237 Open Source Reconnaissance Software Projects
Free and open source reconnaissance code projects including engines, APIs, generators, and tools.
Sherlock Project Sherlock 29156 ⭐
🔎 Hunt down social media accounts by username across social networks
Spiderfoot 7111 ⭐
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Discover 2583 ⭐
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Raccoon 2359 ⭐
A high performance offensive security tool for reconnaissance and vulnerability scanning
Massdns 2132 ⭐
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Rengine 3540 ⭐
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Gitgot 1084 ⭐
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Sublert 794 ⭐
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Attacksurfacemapper 873 ⭐
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Sudomy 1181 ⭐
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Git Hound 752 ⭐
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Chrismaddalena Odin 512 ⭐
Automated network asset, email, and social media profile discovery and cataloguing.
Witnessme 567 ⭐
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Shuffledns 730 ⭐
MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
Natlas 466 ⭐
Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
Procspy 276 ⭐
Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..
Recon My Way 304 ⭐
This repository created for personal use and added tools from my latest blog post.
Cloudscraper 342 ⭐
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Lazyrecon 335 ⭐
An automated approach to performing recon for bug bounty hunting and penetration testing.
I See You 358 ⭐
Recsech 186 ⭐
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Shubhampathak Autosetup 152 ⭐
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Mqtt Pwn 198 ⭐
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
Public Bugbounty Programs 487 ⭐
Community curated list of public bug bounty and responsible disclosure programs.
Pyiris Backdoor 222 ⭐
PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
Asnlookup 260 ⭐
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Xposedornot 115 ⭐
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Keye 101 ⭐
Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Bass 115 ⭐
Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"
Gitmonitor 133 ⭐
One way to continuously monitor sensitive information that could be exposed on Github
Sherlock JS 165 ⭐
Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock
Asnip 183 ⭐
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Reconcat 70 ⭐
A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Vaile 63 ⭐
Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)
Chameleonminilivedebugger 73 ⭐
Live logger and GUI tool for the Chameleon Mini developed for Android OS in Java.
Security Tool Chest 51 ⭐
A list of useful security and obfuscation tools useful for red and blue teaming activities. A list made possible by the provided references.
Knockknock 67 ⭐
A simple reverse whois lookup tool which returns a list of domains owned by people or companies
Kaiiyer Webtech 44 ⭐
Identify the technologies used on websites. (Dig-deep into web tech from your terminal)
Eyes 46 ⭐
👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Si9int Screenshooter 38 ⭐
Convert your masscan/subdomain-scan results (80,443,8080) into screenshots for better analysis
Squatm3 29 ⭐
Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques
Awesome Bbht 379 ⭐
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.