activedirectoryenum |
0.5.0 |
Enumerate AD through LDAP. |
|
ad-ldap-enum |
88.60bc5bb |
An LDAP based Active Directory user and group enumeration tool. |
|
ad-miner |
v1.6.1.r0.ge0ea12c |
Active Directory audit tool that extract data from Bloodhound to uncover security weaknesses and generate an HTML report |
|
adexplorersnapshot |
92.19e027e |
AD Explorer snapshot parser. |
|
adidnsdump |
25.8bbb4b0 |
Active Directory Integrated DNS dumping by any authenticated user. |
|
aiodnsbrute |
38.e773a4c |
Python 3 DNS asynchronous brute force utility. |
|
altdns |
76.8c1de0f |
Generates permutations, alterations and mutations of subdomains and then resolves them. |
|
aquatone |
151.f4eed57 |
A Tool for Domain Flyovers. |
|
asn |
0.78.0 |
ASN, RPKI validity, BGP stats, IPv4v6, Prefix, URL, ASPath, Organization, IP reputation, IP geolocation, IP fingerprinting, Network recon, lookup API server, Web traceroute server. |
|
attacksurfacemapper |
47.8a402ed |
Tool that aims to automate the reconnaissance process. |
|
autosint |
236.25d292c |
Tool to automate common osint tasks. |
|
aws-inventory |
19.9a2fa8e |
Discover resources created in an AWS account. |
|
aztarna |
1.2.1 |
A footprinting tool for ROS and SROS systems. |
|
badkarma |
85.2c46334 |
Advanced network reconnaissance toolkit. |
|
basedomainname |
0.1 |
Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. |
|
bfac |
53.18fb0b5 |
An automated tool that checks for backup artifacts that may disclose the web-application's source code. |
|
billcipher |
32.97fba59 |
Information Gathering tool for a Website or IP address. |
|
bing-ip2hosts |
1.0.5 |
Enumerates all hostnames which Bing has indexed for a specific IP address. |
|
bloodhound |
v4.3.1.r41.g0d36459 |
Six Degrees of Domain Admin |
|
bloodhound-python |
v1.0.1.r151.ge8b0b7a |
Bloodhound python data collector |
|
bridgekeeper |
57.55c390c |
Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format. |
|
catnthecanary |
7.e9184fe |
An application to query the canary.pw data set for leaked data. |
|
ccrawldns |
6.92525b6 |
Retrieves from the CommonCrawl data set unique subdomains for a given domain name. |
|
certgraph |
172.465bddc |
Crawl the graph of certificate Alternate Names. |
|
chaos-client |
283.17a19d7 |
Go client to communicate with Chaos dataset API. |
|
citadel |
95.3b1adbc |
A library of OSINT tools. |
|
cloud-buster |
194.b55e4a1 |
A tool that checks Cloudflare enabled sites for origin IP leaks. |
|
cloudfail |
79.7982c7d |
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network. |
|
cloudlist |
716.f298752 |
A tool for listing Assets from multiple Cloud Providers. |
|
cloudmare |
108.9c5a39f |
A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS. |
|
cloudunflare |
14.b91a8a7 |
Reconnaissance Real IP address for Cloudflare Bypass. |
|
cr3dov3r |
47.4e1f784 |
Search for public leaks for email addresses + check creds against 16 websites. |
|
cutycapt |
10 |
A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page. |
|
datasploit |
367.a270d50 |
Performs automated OSINT and more. |
|
dga-detection |
78.0a3186e |
DGA Domain Detection using Bigram Frequency Analysis. |
|
dns-parallel-prober |
68.422db61 |
PoC for an adaptive parallelised DNS prober. |
|
dnsbrute |
2.b1dc84a |
Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads. |
|
dnscobra |
1.0 |
DNS subdomain bruteforcing tool with Tor support through torsocks. |
|
dnsenum |
1.2.4.2 |
Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. |
|
dnsgrep |
14.3f4fa7c |
A utility for quickly searching presorted DNS names. |
|
dnsprobe |
56.7120008 |
Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |
