Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages.

Tool count: 38

BlackArch recon
Name Version Description Homepage
activedirectoryenum 0.5.0 Enumerate AD through LDAP.
ad-ldap-enum 88.60bc5bb An LDAP based Active Directory user and group enumeration tool.
ad-miner v1.4.0.r0.gf89646c Active Directory audit tool that extract data from Bloodhound to uncover security weaknesses and generate an HTML report
adidnsdump 25.8bbb4b0 Active Directory Integrated DNS dumping by any authenticated user.
aiodnsbrute 38.e773a4c Python 3 DNS asynchronous brute force utility.
altdns 76.8c1de0f Generates permutations, alterations and mutations of subdomains and then resolves them.
aquatone 142.2daa022 A Tool for Domain Flyovers.
attacksurfacemapper 47.8a402ed Tool that aims to automate the reconnaissance process.
autosint 236.25d292c Tool to automate common osint tasks.
aws-inventory 19.9a2fa8e Discover resources created in an AWS account.
aztarna 1.2.1 A footprinting tool for ROS and SROS systems.
badkarma 85.2c46334 Advanced network reconnaissance toolkit.
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
bfac 53.18fb0b5 An automated tool that checks for backup artifacts that may disclose the web-application's source code.
billcipher 32.97fba59 Information Gathering tool for a Website or IP address.
bing-ip2hosts 1.0.5 Enumerates all hostnames which Bing has indexed for a specific IP address.
bloodhound 1665.0d36459 Six Degrees of Domain Admin
bloodhound-python v1.0.1.r137.g15d4697 Bloodhound python data collector
bridgekeeper 57.55c390c Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format.
catnthecanary 7.e9184fe An application to query the data set for leaked data.
ccrawldns 6.92525b6 Retrieves from the CommonCrawl data set unique subdomains for a given domain name.
certgraph 172.465bddc Crawl the graph of certificate Alternate Names.
chaos-client 283.17a19d7 Go client to communicate with Chaos dataset API.
citadel 95.3b1adbc A library of OSINT tools.
cloud-buster 194.b55e4a1 A tool that checks Cloudflare enabled sites for origin IP leaks.
cloudfail 79.7982c7d Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network.
cloudlist 575.ebe1127 A tool for listing Assets from multiple Cloud Providers.
cloudmare 108.9c5a39f A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS.
cloudunflare 14.b91a8a7 Reconnaissance Real IP address for Cloudflare Bypass.
cr3dov3r 46.99a1660 Search for public leaks for email addresses + check creds against 16 websites.
cutycapt 10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page.
datasploit 367.a270d50 Performs automated OSINT and more.
dga-detection 78.0a3186e DGA Domain Detection using Bigram Frequency Analysis.
dns-parallel-prober 68.422db61 PoC for an adaptive parallelised DNS prober.
dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads.
dnscobra 1.0 DNS subdomain bruteforcing tool with Tor support through torsocks.
dnsenum Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
dnsgrep 14.3f4fa7c A utility for quickly searching presorted DNS names.
dnsprobe 56.7120008 Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
dnsrecon 1.2.0 Python script for enumeration of hosts, subdomains and emails from a given domain using google.
dnssearch 20.e4ea439 A subdomain enumeration tool.
dnsspider 1.4 A fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
dnstracer 1.10 Determines where a given DNS server gets its information from, and follows the chain of DNS servers
dnswalk 2.0.2 A DNS debugger and zone-transfer utility.
dnsx 905.4d4e8bd Fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
domain-analyzer 0.8.1 Finds all the security information for a given domain name.
domain-stats 169.759c52c A web API to deliver domain information from whois and alexa.
domained 80.d9d079c Multi Tool Subdomain Enumeration.
domainhunter 51.38cb7ef Checks expired domains for categorization/reputation and history to determine good candidates for phishing and C2 domain names.
dradis-ce 5575.ed72071c An open source framework to enable effective information sharing.
elevate 27.1272d51 Horizontal domain discovery tool you can use to discover other domains owned by a given company.
enum4linux 0.9.1 A tool for enumerating information from Windows and Samba systems.
enum4linux-ng 418.1fe4760 A next generation version of enum4linux.
enumerate-iam 14.4529114 Enumerate the permissions associated with an AWS credential set.
enumerid 33.82e1676 Enumerate RIDs using pure Python.
exitmap 373.8155029 A fast and modular scanner for Tor exit relays.
facebot 23.57f6025 A facebook profile and reconnaissance system.
fav-up 54.089aa11 IP lookup by favicon using Shodan.
