Home / Tools / recon

Packets for the gathering information and reconnaissance.

Tool count: 394

Name Version Description Category Website
activedirectoryenum 1:0.5.0 Enumerate AD through LDAP. recon
ad-ldap-enum 44.1386673 An LDAP based Active Directory user and group enumeration tool. recon
adfind 29.179602f Admin Panel Finder. webapp recon
aiodnsbrute 38.e773a4c Python 3 DNS asynchronous brute force utility. recon
altdns 68.689cc81 Generates permutations, alterations and mutations of subdomains and then resolves them. recon
amass 2:1099.22dd146 In-depth subdomain enumeration written in Go. scanner recon
api-dnsdumpster 59.eda15d6 Unofficial Python API for recon scanner
apkstat 18.81cdad3 Automated Information Retrieval From APKs For Initial Analysis. mobile recon
aquatone 120.854a5d5 a set of tools for performing reconnaissance on domain names. recon scanner
assetfinder 19.4e95d87 Find domains and subdomains potentially related to a given domain. scanner recon
atear 139.245ec8d Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration. wireless recon scanner
atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. windows scanner forensic cracker sniffer recon
attacksurfacemapper 39.ded9b34 Tool that aims to automate the reconnaissance process. recon automation
automato 33.0561b59 Should help with automating some of the user-focused enumeration tasks during an internal penetration test. automation recon
autorecon 77.9bf5b64 A multi-threaded network reconnaissance tool which performs automated enumeration of services. automation recon scanner
autosint 234.e1f4937 Tool to automate common osint tasks. recon
aws-inventory 16.d987097 Discover resources created in an AWS account. recon
aztarna 1.2.1 A footprinting tool for ROS and SROS systems. recon fingerprint
badkarma 85.2c46334 Advanced network reconnaissance toolkit. scanner networking recon
badministration 16.69e4ec2 A tool which interfaces with management or administration applications from an offensive standpoint. webapp scanner recon fingerprint
barq 35.6f1a68c An AWS Cloud Post Exploitation framework. exploitation backdoor automation recon
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. recon scanner
belati 72.49577a1 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 51.a482db2 An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
billcipher 32.97fba59 Information Gathering tool for a Website or IP address. recon scanner
bind 9.16.8 The ISC DNS Server networking recon
bind-tools 9.16.5 The ISC DNS tools networking recon
bing-ip2hosts 1.0.3 Enumerates all hostnames which Bing has indexed for a specific IP address. recon
birp 65.b2e108a A tool that will assist in the security assessment of mainframe applications served over TN3270. scanner recon fuzzer
blackbox-scanner 4:1.7a25220 Dork scanner & bruteforcing & hash cracker tool with blackbox penetration testing framework. scanner recon cracker
bloodhound 923.66ffed1 Six Degrees of Domain Admin recon windows
bloodhound-python v1.0.1.r16.gfd793b9 Bloodhound python data collector recon windows
bluto 1:142.25cad7a Recon, Subdomain Bruting, Zone Transfers. scanner recon
browselist 1.4 Retrieves the browse list ; the output list contains computer names, and the roles they play in the network. windows recon
buster 92.131437e Find emails of a person and return info associated with them. social recon
c5scan 30.be8845c Vulnerability scanner and information gatherer for the Concrete5 CMS. webabb scan recon
canari 3.3.10 A transform framework for maltego forensic recon scanner
cantoolz 1:424.bc4c2bf Framework for black-box CAN network analysis automobile recon fuzzer scanner
cardpwn 32.166abf9 OSINT Tool to find Breached Credit Cards Information. social recon
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information forensic recon scanner
catnthecanary 7.e9184fe An application to query the data set for leaked data. recon
ccrawldns 3.6325110 Retrieves from the CommonCrawl data set unique subdomains for a given domain name. recon
certgraph 146.2e0c18b Crawl the graph of certificate Alternate Names. recon
chaos-client 73.a5e70d4 Go client to communicate with Chaos dataset API. recon
chaosmap 1.3 An information gathering tool and dns / whois / web server scanner forensic scanner recon
citadel 95.3b1adbc A library of OSINT tools. recon social
cloud-buster 194.b55e4a1 A tool that checks Cloudflare enabled sites for origin IP leaks. recon
