The Top 87 Reconnaissance Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

reconnaissance x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 87 Reconnaissance Open Source Projects

Categories > Security > Reconnaissance

Sherlock ⭐ 20,738

🔎 Hunt down social media accounts by username across social networks

Social Analyzer ⭐ 6,651

API, CLI & Web App for analyzing & finding a person's profile across 350+ social media websites (Detections are updated regularly)

Spiderfoot ⭐ 5,484

SpiderFoot automates OSINT collection so that you can focus on analysis.

Theharvester ⭐ 4,842

E-mails, subdomains and names Harvester - OSINT

Aquatone ⭐ 3,965

A Tool for Domain Flyovers

Phoneinfoga ⭐ 3,063

Advanced information gathering & OSINT framework for phone numbers

Osmedeus ⭐ 2,949

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Rengine ⭐ 2,554

reNgine is a reconnaissance engine(framework) that does end-to-end reconnaissance with the help of highly configurable scan engines and does information gathering about the target web application. reNgine makes use of various open-source tools and makes a configurable pipeline of reconnaissance.

Osint Framework ⭐ 2,513

OSINT Framework

Discover ⭐ 2,243

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Raccoon ⭐ 2,010

A high performance offensive security tool for reconnaissance and vulnerability scanning

Massdns ⭐ 1,767

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Seeker ⭐ 1,611

Accurately Locate Smartphones using Social Engineering

Hackvault ⭐ 1,319

A container repository for my public web hacks!

Tidos Framework ⭐ 1,286

The Offensive Manual Web Application Penetration Testing Framework.

Fierce ⭐ 1,062

A DNS reconnaissance tool for locating non-contiguous IP space.

Intrigue Core ⭐ 1,004

Discover Your Attack Surface!

Awesome Asset Discovery ⭐ 1,001

List of Awesome Asset Discovery Resources

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Finalrecon ⭐ 867

The Last Web Recon Tool You'll Need

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Semi-automatic OSINT framework and package manager

Rapidscan ⭐ 765

🆕 The Multi-Tool Web Vulnerability Scanner.

Allaboutbugbounty ⭐ 739

All about bug bounty (bypasses, payloads, and etc)

Attacksurfacemapper ⭐ 700

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Sublert ⭐ 694

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Git Hound ⭐ 594

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

Favfreak ⭐ 545

Making Favicon.ico based Recon Great again !

Bigbountyrecon ⭐ 526

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Gasmask ⭐ 506

Information gathering tool - OSINT

Shuffledns ⭐ 487

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.

Automated network asset, email, and social media profile discovery and cataloguing.

Shotlooter ⭐ 445

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

Witnessme ⭐ 428

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Hosthunter ⭐ 411

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Maryam : Open-source Intelligence(OSINT) Framework

Badkarma ⭐ 353

network reconnaissance toolkit

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Osint_tips ⭐ 313

Lazyrecon ⭐ 277

An automated approach to performing recon for bug bounty hunting and penetration testing.

Recon Pipeline ⭐ 277

An automated target reconnaissance pipeline.

Cloudscraper ⭐ 275

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Procspy ⭐ 271

Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..

Recon My Way ⭐ 269

This repository created for personal use and added tools from my latest blog post.

Megplus ⭐ 268

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Ntlmrecon ⭐ 251

Enumerate information from NTLM authentication enabled web endpoints 🔎

Autorecon ⭐ 243

Simple shell script for automated domain recognition with some tools

I See You ⭐ 242

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

Public Bugbounty Programs ⭐ 225

Community curated list of public bug bounty and responsible disclosure programs.

A passive subdomain finder

Bugbountyscanner ⭐ 197

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

A Github organization reconnaissance tool.

Rebel Framework ⭐ 183

Advanced and easy to use penetration testing framework 💣🔎

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

A tool to fastly get all javascript sources/files

Intrec Pack ⭐ 178

Intelligence and Reconnaissance Package/Bundle installer.

Recsech ⭐ 173

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Yar is a tool for plunderin' organizations, users and/or repositories.

Url Tracker ⭐ 169

Change monitoring app that checks the content of web pages in different periods.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Awesome Bbht ⭐ 162

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Asnlookup ⭐ 159

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Mqtt Pwn ⭐ 153

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.

Sherlock Js ⭐ 151

Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock

Osint Tools ⭐ 143

👀 Some of my favorite OSINT tools.

Pyiris Backdoor ⭐ 141

PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>

Autosetup ⭐ 140

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Intelspy ⭐ 133

Perform automated network reconnaissance scans

Subrake ⭐ 126

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Spaces Finder ⭐ 121

A tool to hunt for publicly accessible DigitalOcean Spaces

Gitmonitor ⭐ 110

One way to continuously monitor sensitive information that could be exposed on Github

Ntlm_challenger ⭐ 106

Parse NTLM challenge messages over HTTP and SMB

Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Sarenka ⭐ 101

OSINT tool - gets data from services like shodan, censys etc. in one app

Urls de-duplication tool for better recon.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Geo Recon ⭐ 82

An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.

Deadtrap ⭐ 73

An OSINT tool to gather information about the real owner of a phone number

Reconcat ⭐ 66

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Recscansec ⭐ 51

A fast http and https prober, to check which URLs are alive

Github Recon ⭐ 44

GitHub Recon — and what you can achieve with it!

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Ge.mine.nu ⭐ 31

Code from my old page ge.mine.nu

Recon Raven ⭐ 18

Reconnaissance tool of Penetration test & Bug Bounty

1-87 of 87 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210