|
dnsrecon |
1.3.0 |
Python script for enumeration of hosts, subdomains and emails from a given domain using google. |
|
dnssearch |
20.e4ea439 |
A subdomain enumeration tool. |
|
dnsspider |
1.4 |
A fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation. |
|
dnstracer |
1.10 |
Determines where a given DNS server gets its information from, and follows the chain of DNS servers |
|
dnswalk |
2.0.2 |
A DNS debugger and zone-transfer utility. |
|
dnsx |
1007.e978639 |
Fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. |
|
domain-analyzer |
0.8.1 |
Finds all the security information for a given domain name. |
|
domain-stats |
169.759c52c |
A web API to deliver domain information from whois and alexa. |
|
domained |
80.d9d079c |
Multi Tool Subdomain Enumeration. |
|
domainhunter |
51.38cb7ef |
Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names. |
|
dradis-ce |
5575.ed72071c |
An open source framework to enable effective information sharing. |
|
elevate |
27.1272d51 |
Horizontal domain discovery tool you can use to discover other domains owned by a given company. |
|
enum4linux |
0.9.1 |
A tool for enumerating information from Windows and Samba systems. |
|
enum4linux-ng |
422.70c6ea1 |
A next generation version of enum4linux. |
|
enumerate-iam |
14.4529114 |
Enumerate the permissions associated with an AWS credential set. |
|
enumerid |
36.d3e7265 |
Enumerate RIDs using pure Python. |
|
exitmap |
373.8155029 |
A fast and modular scanner for Tor exit relays. |
|
facebot |
23.57f6025 |
A facebook profile and reconnaissance system. |
|
fav-up |
54.089aa11 |
IP lookup by favicon using Shodan. |
|
favfreak |
27.8acea5e |
Weaponizing favicon.ico for BugBounties , OSINT and what not. |
|
fbid |
16.1b35eb9 |
Show info about the author by facebook photo url. |
|
fierce |
135.f32f639 |
A DNS reconnaissance tool for locating non-contiguous IP space. |
|
finalrecon |
193.88c85d2 |
OSINT Tool for All-In-One Web Reconnaissance. |
|
findomain |
9.0.4 |
The fastest and cross-platform subdomain enumerator, do not waste your time |
|
flashlight |
109.90d1dc5 |
Automated Information Gathering Tool for Penetration Testers. |
|
forager |
115.7439b0a |
Multithreaded threat Intelligence gathering utilizing. |
|
gasmask |
172.2527371 |
All in one Information gathering tool - OSINT. |
|
gatecrasher |
2.3ad5225 |
Network auditing and analysis tool developed in Python. |
|
geoedge |
0.2 |
This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). |
|
gh-dork |
3.799f86f |
Github dorking tool. |
|
git-hound |
174.1d20536 |
Pinpoints exposed API keys on GitHub. A batch-catching, pattern-matching, patch-attacking secret snatcher. |
|
git-wild-hunt |
16.6495672 |
A tool to hunt for credentials in github wild AKA git*hunt. |
|
gitdorker |
113.8199375 |
Python program to scrape secrets from GitHub through usage of a large repository of dorks. |
|
gitem |
104.d40a1c9 |
A Github organization reconnaissance tool. |
|
gitgraber |
82.aab4839 |
Monitor GitHub to search and find sensitive data in real time for different online services. |
|
githack |
16.a3d70b1 |
A `.git` folder disclosure exploit. |
|
github-dorks |
82.d50a677 |
Collection of github dorks and helper tool to automate the process of checking dorks. |
|
gitleaks |
8.20.0 |
Audit Git repos for secrets and keys |
|
gitmails |
71.8aa8411 |
An information gathering tool to collect git commit emails in version control host services. |
|
gitminer |
54.16ada58 |
Tool for advanced mining for content on Github. |
|
gitrecon |
30.6467e78 |
OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits. |
|
go-windapsearch |
v0.3.0.r22.ged05587 |
