Reconnaissance

Understand your target. Perform in-depth research and discover new attack surfaces.

asset-count

Content Discovery

Organization Description Directory
content-discovery Tool to support with “Content Discovery” during mapping of a web applications/sites. last-commit opensource
dirble Fast directory scanning and scraping tool. last-commit opensource
DirBuster a multi threaded java application designed to brute force directories and files names on web/application servers. last-commit opensource
DirHunt Find web directories without bruteforce. last-commit opensource
dirsearch Web path scanner. last-commit opensource
Feroxbuster A fast, simple, recursive content discovery tool written in Rust. GitHub last commit opensource
ffuf Fast web fuzzer written in Go. last-commit opensource
GoBuster Directory/File, DNS and VHost busting tool written in Go. last-commit opensource
Hakrawler Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application. last-commit opensource
HTTPLoot An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages. last-commit opensource
IISRecon IIS shortname scanner + bruteforce. last-commit opensource
Kiterunner Contextual Content Discovery Tool. last-commit opensource
LinkFinder A python script that finds endpoints in JavaScript files. last-commit opensource
ParamSpider Mining parameters from dark corners of Web Archives. last-commit opensource
Raccoon A high performance offensive security tool for reconnaissance and vulnerability scanning. last-commit opensource
RecurseBuster Rapid content discovery tool for recursively querying webservers. last-commit no-recent-update opensource
Scilla Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration. last-commit opensource
UnChain A tool to find redirection chains in multiple URLs. last-commit opensource
xnLinkFinder A python tool used to discover endpoints for a given target. last-commit opensource
x8 Hidden parameters discovery suite written in Rust. last-commit opensource

DNS

Organization Description Directory
aiodnsbrute Python 3.5+ DNS asynchronous brute force utility. last-commit no-recent-update opensource
dnsdumpter dns recon & research, find & lookup dns records. N/A
dnssearch A subdomain enumeration tool. last-commit no-recent-update opensource
dnsX Fast and multi-purpose DNS toolkit allow to run multiple DNS queries. last-commit opensource
Fastsub A custom built DNS bruteforcer with multi-threading, and handling of bad resolvers. last-commit opensource
Fierce A DNS reconnaissance tool for locating non-contiguous IP space. last-commit opensource
MassDNS A high-performance DNS stub resolver for bulk lookups and reconnaissance. last-commit opensource
Raccoon A high performance offensive security tool for reconnaissance and vulnerability scanning. last-commit opensource
SubBrute A DNS meta-query spider that enumerates DNS records, and subdomains. last-commit no-recent-update opensource

Domains

Organization Description Directory
Altdns Generates permutations, alterations and mutations of subdomains and then resolves them. last-commit no-recent-update opensource
Amass In-depth Attack Surface Mapping and Asset Discovery. last-commit opensource
Assetfinder Find domains and subdomains potentially related to a given domain. last-commit opensource
Chaos-Client Go client to communicate with Chaos DNS API. last-commit opensource
crt.sh Certificate search on domains. N/A
ctfr Abusing Certificate Transparency logs for getting HTTPS websites subdomains. last-commit no-recent-update opensource
Discover Custom bash scripts to automate various pentesting tasks including recon. last-commit opensource
findomain The complete solution for domain recognition. last-commit freemium-service opensource register-profile
findsubdomains.com (spyse) subdomain finder in order to make your reconnaissance process faster and effortless. freemium-service register-profile
Knock Knock Subdomain Scan. last-commit opensource
OneForAll A powerful subdomain integration tool. last-commit opensource
PD Actions Continous reconnaissance and vuln assesment using Github Actions. last-commit opensource
Raccoon A high performance offensive security tool for reconnaissance and vulnerability scanning. last-commit opensource
Robtex Robtex is used for various kinds of research of IP numbers, Domain names, etc. N/A
Scilla Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration. last-commit opensource
sigurlfind3r A reconnaissance tool, it fetches URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. last-commit opensource
subfinder Fast passive subdomian enumeration tool. last-commit opensource
sublist3r Fast subdomains enumeration tool for penetration testers. last-commit opensource
Turbolist3r Subdomain enumeration tool with analysis features for discovered domains. last-commitopensource
Websitewatcher Monitor webist domain for changes. last-commitopensource

Dorking

Tool Description Directory
Dorkbot Command line dorking tool. last-commit opensource

Frameworks

Organization Description Directory
Osmedeus Fully automated offensive security framework for reconnaissance and vulnerability scanning. last-commit freemium-service register-profile opensource
ReconDog Reconnaissance Swiss Army Knife. last-commit freemium-service register-profile opensource
sn1per Discover the attack surface and prioritize risks with our continuous Attack Surface Management. last-commit freemium-service register-profile opensource

Search Engines

Organization Description Directory
Censys Highly-indexed Internet-wide scan data at scale. freemium-service
Google Dataset Indexed datasets. N/A
Mamont Open FTP Indexer. N/A
Napalm Open FTP Indexer. N/A
OCCRP Aleph Global archive of research material. N/A
OnionScan TOR scanner. last-commit no-recent-update opensource
Shodan The security search engine. Search everything IoT. freemium-service
Wayback Machine Internet archive of saved web pages. N/A

Wordlists

Tool Description Directory
API Endpoints & Objects A list of 3203 common API endpoints and objects designed for fuzzing. opensource
Funny Fuzzing Wordlist Funny Fuzzing Wordlist. last-commit opensource
Fuzz.txt Directory & File List. last-commit opensource
SecLists A collection of multiple types of lists used during security assessments, collected in one place. last-commit opensource
Secrets in Environment Variables Awesome list of secrets in environment variables. last-commit opensource