Awesome Open Source
Awesome Open Source
Combined Topics
reconnaissance
x
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210
The Top 87 Reconnaissance Open Source Projects
Categories
>
Security
>
Reconnaissance
Sherlock
⭐
20,738
🔎 Hunt down social media accounts by username across social networks
Social Analyzer
⭐
6,651
API, CLI & Web App for analyzing & finding a person's profile across 350+ social media websites (Detections are updated regularly)
Spiderfoot
⭐
5,484
SpiderFoot automates OSINT collection so that you can focus on analysis.
Theharvester
⭐
4,842
E-mails, subdomains and names Harvester - OSINT
Aquatone
⭐
3,965
A Tool for Domain Flyovers
Phoneinfoga
⭐
3,063
Advanced information gathering & OSINT framework for phone numbers
Osmedeus
⭐
2,949
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Rengine
⭐
2,554
reNgine is a reconnaissance engine(framework) that does end-to-end reconnaissance with the help of highly configurable scan engines and does information gathering about the target web application. reNgine makes use of various open-source tools and makes a configurable pipeline of reconnaissance.
Osint Framework
⭐
2,513
OSINT Framework
Discover
⭐
2,243
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Raccoon
⭐
2,010
A high performance offensive security tool for reconnaissance and vulnerability scanning
Massdns
⭐
1,767
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Seeker
⭐
1,611
Accurately Locate Smartphones using Social Engineering
Hackvault
⭐
1,319
A container repository for my public web hacks!
Tidos Framework
⭐
1,286
The Offensive Manual Web Application Penetration Testing Framework.
Fierce
⭐
1,062
A DNS reconnaissance tool for locating non-contiguous IP space.
Intrigue Core
⭐
1,004
Discover Your Attack Surface!
Awesome Asset Discovery
⭐
1,001
List of Awesome Asset Discovery Resources
Gitgot
⭐
948
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Finalrecon
⭐
867
The Last Web Recon Tool You'll Need
Sudomy
⭐
834
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Sn0int
⭐
792
Semi-automatic OSINT framework and package manager
Rapidscan
⭐
765
🆕 The Multi-Tool Web Vulnerability Scanner.
Allaboutbugbounty
⭐
739
All about bug bounty (bypasses, payloads, and etc)
Attacksurfacemapper
⭐
700
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Sublert
⭐
694
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Git Hound
⭐
594
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Favfreak
⭐
545
Making Favicon.ico based Recon Great again !
Bigbountyrecon
⭐
526
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Gasmask
⭐
506
Information gathering tool - OSINT
Shuffledns
⭐
487
shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
Odin
⭐
475
Automated network asset, email, and social media profile discovery and cataloguing.
Shotlooter
⭐
445
a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
Witnessme
⭐
428
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Hosthunter
⭐
411
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Maryam
⭐
356
Maryam : Open-source Intelligence(OSINT) Framework
Badkarma
⭐
353
network reconnaissance toolkit
Natlas
⭐
323
Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
Osint_tips
⭐
313
OSINT
Lazyrecon
⭐
277
An automated approach to performing recon for bug bounty hunting and penetration testing.
Recon Pipeline
⭐
277
An automated target reconnaissance pipeline.
Cloudscraper
⭐
275
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Procspy
⭐
271
Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..
Recon My Way
⭐
269
This repository created for personal use and added tools from my latest blog post.
Megplus
⭐
268
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Ntlmrecon
⭐
251
Enumerate information from NTLM authentication enabled web endpoints 🔎
Autorecon
⭐
243
Simple shell script for automated domain recognition with some tools
I See You
⭐
242
ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.
Public Bugbounty Programs
⭐
225
Community curated list of public bug bounty and responsible disclosure programs.
Pdlist
⭐
203
A passive subdomain finder
Bugbountyscanner
⭐
197
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Gitem
⭐
190
A Github organization reconnaissance tool.
Rebel Framework
⭐
183
Advanced and easy to use penetration testing framework 💣🔎
3klcon
⭐
181
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Getjs
⭐
180
A tool to fastly get all javascript sources/files
Intrec Pack
⭐
178
Intelligence and Reconnaissance Package/Bundle installer.
Recsech
⭐
173
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Yar
⭐
171
Yar is a tool for plunderin' organizations, users and/or repositories.
Url Tracker
⭐
169
Change monitoring app that checks the content of web pages in different periods.
Garud
⭐
164
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Awesome Bbht
⭐
162
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Asnlookup
⭐
159
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Mqtt Pwn
⭐
153
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
Sherlock Js
⭐
151
Find usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock
Osint Tools
⭐
143
👀 Some of my favorite OSINT tools.
Pyiris Backdoor
⭐
141
PyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>
Autosetup
⭐
140
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Intelspy
⭐
133
Perform automated network reconnaissance scans
Subrake
⭐
126
A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
Asnip
⭐
124
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Spaces Finder
⭐
121
A tool to hunt for publicly accessible DigitalOcean Spaces
Gitmonitor
⭐
110
One way to continuously monitor sensitive information that could be exposed on Github
Ntlm_challenger
⭐
106
Parse NTLM challenge messages over HTTP and SMB
Bass
⭐
103
Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"
Keye
⭐
101
Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Sarenka
⭐
101
OSINT tool - gets data from services like shodan, censys etc. in one app
Uddup
⭐
95
Urls de-duplication tool for better recon.
Scilla
⭐
89
🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Geo Recon
⭐
82
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.
Deadtrap
⭐
73
An OSINT tool to gather information about the real owner of a phone number
Reconcat
⭐
66
A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Recscansec
⭐
51
Halive
⭐
47
A fast http and https prober, to check which URLs are alive
Github Recon
⭐
44
GitHub Recon — and what you can achieve with it!
Eyes
⭐
35
👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Ge.mine.nu
⭐
31
Code from my old page ge.mine.nu
Recon Raven
⭐
18
Reconnaissance tool of Penetration test & Bug Bounty
1-87 of 87 projects
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210