SpiderfootSpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: β 6,882 (+3788.14%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: β 427 (+141.24%)
Scillaπ΄ββ οΈ Information Gathering tool π΄ββ οΈ DNS / Subdomains / Ports / Directories enumeration
Stars: β 116 (-34.46%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: β 370 (+109.04%)
Social AnalyzerAPI, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: β 8,449 (+4673.45%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance withβ¦
Stars: β 3,439 (+1842.94%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: β 541 (+205.65%)
RaccoonA high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: β 2,312 (+1206.21%)
flydnsRelated subdomains finder
Stars: β 29 (-83.62%)
WhatwebNext generation web scanner
Stars: β 3,503 (+1879.1%)
Spaces FinderA tool to hunt for publicly accessible DigitalOcean Spaces
Stars: β 122 (-31.07%)
Git HoundReconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: β 602 (+240.11%)
SifterSifter aims to be a fully loaded Op Centre for Pentesters
Stars: β 403 (+127.68%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: β 775 (+337.85%)
GitgotSemi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: β 964 (+444.63%)
Sn0intSemi-automatic OSINT framework and package manager
Stars: β 814 (+359.89%)
NtlmreconEnumerate information from NTLM authentication enabled web endpoints π
Stars: β 252 (+42.37%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: β 167 (-5.65%)
SipptsSet of tools to audit SIP based VoIP Systems
Stars: β 116 (-34.46%)
ReconnoteWeb Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Stars: β 322 (+81.92%)
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: β 120 (-32.2%)
Chatterinternet monitoring osint telegram bot for windows
Stars: β 123 (-30.51%)
MaryamMaryam: Open-source Intelligence(OSINT) Framework
Stars: β 371 (+109.6%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: β 126 (-28.81%)
RecsechRecsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: β 173 (-2.26%)
JwtxploiterA tool to test security of json web token
Stars: β 130 (-26.55%)
NullinuxInternal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: β 451 (+154.8%)
OdinAutomated network asset, email, and social media profile discovery and cataloguing.
Stars: β 476 (+168.93%)
VajraVajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: β 269 (+51.98%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: β 382 (+115.82%)
TheharvesterE-mails, subdomains and names Harvester - OSINT
Stars: β 6,175 (+3388.7%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: β 3,391 (+1815.82%)
Bugcrowd Levelup Subdomain EnumerationThis repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: β 513 (+189.83%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: β 564 (+218.64%)
Reconspiderπ Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: β 621 (+250.85%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: β 439 (+148.02%)
WitnessmeWeb Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Stars: β 436 (+146.33%)
GoohakAutomatically Launch Google Hacking Queries Against A Target Domain
Stars: β 432 (+144.07%)
AmassIn-depth Attack Surface Mapping and Asset Discovery
Stars: β 6,284 (+3450.28%)
Rapidscanπ The Multi-Tool Web Vulnerability Scanner.
Stars: β 775 (+337.85%)
O365sprayUsername enumeration and password spraying tool aimed at Microsoft O365.
Stars: β 133 (-24.86%)
Mida MultitoolBash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: β 144 (-18.64%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: β 725 (+309.6%)
Ksubdomainζ ηΆζεεεηη ΄ε·₯ε
·
Stars: β 976 (+451.41%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: β 859 (+385.31%)
IntelowlIntel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: β 2,114 (+1094.35%)
AutoenumAutomatic Service Enumeration Script
Stars: β 134 (-24.29%)
Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: β 645 (+264.41%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: β 1,239 (+600%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: β 156 (-11.86%)
Osint Toolsπ Some of my favorite OSINT tools.
Stars: β 155 (-12.43%)
WinpwnAutomation for internal Windows Penetrationtest / AD-Security
Stars: β 1,303 (+636.16%)
ReconcatA small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Stars: β 66 (-62.71%)
Tidos FrameworkThe Offensive Manual Web Application Penetration Testing Framework.
Stars: β 1,290 (+628.81%)
Hacker ContainerContainer with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: β 105 (-40.68%)
DekstereconWeb Application recon automation
Stars: β 109 (-38.42%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: β 278 (+57.06%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: β 282 (+59.32%)