amass - In-depth subdomain enumeration written in Go

•    Go

Amass is now an OWASP project and the OWASP GitHub organization repository is where all further development and releases will take place.

Sn1per - Automated Pentest Recon Scanner

•    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

Striker - Striker is an offensive information and vulnerability scanner.

•    Python

Striker is an offensive information and vulnerability scanner. Want to see what else it can do? Try it yourself.

awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips

A collection of awesome one-liner scripts especially for bug bounty. This repository stores and houses various one-liner for bug bounty tips provided by me as well as contributed by the community. Your contributions and suggestions are heartily♥ welcome.

Zeus-Scanner - Advanced reconnaissance utility

•    Python

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine captchas. Running without a mandatory options, or running the --help flag will output Zeus's help menu: A basic dork scan with the -d flag, from the given dork will launch an automated browser and pull the Google page results: Calling the -s flag will prompt for you to start the sqlmap API server python sqlmapapi.py -s from sqlmap, it will then connect to the API and perform a sqlmap scan on the found URL's.

observer_cli - Visualize Erlang/Elixir Nodes On The Command Line

•    Erlang

Visualize Erlang/Elixir Nodes On The Command Line base on recon. Document in detail. ❗️ ensure observer_cli application been loaded on target node.

ReconDog - Reconnaissance Swiss Army Knife

•    Python

Recon Dog requires no manual configuration and can be simply run as a normal python script. However, a debian package can be downloaded from here if you want to install it. Wizard interface is the most straightforward way you can use Recon Dog in. Just run the program, select what you want to do and enter the target, it's that simple.

docker-onion-nmap - Scan

•    Shell

Use nmap to scan hidden "onion" services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS requests to port 9053. dnsmasq is configured to with this localhost:9053 as an authority DNS server. Proxychains is configured to proxy DNS through the local resolver, so all DNS requests will go through Tor and applications can resolve .onion addresses. When the container boots, it launches Tor and dnsmasq as daemons. The tor_wait script then waits for the Tor SOCKS proxy to be up before executing your command.

recon-pipeline - An automated target reconnaissance pipeline.

•    Python

There are an accompanying set of blog posts detailing the development process and underpinnings of the pipeline. Feel free to check them out if you're so inclined, but they're in no way required reading to use the tool. Check out recon-pipeline's readthedocs entry for some more in depth information than what this README provides.

recovery - Recover from a network failure using randomized exponential backoff.

•    Javascript

Recovery provides randomized exponential back off for reconnection attempts. It allows you to recover the connection in the most optimal way (for both server and client). The exponential back off is randomized to prevent a DDoS like attack on your server when it's restarted, spreading the reconnection attempts instead of having all your connections attempt to reconnect at exactly the same time.The code base of this module was originally written for Primus but has been extracted as separate module. It has been thoroughly tested and it's written with love <3.

hoper - Security tool to trace URL's jumps across the rel links to obtain the last URL

•    Ruby

It shows all the hops that makes a url you specify to reach its endpoint. For example if you want to see the entire trip by email URL or like a URL shorten. Hoper returns you all URLs redirections. After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.

recon_ex - Elixir wrapper for Recon, tools to diagnose Erlang VM safely in production

•    Elixir

ReconEx is an Elixir wrapper for Recon. It is a library to be dropped into any other Elixir project, to be used to assist DevOps people diagnose problems from iex shell in production Erlang VMs. It is recommended that you use tags (TODO: create tags) if you do not want bleeding edge and development content for this library.

censys-subdomain-finder - ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys

•    Python

This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA. Should run on Python 2.7 and 3.5.

IntRec-Pack - Intelligence and Reconnaissance Package/Bundle installer.

•    Shell

Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

HostHunter - HostHunter, an efficient recon tool for discovering hostnames using OSINT techniques.

•    Python

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilises the HackerTarget API to enchance the results. It generates a vhosts.csv file containing the results of the reconnaissance.

Amass - In-Depth DNS Enumeration written in Go

•    Go

The OWASP Amass tool obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks. A precompiled version is available for each release.

csrecon - Open source tool that uses censys and shodan for passive recon.

•    Javascript

It's pretty useful because all of this information can be discovered, in about 15 seconds, by simply providing the target/organization name. It should work on any Linux/Unix/OSX platform with node.js and npm installed.

delator - Golang-based subdomain miner leveraging certificate transparency logs

•    Go

DELATOR (lat. informer) is a tool to perform subdomain enumeration and initial reconnaissance through the abusing of certificate transparency (CT) logs. It expands on the original work done by Sheila A. Berta with her CTFR tool and leverages the speed and power of Go. To run DELATOR a domain (-d) and search source (-s) must always be specified.

fdns - Concurrent Rapid7 FDNS dataset parser

•    Go

Package fdns parses Rapid7 Forward DNS dataset in a concurrent way. The parser reports found entries (subdomains, IP addresses, records, etc) for the given record and domain. Send a PR or open an issue. Just make sure that your PR passes gofmt, golint and govet.

s3enum - Fast Amazon S3 bucket enumeration tool for pentesters.

•    Go

s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don't hit AWS directly. It was originally built back in 2016 to target GitHub.