recon


Home / Tools / recon

Packets for the gathering information and reconnaissance.

Tool count: 333

Name Version Description Category Website
ad-ldap-enum 44.1386673 An LDAP based Active Directory user and group enumeration tool. recon
adfind 29.179602f Admin Panel Finder. webapp recon
altdns 65.ca46bd1 Generates permutations, alterations and mutations of subdomains and then resolves them. recon
amass 2:728.ed336d0 In-depth subdomain enumeration written in Go. scanner recon
api-dnsdumpster 59.eda15d6 Unofficial Python API for http://dnsdumpster.com/. recon scanner
apkstat 18.81cdad3 Automated Information Retrieval From APKs For Initial Analysis. mobile recon
aquatone 120.854a5d5 a set of tools for performing reconnaissance on domain names. recon scanner
assetfinder 14.2f365f1 Find domains and subdomains potentially related to a given domain. scanner recon
atear 139.245ec8d Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration. wireless recon scanner
atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics. windows scanner forensic cracker sniffer recon
automato 31.4ac82e6 Should help with automating some of the user-focused enumeration tasks during an internal penetration test. automation recon
autorecon 51.d705884 A multi-threaded network reconnaissance tool which performs automated enumeration of services. automation recon scanner
autosint 234.e1f4937 Tool to automate common osint tasks. recon
aws-inventory 16.d987097 Discover resources created in an AWS account. recon
aztarna 1.0 A footprinting tool for ROS and SROS systems. recon fingerprint
badkarma 85.2c46334 Advanced network reconnaissance toolkit. scanner networking recon
badministration 16.69e4ec2 A tool which interfaces with management or administration applications from an offensive standpoint. webapp scanner recon fingerprint
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. recon scanner
belati 72.49577a1 The Traditional Swiss Army Knife for OSINT. scanner recon webapp
bfac 50.2d0516c An automated tool that checks for backup artifacts that may disclose the web-application's source code. recon webapp
billcipher 28.3d3322a Information Gathering tool for a Website or IP address. recon scanner
bind-tools 9.14.5 The ISC DNS tools networking recon
bing-ip2hosts 0.4 Enumerates all hostnames which Bing has indexed for a specific IP address. recon
birp 65.b2e108a A tool that will assist in the security assessment of mainframe applications served over TN3270. scanner recon fuzzer
blackbox-scanner 4:1.7a25220 Dork scanner & bruteforcing & hash cracker tool with blackbox penetration testing framework. scanner recon cracker
bloodhound 661.cdf023f Six Degrees of Domain Admin recon windows
bluto 1:137.ecfb0d2 Recon, Subdomain Bruting, Zone Transfers. scanner recon
browselist 1.4 Retrieves the browse list ; the output list contains computer names, and the roles they play in the network. windows recon
buster 92.131437e Find emails of a person and return info associated with them. social recon
c5scan 29.33a500c Vulnerability scanner and information gatherer for the Concrete5 CMS. webabb scan recon
canari 3.3.10 A transform framework for maltego forensic recon scanner
cantoolz 1:424.bc4c2bf Framework for black-box CAN network analysis https://asintsov.blogspot.de/. automobile recon fuzzer scanner
cardpwn 31.cd51f7e OSINT Tool to find Breached Credit Cards Information. social recon
casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information forensic recon scanner
catnthecanary 7.e9184fe An application to query the canary.pw data set for leaked data. recon
certgraph 140.97a2803 Crawl the graph of certificate Alternate Names. recon
chaosmap 1.3 An information gathering tool and dns / whois / web server scanner forensic scanner recon
cloud-buster 194.b55e4a1 A tool that checks Cloudflare enabled sites for origin IP leaks. recon
cloudfail 61.0f4ed48 Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network. recon
cloudmare 40.1cc4773 A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS. recon scanner
cmsscanner 0.6.0 CMS Scanner Framework. webapp scanner recon fingerprint
cnamulator 5.4667c68 A phone CNAM lookup utility using the OpenCNAM API. mobile recon
commonspeak 36.f0aad23 Leverages publicly available datasets from Google BigQuery to generate wordlists. automation recon
cr3dov3r 46.99a1660 Search for public leaks for email addresses + check creds against 16 websites. social recon
