Packets for the gathering information and reconnaissance.
Tool count: 463
Name | Version | Description | Category | Website |
---|---|---|---|---|
activedirectoryenum | 1:0.5.0 | Enumerate AD through LDAP. | recon | |
ad-ldap-enum | 88.60bc5bb | An LDAP based Active Directory user and group enumeration tool. | recon | |
ad-miner | v1.6.0.r0.g008bf05 | Active Directory audit tool that extract data from Bloodhound to uncover security weaknesses and generate an HTML report | recon windows | |
adfind | 1:v1.0.3.r0.g3a6a055 | Admin Panel Finder. | webapp recon | |
adidnsdump | 25.8bbb4b0 | Active Directory Integrated DNS dumping by any authenticated user. | recon | |
aiodnsbrute | 38.e773a4c | Python 3 DNS asynchronous brute force utility. | recon | |
altdns | 76.8c1de0f | Generates permutations, alterations and mutations of subdomains and then resolves them. | recon | |
amass | 2:2143.5f1f7176 | In-depth subdomain enumeration written in Go. | scanner recon | |
anubis | 1.1.3.r0.g9ea89fa | Subdomain enumeration and information gathering tool. | blackawrch-scanner recon | |
api-dnsdumpster | 59.eda15d6 | Unofficial Python API for http://dnsdumpster.com/. | recon scanner | |
apkstat | 18.81cdad3 | Automated Information Retrieval From APKs For Initial Analysis. | mobile recon | |
aquatone | 151.f4eed57 | a set of tools for performing reconnaissance on domain names. | recon scanner | |
assetfinder | 19.4e95d87 | Find domains and subdomains potentially related to a given domain. | scanner recon | |
atear | 139.245ec8d | Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration. | wireless recon scanner | |
atstaketools | 0.1 | This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. | windows scanner forensic cracker sniffer recon | |
attacksurfacemapper | 47.8a402ed | Tool that aims to automate the reconnaissance process. | recon automation | |
automato | 33.0561b59 | Should help with automating some of the user-focused enumeration tasks during an internal penetration test. | automation recon | |
autorecon | 282.19cc46b | A multi-threaded network reconnaissance tool which performs automated enumeration of services. | automation recon scanner | |
autosint | 236.25d292c | Tool to automate common osint tasks. | recon | |
aws-iam-privesc | 11.2983efd | AWS IAM policy scanner that helps determine where privilege escalation can be achieved. | scanner recon exploitation automation | |
aws-inventory | 19.9a2fa8e | Discover resources created in an AWS account. | recon | |
aztarna | 1.2.1 | A footprinting tool for ROS and SROS systems. | recon fingerprint | |
badkarma | 85.2c46334 | Advanced network reconnaissance toolkit. | scanner networking recon | |
badministration | 16.69e4ec2 | A tool which interfaces with management or administration applications from an offensive standpoint. | webapp scanner recon fingerprint | |
barq | 35.6f1a68c | An AWS Cloud Post Exploitation framework. | exploitation backdoor automation recon | |
basedomainname | 0.1 | Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. | recon scanner | |
belati | 72.49577a1 | The Traditional Swiss Army Knife for OSINT. | scanner recon webapp | |
bfac | 53.18fb0b5 | An automated tool that checks for backup artifacts that may disclose the web-application's source code. | recon webapp | |
billcipher | 32.97fba59 | Information Gathering tool for a Website or IP address. | recon scanner | |
bind | 9.20.1 | The ISC DNS Server | networking recon | |
bind-tools | 9.16.5 | The ISC DNS tools | networking recon | |
bing-ip2hosts | 1.0.5 | Enumerates all hostnames which Bing has indexed for a specific IP address. | recon | |
birp | 65.b2e108a | A tool that will assist in the security assessment of mainframe applications served over TN3270. | scanner recon fuzzer | |
blackbox-scanner | 4:1.7a25220 | Dork scanner & bruteforcing & hash cracker tool with blackbox penetration testing framework. | scanner recon cracker | |
bloodhound | 1665.0d36459 | Six Degrees of Domain Admin | recon windows | |
bloodhound-python | v1.0.1.r151.ge8b0b7a | Bloodhound python data collector | recon windows | |
bluto | 1:142.25cad7a | Recon, Subdomain Bruting, Zone Transfers. | scanner recon | |
bridgekeeper | 57.55c390c | Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format. | recon social | |
browselist | 1.4 | Retrieves the browse list ; the output list contains computer names, and the roles they play in the network. | windows recon | |
buster | 92.131437e | Find emails of a person and return info associated with them. | social recon | |
c5scan | 30.be8845c | Vulnerability scanner and information gatherer for the Concrete5 CMS. | webabb scan recon | |
canari | 3.3.10 | A transform framework for maltego | forensic recon scanner | |
cantoolz | 1:425.82d330b | Framework for black-box CAN network analysis https://asintsov.blogspot.de/. | automobile recon fuzzer scanner | |
cardpwn | 32.166abf9 | OSINT Tool to find Breached Credit Cards Information. | social recon | |
casefile | 1.0.1 | The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information | forensic recon scanner | |
catnthecanary | 7.e9184fe | An application to query the canary.pw data set for leaked data. | recon | |
ccrawldns | 6.92525b6 | Retrieves from the CommonCrawl data set unique subdomains for a given domain name. | recon | |
cero | v1.3.0.r19.gb73125b | Scrape domain names from SSL certificates of arbitrary hosts. | scanner recon | |
certgraph | 172.465bddc | Crawl the graph of certificate Alternate Names. | recon | |
chaos-client | 283.17a19d7 | Go client to communicate with Chaos dataset API. | recon | |
chaosmap | 1.3 | An information gathering tool and dns / whois / web server scanner | forensic scanner recon | |
citadel | 95.3b1adbc | A library of OSINT tools. | recon social | |
clairvoyance | 2.5.2 | Obtain GraphQL API Schema even if the introspection is not enabled. | webapp recon scanner | |
cloud-buster | 194.b55e4a1 | A tool that checks Cloudflare enabled sites for origin IP leaks. | recon | |
cloudfail | 79.7982c7d | Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network. | recon | |