cloudfail 77.fcd9016 Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network. recon
cloudmare 56.baf01dc A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS. recon scanner
cloudunflare 14.b91a8a7 Reconnaissance Real IP address for Cloudflare Bypass. recon scanner
cmsscan 41.45a0360 CMS scanner to identify and find vulnerabilities for Wordpress, Drupal, Joomla, vBulletin. webapp scanner recon fingerprint
cmsscanner CMS Scanner Framework. webapp scanner recon fingerprint
cnamulator 5.4667c68 A phone CNAM lookup utility using the OpenCNAM API. mobile recon
commonspeak 36.f0aad23 Leverages publicly available datasets from Google BigQuery to generate wordlists. automation recon
cr3dov3r 46.99a1660 Search for public leaks for email addresses + check creds against 16 websites. social recon
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
creepy 1:137.9f60449 A geolocation information gatherer. Offers geolocation information gathering through social networking platforms. scanner social recon
crosslinked 20.1c08d3a LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping. social recon
ct-exposer 22.5af35c3 An OSINT tool that discovers sub-domains by searching Certificate Transparency logs scanner recon
cutycapt 3:10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page. recon
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
darkscrape 63.4c225f3 OSINT Tool For Scraping Dark Websites. webapp scanner recon
datasploit 1:367.a270d50 A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data. recon scanner
davscan 30.701f967 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
detectem 269.e80471e Detect software and its version on websites. fingerprint webapp recon
dga-detection 78.0a3186e DGA Domain Detection using Bigram Frequency Analysis. recon
dns-parallel-prober 56.99a7b83 PoC for an adaptive parallelised DNS prober. recon
dns2geoip 0.1 A simple python script that brute forces DNS and subsequently geolocates the found subdomains. scanner recon
dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads. recon scanner
dnscobra 1.0 DNS subdomain bruteforcing tool with Tor support through torsocks recon
dnsenum Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. recon scanner
dnsgrep 14.3f4fa7c A utility for quickly searching presorted DNS names. recon
dnsprobe 55.71b5f9a Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. recon
dnsrecon 2:0.10.0 Python script for enumeration of hosts, subdomains and emails from a given domain using google. recon
dnssearch 20.e4ea439 A subdomain enumeration tool. recon
dnsspider 1.3 A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation. recon scanner
dnstracer 1.9 Determines where a given DNS server gets its information from, and follows the chain of DNS servers recon
dnstwist 358.e7857e7 Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. scanner recon
dnswalk 2.0.2 A DNS debugger. recon scanner
dnsx 32.dde78da Fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. recon
domain-analyzer 0.8.1 Finds all the security information for a given domain name. recon
domain-stats 139.93158d9 A web API to deliver domain information from whois and alexa. recon
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dradis 3.0.0.rc1 An open source framework to enable effective information sharing. recon misc
dradis-ce 3645.2612b704 An open source framework to enable effective information sharing. recon misc
dsstore-crawler 4.9e003a3 A parser + crawler for .DS_Store files exposed publically. webapp recon
dumpusers 1.0 Dumps account names and information even though RestrictAnonymous has been set to 1. windows recon
eapeak 130.9550d1c Analysis Suite For EAP Enabled Wireless Networks. wireless recon
easyda 7.0867f9b Easy Windows Domain Access Script. automation scanner recon
eigrp-tools 0.1 This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol. sniffer networking recon scanner
email2phonenumber 19.d097c07 A OSINT tool to obtain a target's phone number just by having his email address. social recon
enteletaor 66.e8e4daa Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. exploitation scanner recon
enum4linux 0.8.9 A tool for enumerating information from Windows and Samba systems. recon scanner
enumerid 21.156a7f1 Enumerate RIDs using pure Python. recon
exitmap 366.13bdbbb A fast and modular scanner for Tor exit relays. recon