crawlic 51.739fe2b Web recon tool (find temporary files, parse robots.txt, search folders, google dorks and search domains hosted on same server). webapp recon
creepy 1:137.9f60449 A geolocation information gatherer. Offers geolocation information gathering through social networking platforms. scanner social recon
crosslinked 14.1e0379a LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping. social recon
ct-exposer 22.5af35c3 An OSINT tool that discovers sub-domains by searching Certificate Transparency logs scanner recon
cutycapt 3:10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page. recon
d-tect 13.9555c25 Pentesting the Modern Web. scanner recon webapp
darkscrape 58.0efe2a3 OSINT Tool For Scraping Dark Websites. webapp scanner recon
datasploit 1:367.a270d50 A tool to perform various OSINT techniques, aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data. recon scanner
davscan 30.701f967 Fingerprints servers, finds exploits, scans WebDAV. webapp scanner fingerprint recon
detectem 228.c40e39a Detect software and its version on websites. fingerprint webapp recon
dga-detection 78.0a3186e DGA Domain Detection using Bigram Frequency Analysis. recon
dns-parallel-prober 56.99a7b83 PoC for an adaptive parallelised DNS prober. recon
dns2geoip 0.1 A simple python script that brute forces DNS and subsequently geolocates the found subdomains. scanner recon
dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads. recon scanner
dnsenum 1.2.4.2 Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. recon scanner
dnsgrep 5.c982dc7 A utility for quickly searching presorted DNS names. recon
dnsrecon 2:0.9.0 Python script for enumeration of hosts, subdomains and emails from a given domain using google. recon
dnssearch 20.e4ea439 A subdomain enumeration tool. recon
dnsspider 1.1 A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation. recon scanner
dnstracer 1.9 Determines where a given DNS server gets its information from, and follows the chain of DNS servers recon
dnstwist 243.455c093 Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. scanner recon
dnswalk 2.0.2 A DNS debugger. recon scanner
domain-analyzer 0.8.1 Finds all the security information for a given domain name. recon
domain-stats 28.033375f A web API to deliver domain information from whois and alexa. recon
doork 6.90c7260 Passive Vulnerability Auditor. webapp recon
dradis 3.0.0.rc1 An open source framework to enable effective information sharing. recon misc
dradis-ce 2220.ada6af60 An open source framework to enable effective information sharing. recon misc
dsstore-crawler 4.9e003a3 A parser + crawler for .DS_Store files exposed publically. webapp recon
dumpusers 1.0 Dumps account names and information even though RestrictAnonymous has been set to 1. windows recon
eapeak 130.9550d1c Analysis Suite For EAP Enabled Wireless Networks. wireless recon
easyda 7.0867f9b Easy Windows Domain Access Script. automation scanner recon
eigrp-tools 0.1 This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol. sniffer networking recon scanner
email2phonenumber 13.28b83b1 A OSINT tool to obtain a target's phone number just by having his email address. social recon
enteletaor 65.d1fbda5 Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. exploitation scanner recon
enum4linux 0.8.9 A tool for enumerating information from Windows and Samba systems. recon scanner
enumerid 19.6606b71 Enumerate RIDs using pure Python. recon
exitmap 365.754b877 A fast and modular scanner for Tor exit relays. recon
expimp-lookup 4.79a96c7 Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree. binary recon
eyewitness 778.0512121 Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. webapp recon misc
facebot 23.57f6025 A facebook profile and reconnaissance system. recon webapp
fbid 16.1b35eb9 Show info about the author by facebook photo url. recon social
fernmelder 6.c6d4ebe Asynchronous mass DNS scanner. scanner recon
fileintel 29.9749332 A modular Python application to pull intelligence about malicious files. malware recon
finalrecon 18.16c0fbc OSINT Tool for All-In-One Web Reconnaissance. recon
findmyiphone 19.aef3ac8 Locates all devices associated with an iCloud account mobile recon
findomain 214.a36a784 A tool that use Certificate Transparency logs to find subdomains. scanner recon
flare-floss 1.5.0 Obfuscated String Solver - Automatically extract obfuscated strings from malware. recon
