Displaying 1 to 20 from 25 results

amass - In-depth subdomain enumeration written in Go

  •    Go

Amass is now an OWASP project and the OWASP GitHub organization repository is where all further development and releases will take place.

Sn1per - Automated Pentest Recon Scanner

  •    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

observer_cli - Visualize Erlang/Elixir Nodes On The Command Line

  •    Erlang

Visualize Erlang/Elixir Nodes On The Command Line base on recon. Document in detail. ❗️ ensure observer_cli application been loaded on target node.




ReconDog - Reconnaissance Swiss Army Knife

  •    Python

Recon Dog requires no manual configuration and can be simply run as a normal python script. However, a debian package can be downloaded from here if you want to install it. Wizard interface is the most straightforward way you can use Recon Dog in. Just run the program, select what you want to do and enter the target, it's that simple.

docker-onion-nmap - Scan

  •    Shell

Use nmap to scan hidden "onion" services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS requests to port 9053. dnsmasq is configured to with this localhost:9053 as an authority DNS server. Proxychains is configured to proxy DNS through the local resolver, so all DNS requests will go through Tor and applications can resolve .onion addresses. When the container boots, it launches Tor and dnsmasq as daemons. The tor_wait script then waits for the Tor SOCKS proxy to be up before executing your command.

recovery - Recover from a network failure using randomized exponential backoff.

  •    Javascript

Recovery provides randomized exponential back off for reconnection attempts. It allows you to recover the connection in the most optimal way (for both server and client). The exponential back off is randomized to prevent a DDoS like attack on your server when it's restarted, spreading the reconnection attempts instead of having all your connections attempt to reconnect at exactly the same time.The code base of this module was originally written for Primus but has been extracted as separate module. It has been thoroughly tested and it's written with love <3.

hoper - Security tool to trace URL's jumps across the rel links to obtain the last URL

  •    Ruby

It shows all the hops that makes a url you specify to reach its endpoint. For example if you want to see the entire trip by email URL or like a URL shorten. Hoper returns you all URLs redirections. After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.


recon_ex - Elixir wrapper for Recon, tools to diagnose Erlang VM safely in production

  •    Elixir

ReconEx is an Elixir wrapper for Recon. It is a library to be dropped into any other Elixir project, to be used to assist DevOps people diagnose problems from iex shell in production Erlang VMs. It is recommended that you use tags (TODO: create tags) if you do not want bleeding edge and development content for this library.

censys-subdomain-finder - ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys

  •    Python

This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA. Should run on Python 2.7 and 3.5.

IntRec-Pack - Intelligence and Reconnaissance Package/Bundle installer.

  •    Shell

Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

HostHunter - HostHunter, an efficient recon tool for discovering hostnames using OSINT techniques.

  •    Python

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilises the HackerTarget API to enchance the results. It generates a vhosts.csv file containing the results of the reconnaissance.

Amass - In-Depth DNS Enumeration written in Go

  •    Go

The OWASP Amass tool obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks. A precompiled version is available for each release.

csrecon - Open source tool that uses censys and shodan for passive recon.

  •    Javascript

It's pretty useful because all of this information can be discovered, in about 15 seconds, by simply providing the target/organization name. It should work on any Linux/Unix/OSX platform with node.js and npm installed.

delator - Golang-based subdomain miner leveraging certificate transparency logs

  •    Go

DELATOR (lat. informer) is a tool to perform subdomain enumeration and initial reconnaissance through the abusing of certificate transparency (CT) logs. It expands on the original work done by Sheila A. Berta with her CTFR tool and leverages the speed and power of Go. To run DELATOR a domain (-d) and search source (-s) must always be specified.

fdns - Concurrent Rapid7 FDNS dataset parser

  •    Go

Package fdns parses Rapid7 Forward DNS dataset in a concurrent way. The parser reports found entries (subdomains, IP addresses, records, etc) for the given record and domain. Send a PR or open an issue. Just make sure that your PR passes gofmt, golint and govet.

s3enum - Fast Amazon S3 bucket enumeration tool for pentesters.

  •    Go

s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don't hit AWS directly. It was originally built back in 2016 to target GitHub.

THRecon - Threat Hunting Reconnaissance Toolkit

  •    PowerShell

Collect endpoint information for use in incident response, threat hunting, live forensics, baseline monitoring, etc. * Info pulled from current running processes or their executables on disk.

getJS - A tool to fastly get all javascript sources/files

  •    Go

getJS is a tool to extract all the javascript files from a set of given urls. varying from completing the urls, to resolving the files.

ICU - An Extended, Modulair, Host Discovery Framework

  •    Python

ICU is a tool to constantly keep an updated database of domains and subdomains, by regularly scanning domains for subdomains with the most common subdomain scanners. ICU works by creating a database with domains and a crontask to launch the subdomain scanners script. You can launch this script manually as well. You can also keep control of your domains and subdomains with the main.py script or with the telegram bot. There is also a simple web application that is meant for a quick view of your domains. This web application is not meant yet for a large number of domains.