1557 Open source projects that are alternatives of or similar to Amass

In-depth Attack Surface Mapping and Asset Discovery

Python 3.5+ DNS asynchronous brute force utility

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.

OneForAll是一款功能强大的子域收集工具

Maryam: Open-source Intelligence(OSINT) Framework

A MongoDB importer and API for Project Sonars DNS datasets

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

Intelligence and Reconnaissance Package/Bundle installer.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Next generation web scanner

Fully automated offensive security framework for reconnaissance and vulnerability scanning

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Network footprint scanner platform. Discover domains and run your custom checks periodically.

Making Favicon.ico based Recon Great again !

👀 Some of my favorite OSINT tools.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

E-mails, subdomains and names Harvester - OSINT

Find emails of Github users

🔓Subdomain enumeration and information gathering tool

A passive subdomain finder

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Enumerate information from NTLM authentication enabled web endpoints 🔎

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

A high performance offensive security tool for reconnaissance and vulnerability scanning

Related subdomains finder

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

E4GL30S1NT - Simple Information Gathering Tool

asnap aims to render recon phase easier by providing updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning.

Totem allows you to retrieve information about ads of a facebook page , we can retrieve the number of people targeted, how much the ad cost and a lot of other information.

Dumain Bruteforcer - a fast and flexible domain bruteforcer

🔍 A Complete Osint Tool

Burp extension to decode NTLM SSP headers and extract domain/host information

Information gathering tool - OSINT

onedrive user enumeration - pentest tool to enumerate valid onedrive users

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

Maltego compilation of various assets, local transforms and helpful scripts

🔎 Find usernames across social networks

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

bingip2hosts is a Bing.com web scraper that discovers websites by IP address

CLI program that collects information from facebook user profiles via Selenium.

Yet Another LInkedIn Scraper...

Nuubi Tools (Information-ghatering|Scanner|Recon.)

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.

Port scanning and domain utility.

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Automated network asset, email, and social media profile discovery and cataloguing.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Check local or remote list of DNS servers for suitability in DNS Amplification DoS.

Censys Maltego transforms! Take advantage of Censys transforms for Maltego to back your investigations with the most trusted Internet data available.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Extract subdomains from SSL certificates in HTTPS sites.