Top 127 recon open source projects

E-mails, subdomains and names Harvester - OSINT

In-depth Attack Surface Mapping and Asset Discovery

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.

Automated network asset, email, and social media profile discovery and cataloguing.

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Sifter aims to be a fully loaded Op Centre for Pentesters

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Generates combination of domain names from the provided input.

An advanced tool for email reconnaissance

Links for the OSINT Team

Maryam: Open-source Intelligence(OSINT) Framework

Python 3.5+ DNS asynchronous brute force utility

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

Find emails of Github users

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

OneForAll是一款功能强大的子域收集工具

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Network footprint scanner platform. Discover domains and run your custom checks periodically.

Next generation web scanner

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

An automated approach to performing recon for bug bounty hunting and penetration testing.

An automated target reconnaissance pipeline.

This repository created for personal use and added tools from my latest blog post.

Infosec Wordlists

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Extract server and IP address information from Browser SSRF

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.

Reconness Agents Script

Nuubi Tools (Information-ghatering|Scanner|Recon.)

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Simultaneously execute various subdomain enumeration tools and aggregate results.

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Burp extension to decode NTLM SSP headers and extract domain/host information

asnap aims to render recon phase easier by providing updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning.

Scrape domain names from SSL certificates of arbitrary hosts

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

RECON learn: a free, open platform for training material on epidemics analysis

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

goverview - Get an overview of the list of URLs

Tool to automate recon

Elixir wrapper for Recon, tools to diagnose Erlang VM safely in production

Unleash the power of cloud

Mass querying whois records

Automated Web Recon Shell Scripts

apkizer is a mass downloader for android applications for all available versions.

Amazon S3 bucket finder and crawler.

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

Offensive Security recon tool

This is the new version of dirb in python

An Extended, Modulair, Host Discovery Framework

Related subdomains finder

Simple Python tool to check if there is an Office 365 instance linked to a domain.