flashlight 109.90d1dc5 Automated Information Gathering Tool for Penetration Testers. recon
forager 115.7439b0a Multithreaded threat Intelligence gathering utilizing. recon
fping 4.2 A utility to ping multiple hosts at once networking recon scanner
fport 2.0 Identify unknown open ports and their associated applications. windows recon fingerprint
gasmask 149.9d26cb5 All in one Information gathering tool - OSINT. recon
gatecrasher 2.3ad5225 Network auditing and analysis tool developed in Python. recon scanner
geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). recon
geoip 1.6.12 Non-DNS IP-to-country resolver C library & utils networking recon
git-hound 63.c08cb1f Pinpoints exposed API keys on GitHub. A batch-catching, pattern-matching, patch-attacking secret snatcher. recon social
gitem 85.b8937c0 A Github organization reconnaissance tool. recon
githack 10.1fed62c A `.git` folder disclosure exploit. recon
gitleaks 433.065b621 Audit Git repos for secrets and keys. recon
gitmails 71.8aa8411 An information gathering tool to collect git commit emails in version control host services. recon social
gitminer 53.3f81161 Tool for advanced mining for content on Github. recon
gloom 95.607162b Linux Penetration Testing Framework. scanner exploitation recon fuzzer social
goddi 1.2 Dumps Active Directory domain information. recon windows
goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. recon
goofile 1.5 Command line filetype search recon
goog-mail 1.0 Enumerate domain emails from google. recon
goohak 26.ee593c7 Automatically Launch Google Hacking Queries Against A Target Domain. recon automation scanner
goop 12.39b34eb Perform google searches without being blocked by the CAPTCHA or hitting any rate limits. recon
gosint 104.07b811c OSINT framework in Go. recon
gplist 1.0 Lists information about the applied Group Policies. windows recon
grabing 11.9c1aa6c Counts all the hostnames for an IP adress recon
gsd 1.1 Gives you the Discretionary Access Control List of any Windows NT service you specify as a command line option. windows recon
gwtenum 1:7.f27a5aa A command line tool that analyzes the obfuscated Javascript produced by Google Web Toolkit (GWT) applications in order to enumerate all services and method calls. recon webapp
h8mail 197.269117e Email OSINT and password breach hunting. recon social
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository. recon
handle 1:0.1 An small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,.. windows recon
harpoon 202.7e24ae8 CLI tool for open source and threat intelligence. automation recon
hasere 1.0 Discover the vhosts using google and bing. recon scanner
hatcloud 33.3012ad6 Bypass CloudFlare with Ruby. recon
hoper 12.3951159 Trace URL's jumps across the rel links to obtain the last URL. recon
hoppy 1.8.1 A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. scanner recon
hosthunter 90.c842375 A recon tool for discovering hostnames using OSINT techniques. recon
howmanypeoplearearound 122.776082c Count the number of people around you by monitoring wifi signals. recon wireless
htrosbif 134.9dc3f86 Active HTTP server fingerprinting and recon tool. fingerprint recon
http-traceroute 0.5 This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality. networking recon
httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions. webapp scanner fuzzer recon
httping 2.5 A ping-like tool for http-requests networking recon
id-entify 16.8e6c566 Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records. recon
idswakeup 1.0 A collection of tools that allows to test network intrusion detection systems. recon networking scanner
infoga 3:13.f02cdb0 Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers). recon
inquisitor 1:28.12a9ec1 OSINT Gathering Tool for Companies and Organizations. recon social
intrace 1.5 Traceroute-like application piggybacking on existing TCP connections recon
inzider 1.2 This is a tool that lists processes in your Windows system and the ports each one listen on. windows recon
ip-tracer 76.ce07e93 Track and retrieve any ip address information. recon
ip2clue 0.0.95 A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6). recon
iptodomain 18.f1afcd7 This tool extract domains from IP address based in the information saved in virustotal. recon
ircsnapshot 94.cb02a85 Tool to gather information from IRC servers. recon scanner