favfreak 27.8acea5e Weaponizing favicon.ico for BugBounties , OSINT and what not.
fbid 16.1b35eb9 Show info about the author by facebook photo url.
fierce 135.f32f639 A DNS reconnaissance tool for locating non-contiguous IP space.
finalrecon 168.37d5d85 OSINT Tool for All-In-One Web Reconnaissance.
findomain 9.0.4 The fastest and cross-platform subdomain enumerator, do not waste your time
flashlight 109.90d1dc5 Automated Information Gathering Tool for Penetration Testers.
forager 115.7439b0a Multithreaded threat Intelligence gathering utilizing.
gasmask 172.2527371 All in one Information gathering tool - OSINT.
gatecrasher 2.3ad5225 Network auditing and analysis tool developed in Python.
geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool).
gh-dork 3.799f86f Github dorking tool.
git-hound 174.1d20536 Pinpoints exposed API keys on GitHub. A batch-catching, pattern-matching, patch-attacking secret snatcher.
git-wild-hunt 16.6495672 A tool to hunt for credentials in github wild AKA git*hunt.
gitdorker 113.8199375 Python program to scrape secrets from GitHub through usage of a large repository of dorks.
gitem 104.d40a1c9 A Github organization reconnaissance tool.
gitgraber 78.8278c02 Monitor GitHub to search and find sensitive data in real time for different online services.
githack 16.a3d70b1 A `.git` folder disclosure exploit.
github-dorks 82.d50a677 Collection of github dorks and helper tool to automate the process of checking dorks.
gitleaks 8.18.1 Audit Git repos for secrets and keys
gitmails 71.8aa8411 An information gathering tool to collect git commit emails in version control host services.
gitminer 54.16ada58 Tool for advanced mining for content on Github.
gitrecon 30.6467e78 OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits.
go-windapsearch v0.3.0.r22.ged05587 Utility to enumerate users, groups and computers from a Windows domain through LDAP queries.
goddi 1.2 Dumps Active Directory domain information.
goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line.
goofile 1.5 Command line filetype search
goog-mail 1.0 Enumerate domain emails from google.
googlesub 14.a7a3cc7 A python script to find domains by using google dorks.
goohak 31.815a31e Automatically Launch Google Hacking Queries Against A Target Domain.
goop 12.39b34eb Perform google searches without being blocked by the CAPTCHA or hitting any rate limits.
gosint 196.9c86ed2 OSINT framework in Go.
grabing 11.9c1aa6c Counts all the hostnames for an IP adress
graphinder 1.11.6 GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce.
gwtenum 7.f27a5aa Enumeration of GWT-RCP method calls.
h8mail 344.ee31c8f Email OSINT and password breach hunting.
hakrevdns 43.c63f7f8 Small, fast tool for performing reverse DNS lookups en masse.
halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository.
hasere 1.0 Discover the vhosts using google and bing.
hatcloud 33.3012ad6 Bypass CloudFlare with Ruby.
hoper 15.8d5dbd9 Trace URL's jumps across the rel links to obtain the last URL.
hosthunter 158.553f1c7 A recon tool for discovering hostnames using OSINT techniques.
howmanypeoplearearound 123.b05e06a Count the number of people around you by monitoring wifi signals.
id-entify 34.dd064a5 Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records.
idswakeup 1.0 A collection of tools that allows to test network intrusion detection systems.
infoga 33.79a1c03 Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers).
inquisitor 28.12a9ec1 OSINT Gathering Tool for Companies and Organizations.
intelplot 12.4dd9fc0 OSINT Tool to Mark Points on Offline Map.
intrace 1.5 Traceroute-like application piggybacking on existing TCP connections
ip-tracer 91.8e2e3dd Track and retrieve any ip address information.
ip2clue 0.0.95 A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6).
iptodomain 18.f1afcd7 This tool extract domains from IP address based in the information saved in virustotal.
ipv666 182.ad45ae8 Golang IPv6 address enumeration.
ircsnapshot 94.cb02a85 Tool to gather information from IRC servers.
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data.
ivre 0.9.20.dev200 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,...
ivre-docs 0.9.20.dev200 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (documentation)
ivre-web 0.9.20.dev200 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (web application)
jackdaw 416.1c3a4c2 Collect all information in your domain, show you graphs on how domain objects interact with each-other and how to exploit these interactions.
jsearch 44.87cf9c1 Simple script that grep infos from javascript files.
kacak 1.0 Tools for penetration testers that can enumerate which users logged on windows system.
kamerka 40.be17620 Build interactive map of cameras from Shodan.
