#Reconnaissance

Showing 60 of 287 repositories tagged #reconnaissance, ranked by stars

sherlock-project
sherlock-project
sherlock

Hunt down social media accounts by username across social networks

Score
100
β˜… 86.2k β‘‚ 10.1k +134/day
Python
soxoj
soxoj
maigret

πŸ•΅οΈβ€β™‚οΈ Collect a dossier on a person by username from 3000+ sites

Score
97
β˜… 35.1k β‘‚ 2.7k +181/day
Python
qeeqbox
qeeqbox
social-analyzer

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Score
90
β˜… 23.4k β‘‚ 2.2k +31/day
JavaScript
sundowndev
sundowndev
phoneinfoga

Information gathering framework for phone numbers

Score
95
β˜… 16.8k β‘‚ 5.1k +93/day
Go
laramies
laramies
theHarvester

E-mails, subdomains and names Harvester - OSINT

Score
93
β˜… 16.7k β‘‚ 2.5k +85/day
Python
projectdiscovery
projectdiscovery
subfinder

Fast passive subdomain enumeration tool.

Score
100
β˜… 14.0k β‘‚ 1.6k +14/day
Go
yogeshojha
yogeshojha
rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Score
100
β˜… 8.7k β‘‚ 1.3k +11/day
HTML
six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
100
β˜… 7.8k β‘‚ 1.2k +60/day
Shell
daffainfo
daffainfo
AllAboutBugBounty

All about bug bounty (bypasses, payloads, and etc)

Score
94
β˜… 6.8k β‘‚ 1.3k +14/day
j3ssie
j3ssie
osmedeus

A Modern Orchestration Engine for Security

Score
90
β˜… 6.5k β‘‚ 1.0k +2/day
Go
michenriksen
michenriksen
aquatone

A Tool for Domain Flyovers

Score
67
β˜… 5.9k β‘‚ 905 +1/day
Go
hakluke
hakluke
hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Score
57
β˜… 5.1k β‘‚ 537 +3/day
Go
evyatarmeged
evyatarmeged
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Score
99
β˜… 3.8k β‘‚ 473 +28/day
Python
edoardottt
edoardottt
cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Score
86
β˜… 3.4k β‘‚ 294 +1/day
Go
projectdiscovery
projectdiscovery
uncover

Quickly discover exposed hosts on the internet using multiple search engines.

Score
100
β˜… 3.0k β‘‚ 273 +1/day
Go
thewhiteh4t
thewhiteh4t
FinalRecon

All In One Web Recon

Score
86
β˜… 2.8k β‘‚ 499 +6/day
Python
bhavsec
bhavsec
reconspider

πŸ”Ž Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Score
90
β˜… 2.7k β‘‚ 365 +6/day
Python
danieldurnea
danieldurnea
FBI-tools

πŸ•΅οΈ OSINT Tools for gathering information and actions forensics πŸ•΅οΈ

Score
90
β˜… 2.6k β‘‚ 369 +9/day
kpcyrd
kpcyrd
sn0int

Semi-automatic OSINT framework and package manager

Score
100
β˜… 2.5k β‘‚ 222 +2/day
Rust
skavngr
skavngr
rapidscan

:new: The Multi-Tool Web Vulnerability Scanner.

Score
88
β˜… 2.1k β‘‚ 433 +26/day
Python
Jieyab89
Jieyab89
OSINT-Cheat-sheet

OSINT cheat sheet, list OSINT tools, wiki, dataset, article, book , red team OSINT for hackers and OSINT tips and OSINT branch. This repository will grow every time will research, there is a research, science and technology, tutorial. Please use it wisely.

Score
99
β˜… 2.1k β‘‚ 306 +7/day
Python
devploit
devploit
nomore403

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

Score
81
β˜… 1.8k β‘‚ 209 +1/day
Go
trickest
trickest
wordlists

Real-world infosec wordlists, updated regularly

Score
98
β˜… 1.8k β‘‚ 207 β€”
j3ssie
j3ssie
metabigor

OSINT tools and more but without API key

Score
98
β˜… 1.6k β‘‚ 188 +30/day
Go
trickest
trickest
inventory

Asset inventory of over 800 public bug bounty programs.

Score
85
β˜… 1.6k β‘‚ 282 β€”
Shell
m3n0sd0n4ld
m3n0sd0n4ld
GooFuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

Score
93
β˜… 1.6k β‘‚ 158 +1/day
Shell
BishopFox
BishopFox
GitGot

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Score
83
β˜… 1.6k β‘‚ 217 β€”
Python
Viralmaniar
Viralmaniar
BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Score
84
β˜… 1.6k β‘‚ 290 +4/day
C#
freelabz
freelabz
secator

secator - the pentester's swiss knife

Score
97
β˜… 1.3k β‘‚ 133 β€”
Python
devanshbatham
devanshbatham
FavFreak

Making Favicon.ico based Recon Great again !

Score
82
β˜… 1.3k β‘‚ 175 +1/day
Python
rawfilejson
rawfilejson
awesome-osint-arsenal

πŸ” Curated OSINT & recon toolkit for Kali Linux β€” 100+ tools, one-command installer, covering SOCMINT, GEOINT, network recon, dark web, forensics & more.