Utility to enumerate users, groups and computers from a Windows domain through LDAP queries. |
|
goddi |
1.2 |
Dumps Active Directory domain information. |
|
goodork |
2.2 |
A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line. |
|
goofile |
1.5 |
Command line filetype search |
|
goog-mail |
1.0 |
Enumerate domain emails from google. |
|
googlesub |
14.a7a3cc7 |
A python script to find domains by using google dorks. |
|
goohak |
31.815a31e |
Automatically Launch Google Hacking Queries Against A Target Domain. |
|
goop |
12.39b34eb |
Perform google searches without being blocked by the CAPTCHA or hitting any rate limits. |
|
gosint |
196.9c86ed2 |
OSINT framework in Go. |
|
grabing |
11.9c1aa6c |
Counts all the hostnames for an IP adress |
|
graphinder |
1.11.6 |
GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. |
|
gwtenum |
7.f27a5aa |
Enumeration of GWT-RCP method calls. |
|
h8mail |
344.ee31c8f |
Email OSINT and password breach hunting. |
|
hakrevdns |
47.3001d16 |
Small, fast tool for performing reverse DNS lookups en masse. |
|
halcyon |
0.1 |
A repository crawler that runs checksums for static files found within a given git repository. |
|
hasere |
1.0 |
Discover the vhosts using google and bing. |
|
hatcloud |
33.3012ad6 |
Bypass CloudFlare with Ruby. |
|
hoper |
15.8d5dbd9 |
Trace URL's jumps across the rel links to obtain the last URL. |
|
hosthunter |
158.553f1c7 |
A recon tool for discovering hostnames using OSINT techniques. |
|
howmanypeoplearearound |
123.b05e06a |
Count the number of people around you by monitoring wifi signals. |
|
id-entify |
34.dd064a5 |
Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records. |
|
idswakeup |
1.0 |
A collection of tools that allows to test network intrusion detection systems. |
|
infoga |
33.79a1c03 |
Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers). |
|
inquisitor |
28.12a9ec1 |
OSINT Gathering Tool for Companies and Organizations. |
|
intelplot |
12.4dd9fc0 |
OSINT Tool to Mark Points on Offline Map. |
|
intrace |
1.5 |
Traceroute-like application piggybacking on existing TCP connections |
|
ip-tracer |
92.6b9c454 |
Track and retrieve any ip address information. |
|
ip2clue |
0.0.95 |
A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6). |
|
iptodomain |
18.f1afcd7 |
This tool extract domains from IP address based in the information saved in virustotal. |
|
ipv666 |
182.ad45ae8 |
Golang IPv6 address enumeration. |
|
ircsnapshot |
94.cb02a85 |
Tool to gather information from IRC servers. |
|
isr-form |
1.0 |
Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data. |
|
ivre |
0.9.21.dev19 |
Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... |
|
ivre-docs |
0.9.21.dev19 |
Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (documentation) |
|
ivre-web |
0.9.21.dev19 |
Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (web application) |
|
jackdaw |
416.1c3a4c2 |
Collect all information in your domain, show you graphs on how domain objects interact with each-other and how to exploit these interactions. |
|
jsearch |
44.87cf9c1 |
Simple script that grep infos from javascript files. |
|
kacak |
1.0 |
Tools for penetration testers that can enumerate which users logged on windows system. |
|
kamerka |
40.be17620 |
Build interactive map of cameras from Shodan. |
|
keye |
29.d44a578 |
Recon tool detecting changes of websites based on content-length differences. |
|
lanmap2 |
127.1197999 |
Passive network mapping tool. |
|
lbd |
20130719 |
Load Balancing detector, |
|
ldapenum |
0.1 |
Enumerate domain controllers using LDAP. |
|
ldeep |
1.0.54.r0.g72dbd0d |
In-depth ldap enumeration utility. |
