Reconnaissance

CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

A comprehensive reference guide containing search filters for the SHODAN search engine to help users refine queries for internet-connected devices and services.

A centralized reference resource containing default credentials for various devices and systems to assist security professionals in both offensive and defensive operations.

Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.

A disclosure of a bug found in Twitter's Vine and the process of procuring the source code.

A command-line tool that extracts manifest and configuration data from Docker registry images for security analysis and reconnaissance purposes.

Setup script for Regon-ng

A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.

A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.

A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.

FingerprintX is a standalone utility for service discovery on open ports.

A reference guide listing 44 advanced Google search operators for enhanced search filtering and precision in information gathering activities.

A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool powered by Shodan.

Advanced email reconnaissance tool leveraging public data.

An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.

FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.

An open source network penetration testing framework with automatic recon and scanning capabilities.

A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.

A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.

A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.

A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.

A tool for analyzing and visualizing control relationships and privilege escalation paths within Active Directory environments using graph-based representations.