Top 138 reconnaissance open source projects

Enumerate information from NTLM authentication enabled web endpoints 🔎

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Simple shell script for automated domain recognition with some tools

Community curated list of public bug bounty and responsible disclosure programs.

OSINT Framework

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

A passive subdomain finder

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A Github organization reconnaissance tool.

A tool to fastly get all javascript sources/files

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Advanced and easy to use penetration testing framework 💣🔎

Intelligence and Reconnaissance Package/Bundle installer.

Yar is a tool for plunderin' organizations, users and/or repositories.

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

A high performance offensive security tool for reconnaissance and vulnerability scanning

Change monitoring app that checks the content of web pages in different periods.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

👀 Some of my favorite OSINT tools.

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.

Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Perform automated network reconnaissance scans

Accurately Locate Smartphones using Social Engineering

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

A tool to hunt for publicly accessible DigitalOcean Spaces

OSINT tool - gets data from services like shodan, censys etc. in one app

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

One way to continuously monitor sensitive information that could be exposed on Github

Parse NTLM challenge messages over HTTP and SMB

Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"

Urls de-duplication tool for better recon.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A container repository for my public web hacks!

The Offensive Manual Web Application Penetration Testing Framework.

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.

Weaponizing Live CT logs for automated monitoring of assets

An OSINT tool to gather information about the real owner of a phone number

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

A DNS reconnaissance tool for locating non-contiguous IP space.

A Fast Broken Link Hijacker Tool written in Python

A fast http and https prober, to check which URLs are alive

GitHub Recon — and what you can achieve with it!

List of Awesome Asset Discovery Resources

Discover Your Attack Surface!

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Code from my old page ge.mine.nu

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Reconnaissance tool of Penetration test & Bug Bounty

The Last Web Recon Tool You'll Need

Semi-automatic OSINT framework and package manager