AmassIn-depth Attack Surface Mapping and Asset Discovery
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
ReconpiReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
OdinAutomated network asset, email, and social media profile discovery and cataloguing.
NullinuxInternal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Shotlootera recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
SifterSifter aims to be a fully loaded Op Centre for Pentesters
DnsgenGenerates combination of domain names from the provided input.
BusterAn advanced tool for email reconnaissance
MaryamMaryam: Open-source Intelligence(OSINT) Framework
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Docker Onion NmapScan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.
ZenFind emails of Github users
NatlasScaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
ReconnoteWeb Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
VajraVajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
PulsarNetwork footprint scanner platform. Discover domains and run your custom checks periodically.
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Recon My WayThis repository created for personal use and added tools from my latest blog post.
MegplusAutomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
PriestExtract server and IP address information from Browser SSRF
fransReconScript will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
targetsA collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
querytoolQuerytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.
nuubiNuubi Tools (Information-ghatering|Scanner|Recon.)
osmedeus-workflowCommunity Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
SubWalkerSimultaneously execute various subdomain enumeration tools and aggregate results.
OffensiveCloudDistributionLeverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
asnapasnap aims to render recon phase easier by providing updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning.
ceroScrape domain names from SSL certificates of arbitrary hosts
mailcatFind existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬
learnRECON learn: a free, open platform for training material on epidemics analysis
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
goverviewgoverview - Get an overview of the list of URLs
recon exElixir wrapper for Recon, tools to diagnose Erlang VM safely in production
webreconAutomated Web Recon Shell Scripts
apkizerapkizer is a mass downloader for android applications for all available versions.
s3reconAmazon S3 bucket finder and crawler.
XposedOrNotXposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
dirbpyThis is the new version of dirb in python
ICUAn Extended, Modulair, Host Discovery Framework
flydnsRelated subdomains finder
o365chkSimple Python tool to check if there is an Office 365 instance linked to a domain.