expimp-lookup 4.79a96c7 Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree. binary recon
eyewitness 864.d98b547 Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebookosint 21.656a04a OSINT tool to replace facebook graph search. social recon
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
favfreak 23.8f19690 Weaponizing favicon.ico for BugBounties , OSINT and what not. recon fingerprint
fbi 28.0f94e99 An accurate facebook account information gathering. social recon
fbid 16.1b35eb9 Show info about the author by facebook photo url. recon social
fernmelder 6.c6d4ebe Asynchronous mass DNS scanner. scanner recon
fileintel 31.e1ab7b3 A modular Python application to pull intelligence about malicious files. malware recon
finalrecon 54.0d41eb6 OSINT Tool for All-In-One Web Reconnaissance. recon
findmyiphone 19.aef3ac8 Locates all devices associated with an iCloud account mobile recon
findomain 2.1.4 A tool that use Certificate Transparency logs to find subdomains. scanner recon
flare-floss 1.6.1 Obfuscated String Solver - Automatically extract obfuscated strings from malware. recon
flashlight 109.90d1dc5 Automated Information Gathering Tool for Penetration Testers. recon
forager 115.7439b0a Multithreaded threat Intelligence gathering utilizing. recon
fping 5.0 A utility to ping multiple hosts at once networking recon scanner
fport 2.0 Identify unknown open ports and their associated applications. windows recon fingerprint
gasmask 170.e0d0f0a All in one Information gathering tool - OSINT. recon
gatecrasher 2.3ad5225 Network auditing and analysis tool developed in Python. recon scanner
gau 55.4846cd1 Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. webapp recon
geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). recon
geoip 1.6.12 Non-DNS IP-to-country resolver C library & utils networking recon
git-hound 110.b18095e Pinpoints exposed API keys on GitHub. A batch-catching, pattern-matching, patch-attacking secret snatcher. recon social
gitdorker 94.34cb621 Python program to scrape secrets from GitHub through usage of a large repository of dorks. recon scanner
gitem 104.d40a1c9 A Github organization reconnaissance tool. recon
gitgraber 67.72e5850 Monitor GitHub to search and find sensitive data in real time for different online services. recon
githack 10.1fed62c A `.git` folder disclosure exploit. recon
github-dorks 57.07e0472 Collection of github dorks and helper tool to automate the process of checking dorks. recon social
gitleaks 589.2acc34d Audit Git repos for secrets and keys. recon
gitmails 71.8aa8411 An information gathering tool to collect git commit emails in version control host services. recon social
gitminer 54.16ada58 Tool for advanced mining for content on Github. recon
gloom 95.607162b Linux Penetration Testing Framework. scanner exploitation recon fuzzer social
goddi 1.2 Dumps Active Directory domain information. recon windows
goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. recon
goofile 1.5 Command line filetype search recon
goog-mail 1.0 Enumerate domain emails from google. recon
goohak 30.576ca53 Automatically Launch Google Hacking Queries Against A Target Domain. recon automation scanner
goop 12.39b34eb Perform google searches without being blocked by the CAPTCHA or hitting any rate limits. recon
gosint 196.9c86ed2 OSINT framework in Go. recon
gplist 1.0 Lists information about the applied Group Policies. windows recon
grabing 11.9c1aa6c Counts all the hostnames for an IP adress recon
gsd 1.1 Gives you the Discretionary Access Control List of any Windows NT service you specify as a command line option. windows recon
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
h8mail 321.9f75390 Email OSINT and password breach hunting. recon social
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
hakrevdns 37.9fa2d59 Small, fast tool for performing reverse DNS lookups en masse. recon
halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository. recon
handle 1:0.1 An small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,.. windows recon
harpoon 268.32dabdf CLI tool for open source and threat intelligence. automation recon
hasere 1.0 Discover the vhosts using google and bing. recon scanner
hatcloud 33.3012ad6 Bypass CloudFlare with Ruby. recon
hellraiser 182.2790f3a Vulnerability Scanner. scanner recon
homepwn 30.6bf431e Swiss Army Knife for Pentesting of IoT Devices. scanner recon fuzzer exploitation