cloudlist | 692.1435ef5 | A tool for listing Assets from multiple Cloud Providers. | recon | |
cloudmare | 108.9c5a39f | A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS. | recon scanner | |
cloudunflare | 14.b91a8a7 | Reconnaissance Real IP address for Cloudflare Bypass. | recon scanner | |
cmsscan | 43.f060b4b | CMS scanner to identify and find vulnerabilities for Wordpress, Drupal, Joomla, vBulletin. | webapp scanner recon fingerprint | |
cmsscanner | 0.13.8.63.g864c47f | CMS Scanner Framework. | webapp scanner recon fingerprint | |
cnamulator | 5.4667c68 | A phone CNAM lookup utility using the OpenCNAM API. | mobile recon | |
commonspeak | 36.f0aad23 | Leverages publicly available datasets from Google BigQuery to generate wordlists. | automation recon | |
cr3dov3r | 46.99a1660 | Search for public leaks for email addresses + check creds against 16 websites. | social recon | |
crawlic | 51.739fe2b | Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). | webapp recon | |
creepy | 1:137.9f60449 | A geolocation information gatherer. Offers geolocation information gathering through social networking platforms. | scanner social recon | |
crosslinked | 1:47.9c0069d | LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping. | social recon | |
ct-exposer | 24.71252ac | An OSINT tool that discovers sub-domains by searching Certificate Transparency logs | scanner recon | |
cutycapt | 3:10 | A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page. | recon | |
d-tect | 13.9555c25 | Pentesting the Modern Web. | scanner recon webapp | |
darkscrape | 68.2ca0e37 | OSINT Tool For Scraping Dark Websites. | webapp scanner recon | |
datasploit | 1:367.a270d50 | A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data. | recon scanner | |
davscan | 30.701f967 | Fingerprints servers, finds exploits, scans WebDAV. | webapp scanner fingerprint recon | |
dcdetector | 0.0.1.r52.g2e69244 | Spot all domain controllers in a Microsoft Active Directory environment. Find computer name, FQDN, and IP address(es) of all DCs. | networking recon windows | |
detectem | 276.bc5f073 | Detect software and its version on websites. | fingerprint webapp recon | |
dga-detection | 78.0a3186e | DGA Domain Detection using Bigram Frequency Analysis. | recon | |
dns-parallel-prober | 68.422db61 | PoC for an adaptive parallelised DNS prober. | recon | |
dns2geoip | 0.1 | A simple python script that brute forces DNS and subsequently geolocates the found subdomains. | scanner recon | |
dnsbrute | 2.b1dc84a | Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads. | recon scanner | |
dnscobra | 1.0 | DNS subdomain bruteforcing tool with Tor support through torsocks | recon | |
dnsenum | 1.2.4.2 | Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. | recon scanner | |
dnsgrep | 14.3f4fa7c | A utility for quickly searching presorted DNS names. | recon | |
dnsprobe | 56.7120008 | Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. | recon | |
dnsrecon | 2:1.2.0 | Python script for enumeration of hosts, subdomains and emails from a given domain using google. | recon | |
dnssearch | 20.e4ea439 | A subdomain enumeration tool. | recon | |
dnsspider | 1.4 | A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation. | recon scanner | |
dnstracer | 1.10 | Determines where a given DNS server gets its information from, and follows the chain of DNS servers | recon | |
dnstwist | 636.7c70076 | Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. | scanner recon | |
dnswalk | 2.0.2 | A DNS debugger. | recon scanner | |
dnsx | 965.c2398ec | Fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. | recon | |
domain-analyzer | 0.8.1 | Finds all the security information for a given domain name. | recon | |
domain-stats | 169.759c52c | A web API to deliver domain information from whois and alexa. | recon | |
domained | 80.d9d079c | Multi Tool Subdomain Enumeration. | recon automation | |
domainhunter | 51.38cb7ef | Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names. | recon social | |
doork | 6.90c7260 | Passive Vulnerability Auditor. | webapp recon | |
dorkscout | 1.0.r13.gdd87daf | Golang tool to automate google dork scan against the entire internet or specific targets. | automation recon | |
dradis | 3.0.0.rc1 | An open source framework to enable effective information sharing. | recon misc | |
dradis-ce | 5575.ed72071c | An open source framework to enable effective information sharing. | recon misc | |
dsstore-crawler | 7.efa51f5 | A parser + crawler for .DS_Store files exposed publically. | webapp recon | |
dumpusers | 1.0 | Dumps account names and information even though RestrictAnonymous has been set to 1. | windows recon | |
eapeak | 130.9550d1c | Analysis Suite For EAP Enabled Wireless Networks. | wireless recon | |
easyda | 7.0867f9b | Easy Windows Domain Access Script. | automation scanner recon | |
eigrp-tools | 0.1 | This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol. | sniffer networking recon scanner | |
elevate | 27.1272d51 | Horizontal domain discovery tool you can use to discover other domains owned by a given company. | recon | |
email2phonenumber | 29.9df9dbe | A OSINT tool to obtain a target's phone number just by having his email address. | social recon | |
enteletaor | 68.a975b5c | Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. | exploitation scanner recon | |
enum4linux | 0.9.1 | A tool for enumerating information from Windows and Samba systems. | recon scanner | |
enum4linux-ng | 422.70c6ea1 | A next generation version of enum4linux. | recon scanner | |
enumerate-iam | 14.4529114 | Enumerate the permissions associated with an AWS credential set. | recon scanner | |
enumerid | 36.d3e7265 | Enumerate RIDs using pure Python. | recon | |
exitmap | 373.8155029 | A fast and modular scanner for Tor exit relays. | recon | |
expimp-lookup | 4.79a96c7 | Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree. | binary recon | |
eyewitness | 1145.cb09a84 | Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. | webapp recon misc | |
facebookosint | 21.656a04a | OSINT tool to replace facebook graph search. | social recon | |
