There are 213 repositories under reconnaissance topic.
🔎 Hunt down social media accounts by username across social networks
Information gathering framework for phone numbers
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
E-mails, subdomains and names Harvester - OSINT
Fast passive subdomain enumeration tool.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
OSINT Framework
Accurately Locate Smartphones using Social Engineering
A Tool for Domain Flyovers
All about bug bounty (bypasses, payloads, and etc)
一个攻防知识仓库 Red Teaming and Offensive Security
A high performance offensive security tool for reconnaissance and vulnerability scanning
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Quickly discover exposed hosts on the internet using multiple search engines.
All In One Web Recon
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
List of Awesome Asset Discovery Resources
The Offensive Manual Web Application Penetration Testing Framework.
:new: The Multi-Tool Web Vulnerability Scanner.
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Discover Your Attack Surface!
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.