hoper 12.3951159 Trace URL's jumps across the rel links to obtain the last URL. recon
hoppy 1.8.1 A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. scanner recon
hosthunter 90.c842375 A recon tool for discovering hostnames using OSINT techniques. recon
howmanypeoplearearound 123.b05e06a Count the number of people around you by monitoring wifi signals. recon wireless
htrosbif 134.9dc3f86 Active HTTP server fingerprinting and recon tool. fingerprint recon
http-traceroute 0.5 This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality. networking recon
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httping 2.5 A ping-like tool for http-requests networking recon
id-entify 34.dd064a5 Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records. recon
idswakeup 1.0 A collection of tools that allows to test network intrusion detection systems. recon networking scanner
infoga 3:17.d2a1e56 Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers). recon
inquisitor 1:28.12a9ec1 OSINT Gathering Tool for Companies and Organizations. recon social
instagramosint 20.94213fd An Instagram Open Source Intelligence Tool. social recon
intelplot 12.4dd9fc0 OSINT Tool to Mark Points on Offline Map. recon
intrace 1.5 Traceroute-like application piggybacking on existing TCP connections recon
inzider 1.2 This is a tool that lists processes in your Windows system and the ports each one listen on. windows recon
ip-tracer 88.28c5c49 Track and retrieve any ip address information. recon
ip2clue 0.0.95 A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6). recon
iptodomain 18.f1afcd7 This tool extract domains from IP address based in the information saved in virustotal. recon
ipv666 182.ad45ae8 Golang IPv6 address enumeration. recon networking
ircsnapshot 94.cb02a85 Tool to gather information from IRC servers. recon scanner
isme 0.12 Scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. voip recon scanner
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
ivre 0.9.15.dev202 Network recon framework. recon networking
ivre-docs 0.9.15.dev202 Network recon framework (documentation) recon networking
ivre-web 0.9.15.dev202 Network recon framework (web application) recon networking
jackdaw 272.b698fdd Collect all information in your domain, show you graphs on how domain objects interact with each-other and how to exploit these interactions recon windows
jast 17.361ecde Just Another Screenshot Tool. webapp recon misc
jsearch 34.15a5285 Simple script that grep infos from javascript files. recon webapp
kacak 1.0 Tools for penetration testers that can enumerate which users logged on windows system. recon
kamerka 40.be17620 Build interactive map of cameras from Shodan. recon
katana A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). exploitation dos cracker scanner recon
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences. recon webapp
knock 1:279.7b9f813 Subdomain scanner. scanner recon
lanmap2 1:127.1197999 Passive network mapping tool. recon
lbd 20130719 Load Balancing detector recon
ldapenum 1:0.1 Enumerate domain controllers using LDAP. recon scanner
ldeep 88.255d93a In-depth ldap enumeration utility. recon
legion 52.036730a Automatic Enumeration Tool based in Open Source tools. recon automation
lft 1:3.91 A layer four traceroute implementing numerous other features. recon networking
lhf 40.51568ee A modular recon tool for pentesting. recon
linenum 75.c47f9b2 Scripted Local Linux Enumeration & Privilege Escalation Checks scanner recon
linkedin2username 106.766b7ce OSINT Tool: Generate username lists for companies on LinkedIn. social recon misc
linkfinder 157.dae58bb Discovers endpoint and their parameters in JavaScript files. webapp recon
linux-exploit-suggester 32.9db2f5a A Perl script that tries to suggest exploits based OS version number. recon 153.d9d6c55 Linux privilege escalation auditing tool. recon
littlebrother 101.07f6829 OSINT tool to get informations on French, Belgian and Swizerland people. recon social
loot 51.656fb85 Sensitive information extraction tool. recon
lte-cell-scanner 57.5fa3df8 LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure). scanner mobile recon
lulzbuster 1.3.2 A very fast and smart web-dir/file enumeration tool written in C. webapp scanner recon
machinae 191.7cf9493 A tool for collecting intelligence from public sites/feeds about various security-related pieces of data. recon
