Vulnerability Management for Reconnaissance
Vulnerability management tools for security scanning, penetration testing, bug bounty programs, and vulnerability assessment. Task: Reconnaissance
Browse 32 security tools
FEATURED
USE CASES
AI-powered CTEM & EASM platform for website vulnerability scanning.
Exposure management platform for asset discovery, risk prioritization & remediation.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
FingerprintX is a standalone utility for service discovery on open ports.
A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.
A fast and reliable port scanner written in Go, designed for attack surface discovery in bug bounties and penetration testing.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.