facebot | 23.57f6025 | A facebook profile and reconnaissance system. | recon webapp | |
fav-up | 54.089aa11 | IP lookup by favicon using Shodan. | recon | |
favfreak | 27.8acea5e | Weaponizing favicon.ico for BugBounties , OSINT and what not. | recon fingerprint | |
fbi | 28.0f94e99 | An accurate facebook account information gathering. | social recon | |
fbid | 16.1b35eb9 | Show info about the author by facebook photo url. | recon social | |
fernmelder | 8.030212e | Asynchronous mass DNS scanner. | scanner recon | |
fileintel | 33.a0bff38 | A modular Python application to pull intelligence about malicious files. | malware recon | |
finalrecon | 187.06c2811 | OSINT Tool for All-In-One Web Reconnaissance. | recon | |
findmyiphone | 19.aef3ac8 | Locates all devices associated with an iCloud account | mobile recon | |
findomain | 9.0.4 | A tool that use Certificate Transparency logs to find subdomains. | scanner recon | |
flare-floss | 1:v3.1.0.r50.ge4595b2 | Obfuscated String Solver - Automatically extract obfuscated strings from malware. | recon | |
flashlight | 109.90d1dc5 | Automated Information Gathering Tool for Penetration Testers. | recon | |
forager | 115.7439b0a | Multithreaded threat Intelligence gathering utilizing. | recon | |
fping | 5.2 | A utility to ping multiple hosts at once | networking recon scanner | |
fport | 2.0 | Identify unknown open ports and their associated applications. | windows recon fingerprint | |
gasmask | 172.2527371 | All in one Information gathering tool - OSINT. | recon | |
gatecrasher | 2.3ad5225 | Network auditing and analysis tool developed in Python. | recon scanner | |
gau | 161.046a59f | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. | webapp recon | |
genisys | 53.d53bb0c | Powerful Telegram Members Scraping and Adding Toolkit. | social recon | |
geoedge | 0.2 | This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). | recon | |
geoip | 1.6.12 | Non-DNS IP-to-country resolver C library & utils | networking recon | |
gh-dork | 3.799f86f | Github dorking tool. | recon social | |
git-hound | 174.1d20536 | Pinpoints exposed API keys on GitHub. A batch-catching, pattern-matching, patch-attacking secret snatcher. | recon social | |
git-wild-hunt | 16.6495672 | A tool to hunt for credentials in github wild AKA git*hunt. | recon | |
gitdorker | 113.8199375 | Python program to scrape secrets from GitHub through usage of a large repository of dorks. | recon scanner | |
gitem | 104.d40a1c9 | A Github organization reconnaissance tool. | recon | |
gitgraber | 82.aab4839 | Monitor GitHub to search and find sensitive data in real time for different online services. | recon | |
githack | 16.a3d70b1 | A `.git` folder disclosure exploit. | recon | |
githound | v1.7.1.r15.g1d20536 | Find secret information in git repositories. | code-audit recon | |
github-dorks | 82.d50a677 | Collection of github dorks and helper tool to automate the process of checking dorks. | recon social | |
gitleaks | 8.18.4 | Audit Git repos for secrets and keys. | recon | |
gitmails | 71.8aa8411 | An information gathering tool to collect git commit emails in version control host services. | recon social | |
gitminer | 54.16ada58 | Tool for advanced mining for content on Github. | recon | |
gitrecon | 30.6467e78 | OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits. | recon social | |
gloom | 1:93.cd6e927 | Linux Penetration Testing Framework. | scanner exploitation recon fuzzer social | |
go-windapsearch | v0.3.0.r22.ged05587 | Utility to enumerate users, groups and computers from a Windows domain through LDAP queries. | recon windows | |
goddi | 1.2 | Dumps Active Directory domain information. | recon windows | |
gomapenum | v1.1.0.r110.g8b344df | User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin. | cracker recon social windows | |
goodork | 2.2 | A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. | recon | |
goofile | 1.5 | Command line filetype search | recon | |
goofuzz | 1.2.5.r2.g6ba4cc5 | A Bash script that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. | fuzzer recon scanner | |
goog-mail | 1.0 | Enumerate domain emails from google. | recon | |
goohak | 31.815a31e | Automatically Launch Google Hacking Queries Against A Target Domain. | recon automation scanner | |
goop | 12.39b34eb | Perform google searches without being blocked by the CAPTCHA or hitting any rate limits. Note: It no longer works. | recon | |
gosint | 196.9c86ed2 | OSINT framework in Go. | recon | |
gowitness | 307.6cfa992 | A golang, web screenshot utility using Chrome Headless. | webapp recon | |
gplist | 1.0 | Lists information about the applied Group Policies. | windows recon | |
grabing | 11.9c1aa6c | Counts all the hostnames for an IP adress | recon | |
graphinder | 1.11.6 | GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. | recon scanner webapp | |
gsd | 1.1 | Gives you the Discretionary Access Control List of any Windows NT service you specify as a command line option. | windows recon | |
gwtenum | 1:7.f27a5aa | A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. | recon webapp | |
h8mail | 344.ee31c8f | Email OSINT and password breach hunting. | recon social | |
hakku | 384.bbb434d | Simple framework that has been made for penetration testing tools. | scanner recon webapp exploitation fingerprint | |
hakrevdns | 47.3001d16 | Small, fast tool for performing reverse DNS lookups en masse. | recon | |
halcyon | 0.1 | A repository crawler that runs checksums for static files found within a given git repository. | recon | |
handle | 1:0.1 | An small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,.. | windows recon | |
harpoon | 383.8021994 | CLI tool for open source and threat intelligence. | automation recon | |
hasere | 1.0 | Discover the vhosts using google and bing. | recon scanner | |
hashcheck | 2.72b0c6e | Search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. | crypto social recon | |
hatcloud | 33.3012ad6 | Bypass CloudFlare with Ruby. | recon | |
hellraiser | 279.bea43e2 | Vulnerability Scanner. | scanner recon | |