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences.
lanmap2 127.1197999 Passive network mapping tool.
lbd 20130719 Load Balancing detector,
ldapenum 0.1 Enumerate domain controllers using LDAP.
ldeep 1.0.54.r0.g72dbd0d In-depth ldap enumeration utility.
legion 61.ca99853 Automatic Enumeration Tool based in Open Source tools.
lft 3.91 A layer four traceroute implementing numerous other features.
lhf 40.51568ee A modular recon tool for pentesting.
linux-exploit-suggester 32.9db2f5a A Perl script that tries to suggest exploits based OS version number. 171.2063aeb Linux privilege escalation auditing tool.
littlebrother 112.338cf82 OSINT tool to get informations on French, Belgian and Swizerland people.
loot 51.656fb85 Sensitive information extraction tool.
machinae 197.9ef3e6c A tool for collecting intelligence from public sites/feeds about various security-related pieces of data.
mail-crawl 0.1 Tool to harvest emails from website.
massbleed 20.44b7e85 SSL Vulnerability Scanner.
mdns-recon 11.69b864e An mDNS recon tool written in Python.
metabigor 78.607b2c9 Intelligence Tool but without API key.
metafinder v1.2.r2.g30c8475 Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata.
metagoofil 81.11878c8 An information gathering tool designed for extracting metadata of public documents.
mildew 11.df49c23 Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs.
missidentify 1.0 A program to find Win32 applications.
monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network.
nasnum 5.df5df19 Script to enumerate network attached storages.
necromant 4.53930c2 Python Script that search unused Virtual Hosts in Web Servers.
neglected 8.68d02b3 Facebook CDN Photo Resolver.
netdiscover 218.ff28964 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.
netkit-bsd-finger 0.17 BSD-finger ported to Linux.
netkit-rusers 0.17 Logged in users; Displays who is logged in to machines on local network.
netkit-rwho 0.17 Remote who client and server (with Debian patches).
netmask 2.4.4 Helps determine network masks
nohidy 67.22c1283 The system admins best friend, multi platform auditing tool.
nsec3walker 20101223 Enumerates domain names using DNSSEC
ntp-ip-enum 0.1 Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset.
nullinux 123.a647159 Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions.
omnibus 129.88dbf5d OSINT tool for intelligence collection, research and artifact management.
onioff 84.34dc309 An onion url inspector for inspecting deep web links.
osint-spy 25.03dcf48 Performs OSINT scan on email/domain/ip_address/organization.
osinterator 3.8447f58 Open Source Toolkit for Open Source Intelligence Gathering.
osintgram 1.3.r9.g3c61e53 OSINT tool offering an interactive shell to perform analysis on Instagram account of any users by its nickname.
osrframework 840.e02a6e9 A project focused on providing API and tools to perform more accurate online researches.
parsero 81.e5b585a A robots.txt audit tool.
pastemonitor 10.abbceb9 Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match..
pdfgrab 15.1327508 Tool for searching pdfs withthin google and extracting pdf metadata.
pmapper 82.91d2e60 A tool for quickly evaluating IAM permissions in AWS.
postenum 116.9cd9d7e Clean, nice and easy tool for basic/advanced privilege escalation techniques.
protosint 26.1ee6ee4 Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses.
punter 45.97b7bed Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare.
puredns v2.1.1.r1.g9d94e50 Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering.
pwned 2443.341c638 A command-line tool for querying the 'Have I been pwned?' service.
pwned-search 40.04c1439 Pwned Password API lookup.
pwnedornot 150.d25d3fa Tool to find passwords for compromised email addresses.
pymeta 13.fa74e64 Auto Scanning to SSL Vulnerability.
python-api-dnsdumpster 79.0f8ba2b Unofficial Python API for
python-ivre 0.9.20.dev200 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (library)
python-shodan 1.31.0 The official Python library and CLI for Shodan
python2-api-dnsdumpster 79.0f8ba2b Unofficial Python API for
python2-ivre 0.9.16.dev26 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (library)
python2-shodan 1.28.0 Python library and command-line utility for Shodan (
quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
raccoon 187.9cf6c11 A high performance offensive security tool for reconnaissance and vulnerability scanning.
rdwarecon 1.2.r0.g9675200 A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application.
recon-ng 1025.470f4c1 A full-featured Web Reconnaissance framework written in Python.
reconnoitre 441.f62afba A security tool for multithreaded information gathering and service enumeration.
reconscan 61.afbcfc0 Network reconnaissance and vulnerability assessment tools.
recsech 123.1fc298a Tool for doing Footprinting and Reconnaissance on the target web.
