Reconnaissance
Browse 90 reconnaissance tools
FEATURED
External attack surface scanning for MSPs to identify vulnerabilities
External attack surface scanning for MSPs to identify vulnerabilities
Simulated adversarial attack service to test organizational defenses
Simulated adversarial attack service to test organizational defenses
Red teaming service simulating real cyberattacks to test defenses
Red teaming service simulating real cyberattacks to test defenses
Agentless API attack surface discovery using external reconnaissance
Agentless API attack surface discovery using external reconnaissance
External attack surface mapping service to discover exposed digital assets
External attack surface mapping service to discover exposed digital assets
DNS reconnaissance tool checking DNS records, subdomains, and third-party svcs
DNS reconnaissance tool checking DNS records, subdomains, and third-party svcs
Deception platform using external-facing decoys for threat intel & recon detection
Deception platform using external-facing decoys for threat intel & recon detection
Continuous external attack surface discovery and monitoring platform
Continuous external attack surface discovery and monitoring platform
Proactive threat hunting platform for detecting adversary infrastructure
Proactive threat hunting platform for detecting adversary infrastructure
Internet intelligence platform for asset discovery and attack surface mapping
Internet intelligence platform for asset discovery and attack surface mapping
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
AI agent that autonomously discovers, exploits, and documents vulnerabilities.
AI agent that autonomously discovers, exploits, and documents vulnerabilities.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.
BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.
A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.
A reconnaissance tool for GitHub organizations
BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.
BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.
A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
