Top 138 reconnaissance open source projects

🆕 The Multi-Tool Web Vulnerability Scanner.

All about bug bounty (bypasses, payloads, and etc)

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

Making Favicon.ico based Recon Great again !

E-mails, subdomains and names Harvester - OSINT

🔎 Hunt down social media accounts by username across social networks

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Information gathering tool - OSINT

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.

Automated network asset, email, and social media profile discovery and cataloguing.

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A Tool for Domain Flyovers

PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Maryam: Open-source Intelligence(OSINT) Framework

network reconnaissance toolkit

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

OSINT

A (partial) Python rewriting of PowerSploit's PowerView

Fully automated offensive security framework for reconnaissance and vulnerability scanning

An automated approach to performing recon for bug bounty hunting and penetration testing.

An automated target reconnaissance pipeline.

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

This repository created for personal use and added tools from my latest blog post.

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

A tool to find redirection chains in multiple URLs

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Web Recon & Exploitation Tool.

Do some quick reconnaissance on a domain-based web-application

A Tool for Domain Flyovers

DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.

A very loud but fast recon scan and pentest template creator for use in CTF's/OSCP/Hackthebox...

Phomber is infomation grathering tool that reverse search phone numbers and get their details, written in python3.

bingip2hosts is a Bing.com web scraper that discovers websites by IP address

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.

One-click installer for Frida and Burp certs for SSL Pinning bypass

Nuclei templates for K8S security scanning

🔎 Find usernames across social networks

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

a shell script aim to automatically launch 50+ online web scanning tools in the Browsaer against a target domain in a 10 waves

Automated script to run all modules for a specified list of domains, netblocks or company name

A knockoff social-engineer toolkit

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .

The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Tool to automate recon

Lightweight utility to fool port scanners

Automated Web Recon Shell Scripts

apkizer is a mass downloader for android applications for all available versions.