All Categories β†’ Security β†’ reconnaissance

Top 119 reconnaissance open source projects

Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints πŸ”Ž
I See You
ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Autorecon
Simple shell script for automated domain recognition with some tools
Public Bugbounty Programs
Community curated list of public bug bounty and responsible disclosure programs.
Bugbountyscanner
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Gitem
A Github organization reconnaissance tool.
3klcon
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Yar
Yar is a tool for plunderin' organizations, users and/or repositories.
Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Url Tracker
Change monitoring app that checks the content of web pages in different periods.
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Osint Tools
πŸ‘€ Some of my favorite OSINT tools.
Mqtt Pwn
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
Sherlock Js
Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock
Massdns
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Pyiris Backdoor
PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Asnip
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Subrake
A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Sarenka
OSINT tool - gets data from services like shodan, censys etc. in one app
Scilla
πŸ΄β€β˜ οΈ Information Gathering tool πŸ΄β€β˜ οΈ DNS / Subdomains / Ports / Directories enumeration
Gitmonitor
One way to continuously monitor sensitive information that could be exposed on Github
Ntlm challenger
Parse NTLM challenge messages over HTTP and SMB
Bass
Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"
Uddup
Urls de-duplication tool for better recon.
Keye
Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Tidos Framework
The Offensive Manual Web Application Penetration Testing Framework.
Geo Recon
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.
Certeagle
Weaponizing Live CT logs for automated monitoring ofΒ assets
Deadtrap
An OSINT tool to gather information about the real owner of a phone number
Reconcat
A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Fierce
A DNS reconnaissance tool for locating non-contiguous IP space.
Brokenlinkhijacker
A Fast Broken Link Hijacker Tool written in Python
Halive
A fast http and https prober, to check which URLs are alive
Github Recon
GitHub Recon β€” and what you can achieve with it!
Awesome Asset Discovery
List of Awesome Asset Discovery Resources
Eyes
πŸ‘€ πŸ–₯️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" πŸ” πŸ•΅οΈ
Social Analyzer
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Gitgot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Ge.mine.nu
Code from my old page ge.mine.nu
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Recon Raven
Reconnaissance tool of Penetration test & Bug Bounty
1-60 of 119 reconnaissance projects