isme 0.12 Scans a VOIP environment, adapts to enterprise VOIP, and exploits the possibilities of being connected directly to an IP Phone VLAN. voip recon scanner
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. recon webapp
ivre 0.9.13.dev168 Network recon framework. recon networking
ivre-docs 0.9.13.dev168 Network recon framework (documentation) recon networking
ivre-web 0.9.13.dev168 Network recon framework (web application) recon networking
jast 17.361ecde Just Another Screenshot Tool. webapp recon misc
kacak 1.0 Tools for penetration testers that can enumerate which users logged on windows system. recon
kamerka 39.b067983 Build interactive map of cameras from Shodan. recon
katana 1.0.0.1 A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). exploitation dos cracker scanner recon
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences. recon webapp
knock 1:275.e2c98df Subdomain scanner. scanner recon
lanmap2 1:127.1197999 Passive network mapping tool. recon
lbd 20130719 Load Balancing detector recon
ldapenum 1:0.1 Enumerate domain controllers using LDAP. recon scanner
ldeep 84.9772e8b In-depth ldap enumeration utility. recon
lft 1:3.8 A layer four traceroute implementing numerous other features. recon networking
lhf 40.51568ee A modular recon tool for pentesting. recon
linenum 61.d8a080a Scripted Local Linux Enumeration & Privilege Escalation Checks scanner recon
linkfinder 150.406a554 Discovers endpoint and their parameters in JavaScript files. webapp recon
linux-exploit-suggester 32.9db2f5a A Perl script that tries to suggest exploits based OS version number. recon
linux-exploit-suggester.sh 139.95a05cc Linux privilege escalation auditing tool. recon
littlebrother 78.13ab4b4 OSINT tool to get informations on French, Belgian and Swizerland people. recon social
loot 51.656fb85 Sensitive information extraction tool. recon
lte-cell-scanner 57.5fa3df8 LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure). scanner mobile recon
machinae 176.e787be5 A tool for collecting intelligence from public sites/feeds about various security-related pieces of data. recon
mail-crawl 0.1 Tool to harvest emails from website. recon
maltego 4.2.6.12502 An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. forensic recon scanner
maryam 2:462.473f218 Tool to scan Web application and networks and easily and complete the information gathering process. scanner webapp recon
massbleed 16.cf7c5d6 Automated Pentest Recon Scanner. recon automation scanner
mbenum 1.5.0 Queries the master browser for whatever information it has registered. windows recon
mdns-recon 10.81ecf94 An mDNS recon tool written in Python. recon
metagoofil 1.4b An information gathering tool designed for extracting metadata of public documents. recon
metasploit 5.0.46 Advanced open-source platform for developing, testing, and using exploit code exploitation fuzzer scanner recon networking
mingsweeper 1.00 A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. windows recon scanner
missidentify 1.0 A program to find Win32 applications. recon windows
modscan 0.1 A new tool designed to map a SCADA MODBUS TCP based network. scanner recon
monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. recon networking
mptcp-abuse 6.b0eeb27 A collection of tools and resources to explore MPTCP on your network. Initially released at Black Hat USA 2014. networking recon scanner
mylg 656.616fd53 Network Diagnostic Tool. networking recon sniffer
nasnum 5.df5df19 Script to enumerate network attached storages. recon
nbname 1.0 Decodes and displays all NetBIOS name packets it receives on UDP port 137 and more! windows sniffer recon dos scanner
nbtenum 3.3 A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. windows scanner recon
nbtool 1:2.bf90c76 Some tools for NetBIOS and DNS investigation, attacks, and communication. networking recon scanner
nbtscan 1.5.1 NBTscan is a program for scanning IP networks for NetBIOS name information. scanner recon
necromant 3.acbc448 Python Script that search unused Virtual Hosts in Web Servers. recon
neglected 1:8.68d02b3 Facebook CDN Photo Resolver. recon
netdiscover 149.3664e55 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. recon wireless
netkit-bsd-finger 0.17 BSD-finger ported to Linux. recon
netmask 2.4.4 Helps determine network masks recon
netreconn 1.78 A collection of network scan/recon tools that are relatively small compared to their larger cousins. networking recon scanner