maigret 1278.7ffe4be Collect a dossier on a person by username from a huge number of sites. recon
mail-crawl 0.1 Tool to harvest emails from website. recon
maltego An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. forensic recon scanner
maryam 2:462.473f218 Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
massbleed 20.44b7e85 Automated Pentest Recon Scanner. recon automation scanner
mbenum 1.5.0 Queries the master browser for whatever information it has registered. windows recon
mdns-recon 10.81ecf94 An mDNS recon tool written in Python. recon
metabigor 39.65f0aad Intelligence Tool but without API key. recon
metagoofil 12.823b114 An information gathering tool designed for extracting metadata of public documents. recon
metasploit 6.0.15 Advanced open-source platform for developing, testing, and using exploit code exploitation fuzzer scanner recon networking
mingsweeper 1.00 A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. windows recon scanner
missidentify 1.0 A program to find Win32 applications. recon windows
modscan 0.1 A new tool designed to map a SCADA MODBUS TCP based network. scanner recon
monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. recon networking
mptcp-abuse 6.b0eeb27 A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014. networking recon scanner
mylg 656.616fd53 Network Diagnostic Tool. networking recon sniffer
nasnum 5.df5df19 Script to enumerate network attached storages. recon
nbname 1.0 Decodes and displays all NetBIOS name packets it receives on UDP port 137 and more! windows sniffer recon dos scanner
nbtenum 3.3 A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. windows scanner recon
nbtool 1:2.bf90c76 Some tools for NetBIOS and DNS investigation, attacks, and communication. networking recon scanner
nbtscan 1.5.1 NBTscan is a program for scanning IP networks for NetBIOS name information. scanner recon
necromant 3.acbc448 Python Script that search unused Virtual Hosts in Web Servers. recon
neglected 1:8.68d02b3 Facebook CDN Photo Resolver. recon
netdiscover 162.e3c3331 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. recon wireless
netkit-bsd-finger 0.17 BSD-finger ported to Linux. recon
netmask 2.4.4 Helps determine network masks recon
netreconn 1.78 A collection of network scan/recon tools that are relatively small compared to their larger cousins. networking recon scanner
netscan2 1:58.a1db723 Active / passive network scanner. scanner recon
nipper 0.11.7 Network Infrastructure Parser recon networking
nohidy 67.22c1283 The system admins best friend, multi platform auditing tool. recon networking defensive
nsec3map 20.1263537 A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain. scanner recon
nsec3walker 20101223 Enumerates domain names using DNSSEC recon
ntlmrecon 64.bd11162 A tool to enumerate information from NTLM authentication enabled web endpoints. scanner recon
ntp-ip-enum 0.1 Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. recon
nullinux 116.e24aacc Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. recon scanner
nullscan 1.0.0 A modular framework designed to chain and automate security tests. automation scanner recon fingerprint networking fuzzer exploitation
o-saft 4179.d7be234 A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. scanner recon
omnibus 129.88dbf5d OSINT tool for intelligence collection, research and artifact management. recon social
onioff 84.34dc309 An onion url inspector for inspecting deep web links. recon recon
osint-spy 25.03dcf48 Performs OSINT scan on email/domain/ip_address/organization. recon social
osinterator 3.8447f58 Open Source Toolkit for Open Source Intelligence Gathering. recon
osrframework 830.82f9e46 A project focused on providing API and tools to perform more accurate online researches. recon social
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parsero 81.e5b585a A robots.txt audit tool. recon
pasv-agrsv 57.6bb54f7 Passive recon / OSINT automation script. automation recon
pdfgrab 15.1327508 Tool for searching pdfs withthin google and extracting pdf metadata. recon
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
pentestly 1798.93d1b39 Python and Powershell internal penetration testing framework. scanner recon automation
pepe 13.b81889b Collect information about email addresses from Pastebin. social recon
photon 324.198deac Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
