Reconnaissance

A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.

A subdomain scan tool that helps you find subdomains of a given domain.

A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.

A Go-based web crawler that supports multiple protocols and authentication methods for systematic web resource discovery and collection.

A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.

A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.

A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.

A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.

Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.

An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.

A signature-based, multi-threaded honeypot detection tool written in Golang that identifies honeypots through crafted requests and response analysis.

A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.

A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.

A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.

x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.

A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.

A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.

A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities.

A black-box reconnaissance tool that discovers cloud infrastructure, files, and applications across major cloud providers for security testing purposes.

Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.

A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.

Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.