netscan2 1:58.a1db723 Active / passive network scanner. scanner recon
nipper 0.11.7 Network Infrastructure Parser recon networking
nohidy 67.22c1283 The system admins best friend, multi platform auditing tool. recon networking defensive
nsec3map 20.1263537 A tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain. scanner recon
nsec3walker 20101223 Enumerates domain names using DNSSEC recon
ntp-ip-enum 0.1 Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. recon
nullinux 110.368afe4 Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. recon scanner
o-saft 3513.5bde98f A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. scanner recon
omnibus 127.4e2c715 OSINT tool for intelligence collection, research and artifact management. recon social
onioff 84.34dc309 An onion url inspector for inspecting deep web links. recon recon
osint-spy 13.76f2c7a Performs OSINT scan on email/domain/ip_address/organization. recon social
osinterator 3.8447f58 Open Source Toolkit for Open Source Intelligence Gathering. recon
osrframework 789.83437f4 A project focused on providing API and tools to perform more accurate online researches. recon social
pappy-proxy 77.e1bb049 An intercepting proxy for web application testing. webapp proxy scanner fuzzer recon
parsero 81.e5b585a A robots.txt audit tool. recon
pasv-agrsv 57.6bb54f7 Passive recon / OSINT automation script. automation recon
peepingtom 1:56.bc6f4d8 A tool to take screenshots of websites. Much like eyewitness. webapp recon
pentestly 1798.93d1b39 Python and Powershell internal penetration testing framework. scanner recon automation
pepe 13.b81889b Collect information about email addresses from Pastebin. social recon
photon 322.6795cc5 Incredibly fast crawler which extracts urls, emails, files, website accounts and much more. webapp recon
pmap 1.10 Passively discover, scan, and fingerprint link-local peers by the background noise they generate (i.e. their broadcast and multicast traffic). windows recon scanner fingerprint
pmapper 17.f518bdb A tool for quickly evaluating IAM permissions in AWS. recon
pown 93.59e9626 Security testing and exploitation toolkit built on top of Node.js and NPM. webapp recon scanner social proxy
pret 81.4f3820a Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. exploitation fuzzer recon scanner
proxmark 2256.1511ea28 A powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. radio recon scanner
ptf 1176.ae9cabc The Penetration Testers Framework is a way for modular support for up-to-date tools. exploitation scanner recon automation
punter 45.97b7bed Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare. recon
pwned 757.aa7d1d8 A command-line tool for querying the 'Have I been pwned?' service. recon
pwned-search 31.19305f3 Pwned Password API lookup. recon social
pwnedornot 132.9eeb8b3 Tool to find passwords for compromised email addresses. recon social
pymeta 13.fa74e64 Auto Scanning to SSL Vulnerability. recon
pythem 454.e4fcb8a Python penetration testing framework. scanner sniffer recon cracker webapp
python-ivre 0.9.13.dev168 Network recon framework (library) recon networking
python2-ivre 0.9.13.dev168 Network recon framework (library) recon networking
python2-webtech 1.2.7 Identify technologies used on websites. webapp recon scanner fingerprint
quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. recon scanner
raccoon 183.985797f A high performance offensive security tool for reconnaissance and vulnerability scanning. recon scanner
ranger-scanner 149.3aae5dd A tool to support security professionals to access and interact with remote Microsoft Windows based systems. scanner recon
rapidscan 155.2b3799b The Multi-Tool Web Vulnerability Scanner. webapp scanner recon fingerprint fuzzer exploitation
rasenum 1.0 A small program which lists the information for all of the entries in any phonebook file (.pbk). windows recon
raven 1:0.3 A Linkedin information gathering tool used to gather information. recon
recon-ng 1:5.0.1 A full-featured Web Reconnaissance framework written in Python. recon
reconnoitre 422.8f1c4ef A security tool for multithreaded information gathering and service enumeration. recon
reconscan 37.d321842 Network reconnaissance and vulnerability assessment tools. recon scanner
recsech 115.1acd608 Tool for doing Footprinting and Reconnaissance on the target web. recon scanner webapp fingerprinting
