#Reconnaissance
Showing 60 of 287 repositories tagged #reconnaissance, ranked by stars
Hunt down social media accounts by username across social networks
π΅οΈββοΈ Collect a dossier on a person by username from 3000+ sites
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Information gathering framework for phone numbers
E-mails, subdomains and names Harvester - OSINT
Fast passive subdomain enumeration tool.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
All about bug bounty (bypasses, payloads, and etc)
A Modern Orchestration Engine for Security
A Tool for Domain Flyovers
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
A high performance offensive security tool for reconnaissance and vulnerability scanning
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Quickly discover exposed hosts on the internet using multiple search engines.
All In One Web Recon
π Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
π΅οΈ OSINT Tools for gathering information and actions forensics π΅οΈ
Semi-automatic OSINT framework and package manager
:new: The Multi-Tool Web Vulnerability Scanner.
OSINT cheat sheet, list OSINT tools, wiki, dataset, article, book , red team OSINT for hackers and OSINT tips and OSINT branch. This repository will grow every time will research, there is a research, science and technology, tutorial. Please use it wisely.
π« Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.
Real-world infosec wordlists, updated regularly
OSINT tools and more but without API key
Asset inventory of over 800 public bug bounty programs.
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
secator - the pentester's swiss knife
Making Favicon.ico based Recon Great again !
π Curated OSINT & recon toolkit for Kali Linux β 100+ tools, one-command installer, covering SOCMINT, GEOINT, network recon, dark web, forensics & more.
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
OffSec OSINT Pentest/RedTeam Tools
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
β‘·β πππππ ππΈβ β’Ύ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
OWASP Web Recon & Directory Discovery Platform
AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
SatIntel is an OSINT tool for Satellites π°. Extract satellite telemetry, receive orbital predictions, and parse TLEs π
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
A tool to fastly get all javascript sources/files
Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights. The rewrite can be found @ osintbuddy/osintbuddy
Work in progress...
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to automate security assessments, penetration testing, and bug bounty reconnaissance β without any API keys or cloud dependency.
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
Uscrapper Vanta: Dive deeper into the web with this powerful open-source tool. Extract valuable insights with ease and efficiency, from both surface and deep web sources. Empower your data mining and analysis with Vanta's advanced capabilities. Fast, reliable, and user-friendly, Uscrapper Vanta is the ultimate choice for researchers and analysts.
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
retrieve information via O365 and AzureAD with a valid cred
156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.
Emora is an OSINT tool like sherlock but with a GUI, which search for accounts by username across social networks
Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.
OSINT tool - gets data from services like shodan, censys etc. in one app
[PH0MBER]: An open source infomation grathering & reconnaissance framework!
OSINT Template Engine
Buildware-Tools is an all-in-one multitool for security research and automation.