Reconnaissance

Continuous external attack surface discovery and monitoring platform

Proactive threat hunting platform for detecting adversary infrastructure

Internet intelligence platform for asset discovery and attack surface mapping

An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.

A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.

A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.

An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.

BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.

An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.

A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.

A reconnaissance tool for GitHub organizations

BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.

A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.

An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.

LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.

A Go-based command-line tool that uses Chrome Headless to automatically capture screenshots of web pages for reconnaissance and analysis purposes.

A fast and reliable port scanner written in Go, designed for attack surface discovery in bug bounties and penetration testing.

CloudScraper is an enumeration tool that discovers cloud storage resources including S3 buckets, Azure blobs, and DigitalOcean Spaces across target environments.

Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.

A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.

A Chrome extension that automatically detects and lists Amazon S3 buckets while browsing websites.