#recon

BugBountyScanner
BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.

Scopein
Scopein

A Go tool for scope management.

kiterunner
kiterunner

Contextual content discovery tool.

bbrf
bbrf

Help you coordinate your reconnaissance workflows across multiple devices.

Haylxon
Haylxon

Blazing-fast tool to grab screenshots of your domain list right from terminal.

subnerium
subnerium

A fast passive subdomain enumeration tool that uses various sources to gather data.

SubGPT
SubGPT

Find subdomains with GPT, for free.

Unforce
Unforce

Salesforce lightning recon and exploitation tool.

GPT_Vuln-Analyzer
GPT_Vuln-Analyzer

A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.

nmapAutomater
nmapAutomater

Automate the process of enumeration & recon that is run every time.

autopwn
autopwn

Specify targets and run sets of tools against them.

R3C0Nizer
R3C0Nizer

The first ever CLI based menu-driven web application B-Tier recon framework.

hunter.how
hunter.how

Internet search engines for security researchers.

favirecon
favirecon

Use favicon.ico to improve your target recon phase.

SimplyEmail
SimplyEmail

Email recon made fast and easy, with a framework to build on.

Rock-ON
Rock-ON

All in one recon tool that just get a single domain name and do all of the work alone.

PhoneInfoga
PhoneInfoga

Information gathering framework for phone numbers.

RED HAWK
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Dome
Dome

Script that makes active and/or passive scan to obtain subdomains and search for open ports.

Metabigor
Metabigor

Intelligence tool to do OSINT tasks and more but without any API key.

GitHarvester
GitHarvester

Tool used for harvesting information from GitHub.

certSniff
certSniff

A certificate transparency log keyword sniffer written in Python.

Shodan
Shodan

Search engine for Internet-connected devices.

Netlas.io
Netlas.io

Netlas.io is the network atlas of Internet. IP, DNS, Web, IoT devices, and etc.

AORT
AORT

All in one recon tool for bug bounty.

hardCIDR
hardCIDR

Discover the netblocks or ranges (in CIDR notation) owned by the target organization.

DirBuster
DirBuster

Multi threaded application to brute force directories and files names on web/application servers.

Subra
Subra

A Web-UI for subdomain enumeration.

IntelSpy
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

Rekono
Rekono

Execute full pentesting processes combining multiple hacking tools automatically.

gwdomains
gwdomains

Sub domain wild card filtering tool.

pown.js
pown.js

Security testing and exploitation toolkit.

LazyHunter
LazyHunter

A framework that provides a web UI to commonly used Bug Hunting/Pentesting tools.

MagicRecon
MagicRecon

A powerful shell script to maximize the recon and data collection process.

vhosts-sieve
vhosts-sieve

Searching for virtual hosts among non-resolvable domains.

The XSS rat
The XSS rat

The XSS rat YouTube channel.

Angry IP Scanner
Angry IP Scanner

Fast and simple-to-use open-source/cross-platform network scanner.

dirhunt
dirhunt

Find web directories without bruteforce.

cc.py
cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

curate
curate

A tool for fetching archived URLs.

ScreenShooter
ScreenShooter

Convert your masscan/subdomain-scan results into screenshots for better analysis.

TLD Scanner
TLD Scanner

Scan all possible TLD's for a given domain name.

Web Crawler Security Tool
Web Crawler Security Tool

A web crawler oriented to infosec.

WhatsMyName
WhatsMyName

Enumerate usernames across many websites.

FireShodanMap
FireShodanMap

Realtime map that integrates Firebase, Google Maps and Shodan.

CTFR
CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

ChopChop
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

Fingerprinter
Fingerprinter

CMS/LMS/Library etc Versions Fingerprinter.

ASNLookup
ASNLookup

Leverage ASN to look up IP addresses owned by a specific organization.

STÖK Fredrik
STÖK Fredrik

STÖK Fredrik YouTube channel.

NahamSec
NahamSec

NahamSec Twitch channel.

Certificate Ripper
Certificate Ripper

A CLI tool to extract server certificates.

ffuf
ffuf

Fast web fuzzer written in Go.