holehe | 434.14da70f | A tool for Efficiently finding registered accounts from emails. | social recon | |
homepwn | 31.0803981 | Swiss Army Knife for Pentesting of IoT Devices. | scanner recon fuzzer exploitation | |
hookshot | 205.df30b85 | Integrated web scraper and email account data breach comparison tool. | webapp scanner recon social | |
hoper | 15.8d5dbd9 | Trace URL's jumps across the rel links to obtain the last URL. | recon | |
hoppy | 1.8.1 | A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. | scanner recon | |
hosthunter | 158.553f1c7 | A recon tool for discovering hostnames using OSINT techniques. | recon | |
howmanypeoplearearound | 123.b05e06a | Count the number of people around you by monitoring wifi signals. | recon wireless | |
htrosbif | 134.9dc3f86 | Active HTTP server fingerprinting and recon tool. | fingerprint recon | |
http-traceroute | 0.5 | This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality. | networking recon | |
httpforge | 11.02.01 | A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. | webapp scanner fuzzer recon | |
httping | 3.6 | A ping-like tool for http-requests | networking recon | |
id-entify | 34.dd064a5 | Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records. | recon | |
idswakeup | 1.0 | A collection of tools that allows to test network intrusion detection systems. | recon networking scanner | |
infoga | 3:33.79a1c03 | Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers). | recon | |
inquisitor | 1:28.12a9ec1 | OSINT Gathering Tool for Companies and Organizations. | recon social | |
instagramosint | 21.30b5735 | An Instagram Open Source Intelligence Tool. | social recon | |
intelplot | 12.4dd9fc0 | OSINT Tool to Mark Points on Offline Map. | recon | |
intrace | 1.5 | Traceroute-like application piggybacking on existing TCP connections | recon | |
inzider | 1.2 | This is a tool that lists processes in your Windows system and the ports each one listen on. | windows recon | |
ip-tracer | 91.8e2e3dd | Track and retrieve any ip address information. | recon | |
ip2clue | 0.0.95 | A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6). | recon | |
iptodomain | 18.f1afcd7 | This tool extract domains from IP address based in the information saved in virustotal. | recon | |
ipv666 | 182.ad45ae8 | Golang IPv6 address enumeration. ipv666 is a set of tools that enables the discovery of IPv6 addresses both in the global IPv6 address space and in more narrow IPv6 network ranges. These tools are designed to work out of the box with minimal knowledge of their workings. | recon networking | |
ircsnapshot | 94.cb02a85 | Tool to gather information from IRC servers. | recon scanner | |
isme | 0.12 | Scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. | voip recon scanner | |
isr-form | 1.0 | Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. | recon webapp | |
ivre | 0.9.20.dev262 | Network recon framework. | recon networking | |
ivre-docs | 0.9.20.dev262 | Network recon framework (documentation) | recon networking | |
ivre-web | 0.9.20.dev262 | Network recon framework (web application) | recon networking | |
jackdaw | 416.1c3a4c2 | Collect all information in your domain, show you graphs on how domain objects interact with each-other and how to exploit these interactions | recon windows | |
jast | 17.361ecde | Just Another Screenshot Tool. | webapp recon misc | |
jsearch | 44.87cf9c1 | Simple script that grep infos from javascript files. | recon webapp | |
juumla | 106.130565e | Python tool created to identify Joomla version, scan for vulnerabilities and search for config files. | webapp scanner recon fingerprint | |
kacak | 1.0 | Tools for penetration testers that can enumerate which users logged on windows system. | recon | |
kamerka | 1:40.be17620 | Build interactive map of cameras from Shodan. | recon | |
katana | 1.0.0.1 | A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). | exploitation dos cracker scanner recon | |
katana-framework | 1.0.0.1 | A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). | exploitation dos cracker scanner recon | |
keye | 29.d44a578 | Recon tool detecting changes of websites based on content-length differences. | recon webapp | |
kiterunner | 19.7d5824c | Contextual Content Discovery Tool. | webapp scanner recon | |
knock | 2:96.0c6ea4f | Subdomain scanner. | scanner recon | |
lanmap2 | 1:127.1197999 | Passive network mapping tool. | recon | |
lbd | 20130719 | Load Balancing detector | recon | |
ldapenum | 1:0.1 | Enumerate domain controllers using LDAP. | recon scanner | |
ldeep | 1:1.0.54.r0.g72dbd0d | In-depth ldap enumeration utility. | recon | |
legion | 61.ca99853 | Automatic Enumeration Tool based in Open Source tools. | recon automation | |
lft | 1:3.91 | A layer four traceroute implementing numerous other features. | recon networking | |
lhf | 40.51568ee | A modular recon tool for pentesting. | recon | |
linenum | 75.c47f9b2 | Scripted Local Linux Enumeration & Privilege Escalation Checks | scanner recon | |
linkedin2username | 1:144.8889f30 | OSINT Tool: Generate username lists for companies on LinkedIn. | social recon misc | |
linkfinder | 168.1debac5 | Discovers endpoint and their parameters in JavaScript files. | webapp recon | |
linux-exploit-suggester | 32.9db2f5a | A Perl script that tries to suggest exploits based OS version number. | recon | |
linux-exploit-suggester.sh | 171.2063aeb | Linux privilege escalation auditing tool. | recon | |
littlebrother | 112.338cf82 | OSINT tool to get informations on French, Belgian and Swizerland people. | recon social | |
loot | 51.656fb85 | Sensitive information extraction tool. | recon | |
lte-cell-scanner | 57.5fa3df8 | LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure). | scanner mobile recon | |
lulzbuster | 1.3.2 | A very fast and smart web-dir/file enumeration tool written in C. | webapp scanner recon | |
machinae | 197.9ef3e6c | A tool for collecting intelligence from public sites/feeds about various security-related pieces of data. | recon | |
maigret | 905.03900b0 | Collect a dossier on a person by username from a huge number of sites. | recon | |
mail-crawl | 0.1 | Tool to harvest emails from website. | recon | |
maltego | 4.8.0 | An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. | forensic recon scanner | |
manspider | 70.30ce682 | Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported! | scanner recon | |
maryam | 2:819.99ae85a | Tool to scan Web application and networks and easily and complete the information gathering process. | scanner webapp recon | |
massbleed | 20.44b7e85 | Automated Pentest Recon Scanner. | recon automation scanner | |
mbenum | 1.5.0 | Queries the master browser for whatever information it has registered. | windows recon | |
mdns-recon | 11.69b864e | An mDNS recon tool written in Python. | recon | |
metabigor | 78.607b2c9 | Intelligence Tool but without API key. | recon | |
metafinder | v1.2.r2.g30c8475 | Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata. | recon | |
metagoofil | 85.5d20635 | An information gathering tool designed for extracting metadata of public documents. | recon | |
metasploit | 6.4.26 | Advanced open-source platform for developing, testing, and using exploit code | exploitation fuzzer scanner recon networking | |
mildew | 11.df49c23 | Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs. | recon | |
mingsweeper | 1.00 | A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. | windows recon scanner | |
missidentify | 1.0 | A program to find Win32 applications. | recon windows | |
modscan | 0.1 | A new tool designed to map a SCADA MODBUS TCP based network. | scanner recon | |
monocle | 1.0 | A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. | recon networking | |
mptcp-abuse | 6.b0eeb27 | A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014. | networking recon scanner | |
mqtt-pwn | 43.40368e5 | A one-stop-shop for IoT Broker penetration-testing and security assessment operations. | scanner recon | |
msmailprobe | 1.c01c8bf | Office 365 and Exchange Enumeration tool. | scanner recon | |
mylg | 659.faba867 | Network Diagnostic Tool. | networking recon sniffer | |
nasnum | 5.df5df19 | Script to enumerate network attached storages. | recon | |
nbname | 1.0 | Decodes and displays all NetBIOS name packets it receives on UDP port 137 and more! | windows sniffer recon dos scanner | |
nbtenum | 3.3 | A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. | windows scanner recon | |
nbtool | 1:2.bf90c76 | Some tools for NetBIOS and DNS investigation, attacks, and communication. | networking recon scanner | |
nbtscan | 1.7.2 | NBTscan is a program for scanning IP networks for NetBIOS name information. | scanner recon | |
necromant | 4.53930c2 | Python Script that search unused Virtual Hosts in Web Servers. | recon | |
neglected | 1:8.68d02b3 | Facebook CDN Photo Resolver. | recon | |
netdiscover | 218.ff28964 | An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. | recon wireless | |
netkit-bsd-finger | 0.17 | BSD-finger ported to Linux. | recon | |
netkit-rusers | 0.17 | Logged in users; Displays who is logged in to machines on local network. | recon | |
netmask | 2.4.4 | Helps determine network masks | recon | |
netreconn | 1.78 | A collection of network scan/recon tools that are relatively small compared to their larger cousins. | networking recon scanner | |
netscan2 | 1:60.3d02ba1 | Active / passive network scanner. | scanner recon | |
nettacker | 0.3.3.r131.ge8c63715 | Automated Penetration Testing Framework. | automation scanners recon | |
nexfil | 43.4d93c57 | OSINT tool for finding profiles by username. | social recon | |
nipper | 0.11.7 | Network Infrastructure Parser | recon networking | |
nohidy | 67.22c1283 | The system admins best friend, multi platform auditing tool. | recon networking defensive | |
nsec3map | 20.1263537 | A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain. | scanner recon | |
nsec3walker | 20101223 | Enumerates domain names using DNSSEC | recon | |
ntlmrecon | 78.b5778a0 | A tool to enumerate information from NTLM authentication enabled web endpoints. | scanner recon | |
ntp-ip-enum | 0.1 | Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. | recon | |
nullinux | 124.9f8727a | Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. | recon scanner | |
nullscan | 1.0.1 | A modular framework designed to chain and automate security tests. | automation scanner recon fingerprint networking fuzzer exploitation | |
o-saft | 6817.d78860f1 | A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. | scanner recon | |
o365enum | 19.522a54c | Username enumeration and password enuming tool aimed at Microsoft O365. | cracker recon windows | |
o365spray | 160.28d8d1b | Auto Scanning to SSL Vulnerability. | cracker recon windows | |
omnibus | 129.88dbf5d | OSINT tool for intelligence collection, research and artifact management. | recon social | |
onioff | 84.34dc309 | An onion url inspector for inspecting deep web links. | recon recon | |
osi.ig | 101.4debaa2 | Instagram OSINT Tool gets a range of information from an Instagram account. | social recon | |
osint-spy | 25.03dcf48 | Performs OSINT scan on email/domain/ip_address/organization. | recon social | |
osinterator | 3.8447f58 | Open Source Toolkit for Open Source Intelligence Gathering. | recon | |
osintgram | 1.3.r9.g3c61e53 | OSINT tool offering an interactive shell to perform analysis on Instagram account of any users by its nickname. | recon | |
osrframework | 840.e02a6e9 | A project focused on providing API and tools to perform more accurate online researches. | recon social | |
pagodo | 150.7f17f51 | Google dork script to collect potentially vulnerable web pages and applications on the Internet. | scanner recon | |
pappy-proxy | 77.e1bb049 | An intercepting proxy for web application testing. | webapp proxy scanner fuzzer recon | |
parsero | 81.e5b585a | A robots.txt audit tool. | recon | |
pass-station | v1.4.0.r72.gf39fbf2 | CLI & library to search for default credentials among thousands of Products / Vendors. | misc recon | |
pastemonitor | 10.abbceb9 | Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match.. | recon automation misc | |
pasv-agrsv | 57.6bb54f7 | Passive recon / OSINT automation script. | automation recon | |
