Displaying 1 to 20 from 21 results

Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

  •    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.

Photon - Incredibly fast crawler designed for recon.

  •    Python

The extracted information is saved in an organized manner or can be exported as json. Control timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. The extensive range of options provided by Photon lets you crawl the web exactly the way you want.

RED_HAWK - All in one tool for Information Gathering, Vulnerability Scanning and Crawling

  •    PHP

RED HAWK's CMS Detector currently is able to detect the following CMSs (Content Management Systems) in case the website is using some other CMS, Detector will return could not detect. Want to contribute to RED HAWK or point out something wrong? Just create a new issue here: https://github.com/Tuhinshubhra/RED_HAWK/issues/new I'd love to hear from you.

sherlock - 🔎 Hunt down social media accounts by username across social networks

  •    Python

Accounts found will be stored in an individual text file with the corresponding username (e.g user123.txt). If you are using Anaconda in Windows, using 'python3' might not work. Use 'python' instead.

phoneinfoga - Information gathering & OSINT framework for phone numbers

  •    Go

PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner. This project is stable and production-ready. Roadmap is here.

sandmap - Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine

  •    Shell

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Before using the Sandmap read the Command Line introduction.

ReconDog - Reconnaissance Swiss Army Knife

  •    Python

Recon Dog requires no manual configuration and can be simply run as a normal python script. However, a debian package can be downloaded from here if you want to install it. Wizard interface is the most straightforward way you can use Recon Dog in. Just run the program, select what you want to do and enter the target, it's that simple.

tactical-exploitation - Modern tactical exploitation toolkit.

  •    Python

I've always been a big proponent of a tactical approach to penetration testing that does not focus on exploiting known software vulnerabilities, but relies on old school techniques such as information gathering and brute force. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects. This repository aims to provide a tactical exploitation toolkit to assist penetration testers during their assignments. The tools currently released are described below. See also http://www.0xdeadbeef.info/ for some older tools and techniques.

otseca - Open source security auditing tool to search and dump system configuration

  •    Shell

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time. Otseca facilitates collection of many important information about a given system.

dirsearch - A Go implementation of dirsearch.

  •    Go

DirSearch takes an input URL ( -url parameter ) and a wordlist ( -wordlist parameter ), it will then perform concurrent HEAD requests using the lines of the wordlist as paths and files eventually bruteforcing folders and files on a web server. This project is copyleft of Simone Margaritelli and released under the GPL 3 license.

eyes - 👀 🖥️ Golang rewrite of eyes

  •    Go

eyes is complete Golang rewrite of the eyes.sh BASH script that scans domains and IP addresses for relevant information. It is useful for information gathering during penetration testing, and it utilizes APIs to keep your identity safe. This program is a Golang adaptation of the eyes.sh BASH script, which is a BASH adaptation of ReconDog.


  •    Shell

eyes is a BASH script that scans domains and IP addresses for relevant information. It is useful for information gathering during penetration testing, and it utilizes APIs so as to keep your identity safe. This script is a BASH adaptation of ReconDog.

hacker-roadmap - :pushpin: A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security


This repository is a guide for amateurs pen testers and a summary of hacking tools, resources and references to practice ethical hacking, pen testing and web security. Most of these tools are UNIX compatible and MIT licensed. Note that Linux is the best operating system to practice ethical hacking. Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.

Gitmails - An information gathering tool to collect git commit emails in version control host services

  •    Python

Gitmails explores that git commits contains a name and an email configured by the author and that version control host services are being used to store a lot of projects. With these steps, Gitmails can collect all emails found in commit history for a specific target.

Hamburglar - Hamburglar -- collect useful information from urls, directories, and files

  •    Python

Inspiration came from needmorecowbell/sniff-paste, I wanted the same regex scraping but for every file in a given directory.

devonthink-hacks - Scripts and other things for working with DEVONthink

  •    AppleScript

These are scripts and programs I developed to work with DEVONthink, a powerful personal database and information management system. In the process of using DEVONthink more fully, I've been developing scripts to automate various procedures. This repository contains the results.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.