Awesome Open Source

Programming Languages

Search results for penetration testing reconnaissance

penetration-testing x

reconnaissance x

73 search results found

Sherlock ⭐ 60,566

Hunt down social media accounts by username across social networks

Social Analyzer ⭐ 10,841

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Red Teaming Toolkit ⭐ 8,230

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Rengine ⭐ 6,446

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Reconftw ⭐ 5,890

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Osmedeus ⭐ 5,586

A Workflow Engine for Offensive Security

Allaboutbugbounty ⭐ 4,793

All about bug bounty (bypasses, payloads, and etc)

Hakrawler ⭐ 4,120

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Raccoon ⭐ 2,928

A high performance offensive security tool for reconnaissance and vulnerability scanning

Sudomy ⭐ 2,151

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Finalrecon ⭐ 2,054

All In One Web Recon

Reconspider ⭐ 1,729

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Rapidscan ⭐ 1,489

🆕 The Multi-Tool Web Vulnerability Scanner.

Cariddi ⭐ 1,228

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Intrigue Core ⭐ 1,205

Discover Your Attack Surface!

Wordlists ⭐ 1,200

Real-world infosec wordlists, updated regularly

Fbi Tools ⭐ 1,153

🕵️ OSINT Tools for gathering information and actions forensics 🕵️

Hosthunter ⭐ 1,120

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Metabigor ⭐ 1,087

OSINT tools and more but without API ke

Inventory ⭐ 1,019

Asset inventory of over 800 public bug bounty programs.

Pywerview ⭐ 803

A (partial) Python rewriting of PowerSploit's PowerView

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Datasurgeon ⭐ 630

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers and a lot More From Text

All in One Recon Tool for Bug Bounty

Xurlfind3r ⭐ 534

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

Bigbountyrecon ⭐ 471

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

Awesome Bbht ⭐ 390

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A tool to fastly get all javascript sources/files

Offensive Osint Tools ⭐ 373

OffSec OSINT Pentest/RedTeam Tools

Reconscan ⭐ 324

Network reconnaissance and vulnerability assessment tools.

Awesome Cybersec Resources ⭐ 314

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .

Second Order ⭐ 295

Second-order subdomain takeover scanner

An advanced tool for email reconnaissance

Bucketloot ⭐ 252

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

Arsenal ⭐ 247

Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty

Cut Cdn ⭐ 243

✂️ Removing CDN IPs from the list of IP addresses

Investigator ⭐ 218

An online handy-recon tool

Web Security Scanner

N0kovo_subdomains ⭐ 214

An extremely effective subdomain wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.

Generate tens of thousands of subdomain combinations in a matter of seconds

Bug_bounty_tools_and_methodology ⭐ 175

Bug Bounty Tools used on Twitch - Recon

Recsech ⭐ 161

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Make URL path combinations using a wordlist

Favirecon ⭐ 149

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

Knockknock ⭐ 147

A simple reverse whois lookup tool which returns a list of domains owned by people or companies

Tugarecon ⭐ 144

Pentest: Subdomains enumeration tool for penetration testers.

Kitsec Core ⭐ 136

Ethical hacking, made easy.

Chronos ⭐ 127

Extract pieces of info from a web page's Wayback Machine history

Web Hacking Toolkit ⭐ 127

A web hacking toolkit (docker image).

Webstor ⭐ 119

A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.

An automation tool to install the most popular tools for bug bounty or pentesting.

Insiders ⭐ 111

Archive of Potential Insider Threats

Shonydanza ⭐ 110

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Smartrecon ⭐ 102

smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter

Docker Osmedeus ⭐ 99

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

Xsubfind3r ⭐ 92

A command-line interface (CLI) based passive subdomain discovery utility. It is designed to efficiently identify known subdomains of given domains by tapping into a multitude of curated online passive sources.

ScanPro - NMap Scanning Scripts ~ Network Mapper

Xcrawl3r ⭐ 79

A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.

Secator - the pentester's swiss knife

Chomtesh ⭐ 76

CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, making it a valuable asset for bug bounty hunters and penetration testers.

Enumerate a target Based off of Nmap Results

Golang-based subdomain miner leveraging certificate transparency logs

uscan is an automated vulnerability scanner that streamlines the process of website hacking, making it faster and more efficient than ever before.

Frida_setup ⭐ 63

One-click installer for Frida and Burp certs for SSL Pinning bypass

Enumerepo ⭐ 60

List all public repositories for (valid) GitHub usernames

Grepaddr ⭐ 60

Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.

Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)

Subdomains.sh ⭐ 57

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

Sifter - All purpose penetration testing op-center

Rest Api ⭐ 48

REST API backend for Reconmap

Aquatone ⭐ 48

A Tool for Domain Flyovers

Monitoring the Cloud Landscape

R3c0nizer ⭐ 42

R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.

Webrecon ⭐ 41

Automated Web Recon Shell Scripts

3klector ⭐ 38

3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company

Attacksurfacemanagement ⭐ 33

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

H2buster ⭐ 32

A threaded, recursive, web directory brute-force scanner over HTTP/2.

Huntthebug ⭐ 32

Basic Recon For Bug Bounty Hunter - "HuntTheBug" is Basic Scripts For Sub Domain Enumeration> Live Domain Enumeration > Sub Domain Hijack > URL + JavaScript Scan > Dir Brute Forcing > Open Port Check With Telegram Bot Notification

Combine words from two wordlist files and concatenate them with an optional delimiter

Website Passive Reconnaissance ⭐ 30

Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.

Wordlist_generator ⭐ 30

Unique wordlist generator of unique wordlists.

Screenshooter ⭐ 29

Convert your masscan/subdomain-scan results (80,443,8080) into screenshots for better analysis

PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.

Subdomain Enumeration Guide ⭐ 28

This is a comprehensive Subdomain Enumeration Guide that traces back to my GitBook.

Gadget Pentesting Tool Scripts

Crawleet ⭐ 25

Web Recon & Exploitation Tool.

Bf_active_sub ⭐ 24

Subdomain Bruteforce - Bounty Quick Code

Related subdomains finder

Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques

Doubletap ⭐ 21

A very loud but fast recon scan and pentest template creator for use in CTF's/OSCP/Hackthebox...

Cdnrecon ⭐ 21

CDNRECON is a tool that is designed to uncover the origin/backend IP behind a CDN's reverse proxy. It is written in Python3 and uses various techniques such as header analysis and DNS lookups to try and discover the origin IP of a website behind a CDN.

Security Arsenal ⭐ 20

Security pentesting/devsecops/bug bounty/Cloud etc.

Pentest Scripts ⭐ 20

Compilation of scripts/tools (made by me or not) that help me with Pentest and Bug Bounty.

Maltego_transforms ⭐ 18

Use the Hacker Target IP Tools API for Reconnaissance in Maltego

Auto Recon Ng ⭐ 18

Automated script to run all modules for a specified list of domains, netblocks or company name

Yuyu_scanner ⭐ 17

Web Reconnaissance and Analyst

Related Searches

Python Penetration Testing (1,369)

Security Penetration Testing (767)

Exploitation Penetration Testing (392)

Scanner Penetration Testing (373)

Penetration Testing Pentest Tool (331)

Penetration Testing Red Team (324)

Penetration Testing Security Tools (315)

Penetration Testing Hacking Tool (293)

1-73 of 73 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2025 Awesome Open Source. All rights reserved.