OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost. Feedback or new tool suggestions are extremely welcome! Please feel free to submit a pull request or open an issue on github or reach out on Twitter.
osint-framework osint-resources osint intelligence-gathering reconnaissance footprintingRaccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.
reconnaissance scanner vulnerability-assessment vulnerability-scanner enumeration pentesting pentest-tool hacking-tool offensive-security security-scanner fuzzing information-gathering hacking raccoon osintAccounts found will be stored in an individual text file with the corresponding username (e.g user123.txt). If you are using Anaconda in Windows, using 'python3' might not work. Use 'python' instead.
cli osint tools sherlock python3 information-gathering reconnaissance redteamSpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and GPL-licensed.
osint infosec threatintel intelligence-gathering reconnaissance footprinting attack-surface osint-reconnaissancePhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner. This project is stable and production-ready. Roadmap is here.
osint phone-number phone reputation footprint information-gathering investigation reconnaissance agregation open-source-intelligence passive-scannerFierce is a DNS reconnaissance tool for locating non-contiguous IP space. First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/. This is simply a conversion to Python 3 to simplify and modernize the codebase.
dns zone-transfers reconnaissance discovered-domains name-server domain subdomain fierceshuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Based on the work on massdns project by @blechschmidt.
dns subdomain dns-resolution dns-bruteforcer dns-resolver dns-lookup reconnaissance massdns subdomain-bruteforcingNOTE: For installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway. TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.
web-penetration-testing reconnaissance vulnerability-analysis scanning-enumeration web-fuzzer osint vulnerability-detection footprinting intelligence-gathering exploitation web-application-security theinfecteddrake tidos-frameworkThis is a source of public programs listed on chaos.projectdiscovery.io. Please send pull-request of public bug bounty programs that you want to include in our public list with recon data. Have questions / doubts / ideas to discuss? feel free to open a discussion using Github discussions board.
chaos bugbounty reconnaissanceThere are an accompanying set of blog posts detailing the development process and underpinnings of the pipeline. Feel free to check them out if you're so inclined, but they're in no way required reading to use the tool. Check out recon-pipeline's readthedocs entry for some more in depth information than what this README provides.
scanner python3 recon bugbounty security-tools reconnaissance recon-pipelineA script using Docker to quickly bring up some honeypots exposing 16 services. For research, reconnaissance and fun. While originally built to run on a laptop during the DEF CON hacker conference to see how many pings and pokes we could attract, it's a useful tool for research, and reconnaissance to test networks for infestations. I've completely rewritten this (July 2017) to use Docker and Docker-Compose to containerize all the honeypot services, greatly speeding up deployment time while reducing system requirements. prickly-pete uses Docker and Docker-Compose to bring up the following honeypots, automatically, with no configuration or extra steps necessary.
honeypot cowrie reconnaissance expose-services ssh dionaea docker docker-compose contpot ids ics-scada scada icsGitem is a tool for performing Github organizational reconnaissance. Gitem can be used to collect information at various levels of granularity from Github.
github git reconnaissance osint phishing recruitmentIntelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.
reconnaissance bash pentest pentesting recon threatintel osint installer install-script enumeration automation security security-toolsA tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilises the HackerTarget API to enchance the results. It generates a vhosts.csv file containing the results of the reconnaissance.
osint recon tool hostnames ip reconnaissance:pencil: urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
forensics forensic security-tools security social-engineering reconnaissance cybersecurityeyes is complete Golang rewrite of the eyes.sh BASH script that scans domains and IP addresses for relevant information. It is useful for information gathering during penetration testing, and it utilizes APIs to keep your identity safe. This program is a Golang adaptation of the eyes.sh BASH script, which is a BASH adaptation of ReconDog.
pentesting pentest-tool penetration-testing information-gathering reconnaissanceI created enumerid to help determine valid ranges in an environment after getting the intial foothold. Enumerid works by connecting over RPC and enumerating the Domain Computers group and then performing an IP lookup for the given hostname. If the host has a leased IP, you will get a resolution. This gives attackers the ability to more easily orient themselves in the network. Rather than limiting the user to a single RID I decided to make it a bit more open ended and allow the user to specify arbitrary RIDs with the option to perform DNS resolution. So this script ended up being a more evolved version of enum4linux. The benefit of enumerid is that you can theoretically compile it into an exe and run it on Windows, although I have not personally tested this.
enumeration rid active-directory reconnaissance impacketDELATOR (lat. informer) is a tool to perform subdomain enumeration and initial reconnaissance through the abusing of certificate transparency (CT) logs. It expands on the original work done by Sheila A. Berta with her CTFR tool and leverages the speed and power of Go. To run DELATOR a domain (-d) and search source (-s) must always be specified.
subdomain-scanner subdomains subdomainlist pentesting reconnaissance recon threat-intelligence threatintel pentest-tool certificate-transparency-logs penetration-testing certificate-transparency-abusegetJS is a tool to extract all the javascript files from a set of given urls. varying from completing the urls, to resolving the files.
files parser goquery extract urls recon reconnaissance pentesting bugbounty hackingCommand-line application and golang client library for hunter.io. The command-line application has three major commands search, find, and verify. All three of these commands output JSON. This makes parsing the infromation easy, especially using command-line tools like jq.
hunterio email-verification email-finder command-line reconnaissance
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.