pdfgrab | 15.1327508 | Tool for searching pdfs withthin google and extracting pdf metadata. | recon | |
peepingtom | 1:56.bc6f4d8 | A tool to take screenshots of websites. Much like eyewitness. | webapp recon | |
pentestly | 1798.93d1b39 | Python and Powershell internal penetration testing framework. | scanner recon automation | |
pepe | 13.b81889b | Collect information about email addresses from Pastebin. | social recon | |
photon | 328.d88d5f3 | Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. | webapp recon | |
pmap | 1.10 | Passively discover, scan, and fingerprint link-local peers by the background noise they generate (i.e. their broadcast and multicast traffic). | windows recon scanner fingerprint | |
pmapper | 82.91d2e60 | A tool for quickly evaluating IAM permissions in AWS. | recon | |
postenum | 116.9cd9d7e | Clean, nice and easy tool for basic/advanced privilege escalation techniques. | recon scanner exploitation | |
pown | 332.0e32edf | Security testing and exploitation toolkit built on top of Node.js and NPM. | webapp recon scanner social proxy | |
pret | 108.a04bd04 | Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. | exploitation fuzzer recon scanner | |
protosint | 26.1ee6ee4 | Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses. | recon social | |
proxmark | 2413.61163344 | A powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. | radio recon scanner | |
proxmark3 | 4.18589 | A general purpose RFID tool for Proxmark3 hardware. | radio recon scanner | |
pspy | 159.2312eed | Monitor linux processes without root permissions. | misc recon | |
ptf | 1503.e9ff60b | The Penetration Testers Framework is a way for modular support for up-to-date tools. | exploitation scanner recon automation | |
punter | 45.97b7bed | Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare. | recon | |
puredns | v2.1.1.r1.g9d94e50 | Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering. | recon scanner | |
pwndora | 248.d3f676a | Massive IPv4 scanner, find and analyze internet-connected devices in minutes, create your own IoT search engine at home. | scanner recon | |
pwned | 2521.f136edc | A command-line tool for querying the 'Have I been pwned?' service. | recon | |
pwned-search | 40.04c1439 | Pwned Password API lookup. | recon social | |
pwnedornot | 150.d25d3fa | Tool to find passwords for compromised email addresses. | recon social | |
pymeta | 13.fa74e64 | Auto Scanning to SSL Vulnerability. | recon | |
pythem | 454.e4fcb8a | Python penetration testing framework. | scanner sniffer recon cracker webapp | |
python-api-dnsdumpster | 79.0f8ba2b | Unofficial Python API for http://dnsdumpster.com/. | recon scanner | |
python-ivre | 0.9.20.dev262 | Network recon framework (library) | recon networking | |
python-witnessme | 1:1.5.0 | Web Inventory tool, takes screenshots of webpages using Pyppeteer. | webapp recon | |
python2-api-dnsdumpster | 79.0f8ba2b | Unofficial Python API for http://dnsdumpster.com/. | recon scanner | |
python2-ivre | 0.9.16.dev26 | Network recon framework (library) | recon networking | |
python2-webtech | 1.2.12 | Identify technologies used on websites. | webapp recon scanner fingerprint | |
quickrecon | 0.3.2 | A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. | recon scanner | |
raccoon | 187.9cf6c11 | A high performance offensive security tool for reconnaissance and vulnerability scanning. | recon scanner | |
ranger-scanner | 149.3aae5dd | A tool to support security professionals to access and interact with remote Microsoft Windows based systems. | scanner recon | |
rapidscan | 221.296a20b | The Multi-Tool Web Vulnerability Scanner. | webapp scanner recon fingerprint fuzzer exploitation | |
rasenum | 1.0 | A small program which lists the information for all of the entries in any phonebook file (.pbk). | windows recon | |
raven | 1:33.8646a58 | A Linkedin information gathering tool used to gather information. | recon | |
rbac-lookup | v0.10.2.r1.g6c40f17 | A CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user. | scanner recon | |
rdwarecon | 1.2.r0.g9675200 | A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application. | recon windows | |
recon-ng | 1:1025.470f4c1 | A full-featured Web Reconnaissance framework written in Python. | recon | |
reconnoitre | 441.f62afba | A security tool for multithreaded information gathering and service enumeration. | recon | |
reconscan | 61.afbcfc0 | Network reconnaissance and vulnerability assessment tools. | recon scanner | |
recsech | 123.1fc298a | Tool for doing Footprinting and Reconnaissance on the target web. | recon scanner webapp fingerprinting | |
red-hawk | 36.fa54e23 | All in one tool for Information Gathering, Vulnerability Scanning and Crawling. | recon scanner webapp | |
reverseip | 13.42cc9c3 | ReverseIP is a ruby-based reverse IP-lookup tool, which finds all domains hosted on a web server and returns the HTTP status code of those domains. | recon | |
revipd | 5.2aaacfb | A simple reverse IP domain scanner. | recon scanner | |
ridrelay | 34.f2fa99c | Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. | recon spoof networking | |
rifiuti2 | 1:0.7.0 | A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file. | forensic recon | |
ripdc | 0.3 | A script which maps domains related to an given ip address or domainname. | recon scanner | |
rita | 2:v5.0.8.r0.g93b2dc5 | Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis. | recon | |
rpctools | 1.0 | Contains three separate tools for obtaining information from a system that is running RPC services | windows recon scanner | |
rusthound | 55.6d7b945 | Active Directory data collector for BloodHound. | recon windows | |
s3enum | v1.0.0.r9.g498cb74 | Amazon S3 bucket enumeration. | recon scanner | |
sawef | 32.e5ce862 | Send Attack Web Forms. | webapp recon | |
sb0x | 19.04f40fe | A simple and Lightweight framework for Penetration testing. | scanner fuzzer cracker backdoor recon | |
scamper | 20230323 | A tool that actively probes the Internet in order to analyze topology and performance. | scanner recon networking | |