Score
96
β˜… 1.3k β‘‚ 212 +108/day
Shell
edoardottt
edoardottt
scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Score
97
β˜… 1.2k β‘‚ 146 β€”
Go
wddadk
wddadk
Offensive-OSINT-Tools

OffSec OSINT Pentest/RedTeam Tools

Score
96
β˜… 1.2k β‘‚ 154 +3/day
SpiderLabs
SpiderLabs
HostHunter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Score
81
β˜… 1.2k β‘‚ 192 +2/day
Python
Zarcolio
Zarcolio
sitedorks

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

Score
79
β˜… 1.0k β‘‚ 128 +1/day
Python
yassineaboukir
yassineaboukir
sublert

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Score
79
β˜… 1.0k β‘‚ 165 β€”
Python
Dheerajmadhukar
Dheerajmadhukar
karma_v2

β‘·β ‚πš”πšŠπš›πš–πšŠ 𝚟𝟸⠐Ⓘ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

Score
67
β˜… 1.0k β‘‚ 184 +1/day
Shell
stanislav-web
stanislav-web
OpenDoor

OWASP Web Recon & Directory Discovery Platform

Score
83
β˜… 985 β‘‚ 187 β€”
Python
OpenOSINT
OpenOSINT
OpenOSINT

AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.

Score
76
β˜… 947 β‘‚ 139 +41/day
Python
chvancooten
chvancooten
BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Score
91
β˜… 919 β‘‚ 126 β€”
Shell
Drew-Alleman
Drew-Alleman
DataSurgeon

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text

Score
75
β˜… 902 β‘‚ 72 β€”
Rust
ANG13T
ANG13T
SatIntel

SatIntel is an OSINT tool for Satellites πŸ›°. Extract satellite telemetry, receive orbital predictions, and parse TLEs πŸ”­

Score
29
β˜… 891 β‘‚ 101 β€”
Go
projectdiscovery
projectdiscovery
urlfinder

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Score
76
β˜… 887 β‘‚ 68 +1/day
Go
003random
003random
getJS

A tool to fastly get all javascript sources/files

Score
33
β˜… 882 β‘‚ 118 β€”
Go
jerlendds
jerlendds
osintbuddy

Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights. The rewrite can be found @ osintbuddy/osintbuddy

Score
55
β˜… 840 β‘‚ 79 β€”
TypeScript
ivan-sincek
ivan-sincek
penetration-testing-cheat-sheet

Work in progress...

Score
95
β˜… 829 β‘‚ 165 β€”
PHP
R0X4R
R0X4R
Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Score
71
β˜… 810 β‘‚ 181 β€”
Shell
pikpikcu
pikpikcu
airecon

AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to automate security assessments, penetration testing, and bug bounty reconnaissance β€” without any API keys or cloud dependency.

Score
72
β˜… 789 β‘‚ 129 +5/day
Python
RevoltSecurities
RevoltSecurities
Subdominator

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

Score
69
β˜… 788 β‘‚ 125 +5/day
Python
z0m31en7
z0m31en7
Uscrapper

Uscrapper Vanta: Dive deeper into the web with this powerful open-source tool. Extract valuable insights with ease and efficiency, from both surface and deep web sources. Empower your data mining and analysis with Vanta's advanced capabilities. Fast, reliable, and user-friendly, Uscrapper Vanta is the ultimate choice for researchers and analysts.

Score
48
β˜… 783 β‘‚ 85 +2/day
Python
byt3bl33d3r
byt3bl33d3r
WitnessMe

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Score
52
β˜… 763 β‘‚ 107 β€”
Python
nyxgeek
nyxgeek
o365recon

retrieve information via O365 and AzureAD with a valid cred

Score
76
β˜… 744 β‘‚ 105 +1/day
PowerShell
uphiago
uphiago
recon-skills

156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.

Score
95
β˜… 723 β‘‚ 138 +146/day
Python
hueristiq
hueristiq
xurlfind3r

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Score
48
β˜… 706 β‘‚ 78 β€”
Go
idefasoft
idefasoft
Emora-Project

Emora is an OSINT tool like sherlock but with a GUI, which search for accounts by username across social networks

Score
95
β˜… 701 β‘‚ 472 β€”
C#
momenbasel
momenbasel
keyFinder

Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.

Score
94
β˜… 692 β‘‚ 120 +2/day
JavaScript
KTZgraph
KTZgraph
sarenka

OSINT tool - gets data from services like shodan, censys etc. in one app

Score
45
β˜… 667 β‘‚ 85 β€”
Python
s41r4j
s41r4j
phomber

[PH0MBER]: An open source infomation grathering & reconnaissance framework!

Score
41
β˜… 582 β‘‚ 111 β€”
Python
3nock
3nock
OTE

OSINT Template Engine

Score
73
β˜… 577 β‘‚ 63 β€”
C
v4lkyr0
v4lkyr0
Buildware-Tools

Buildware-Tools is an all-in-one multitool for security research and automation.

Score
66
β˜… 567 β‘‚ 15 +19/day
Python
Related Topics
#osint#hacking#pentesting#bugbounty#recon#information-gathering#penetration-testing#security#security-tools#cybersecurity#infosec#python

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly