Awesome Open Source
Awesome Open Source
Sponsorship
Combined Topics
reconnaissance x
Advertising 📦10
All Projects
Application Programming Interfaces 📦124
Applications 📦192
Artificial Intelligence 📦78
Blockchain 📦73
Build Tools 📦113
Cloud Computing 📦80
Code Quality 📦28
Collaboration 📦32
Command Line Interface 📦49
Community 📦83
Companies 📦60
Compilers 📦63
Computer Science 📦80
Configuration Management 📦42
Content Management 📦175
Control Flow 📦213
Data Formats 📦78
Data Processing 📦276
Data Storage 📦135
Economics 📦64
Frameworks 📦215
Games 📦129
Graphics 📦110
Hardware 📦152
Integrated Development Environments 📦49
Learning Resources 📦166
Legal 📦29
Libraries 📦129
Lists Of Projects 📦22
Machine Learning 📦347
Mapping 📦64
Marketing 📦15
Mathematics 📦55
Media 📦239
Messaging 📦98
Networking 📦315
Operating Systems 📦89
Operations 📦121
Package Managers 📦55
Programming Languages 📦245
Runtime Environments 📦100
Science 📦42
Security 📦396
Social Media 📦27
Software Architecture 📦72
Software Development 📦72
Software Performance 📦58
Software Quality 📦133
Text Editors 📦49
Text Processing 📦136
User Interface 📦330
User Interface Components 📦514
Version Control 📦30
Virtualization 📦71
Web Browsers 📦42
Web Servers 📦26
Web User Interface 📦210

The Top 76 Reconnaissance Open Source Projects

Categories > Security > Reconnaissance
Sherlock 17,198
🔎 Hunt down social media accounts by username across social networks
Spiderfoot 5,128
SpiderFoot automates OSINT collection so that you can focus on analysis.
Theharvester 4,484
E-mails, subdomains and names Harvester - OSINT
Aquatone 3,793
A Tool for Domain Flyovers
Osmedeus 2,772
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Phoneinfoga 2,535
Advanced information gathering & OSINT framework for phone numbers
Osint Framework 2,246
OSINT Framework
Discover 2,166
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Rengine 2,101
reNgine is an automated reconnaissance framework meant for information gathering during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.
Raccoon 1,935
A high performance offensive security tool for reconnaissance and vulnerability scanning
Massdns 1,657
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Seeker 1,399
Accurately Locate Smartphones using Social Engineering
Hackvault 1,278
A container repository for my public web hacks!
Tidos Framework 1,212
The Offensive Manual Web Application Penetration Testing Framework.
Fierce 1,022
A DNS reconnaissance tool for locating non-contiguous IP space.
Awesome Asset Discovery 956
List of Awesome Asset Discovery Resources
Intrigue Core 937
Discover Your Attack Surface
Gitgot 924
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Finalrecon 758
The Last Web Recon Tool You'll Need
Sn0int 736
Semi-automatic OSINT framework and package manager
Sudomy 689
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Rapidscan 672
🆕 The Multi-Tool Web Vulnerability Scanner.
Sublert 665
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Attacksurfacemapper 654
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Git Hound 558
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Favfreak 466
Making Favicon.ico based Recon Great again !
Odin 464
Automated network asset, email, and social media profile discovery and cataloguing.
Gasmask 442
Information gathering tool - OSINT
Shuffledns 422
shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
Shotlooter 421
a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
Witnessme 403
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Hosthunter 354
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Badkarma 340
network reconnaissance toolkit
Natlas 300
Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
Maryam 297
Maryam : Open-source Intelligence(OSINT) Framework
Osint_tips 289
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of TIPS reach 1000 TIPS .Learn Ethical Hacking and penetration testing.and of course OSINT
Procspy 269
Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..
Cloudscraper 263
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Megplus 262
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Recon My Way 262
This repository created for personal use and added tools from my latest blog post.
Lazyrecon 262
An automated approach to performing recon for bug bounty hunting and penetration testing.
Recon Pipeline 241
An automated target reconnaissance pipeline.
Ntlmrecon 240
Tool to enumerate information from NTLM authentication enabled web endpoints 🔎
Autorecon 237
Simple shell script for automated domain recognition with some tools
I See You 228
ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.
Pdlist 198
A passive subdomain finder
Gitem 186
A Github organization reconnaissance tool.
Rebel Framework 183
Advanced and easy to use penetration testing framework 💣🔎
Recsech 174
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Intrec Pack 173
Intelligence and Reconnaissance Package/Bundle installer.
Public Bugbounty Programs 168
Community curated list of public bug bounty and responsible disclosure programs.
Yar 166
Yar is a tool for plunderin' organizations, users and/or repositories.
Url Tracker 155
Change monitoring app that checks the content of web pages in different periods.
Getjs 148
A tool to fastly get all javascript sources/files
Mqtt Pwn 141
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
Sherlock Js 141
Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock
Asnlookup 139
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Autosetup 136
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Pyiris Backdoor 135
PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>
Intelspy 124
Perform automated network reconnaissance scans
Subrake 119
A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
Asnip 117
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Spaces Finder 114
A tool to hunt for publicly accessible DigitalOcean Spaces
Ntlm_challenger 104
Parse NTLM challenge messages over HTTP and SMB
Gitmonitor 104
One way to continuously monitor sensitive information that could be exposed on Github
Keye 100
Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Bass 99
Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"
Garud 99
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
Osint Tools 87
👀 Some of my favorite OSINT tools.
Geo Recon 76
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.
Deadtrap 73
An OSINT tool to gather information about the real owner of a phone number
Reconcat 65
A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Recscansec 51
Halive 47
A fast http and https prober, to check which URLs are alive
Eyes 34
👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Ge.mine.nu 30
Code from my old page ge.mine.nu
1-76 of 76 projects