scavenger | 103.75907e8 | Crawler (Bot) searching for credential leaks on different paste sites. | recon social | |
scrapy | 2.11.1 | A fast high-level scraping and web crawling framework. | webapp recon scanner | |
scrying | 234.caa233c | Collect RDP, web, and VNC screenshots smartly. | webapp recon | |
sctpscan | 34.4d44706 | A network scanner for discovery and security. | recon scanner | |
scylla | 99.621b7b8 | The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc | recon social | |
sdn-toolkit | 1.21 | Discover, Identify, and Manipulate SDN-Based Networks | networking scanner recon | |
seat | 0.3 | Next generation information digging application geared toward the needs of security professionals. It uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. | scanner recon | |
secretfinder | 1:15.d06119d | A python script to find sensitive data (apikeys, accesstoken, jwt,..) in javascript files. | webapp recon | |
seeker | 1:376.692e531 | Accurately Locate People using Social Engineering. | social recon | |
server-status-pwn | 12.841d55d | A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. | recon | |
shard | 1.5 | A command line tool to detect shared passwords. | recon | |
sherlock | 1:0.15.0 | Find usernames across social networks. | social recon | |
shhgit | 66.53e656c | Find committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time. | recon | |
shodanhat | 13.e5e7e68 | Search for hosts info with shodan. | recon | |
shosubgo | 1:v3.0.r2.gd9e5dcd | Small tool to Grab subdomains using Shodan API. | recon | |
simple-lan-scan | 1.0 | A simple python script that leverages scapy for discovering live hosts on a network. | scanner recon networking | |
simplyemail | 1:1.4.10.r7.6a42d37 | Email recon made fast and easy, with a framework to build on http://CyberSyndicates.com. | recon | |
sipi | 13.58f0dcc | Simple IP Information Tools for Reputation Data Analysis. | recon misc | |
skiptracer | 1:123.ca40957 | OSINT python2 webscraping framework. Skipping the needs of API keys. | social recon | |
slackpirate | 142.9788be6 | Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace. | social recon | |
smap-scanner | 0.1.12.r1.g90dfe74 | Passive port scanner built with shodan free API. | scanner recon | |
smbcrunch | 12.313400e | 3 tools that work together to simplify reconaissance of Windows File Shares. | recon scanner | |
smbexec | 2:59.a54fc14 | A rapid psexec style attack with samba tools. | scanner recon fuzzer exploitation | |
smbmap | 1:v1.10.5.r0.gba4750f | A handy SMB enumeration tool. | scanner recon | |
smbsr | 50.7f86241 | Lookup for interesting stuff in SMB shares. | scanner recon | |
smod | 53.7eb8423 | A modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. | scanner fuzzer recon dos | |
smtp-user-enum | 1.2 | Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. | recon scanner | |
sn00p | 0.8 | A modular tool written in bourne shell and designed to chain and automate security tools and tests. | automation scanner recon fingerprint networking fuzzer exploitation | |
sn1per | 1:609.b10362b | Automated Pentest Recon Scanner. | recon automation scanner cracker | |
snmpcheck | 1.9 | A free open source utility to get information via SNMP protocols. | networking recon | |
snoopbrute | 17.589fbe6 | Multithreaded DNS recursive host brute-force tool. | scanner recon | |
snscrape | 0.4.3.20220106 | A social networking service scraper in Python. | recon social | |
social-analyzer | 0.45 | Analyzing & finding a person's profile across social media websites. | social recon | |
social-mapper | 190.92be8da | A social media enumeration and correlation tool. | social recon | |
social-vuln-scanner | 11.91794c6 | Gathers public information on companies to highlight social engineering risk. | social recon | |
socialpwned | v2.0.1.r5.g6af3563 | OSINT tool that allows to get the emails, from a target, published in social networks. | social recon | |
socialscan | 128.5ae42d0 | Check email address and username availability on online platforms. | recon | |
sooty | 333.6cb15e6 | The SOC Analysts all-in-one CLI tool to automate and speed up workflow. | defensive recon social | |
spade | 114 | A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. | windows scanner recon | |
spfmap | 8.a42d15a | A program to map out SPF and DKIM records for a large number of domains. | recon | |
spiderfoot | 4.0 | The Open Source Footprinting Tool. | recon | |
spoofcheck | 16.8cce591 | Simple script that checks a domain for email protections. | recon social | |
spray365 | 42.58fd193 | Makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. | cracker recon windows | |
spyse | 47.cd11ba9 | Python API wrapper and command-line client for the tools hosted on spyse.com. | recon | |
ssl-hostname-resolver | 1 | CN (Common Name) grabber on X.509 Certificates over HTTPS. | recon scanner | |
stardox | 41.95b0a97 | Github stargazers information gathering tool. | recon | |
striker | 85.87c184d | An offensive information and vulnerability scanner. | scanner recon webapp | |
subdomainer | 1.2 | A tool designed for obtaining subdomain names from public sources. | recon scanner | |
subfinder | 1:v2.6.3.r497.gbb127fb | Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. | recon | |
subjs | 45.76ce9ec | Fetches javascript file from a list of URLS or subdomains. | webapp recon | |
sublert | 67.56d2a12 | A security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate. | recon | |
sublist3r | 138.729d649 | A Fast subdomains enumeration tool for penetration testers. | recon scanner | |
subover | 71.3d258e2 | A Powerful Subdomain Takeover Tool. | scanner recon | |
subscraper | 2:34.29aa5cc | Tool that performs subdomain enumeration through various techniques. | recon scanner | |
superscan | 4.1 | Powerful TCP port scanner, pinger, resolver. | windows scanner recon | |
swamp | 59.3c8be65 | An OSINT tool for discovering associated sites through Google Analytics Tracking IDs. | recon | |
swarm | 1:41.1713c1e | A distributed penetration testing tool. | scanner recon cracker exploitation webapp | |
syborg | 36.5cd010b | Recursive DNS Subdomain Enumerator with dead-end avoidance system. | recon | |