pmap 1.10 Passively discover, scan, and fingerprint link-local peers by the background noise they generate (i.e. their broadcast and multicast traffic). windows recon scanner fingerprint
pmapper 68.712fa14 A tool for quickly evaluating IAM permissions in AWS. recon
postenum 112.e5215c2 Clean, nice and easy tool for basic/advanced privilege escalation techniques. recon scanner exploitation
pown 117.7ecca0b Security testing and exploitation toolkit built on top of Node.js and NPM. webapp recon scanner social proxy
pret 81.4f3820a Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. exploitation fuzzer recon scanner
proxmark 2401.ebf1404a A powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. radio recon scanner
pspy 159.2312eed Monitor linux processes without root permissions. misc recon
ptf 1427.3dde609 The Penetration Testers Framework is a way for modular support for up-to-date tools. exploitation scanner recon automation
punter 45.97b7bed Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare. recon
pwned 1192.cc8bf7f A command-line tool for querying the 'Have I been pwned?' service. recon
pwned-search 38.96cd7db Pwned Password API lookup. recon social
pwnedornot 137.4707b81 Tool to find passwords for compromised email addresses. recon social
pymeta 13.fa74e64 Auto Scanning to SSL Vulnerability. recon
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-api-dnsdumpster 69.eddcc18 Unofficial Python API for recon scanner
python-ivre 0.9.15.dev202 Network recon framework (library) recon networking
python-witnessme 1:1.5.0 Web Inventory tool, takes screenshots of webpages using Pyppeteer. webapp recon
python2-api-dnsdumpster 69.eddcc18 Unofficial Python API for recon scanner
python2-ivre 0.9.15.dev202 Network recon framework (library) recon networking
python2-webtech 1.2.8 Identify technologies used on websites. webapp recon scanner fingerprint
quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. recon scanner
raccoon 183.985797f A high performance offensive security tool for reconnaissance and vulnerability scanning. recon scanner
ranger-scanner 149.3aae5dd A tool to support security professionals to access and interact with remote Microsoft Windows based systems. scanner recon
rapidscan 169.bd9ea15 The Multi-Tool Web Vulnerability Scanner. webapp scanner recon fingerprint fuzzer exploitation
rasenum 1.0 A small program which lists the information for all of the entries in any phonebook file (.pbk). windows recon
raven 1:0.3 A Linkedin information gathering tool used to gather information. recon
recon-ng 1:1017.093a9e6 A full-featured Web Reconnaissance framework written in Python. recon
reconnoitre 441.f62afba A security tool for multithreaded information gathering and service enumeration. recon
reconscan 37.d321842 Network reconnaissance and vulnerability assessment tools. recon scanner
recsech 123.1fc298a Tool for doing Footprinting and Reconnaissance on the target web. recon scanner webapp fingerprinting
red-hawk 36.fa54e23 All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
reverseip 13.42cc9c3 ReverseIP is a ruby-based reverse IP-lookup tool, which finds all domains hosted on a web server and returns the HTTP status code of those domains. recon
revipd 5.2aaacfb A simple reverse IP domain scanner. recon scanner
ridrelay 34.f2fa99c Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. recon spoof networking
rifiuti2 1:0.7.0 A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file. forensic recon
ripdc 0.3 A script which maps domains related to an given ip address or domainname. recon scanner
rita 748.605f157 Real Intelligence Threat Analytics. recon
rpctools 1.0 Contains three separate tools for obtaining information from a system that is running RPC services windows recon scanner
sawef 29.8580d55 Send Attack Web Forms. webapp recon
sb0x 19.04f40fe A simple and Lightweight framework for Penetration testing. scanner fuzzer cracker backdoor recon
scamper 20200717 A tool that actively probes the Internet in order to analyze topology and performance. scanner recon networking
scavenger 93.2326de0 Crawler (Bot) searching for credential leaks on different paste sites. recon social
scrapy 2.3.0 A fast high-level scraping and web crawling framework. webapp recon scanner
sctpscan 34.4d44706 A network scanner for discovery and security. recon scanner
sdn-toolkit 1.21 Discover, Identify, and Manipulate SDN-Based Networks networking scanner recon