red-hawk 36.fa54e23 All in one tool for Information Gathering, Vulnerability Scanning and Crawling.
reverseip 13.42cc9c3 Ruby based reverse IP-lookup tool.
revipd 5.2aaacfb A simple reverse IP domain scanner.
ridrelay 34.f2fa99c Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
ripdc 0.3 A script which maps domains related to an given ip address or domainname.
rita 847.423287f Real Intelligence Threat Analytics.
rusthound 55.6d7b945 Active Directory data collector for BloodHound.
scavenger 103.75907e8 Crawler (Bot) searching for credential leaks on different paste sites.
sctpscan 34.4d44706 A network scanner for discovery and security.
scylla 98.d738a75 Find Advanced Information on a Username, Website, Phone Number, etc.
server-status-pwn 12.841d55d A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
shard 1.5 A command line tool to detect shared passwords.
shhgit 66.53e656c Find committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time.
shodanhat 13.e5e7e68 Search for hosts info with shodan.
shosubgo v3.0.r2.gd9e5dcd Small tool to Grab subdomains using Shodan API.
simplyemail 1.4.10.r7.6a42d37 Email recon made fast and easy, with a framework to build on CyberSyndicates
sipi 13.58f0dcc Simple IP Information Tools for Reputation Data Analysis.
smbcrunch 12.313400e 3 tools that work together to simplify reconnaissance of Windows File Shares.
smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.
snscrape A social networking service scraper in Python.
socialscan 128.5ae42d0 Check email address and username availability on online platforms.
spfmap 8.a42d15a A program to map out SPF and DKIM records for a large number of domains.
spiderfoot 4.0 The Open Source Footprinting Tool.
spoofcheck 16.8cce591 Simple script that checks a domain for email protections.
spyse 47.cd11ba9 Python API wrapper and command-line client for the tools hosted on
ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS.
stardox 41.95b0a97 Github stargazers information gathering tool.
subdomainer 1.2 A tool designed for obtaining subdomain names from public sources.
subfinder v2.6.3.r403.gb562e4b Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target.
sublert 67.56d2a12 A security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
sublist3r 138.729d649 A Fast subdomains enumeration tool for penetration testers.
subscraper 32.d20dcb7 Tool that performs subdomain enumeration through various techniques.
svn-extractor 45.6829804 A simple script to extract all web resources by means of .SVN folder exposed over network.
swamp 59.3c8be65 An OSINT tool for discovering associated sites through Google Analytics Tracking IDs.
syborg 36.5cd010b Recursive DNS Subdomain Enumerator with dead-end avoidance system.
teamsuserenum v1.0.r1.g0c8b6c2 User enumeration with Microsoft Teams API
thedorkbox 7.43852d3 Comprehensive collection of Google Dorks & OSINT techniques to find Confidential Data.
theharvester 3643.2221743c Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).
tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup.
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity.
tinfoleak2 41.c45c33e The most complete open-source tool for Twitter intelligence analysis.
traceroute 2.1.5 Tracks the route taken by packets over an IP network
treasure 2.b3249be Hunt for sensitive information through githubs code search.
trusttrees 102.a9b7399 A Tool for DNS Delegation Trust Graphing.
twofi 2.0 Twitter Words of Interest.
ubiquiti-probing 5.c28f4c1 A Ubiquiti device discovery tool.
udork 102.1a0aab0 Bash script that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications.
uhoh365 26.110277a Script to enumerate Office 365 users without performing login attempts
uncover v1.0.2.r2.g4b929e0 Discover exposed hosts on the internet using multiple search engines.
userrecon 10.3b56891 Find usernames across over 75 social networks.
vbrute 1.11dda8b Virtual hosts brute forcer.
vpnpivot 22.37bbde0 Explore the network using this tool.
waldo 29.ee4f960 A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python.
waybackurls 11.89da10c Fetch all the URLs that the Wayback Machine knows about for a domain.
websearch 4.cb7ef8e Search vhost names given a host range. Powered by Bing..
weebdns 14.c01c04f DNS Enumeration with Asynchronicity.
whatweb 4910.efee4d80 Next generation web scanner that identifies what websites are running.
windapsearch 28.7724ec4 Script to enumerate users, groups and computers from a Windows domain through LDAP queries.
windows-exploit-suggester 41.776bd91 This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
xray 91.ca50a32 A tool for recon, mapping and OSINT gathering from public networks.
zeus-scanner 414.21b8756 Advanced dork searching utility.
zgrab 804.59a517f Grab banners (optionally over TLS).