive for a given URL. webapp recon
wce 1.41beta A security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). windows recon
websearch 3.09935a5 Search vhost names given a host range. Powered by Bing.. recon
whatsmyname 265.1f90346 Tool to perform user and username enumeration on various websites. webapp recon
whatweb 4263.1420e9fa Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
windows-exploit-suggester 41.776bd91 This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. recon
winfo 2.0 Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. windows recon scanner
wpsweep 1.0 A simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply. windows recon
xray 91.ca50a32 A tool for recon, mapping and OSINT gathering from public networks. recon
yasat 848 Yet Another Stupid Audit Tool. scanner recon fingerprint
zeus-scanner 412.f6a3ada Advanced dork searching utility. recon
zgrab 800.4f43262 Grab banners (optionally over TLS). recon