seat 0.3 Next generation information digging application geared toward the needs of security professionals. It uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. scanner recon
secretfinder 39.ca5e1a1 A python script to find sensitive data (apikeys, accesstoken, jwt,..) in javascript files. webapp recon
seeker 186.31d9dc0 Accurately Locate People using Social Engineering. social recon
server-status-pwn 7.0c02af0 A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. recon
shard 1.5 A command line tool to detect shared passwords. recon
sherlock 1480.9d824d1 Find usernames across social networks. social recon
shhgit 55.046cf0b Find committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time. recon
shodanhat 13.e5e7e68 Search for hosts info with shodan. recon
simple-lan-scan 1.0 A simple python script that leverages scapy for discovering live hosts on a network. scanner recon networking
simplyemail 1:1.4.10.r7.6a42d37 Email recon made fast and easy, with a framework to build on recon
sipi 13.58f0dcc Simple IP Information Tools for Reputation Data Analysis. recon misc
skiptracer 1:123.ca40957 OSINT python2 webscraping framework. Skipping the needs of API keys. social recon
slackpirate 142.9788be6 Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace. social recon
smbcrunch 12.313400e 3 tools that work together to simplify reconaissance of Windows File Shares. recon scanner
smbexec 2:59.a54fc14 A rapid psexec style attack with samba tools. scanner recon fuzzer exploitation
smbmap 138.6151db7 A handy SMB enumeration tool. scanner recon
smod 53.7eb8423 A modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. scanner fuzzer recon dos
smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. recon scanner
sn00p 0.8 A modular tool written in bourne shell and designed to chain and automate security tools and tests. automation scanner recon fingerprint networking fuzzer exploitation
sn1per 1:482.f29caa4 Automated Pentest Recon Scanner. recon automation scanner cracker
snmpcheck 1.9 A free open source utility to get information via SNMP protocols. networking recon
snoopbrute 17.589fbe6 Multithreaded DNS recursive host brute-force tool. scanner recon
social-mapper 183.e0dc164 A social media enumeration and correlation tool. social recon
social-vuln-scanner 11.91794c6 Gathers public information on companies to highlight social engineering risk. social recon
socialscan 106.95a413e Check email address and username availability on online platforms. recon
sooty 290.6c4eb86 The SOC Analysts all-in-one CLI tool to automate and speed up workflow. defensive recon social
spade 114 A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. windows scanner recon
spfmap 8.a42d15a A program to map out SPF and DKIM records for a large number of domains. recon
spiderfoot 3.2.1 The Open Source Footprinting Tool. recon
spoofcheck 16.8cce591 Simple script that checks a domain for email protections. recon social
spyse 47.cd11ba9 Python API wrapper and command-line client for the tools hosted on recon
ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS. recon scanner
stardox 41.95b0a97 Github stargazers information gathering tool. recon
striker 85.87c184d An offensive information and vulnerability scanner. scanner recon webapp
subdomainer 1.2 A tool designed for obtaining subdomain names from public sources. recon scanner
subfinder 799.d85ee13 Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. recon
sublert 65.e902430 A security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate. recon
sublist3r 138.729d649 A Fast subdomains enumeration tool for penetration testers. recon scanner
subover 71.3d258e2 A Powerful Subdomain Takeover Tool. scanner recon
subscraper 34.d07a425 Tool that performs subdomain enumeration through various techniques. recon scanner
superscan 4.1 Powerful TCP port scanner, pinger, resolver. windows scanner recon
swamp 59.3c8be65 An OSINT tool for discovering associated sites through Google Analytics Tracking IDs. recon
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
syborg 35.288129e Recursive DNS Subdomain Enumerator with dead-end avoidance system. recon
sysdig 0.27.1 Open source system-level exploration and troubleshooting tool recon
tactical-exploitation 79.b1be62b Modern tactical exploitation toolkit. scanner exploitation recon sniffer
thc-ipv6 3.6 Complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6 networking recon dos spoof scanner