|
legion |
61.ca99853 |
Automatic Enumeration Tool based in Open Source tools. |
|
lft |
3.91 |
A layer four traceroute implementing numerous other features. |
|
lhf |
40.51568ee |
A modular recon tool for pentesting. |
|
linux-exploit-suggester |
32.9db2f5a |
A Perl script that tries to suggest exploits based OS version number. |
|
linux-exploit-suggester.sh |
171.2063aeb |
Linux privilege escalation auditing tool. |
|
littlebrother |
112.338cf82 |
OSINT tool to get informations on French, Belgian and Swizerland people. |
|
loot |
51.656fb85 |
Sensitive information extraction tool. |
|
machinae |
197.9ef3e6c |
A tool for collecting intelligence from public sites/feeds about various security-related pieces of data. |
|
mail-crawl |
0.1 |
Tool to harvest emails from website. |
|
massbleed |
20.44b7e85 |
SSL Vulnerability Scanner. |
|
mdns-recon |
11.69b864e |
An mDNS recon tool written in Python. |
|
metabigor |
78.607b2c9 |
Intelligence Tool but without API key. |
|
metafinder |
v1.2.r2.g30c8475 |
Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata. |
|
metagoofil |
85.5d20635 |
An information gathering tool designed for extracting metadata of public documents. |
|
mildew |
11.df49c23 |
Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs. |
|
missidentify |
1.0 |
A program to find Win32 applications. |
|
monocle |
1.0 |
A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. |
|
nasnum |
5.df5df19 |
Script to enumerate network attached storages. |
|
necromant |
4.53930c2 |
Python Script that search unused Virtual Hosts in Web Servers. |
|
neglected |
8.68d02b3 |
Facebook CDN Photo Resolver. |
|
netdiscover |
218.ff28964 |
An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. |
|
netkit-bsd-finger |
0.17 |
BSD-finger ported to Linux. |
|
netkit-rusers |
0.17 |
Logged in users; Displays who is logged in to machines on local network. |
|
netkit-rwho |
0.17 |
Remote who client and server (with Debian patches). |
|
netmask |
2.4.4 |
Helps determine network masks |
|
nohidy |
67.22c1283 |
The system admins best friend, multi platform auditing tool. |
|
nsec3walker |
20101223 |
Enumerates domain names using DNSSEC |
|
ntp-ip-enum |
0.1 |
Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. |
|
nullinux |
124.9f8727a |
Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. |
|
omnibus |
129.88dbf5d |
OSINT tool for intelligence collection, research and artifact management. |
|
onioff |
84.34dc309 |
An onion url inspector for inspecting deep web links. |
|
osint-spy |
25.03dcf48 |
Performs OSINT scan on email/domain/ip_address/organization. |
|
osinterator |
3.8447f58 |
Open Source Toolkit for Open Source Intelligence Gathering. |
|
osintgram |
1.3.r9.g3c61e53 |
OSINT tool offering an interactive shell to perform analysis on Instagram account of any users by its nickname. |
|
osrframework |
840.e02a6e9 |
A project focused on providing API and tools to perform more accurate online researches. |
|
parsero |
81.e5b585a |
A robots.txt audit tool. |
|
pastemonitor |
10.abbceb9 |
Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match.. |
|
pdfgrab |
15.1327508 |
Tool for searching pdfs withthin google and extracting pdf metadata. |
|
pmapper |
82.91d2e60 |
A tool for quickly evaluating IAM permissions in AWS. |
|
postenum |
123.3a148ba |
Clean, nice and easy tool for basic/advanced privilege escalation techniques. |
|
protosint |
26.1ee6ee4 |
Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses. |
|
punter |
45.97b7bed |
Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare. |
|
puredns |
v2.1.1.r1.g9d94e50 |
Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering. |
