Raccoon is an offensive security tool designed for reconnaissance and information gathering, featuring DNS details, visual mapping, WHOIS information, TLS data, port scanning, URL fuzzing, subdomain enumeration, web application data retrieval, cookie inspection, email address extraction, S3 bucket vulnerability scanning, WAF detection, Tor/proxy routing, and more. It supports asyncio for improved performance, saves output to files, and has a roadmap for future enhancements such as OWASP branch integration, additional storage scan providers, WAF support, multiple hosts, rate limit evasion, IP ranges, CIDR notation, and various output formats.
FEATURES
SIMILAR TOOLS
Full-featured C2 framework for stealthy communication and control on web servers.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
Emulate offensive attack techniques in the cloud with a self-contained Go binary.
A cheat sheet providing examples of creating reverse shells for penetration testing.
Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.
A cross-platform tool for creating malicious MS Office documents with hidden VBA macros and anti-analysis features.
A visual guide illustrating attack paths and techniques for exploiting vulnerabilities in GitHub Actions configurations.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.