red-hawk 28.ad27b00 All in one tool for Information Gathering, Vulnerability Scanning and Crawling. recon scanner webapp
reverseip 13.42cc9c3 ReverseIP is a ruby-based reverse IP-lookup tool, which finds all domains hosted on a web server and returns the HTTP status code of those domains. recon
revipd 5.2aaacfb A simple reverse IP domain scanner. recon scanner
rifiuti2 1:0.7.0 A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file. forensic recon
ripdc 0.3 A script which maps domains related to an given ip address or domainname. recon scanner
rpctools 1.0 Contains three separate tools for obtaining information from a system that is running RPC services windows recon scanner
sawef 28.e65dc9f Send Attack Web Forms. webapp recon
sb0x 19.04f40fe A simple and Lightweight framework for Penetration testing. scanner fuzzer cracker backdoor recon
scamper 20181219 A tool that actively probes the Internet in order to analyze topology and performance. scanner recon networking
scrapy 1.6.0 A fast high-level scraping and web crawling framework. webapp recon scanner
sctpscan 34.4d44706 A network scanner for discovery and security. recon scanner
sdn-toolkit 1.21 Discover, Identify, and Manipulate SDN-Based Networks networking scanner recon
seat 0.3 Next generation information digging application geared toward the needs of security professionals. It uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. scanner recon
seeker 166.c82d14d Accurately Locate People using Social Engineering. social recon
server-status-pwn 7.0c02af0 A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. recon
shard 1.5 A command line tool to detect shared passwords. recon
sherlock 716.516a4b5 Find usernames across social networks. social recon
shodanhat 13.e5e7e68 Search for hosts info with shodan. recon
simple-lan-scan 1.0 A simple python script that leverages scapy for discovering live hosts on a network. scanner recon networking
simplyemail 1:1.4.10.r7.6a42d37 Email recon made fast and easy, with a framework to build on http://CyberSyndicates.com. recon
sipi 13.58f0dcc Simple IP Information Tools for Reputation Data Analysis. recon misc
skiptracer 122.51b55dc OSINT python2 webscraping framework. Skipping the needs of API keys. social recon
slackpirate 111.0c15149 Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace. social recon
smbcrunch 12.313400e 3 tools that work together to simplify reconaissance of Windows File Shares. recon scanner
smbexec 2:59.a54fc14 A rapid psexec style attack with samba tools. scanner recon fuzzer exploitation
smbmap 67.b55fc05 A handy SMB enumeration tool. scanner recon
smod 53.7eb8423 A modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. scanner fuzzer recon dos
smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. recon scanner
sn00p 0.8 A modular tool written in bourne shell and designed to chain and automate security tools and tests. automation scanner recon fingerprint networking fuzzer exploitation
sn1per 1:353.6e34fe1 Automated Pentest Recon Scanner. recon automation scanner cracker
snmpcheck 1.9 A free open source utility to get information via SNMP protocols. networking recon
snoopbrute 17.589fbe6 Multithreaded DNS recursive host brute-force tool. scanner recon
social-mapper 122.6d9e8d5 A social media enumeration and correlation tool. social recon
social-vuln-scanner 11.91794c6 Gathers public information on companies to highlight social engineering risk. social recon
sooty 121.5ba7f55 The SOC Analysts all-in-one CLI tool to automate and speed up workflow. defensive recon social
spade 114 A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. windows scanner recon
spfmap 8.a42d15a A program to map out SPF and DKIM records for a large number of domains. recon
spiderfoot 2.12.0 The Open Source Footprinting Tool. recon
spoofcheck 16.8cce591 Simple script that checks a domain for email protections. recon social
spyse 47.cd11ba9 Python API wrapper and command-line client for the tools hosted on spyse.com. recon
ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS. recon scanner
stardox 41.95b0a97 Github stargazers information gathering tool. recon
striker 85.87c184d An offensive information and vulnerability scanner. scanner recon webapp
subdomainer 1.2 A tool designed for obtaining subdomain names from public sources. recon scanner
subfinder 410.357c340 Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. recon