|
pwned |
2567.d074465 |
A command-line tool for querying the 'Have I been pwned?' service. |
|
pwned-search |
40.04c1439 |
Pwned Password API lookup. |
|
pwnedornot |
150.d25d3fa |
Tool to find passwords for compromised email addresses. |
|
pymeta |
13.fa74e64 |
Auto Scanning to SSL Vulnerability. |
|
python-api-dnsdumpster |
79.0f8ba2b |
Unofficial Python API for http://dnsdumpster.com/. |
|
python-ivre |
0.9.21.dev19 |
Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (library) |
|
python-shodan |
1.31.0 |
The official Python library and CLI for Shodan |
|
python2-api-dnsdumpster |
79.0f8ba2b |
Unofficial Python API for http://dnsdumpster.com/. |
|
python2-ivre |
0.9.16.dev26 |
Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (library) |
|
python2-shodan |
1.28.0 |
Python library and command-line utility for Shodan (https://developer.shodan.io). |
|
quickrecon |
0.3.2 |
A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. |
|
raccoon |
187.9cf6c11 |
A high performance offensive security tool for reconnaissance and vulnerability scanning. |
|
rdwarecon |
1.2.r0.g9675200 |
A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application. |
|
recon-ng |
1025.470f4c1 |
A full-featured Web Reconnaissance framework written in Python. |
|
reconnoitre |
441.f62afba |
A security tool for multithreaded information gathering and service enumeration. |
|
reconscan |
61.afbcfc0 |
Network reconnaissance and vulnerability assessment tools. |
|
recsech |
123.1fc298a |
Tool for doing Footprinting and Reconnaissance on the target web. |
|
red-hawk |
36.fa54e23 |
All in one tool for Information Gathering, Vulnerability Scanning and Crawling. |
|
reverseip |
13.42cc9c3 |
Ruby based reverse IP-lookup tool. |
|
revipd |
5.2aaacfb |
A simple reverse IP domain scanner. |
|
ridrelay |
34.f2fa99c |
Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. |
|
ripdc |
0.3 |
A script which maps domains related to an given ip address or domainname. |
|
rita |
v5.0.8.r0.g93b2dc5 |
Real Intelligence Threat Analytics. |
|
rusthound |
55.6d7b945 |
Active Directory data collector for BloodHound. |
|
s3enum |
v1.0.0.r11.g77e0370 |
Amazon S3 bucket enumeration. |
|
scavenger |
103.75907e8 |
Crawler (Bot) searching for credential leaks on different paste sites. |
|
sctpscan |
34.4d44706 |
A network scanner for discovery and security. |
|
scylla |
99.621b7b8 |
Find Advanced Information on a Username, Website, Phone Number, etc. |
|
seekr |
0.4.0 |
A multi-purpose OSINT toolkit with a neat web-interface. |
|
server-status-pwn |
12.841d55d |
A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. |
|
shard |
1.5 |
A command line tool to detect shared passwords. |
|
shhgit |
66.53e656c |
Find committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time. |
|
shodanhat |
13.e5e7e68 |
Search for hosts info with shodan. |
|
shosubgo |
v3.1.r3.gf605bdd |
Small tool to Grab subdomains using Shodan API. |
|
simplyemail |
1.4.10.r7.6a42d37 |
Email recon made fast and easy, with a framework to build on CyberSyndicates |
|
sipi |
13.58f0dcc |
Simple IP Information Tools for Reputation Data Analysis. |
|
smbcrunch |
12.313400e |
3 tools that work together to simplify reconnaissance of Windows File Shares. |
|
smtp-user-enum |
1.2 |
Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO. |
|
snscrape |
0.4.3.20220106 |
A social networking service scraper in Python. |
|
socialscan |
128.5ae42d0 |
Check email address and username availability on online platforms. |
|
spfmap |
8.a42d15a |
A program to map out SPF and DKIM records for a large number of domains. |
|
spiderfoot |
4.0 |
