Enumerate information from NTLM authentication enabled web endpoints 🔎
I See You
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Simple shell script for automated domain recognition with some tools
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
A passive subdomain finder
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
A Github organization reconnaissance tool.
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Intelligence and Reconnaissance Package/Bundle installer.
Yar is a tool for plunderin' organizations, users and/or repositories.
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
A high performance offensive security tool for reconnaissance and vulnerability scanning
Change monitoring app that checks the content of web pages in different periods.
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Perform automated network reconnaissance scans
Accurately Locate Smartphones using Social Engineering
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
A tool to hunt for publicly accessible DigitalOcean Spaces
OSINT tool - gets data from services like shodan, censys etc. in one app
🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
One way to continuously monitor sensitive information that could be exposed on Github
Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"
Urls de-duplication tool for better recon.
Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
A container repository for my public web hacks!
The Offensive Manual Web Application Penetration Testing Framework.
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.
Weaponizing Live CT logs for automated monitoring of assets
An OSINT tool to gather information about the real owner of a phone number
A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
A DNS reconnaissance tool for locating non-contiguous IP space.
A fast http and https prober, to check which URLs are alive
GitHub Recon — and what you can achieve with it!
👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Reconnaissance tool of Penetration test & Bug Bounty
Semi-automatic OSINT framework and package manager