sublert 50.f0814ad A security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate. recon
sublist3r 124.69fdd12 A Fast subdomains enumeration tool for penetration testers. recon scanner
subover 71.3d258e2 A Powerful Subdomain Takeover Tool. scanner recon
subscraper 24.f1dec07 Tool that performs subdomain enumeration through various techniques. recon scanner
superscan 4.1 Powerful TCP port scanner, pinger, resolver. windows scanner recon
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
sysdig 0.26.4 Open source system-level exploration and troubleshooting tool recon
tactical-exploitation 79.b1be62b Modern tactical exploitation toolkit. scanner exploitation recon sniffer
thc-ipv6 3.6 Complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6 networking recon dos spoof scanner
theharvester 996.b167292 Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). recon
tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup. recon
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity. recon social webapp
tinfoleak2 41.c45c33e Get detailed information about a Twitter user activity. recon social webapp
traceroute 2.1.0 Tracks the route taken by packets over an IP network recon
trape 105.4abc460 People tracker on the Internet: OSINT analysis and research tool by Jose Pino. social recon
treasure 1:2.b3249be Hunt for sensitive information through githubs code search. recon
trufflehog 135.a4c69fa Searches through git repositories for high entropy strings, digging deep into commit history. recon
trusttrees 7.0665877 A Tool for DNS Delegation Trust Graphing. recon
tweets-analyzer 50.0251238 Tweets metadata scraper & activity analyzer. social recon
twint 764.e7ba6da An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. social recon
twofi 2.0 Twitter Words of Interest. recon
ubiquiti-probing 5.c28f4c1 A Ubiquiti device discovery tool. recon scanner
upnp-pentest-toolkit 1.1 UPnP Pentest Toolkit for Windows. windows scanner recon fuzzer
userrecon 10.3b56891 Find usernames across over 75 social networks. recon social fingerprint
userrecon-py 15.eebd422 Recognition usernames in 187 social networks. social recon
vbrute 1.11dda8b Virtual hosts brute forcer. recon scanner
vlan-hopping 21.a37ba4e Easy 802.1Q VLAN Hopping automation networking recon
vpnpivot 22.37bbde0 Explore the network using this tool. recon networking
vulmap 75.cb228e6 Vulmap Online Local Vulnerability Scanners Project scanner fingerprint recon
vulnx 267.8188500 Cms and vulnerabilites detector & An intelligent bot auto shell injector. webapp scanner fingerprint recon
waldo 29.ee4f960 A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. recon scanner
waybackpack 49.36db906 Download the entire Wayback Machine archive for a given URL. webapp recon
wce 1.41beta A security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). windows recon
webanalyze 57.ab86050 Port of Wappalyzer (uncovers technologies used on websites) in go to automate scanning. webapp recon scanner fingerprint
websearch 3.09935a5 Search vhost names given a host range. Powered by Bing.. recon
webtech 1.2.7 Identify technologies used on websites. webapp recon scanner fingerprint
weebdns 14.c01c04f DNS Enumeration with Asynchronicity. recon
whatbreach 39.bf7f213 OSINT tool to find breached emails and databases. social recon
whatsmyname 361.c5c7f6f Tool to perform user and username enumeration on various websites. webapp recon
whatweb 4679.7885799c Next generation web scanner that identifies what websites are running. recon webapp
whichcdn 22.5fc6ddd Tool to detect if a given website is protected by a Content Delivery Network. webapp recon
wig 574.d5ddd91 WebApp Information Gatherer. webapp scanner recon
windows-exploit-suggester 41.776bd91 This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. recon
winfo 2.0 Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. windows recon scanner
wpsweep 1.0 A simple ping sweeper, that is, it pings a range of IP addresses and lists the ones that reply. windows recon
xray 91.ca50a32 A tool for recon, mapping and OSINT gathering from public networks. recon
yasat 848 Yet Another Stupid Audit Tool. scanner recon fingerprint
yeti 2071.35c4388c A platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. defensive recon
zeus-scanner 414.21b8756 Advanced dork searching utility. recon
zgrab 802.1058663 Grab banners (optionally over TLS). recon
zgrab2 493.30aaee1 Go Application Layer Scanner. fingerprint recon