126 Open source projects that are alternatives of or similar to S3enum

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Semi-automatic OSINT framework and package manager

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

An automated target reconnaissance pipeline.

List of Awesome Asset Discovery Resources

Maryam: Open-source Intelligence(OSINT) Framework

Automation for internal Windows Penetrationtest / AD-Security

Network footprint scanner platform. Discover domains and run your custom checks periodically.

A collection of awesome one-liner scripts especially for bug bounty tips.

ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.

Extract server and IP address information from Browser SSRF

Security tool to trace URL's jumps across the rel links to obtain the last URL

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Urls de-duplication tool for better recon.

An advanced tool for email reconnaissance

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

OneForAll是一款功能强大的子域收集工具

Advanced reconnaissance utility

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Infosec Wordlists

Making Favicon.ico based Recon Great again !

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

Visualize Erlang/Elixir Nodes On The Command Line

Automated network asset, email, and social media profile discovery and cataloguing.

my oscp prep collection

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

GitHub Recon — and what you can achieve with it!

Sifter aims to be a fully loaded Op Centre for Pentesters

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

Generates combination of domain names from the provided input.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Links for the OSINT Team

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Python 3.5+ DNS asynchronous brute force utility

a recon tool that allows searching on URLs that are exposed via shortener services

Find emails of Github users

bash scripting thing !

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Email recon made fast and easy, with a framework to build on

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

bug bounty hunters starter notes

Next generation web scanner

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

An automated approach to performing recon for bug bounty hunting and penetration testing.

One way to continuously monitor sensitive information that could be exposed on Github

This repository created for personal use and added tools from my latest blog post.

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

E-mails, subdomains and names Harvester - OSINT

A permutation generation tool written in golang

Your Google Recon is Now Automated

Web Application recon automation

Reconnaissance Swiss Army Knife

In-depth Attack Surface Mapping and Asset Discovery