Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Stars: ✭ 541 (+332.8%)

Mutual labels: pentesting, reconnaissance

quick-recon.py

Do some quick reconnaissance on a domain-based web-application

Stars: ✭ 13 (-89.6%)

Mutual labels: pentesting, reconnaissance

Eyes

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Stars: ✭ 38 (-69.6%)

Mutual labels: pentesting, reconnaissance

ShonyDanza

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Stars: ✭ 86 (-31.2%)

Mutual labels: pentesting, reconnaissance

Scilla

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Stars: ✭ 116 (-7.2%)

Mutual labels: pentesting, reconnaissance

Asnip

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Stars: ✭ 126 (+0.8%)

Mutual labels: pentesting, reconnaissance

Social Analyzer

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Stars: ✭ 8,449 (+6659.2%)

Mutual labels: pentesting, reconnaissance

Sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Stars: ✭ 859 (+587.2%)

Mutual labels: pentesting, reconnaissance

Getjs

A tool to fastly get all javascript sources/files

Stars: ✭ 190 (+52%)

Mutual labels: pentesting, reconnaissance

Hackvault

A container repository for my public web hacks!

Stars: ✭ 1,364 (+991.2%)

Mutual labels: pentesting, reconnaissance

Intrec Pack

Intelligence and Reconnaissance Package/Bundle installer.

Stars: ✭ 177 (+41.6%)

Mutual labels: pentesting, reconnaissance

Osint tips

OSINT

Stars: ✭ 322 (+157.6%)

Mutual labels: pentesting, reconnaissance

Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Stars: ✭ 2,312 (+1749.6%)

Mutual labels: pentesting, reconnaissance

Spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Stars: ✭ 6,882 (+5405.6%)

Mutual labels: reconnaissance, pentesting

Rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Stars: ✭ 3,439 (+2651.2%)

Mutual labels: reconnaissance, pentesting

Finalrecon

The Last Web Recon Tool You'll Need

Stars: ✭ 888 (+610.4%)

Mutual labels: pentesting, reconnaissance

Reconcat

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Stars: ✭ 66 (-47.2%)

Mutual labels: pentesting, reconnaissance

Spaces Finder

A tool to hunt for publicly accessible DigitalOcean Spaces

Stars: ✭ 122 (-2.4%)

Mutual labels: pentesting, reconnaissance

View All Similar Projects ➔

SUBRAKE

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

Key Features

OSINT + Subdomain Bruteforcing
Capable of handling outputs from multiple tools
Handling False Positives and Filters subdomains with same resolutions.
Checking for Server Banners and Ports
Incredibly Fast
Handling domains with larger scopes
Port Scanning

Documentation

Installation

Installing stable version directly from PYPI:

$ pip3 install subrake

Installing latest build:

$ git clone https://github.com/hash3liZer/Subrake.git
$ cd Subrake/
$ python3 setup.py install

Run after installation:

$ subrake --help

Usage

Subrake is highly flexible and is made to work under different situations. It can parse output files from multiple tools collectively. It does OSINT search alongside wordlist bruteforcing and before actual bruteforcing, it removes similar subdomains and false positives. It does also support a filter which when supplied allows you to seperate subdomains with same IP addresses in the final CSV result. Let's see some of the Subrake uses:

A simple run with OSINT results from search engines:

$ subrake -d google.com

Subrake with Multiple Threads:

$ subtake -d google.com -t 50

Subrake with OSINT results + SecLists subdomains list:

$ subrake -d google.com --wordlists SecLists/Discovery/DNS/namelist.txt

Subrake with OSINT results + Multiple SecLists subdomains list:
Note: Subdomains with similar names will automatically be filtered and counted as 1

$ subrake -d google.com --wordlists SecLists/Discovery/DNS/namelist.txt,SecLists/Discovery/DNS/dns-Jhaddix.txt

Subrake without OSINT + Output from multiple tools combined + IP Filtering:

$ domain="google.com"
$ subfinder -d $domain -nW -o $domain/1.txt && sublist3r -d $domain -o $domain/2.txt && cat $domain/* >> /tmp/output.txt
$ subrake -d $domain -w tmp/output.txt --filter --skip-search

Subrake without DNS + OSINT:

$ subrake -d google.com --skip-dns

Subrake with Port Scanning:
NOTE: The port 80,443 will be scanned by default for every host under HTTP/HTTPS banner. So, there's no need to specify them here

$ subrake -d google.com --ports 8080,8443,8000,23,445

Manual

   Args               Description                                    Default
   -h, --help           Show this manual                             NONE
   -d, --domain         Target domain. Possible
                        example: [example.com]                       NONE
   -w, --wordlists      Wordlists containing subdomains
                        to test. Multiple wordlists can
                        be specified.                                NONE
   -t, --threads        Number of threads to spawn                    25
   -o, --output         Store final subdomains in a specified file   NONE
   -c, --csv            Store output results in CSV format           NONE
   -p, --ports          Comma-seperated list of ports to scan.       NONE
   -s, --skip-search    Search for subdomains Online from various
                        sites.                                       FALSE
       --filter         Filter subdomains with same IP in CSV output FALSE
                        Helpful with larger scopes.
       --skip-dns       Skip initial DNS enumeration phase           FALSE
       --exclude-ips    Exclude specified IPs from the final results
                        Helpful in removing False Positives          NONE

Contribution

You can contribute to the project in many ways:

Report Bugs
Suggestions for making it better

Have any further Question? You can hit me up on Twitter and Email:
Twitter: @hash3liZer

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 125

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (3) 🔗