Displaying 1 to 20 from 21 results

OSINT-Framework - OSINT Framework

  •    Javascript

OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost. Feedback or new tool suggestions are extremely welcome! Please feel free to submit a pull request or open an issue on github or reach out on Twitter.

Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

  •    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.

fierce - A DNS reconnaissance tool for locating non-contiguous IP space.

  •    Python

Fierce is a DNS reconnaissance tool for locating non-contiguous IP space. First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/. This is simply a conversion to Python 3 to simplify and modernize the codebase.

TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.

  •    Python

NOTE: For installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway. TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.




prickly-pete - A script using Docker to quickly bring up some honeypots exposing 16 services

  •    Shell

A script using Docker to quickly bring up some honeypots exposing 16 services. For research, reconnaissance and fun. While originally built to run on a laptop during the DEF CON hacker conference to see how many pings and pokes we could attract, it's a useful tool for research, and reconnaissance to test networks for infestations. I've completely rewritten this (July 2017) to use Docker and Docker-Compose to containerize all the honeypot services, greatly speeding up deployment time while reducing system requirements. prickly-pete uses Docker and Docker-Compose to bring up the following honeypots, automatically, with no configuration or extra steps necessary.

gitem - A Github organization reconnaissance tool.

  •    Python

Gitem is a tool for performing Github organizational reconnaissance. Gitem can be used to collect information at various levels of granularity from Github.

IntRec-Pack - Intelligence and Reconnaissance Package/Bundle installer.

  •    Shell

Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

HostHunter - HostHunter, an efficient recon tool for discovering hostnames using OSINT techniques.

  •    Python

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilises the HackerTarget API to enchance the results. It generates a vhosts.csv file containing the results of the reconnaissance.


eyes - 👀 🖥️ Golang rewrite of eyes

  •    Go

eyes is complete Golang rewrite of the eyes.sh BASH script that scans domains and IP addresses for relevant information. It is useful for information gathering during penetration testing, and it utilizes APIs to keep your identity safe. This program is a Golang adaptation of the eyes.sh BASH script, which is a BASH adaptation of ReconDog.

enumerid - Enumerate RIDs using pure Python

  •    Python

I created enumerid to help determine valid ranges in an environment after getting the intial foothold. Enumerid works by connecting over RPC and enumerating the Domain Computers group and then performing an IP lookup for the given hostname. If the host has a leased IP, you will get a resolution. This gives attackers the ability to more easily orient themselves in the network. Rather than limiting the user to a single RID I decided to make it a bit more open ended and allow the user to specify arbitrary RIDs with the option to perform DNS resolution. So this script ended up being a more evolved version of enum4linux. The benefit of enumerid is that you can theoretically compile it into an exe and run it on Windows, although I have not personally tested this.

delator - Golang-based subdomain miner leveraging certificate transparency logs

  •    Go

DELATOR (lat. informer) is a tool to perform subdomain enumeration and initial reconnaissance through the abusing of certificate transparency (CT) logs. It expands on the original work done by Sheila A. Berta with her CTFR tool and leverages the speed and power of Go. To run DELATOR a domain (-d) and search source (-s) must always be specified.

getJS - A tool to fastly get all javascript sources/files

  •    Go

getJS is a tool to extract all the javascript files from a set of given urls. varying from completing the urls, to resolving the files.

hunter - 🐺 Command-line application and golang client library for hunter.io

  •    Go

Command-line application and golang client library for hunter.io. The command-line application has three major commands search, find, and verify. All three of these commands output JSON. This makes parsing the infromation easy, especially using command-line tools like jq.

portforge.cr - A script which opens multiple sockets from a specific port range you input.

  •    Crystal

This script is intended to open as many sockets as you which between 1024 - 65535. Lower than 1024 works too but you have to be a root user for that. This can be useful when you don't want people to map out your device and see what you're running and not, so it's a small step to defeat reconnaissance.

seeker - Find GeoLocation with High Accuracy...

  •    Python

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your loction just like many popular location based websites. This tool is a Proof of Concept and is for Educational Purposes Only, Seeker shows what data a malicious website can gather about you and your devices and why you should not click on random links and allow critical permissions such as Location etc.

quick-recon.py - Do some quick reconnaissance on a domain-based web-application

  •    Python

Do some quick reconnaissance on a domain-based web-application. This is very useful if you test a single web-application or domain and don't have time (mood) to gather information manually.

ScreenShooter - Convert your masscan/subdomain-scan results (80,443,8080) into screenshots for better analysis

  •    Python

"ScreenShooter" will take a masscan-result by default. If you want to use a list of subdomains add -s as additional parameter.

recon-my-way - This repository created for personal use and added tools from my latest blog post.

  •    C

This repository contains the tools and scripts, I added in my recent blog post "Recon-My way" and I personally use. Note: All credits goes to the original developers of the tools listed in this repository. I do not own any of the tool listed in this repository.

CloudScraper - CloudScraper: Tool to enumerate targets in search of cloud resources

  •    Python

This tool was inspired by a recent talk by Bryce Kunz. The talk Blue Cloud of Death: Red Teaming Azure takes us through some of the lesser known common information disclosures outside of the ever common S3 Buckets. To add keywords, simply add to the list in the parser function.