thedorkbox 7.43852d3 Comprehensive collection of Google Dorks & OSINT techniques to find Confidential Data. recon
theharvester 2103.f17ec9e Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). recon
tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup. recon
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
traceroute 2.1.0 Tracks the route taken by packets over an IP network recon
trape 122.ae736a1 People tracker on the Internet: OSINT analysis and research tool by Jose Pino. social recon
treasure 1:2.b3249be Hunt for sensitive information through githubs code search. recon
trufflehog 162.0d6f2df Searches through git repositories for high entropy strings, digging deep into commit history. recon
trusttrees 102.a9b7399 A Tool for DNS Delegation Trust Graphing. recon
tweets-analyzer 55.8d6bd3c Tweets metadata scraper & activity analyzer. social recon
twint 1:843.a45a8ac An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. social recon
twofi 2.0 Twitter Words of Interest. recon
ubiquiti-probing 5.c28f4c1 A Ubiquiti device discovery tool. recon scanner
udork 89.9eb7cae Python script that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications. recon scanner
uhoh365 24.bc22611 Script to enumerate Office 365 users without performing login attempts recon
ultimate-facebook-scraper 212.4f54d84 A bot which scrapes almost everything about a Facebook user's profile. social recon
upnp-pentest-toolkit 1.1 UPnP Pentest Toolkit for Windows. windows scanner recon fuzzer
urlextractor 19.739864d Information gathering & website reconnaissance. webapp recon
userrecon 10.3b56891 Find usernames across over 75 social networks. recon social fingerprint
userrecon-py 1:15.eebd422 Recognition usernames in 187 social networks. social recon
vault 297.593e046 Swiss army knifr for hackers. scanner fingerprint recon networking
vault-scanner 299.0303cf4 Swiss army knife for hackers. scanner fingerprint recon networking
vbrute 1.11dda8b Virtual hosts brute forcer. recon scanner
vlan-hopping 21.a37ba4e Easy 802.1Q VLAN Hopping automation networking recon
vpnpivot 22.37bbde0 Explore the network using this tool. recon networking
vulmap 80.851d08f Vulmap Online Local Vulnerability Scanners Project scanner fingerprint recon
vulnx 312.91fb370 Cms and vulnerabilites detector & An intelligent bot auto shell injector. webapp scanner fingerprint recon
waldo 29.ee4f960 A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. recon scanner
waybackpack 56.b6e8ec7 Download the entire Wayback Machine archive for a given URL. webapp recon
waybackurls 9.58bbafe Fetch all the URLs that the Wayback Machine knows about for a domain. recon
wce 1.41beta A security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). windows recon
webanalyze 77.6b5bcaa Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. webapp recon scanner fingerprint
webkiller 36.7ad72d3 Tool Information Gathering Write By Python. webapp fingerprint recon
websearch 3.09935a5 Search vhost names given a host range. Powered by Bing.. recon
webtech 1.2.8 Identify technologies used on websites. webapp recon scanner fingerprint
weebdns 14.c01c04f DNS Enumeration with Asynchronicity. recon
whatbreach 42.dad6b9f OSINT tool to find breached emails and databases. social recon
whatsmyname 582.3b6f68a Tool to perform user and username enumeration on various websites. webapp recon
whatweb 4817.54fcbaf7 Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
windapsearch 28.7724ec4 Script to enumerate users, groups and computers from a Windows domain through LDAP queries. recon
windows-exploit-suggester 41.776bd91 This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. recon
winfo 2.0 Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. windows recon scanner
witnessme 32.4a87653 Web Inventory tool, takes screenshots of webpages using Pyppeteer. webapp recon
wpsweep 1.0 A simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply. windows recon
xray 91.ca50a32 A tool for recon, mapping and OSINT gathering from public networks. recon
yasat 848 Yet Another Stupid Audit Tool. scanner recon fingerprint
yeti 2290.895e2dc6 A platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. defensive recon
zeus-scanner 414.21b8756 Advanced dork searching utility. recon
zgrab 803.031475e Grab banners (optionally over TLS). recon
zgrab2 541.3613392 Go Application Layer Scanner. fingerprint recon