The Top 92 Reconnaissance Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

reconnaissance x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 92 Reconnaissance Open Source Projects

Categories > Security > Reconnaissance

Sherlock ⭐ 24,718

🔎 Hunt down social media accounts by username across social networks

Social Analyzer ⭐ 7,692

API, CLI & Web App for analyzing & finding a person's profile across 400+ social media \ websites (Detections are updated regularly)

Spiderfoot ⭐ 5,745

SpiderFoot automates OSINT collection so that you can focus on analysis.

Theharvester ⭐ 5,145

E-mails, subdomains and names Harvester - OSINT

Phoneinfoga ⭐ 4,448

Information gathering & OSINT framework for phone numbers

Aquatone ⭐ 4,088

A Tool for Domain Flyovers

Osmedeus ⭐ 3,049

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Rengine ⭐ 2,747

reNgine is a reconnaissance engine(framework) that does end-to-end reconnaissance with the help of highly configurable scan engines and does information gathering about the target web application. reNgine makes use of various open-source tools and makes a configurable pipeline of reconnaissance.

Osint Framework ⭐ 2,723

OSINT Framework

Discover ⭐ 2,318

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Raccoon ⭐ 2,084

A high performance offensive security tool for reconnaissance and vulnerability scanning

Massdns ⭐ 1,852

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Seeker ⭐ 1,765

Accurately Locate Smartphones using Social Engineering

Hackvault ⭐ 1,404

A container repository for my public web hacks!

Tidos Framework ⭐ 1,332

The Offensive Manual Web Application Penetration Testing Framework.

Fierce ⭐ 1,095

A DNS reconnaissance tool for locating non-contiguous IP space.

Awesome Asset Discovery ⭐ 1,053

List of Awesome Asset Discovery Resources

Intrigue Core ⭐ 1,029

Discover Your Attack Surface!

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Finalrecon ⭐ 963

The Last Web Recon Tool You'll Need

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Semi-automatic OSINT framework and package manager

Allaboutbugbounty ⭐ 857

All about bug bounty (bypasses, payloads, and etc)

Rapidscan ⭐ 835

🆕 The Multi-Tool Web Vulnerability Scanner.

Attacksurfacemapper ⭐ 729

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Sublert ⭐ 721

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Git Hound ⭐ 629

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

Favfreak ⭐ 598

Making Favicon.ico based Recon Great again !

Bigbountyrecon ⭐ 568

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Gasmask ⭐ 567

Information gathering tool - OSINT

Shuffledns ⭐ 533

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.

Automated network asset, email, and social media profile discovery and cataloguing.

Hosthunter ⭐ 473

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Shotlooter ⭐ 466

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

Witnessme ⭐ 451

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Maryam: Open-source Intelligence(OSINT) Framework

Badkarma ⭐ 356

network reconnaissance toolkit

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Osint_tips ⭐ 341

Pywerview ⭐ 298

A (partial) Python rewriting of PowerSploit's PowerView

Lazyrecon ⭐ 295

An automated approach to performing recon for bug bounty hunting and penetration testing.

Public Bugbounty Programs ⭐ 291

Community curated list of public bug bounty and responsible disclosure programs.

Cloudscraper ⭐ 290

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Recon Pipeline ⭐ 288

An automated target reconnaissance pipeline.

Recon My Way ⭐ 279

This repository created for personal use and added tools from my latest blog post.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Megplus ⭐ 272

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Procspy ⭐ 272

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

I See You ⭐ 270

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

Ntlmrecon ⭐ 255

Enumerate information from NTLM authentication enabled web endpoints 🔎

Bugbountyscanner ⭐ 253

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Hawkscan ⭐ 247

Security Tool for Reconnaissance and Information Gathering on a website. (python 3.x)

Autorecon ⭐ 244

Simple shell script for automated domain recognition with some tools

A tool to fastly get all javascript sources/files

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

A passive subdomain finder

Awesome Bbht ⭐ 206

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Url Tracker ⭐ 201

Change monitoring app that checks the content of web pages in different periods.

Yar is a tool for plunderin' organizations, users and/or repositories.

A Github organization reconnaissance tool.

Rebel Framework ⭐ 183

Advanced and easy to use penetration testing framework 💣🔎

Asnlookup ⭐ 181

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Intrec Pack ⭐ 178

Intelligence and Reconnaissance Package/Bundle installer.

Osint Tools ⭐ 178

👀 Some of my favorite OSINT tools.

Recsech ⭐ 177

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Pd Actions ⭐ 169

Continuous recon and vulnerability assessment using Github Actions.

Mqtt Pwn ⭐ 163

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.

Sherlock Js ⭐ 154

Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Pyiris Backdoor ⭐ 148

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

Sarenka ⭐ 147

OSINT tool - gets data from services like shodan, censys etc. in one app

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Autosetup ⭐ 141

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Intelspy ⭐ 137

Perform automated network reconnaissance scans

Subrake ⭐ 130

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

Spaces Finder ⭐ 123

A tool to hunt for publicly accessible DigitalOcean Spaces

Gitmonitor ⭐ 120

One way to continuously monitor sensitive information that could be exposed on Github

Urls de-duplication tool for better recon.

Ntlm_challenger ⭐ 110

Parse NTLM challenge messages over HTTP and SMB

Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Certeagle ⭐ 92

Weaponizing Live CT logs for automated monitoring of assets

Geo Recon ⭐ 85

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.

Deadtrap ⭐ 73

An OSINT tool to gather information about the real owner of a phone number

Reconcat ⭐ 67

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Recscansec ⭐ 52

Brokenlinkhijacker ⭐ 51

A Fast Broken Link Hijacker Tool written in Python

Github Recon ⭐ 48

GitHub Recon — and what you can achieve with it!

A fast http and https prober, to check which URLs are alive

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Ge.mine.nu ⭐ 33

Code from my old page ge.mine.nu

Recon Raven ⭐ 18

Reconnaissance tool of Penetration test & Bug Bounty

1-92 of 92 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210