1437 Open source projects that are alternatives of or similar to Bigbountyrecon

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Urls de-duplication tool for better recon.

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

Weaponizing Live CT logs for automated monitoring of assets

An automated approach to performing recon for bug bounty hunting and penetration testing.

Simple shell script for automated domain recognition with some tools

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

One way to continuously monitor sensitive information that could be exposed on Github

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

A Tool for Domain Flyovers

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

👀 Some of my favorite OSINT tools.

Maryam: Open-source Intelligence(OSINT) Framework

Automation for internal Windows Penetrationtest / AD-Security

A passive subdomain finder

my oscp prep collection

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

Extracting URLs of a specific target based on the results of "commoncrawl.org"

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

a recon tool that allows searching on URLs that are exposed via shortener services

Pentest: Subdomains enumeration tool for penetration testers.

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

An automated target reconnaissance pipeline.

List of Awesome Asset Discovery Resources

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Awesome cloud enumerator

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

A tool for generating reverse shell payloads on the fly.

Information Security Library

network reconnaissance toolkit

E-mails, subdomains and names Harvester - OSINT

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

swiss army knife for hackers

The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.

Automated network asset, email, and social media profile discovery and cataloguing.

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

A Tool for Domain Flyovers

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Simultaneously execute various subdomain enumeration tools and aggregate results.

DNS Rebinding Exploitation Framework

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Information gathering tool - OSINT

Burp extension to decode NTLM SSP headers and extract domain/host information

🔎 Find usernames across social networks

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

OSINT Tool: Generate username lists for companies on LinkedIn

PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Reconness Agents Script