23 tools and resources
A reconnaissance tool for GitHub organizations
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
A subdomain scan tool that helps you find subdomains of a given domain.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
A tool for discovering and enumerating external attack surfaces
Find domains and subdomains related to a given domain
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
FingerprintX is a standalone utility for service discovery on open ports.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool powered by Shodan.
Advanced email reconnaissance tool leveraging public data.
An open source network penetration testing framework with automatic recon and scanning capabilities.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