The Open Source Footprinting Tool. |
|
spoofcheck |
16.8cce591 |
Simple script that checks a domain for email protections. |
|
spyse |
47.cd11ba9 |
Python API wrapper and command-line client for the tools hosted on spyse.com. |
|
ssl-hostname-resolver |
1 |
CN (Common Name) grabber on X.509 Certificates over HTTPS. |
|
stardox |
41.95b0a97 |
Github stargazers information gathering tool. |
|
subdomainer |
1.2 |
A tool designed for obtaining subdomain names from public sources. |
|
subfinder |
v2.6.3.r516.g08236ce |
Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target. |
|
sublert |
67.56d2a12 |
A security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate. |
|
sublist3r |
138.729d649 |
A Fast subdomains enumeration tool for penetration testers. |
|
subscraper |
34.29aa5cc |
Tool that performs subdomain enumeration through various techniques. |
|
svn-extractor |
45.6829804 |
A simple script to extract all web resources by means of .SVN folder exposed over network. |
|
swamp |
59.3c8be65 |
An OSINT tool for discovering associated sites through Google Analytics Tracking IDs. |
|
syborg |
36.5cd010b |
Recursive DNS Subdomain Enumerator with dead-end avoidance system. |
|
teamsuserenum |
v1.0.r1.g0c8b6c2 |
User enumeration with Microsoft Teams API |
|
thedorkbox |
7.43852d3 |
Comprehensive collection of Google Dorks & OSINT techniques to find Confidential Data. |
|
theharvester |
3761.17ecd4f4 |
Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). |
|
tilt |
90.2bc2ef2 |
An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup. |
|
tinfoleak |
3.6469eb3 |
Get detailed information about a Twitter user activity. |
|
tinfoleak2 |
41.c45c33e |
The most complete open-source tool for Twitter intelligence analysis. |
|
traceroute |
2.1.5 |
Tracks the route taken by packets over an IP network |
|
treasure |
2.b3249be |
Hunt for sensitive information through githubs code search. |
|
trusttrees |
102.a9b7399 |
A Tool for DNS Delegation Trust Graphing. |
|
twofi |
2.0 |
Twitter Words of Interest. |
|
ubiquiti-probing |
5.c28f4c1 |
A Ubiquiti device discovery tool. |
|
udork |
102.1a0aab0 |
Bash script that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications. |
|
uhoh365 |
26.110277a |
Script to enumerate Office 365 users without performing login attempts |
|
uncover |
v1.0.2.r2.g4b929e0 |
Discover exposed hosts on the internet using multiple search engines. |
|
userrecon |
10.3b56891 |
Find usernames across over 75 social networks. |
|
vbrute |
1.11dda8b |
Virtual hosts brute forcer. |
|
vpnpivot |
22.37bbde0 |
Explore the network using this tool. |
|
waldo |
29.ee4f960 |
A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. |
|
waybackurls |
11.89da10c |
Fetch all the URLs that the Wayback Machine knows about for a domain. |
|
waymore |
v4.5.r0.g67c26c6 |
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal. |
|
websearch |
4.cb7ef8e |
Search vhost names given a host range. Powered by Bing.. |
|
weebdns |
14.c01c04f |
DNS Enumeration with Asynchronicity. |
|
whatweb |
4910.efee4d80 |
Next generation web scanner that identifies what websites are running. |
|
whoxyrm |
1.0.0.r5.g77318a7 |
A reverse whois tool based on Whoxy API. |
|
windapsearch |
28.7724ec4 |
Script to enumerate users, groups and computers from a Windows domain through LDAP queries. |
|
windows-exploit-suggester |
41.776bd91 |
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. |
|
xray |
109.7e8cc67 |
A tool for recon, mapping and OSINT gathering from public networks. |
|
zeus-scanner |
414.21b8756 |
Advanced dork searching utility. |
|
zgrab |
804.59a517f |
Grab banners (optionally over TLS). |
|