sysdig | 0.38.1 | Open source system-level exploration and troubleshooting tool | recon | |
tactical-exploitation | 95.7bbcb5d | Modern tactical exploitation toolkit. | scanner exploitation recon sniffer | |
teamsuserenum | v1.0.r1.g0c8b6c2 | User enumeration with Microsoft Teams API | recon | |
thc-ipv6 | 3.8 | Complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6 | networking recon dos spoof scanner | |
thcrut | 1.2.5 | Network discovery and OS Fingerprinting tool. | fingerprint recon scanner | |
thedorkbox | 7.43852d3 | Comprehensive collection of Google Dorks & OSINT techniques to find Confidential Data. | recon | |
theharvester | 3713.434d6f68 | Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). | recon | |
tilt | 90.2bc2ef2 | An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup. | recon | |
tinfoleak | 3.6469eb3 | Get detailed information about a Twitter user activity. | recon social webapp | |
tinfoleak2 | 41.c45c33e | Get detailed information about a Twitter user activity. | recon social webapp | |
token-hunter | 343.3358a33 | OSINT Tool - Search the group and group members' snippets, issues, and issue discussions for sensitive data that may be included in these assets. | social recon | |
traceroute | 2.1.5 | Tracks the route taken by packets over an IP network | recon | |
trape | 132.6baae24 | People tracker on the Internet: OSINT analysis and research tool by Jose Pino. | social recon | |
treasure | 1:2.b3249be | Hunt for sensitive information through githubs code search. | recon | |
trufflehog | 2:v3.82.2.r0.g7e78ca385 | Searches through git repositories for high entropy strings, digging deep into commit history. | recon | |
trusttrees | 102.a9b7399 | A Tool for DNS Delegation Trust Graphing. | recon | |
tweets-analyzer | 55.8d6bd3c | Tweets metadata scraper & activity analyzer. | social recon | |
twint | 1:845.e7c8a0c7 | An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. | social recon | |
twofi | 2.0 | Twitter Words of Interest. | recon | |
ubiquiti-probing | 5.c28f4c1 | A Ubiquiti device discovery tool. | recon scanner | |
udork | 102.1a0aab0 | Python script that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications. | recon scanner | |
uhoh365 | 26.110277a | Script to enumerate Office 365 users without performing login attempts | recon | |
ultimate-facebook-scraper | 236.5661bdc | A bot which scrapes almost everything about a Facebook user's profile. | social recon | |
uncover | v1.0.2.r2.g4b929e0 | Discover exposed hosts on the internet using multiple search engines. | recon | |
upnp-pentest-toolkit | 1.1 | UPnP Pentest Toolkit for Windows. | windows scanner recon fuzzer | |
urlextractor | 19.739864d | Information gathering & website reconnaissance. | webapp recon | |
userrecon | 10.3b56891 | Find usernames across over 75 social networks. | recon social fingerprint | |
userrecon-py | 1:15.eebd422 | Recognition usernames in 187 social networks. | social recon | |
vault | 297.593e046 | Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. | scanner fingerprint recon networking | |
vault-scanner | 299.0303cf4 | Swiss army knife for hackers. | scanner fingerprint recon networking | |
vbrute | 1.11dda8b | Virtual hosts brute forcer. | recon scanner | |
vlan-hopping | 21.a37ba4e | Easy 802.1Q VLAN Hopping | automation networking recon | |
vpnpivot | 22.37bbde0 | Explore the network using this tool. | recon networking | |
vulmap | 95.a167c47 | Vulmap Online Local Vulnerability Scanners Project | scanner fingerprint recon | |
vulnx | 321.bcf451d | Cms and vulnerabilites detector & An intelligent bot auto shell injector. | webapp scanner fingerprint recon | |
waldo | 29.ee4f960 | A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. | recon scanner | |
waybackpack | 113.3616aee | Download the entire Wayback Machine archive for a given URL. | webapp recon | |
waybackurls | 11.89da10c | Fetch all the URLs that the Wayback Machine knows about for a domain. | recon | |
wce | 1.41beta | A security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). | windows recon | |
webanalyze | 121.707f3a4 | Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. | webapp recon scanner fingerprint | |
webkiller | 42.d680598 | Tool Information Gathering Write By Python. | webapp fingerprint recon | |
websearch | 4.cb7ef8e | Search vhost names given a host range. Powered by Bing.. | recon | |
webtech | 1.3.3 | Identify technologies used on websites. | webapp recon scanner fingerprint | |
weebdns | 14.c01c04f | DNS Enumeration with Asynchronicity. | recon | |
whatbreach | 42.dad6b9f | OSINT tool to find breached emails and databases. | social recon | |
whatsmyname | 2404.7cc3101 | Tool to perform user and username enumeration on various websites. | webapp recon | |
whatweb | 4910.efee4d80 | Next generation web scanner that identifies what websites are running. | recon webapp | |
whichcdn | 22.5fc6ddd | Tool to detect if a given website is protected by a Content Delivery Network. | webapp recon | |
whoxyrm | 1.0.0.r5.g77318a7 | A reverse whois tool based on Whoxy API. | recon | |
wig | 574.d5ddd91 | WebApp Information Gatherer. | webapp scanner recon | |
windapsearch | 28.7724ec4 | Script to enumerate users, groups and computers from a Windows domain through LDAP queries. | recon | |
windows-exploit-suggester | 41.776bd91 | This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. | recon | |
winfo | 2.0 | Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. | windows recon scanner | |
wpsweep | 1.0 | A simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply. | windows recon | |
xray | 91.ca50a32 | A tool for recon, mapping and OSINT gathering from public networks. | recon | |
yasat | 848 | Yet Another Stupid Audit Tool. | scanner recon fingerprint | |
yeti | 3340.5ea0d60a | A platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. | defensive recon | |
zeus-scanner | 414.21b8756 | Advanced dork searching utility. | recon | |
zgrab | 804.59a517f | Grab banners (optionally over TLS). | recon | |
zgrab2 | 666.82b0038 | Go Application Layer Scanner. | fingerprint recon |