126 Open source projects that are alternatives of or similar to S3enum

Visualize Erlang/Elixir Nodes On The Command Line

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Automated network asset, email, and social media profile discovery and cataloguing.

Burp extension to decode NTLM SSP headers and extract domain/host information

my oscp prep collection

Scrape domain names from SSL certificates of arbitrary hosts

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

RECON learn: a free, open platform for training material on epidemics analysis

GitHub Recon — and what you can achieve with it!

goverview - Get an overview of the list of URLs

Sifter aims to be a fully loaded Op Centre for Pentesters

Elixir wrapper for Recon, tools to diagnose Erlang VM safely in production

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

Mass querying whois records

Generates combination of domain names from the provided input.

apkizer is a mass downloader for android applications for all available versions.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

Links for the OSINT Team

This is the new version of dirb in python

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Related subdomains finder

Python 3.5+ DNS asynchronous brute force utility

Pentest: Subdomains enumeration tool for penetration testers.

a recon tool that allows searching on URLs that are exposed via shortener services

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Find emails of Github users

🖖 Fast, modern, easy-to-use network scanner

bash scripting thing !

all manner of wordlists

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Enumerate information from NTLM authentication enabled web endpoints 🔎

Email recon made fast and easy, with a framework to build on

Simple shell script for automated domain recognition with some tools

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

bug bounty hunters starter notes

HTTP parameter discovery suite.

Next generation web scanner

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

A tool to fastly get all javascript sources/files

An automated approach to performing recon for bug bounty hunting and penetration testing.

WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.

One way to continuously monitor sensitive information that could be exposed on Github

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

This repository created for personal use and added tools from my latest blog post.

Change monitoring app that checks the content of web pages in different periods.

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

👀 Some of my favorite OSINT tools.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Striker is an offensive information and vulnerability scanner.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

A permutation generation tool written in golang

Your Google Recon is Now Automated

Web Application recon automation

Reconnaissance Swiss Army Knife

In-depth Attack Surface Mapping and Asset Discovery

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.