Reconnaissance

A subdomain scan tool that helps you find subdomains of a given domain.

A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.

A Go-based web crawler that supports multiple protocols and authentication methods for systematic web resource discovery and collection.

A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.

A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.

A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.

A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.

Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.

An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.

A signature-based, multi-threaded honeypot detection tool written in Golang that identifies honeypots through crafted requests and response analysis.

A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.

A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.

A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.

x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.

A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.

A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.

A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities.

A black-box reconnaissance tool that discovers cloud infrastructure, files, and applications across major cloud providers for security testing purposes.

Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.

A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.

Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.

CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.