Awesome Recon Tools Save

A compiled list of tools for reconnaissance and footprinting

Project README

header-image

Recon Tools Awesome

A compiled list of tools for reconnaissance and footprinting.

Contents

Domain and Network Recon

Robust tools for gathering domain and network information.

Programs and Web Applications

  • ARIN Whois/RDAP - A public resource that allows a user to retrieve information about IP number resources, organizations, and Points of Contact registered with ARIN.

  • Aquatone - A tool for visual inspection of websites across a large amount of hosts. Very convenient for quickly gaining an overview of HTTP-based attack surfaces.

  • Batch IP Converter - An award-winning network tool to work with IP addresses. Domain-to-IP Converter, Batch Ping, Tracert, Whois, and more.

  • BuiltWith - Scans for over 46,953 different web technologies. Discover what tools a site uses such as shopping carts, hosting, analytics, and more.

  • Censys - Mines a global internet dataset to enumerate assets that may compromise an attack surface.

  • DataSploit - Performs automated OSINT on a domain/email/username/phone and finds relevant information from different sources.

  • DNSDumpster - Can discover hosts related to a domain. Map an organizations attack surface with a virtual "dumpster dive."

  • Domaintools - Find Whois information quickly and easily including registrar, name servers, and etc.

  • FindSubDomains - From Spyse. Awesome tool to find subdomains.

  • FireCompass - Discovers and organization's digital attack surface.

  • Informer - Retrieves a quick aggregated view of everything the Web can promptly tell you about a site.

  • Maltego - Open Source Intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.

  • Netcraft - Multiple tools from site report to DNS search.

  • Professional Toolset - Ping, Tracert, HTTP Headers, and more!

  • Shodan - Shodan has servers around the world that crawl the internet 24/7 to provide the latest internet intelligence.

  • SpiderFoot - Automated OSINT collection!

  • Traceroute NG - Continuous probing, detects path changes, supports IPv4 & IPv6, Creates a txt logfile.

  • URL Fuzzer - Free light scan for hidden files and directories.

  • VisualRoute - Continuous trace routing, reverse tracing, port probing, route analysis, and much more!

  • You Get Signal - Port forwarding, network location, visual trace route, reverse IP domain check, and more!

  • Wappalyzer - Identify technologies on websites. Find out the technology stack of any website.

  • WebShag - Multi-threaded, multi-platform web server audit tool. Gathers useful functionalities for web server auditing like website crawling, URL scanning, or file fuzzing.

  • Wireshark - The world's foremost and widely-used network protocol analyzer.

  • Whois.net - Quick and easy Whois lookup. Domain name search, registration and availability, and more.

Windows CLI

  • nslookup - Command-line tool for querying the Domain Name System to obtain name or IP address mapping and other DNS records.

  • tracert - Commmand-line tool for displaying a route and measuring transit delays of packets across an Internal Protocol network.

Linux CLI // Kali

  • dig - Domain Information Groper - Queries the DNS of a given server.

  • dnsrecon - Check NS Records for Zone Transfers, enumerate general DNS records, check cached DNS records, and more.

  • dnstracer - Determines where a given Domain Name Server gets its information from for a given hostname.

  • Fierce - DNS reconnaissance tool for locating non-contiguous IP space.

  • Ghost Eye - Information gathering tool for Whois, DNS, EtherApe, Nmap, and more.

  • recon-ng - Provides a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.

  • traceroute - Print the route packets trace to network host.

  • unicornscan - Provides a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network.

  • whois - Quick and easy client for the whois directory service.

Personal Information and Email Footprinting

Tools for gathering personal information, social networks, and email footprinting.

Programs and Web Applications

  • BeenVerified - Background checks with loads of information.

  • eMailTrackerPro - Pull detailed information from an email header. Also includes spam filtering.

  • Followerwonk - Information scraped from Twitter.

  • Infoga - Gather email OSINT. Domains, sources, breaches, and more.

  • Jigsaw - OSINT-X Intelligence Collection Tool from Jigsaw allows for the collection of data from RSS feeds, the dark web, Twitter, Facebook, and other sources.

  • PeekYou - Locate personal information from family members to social media accounts.

Linux CLI // Kali

  • sherlock - Crawls the web for social profiles.

  • theHarvester - Pulls a list of email addresses of a specific domain from multiple search engines.

Hacking with Google

Commands (or "dorks") for the world's most popular search engine

  • cache - this command will show you the cached version of any website. cache: securitytrails.com

  • allintext - searches for specific text contained on any web page. allintext: hacking tools

  • allintitle - exactly the same as allintext, but will show pages that contain titles with X characters. allintitle:"Security Companies"

  • allinurl - it can be used to fetch results whose URL contains all the specified characters. allinurl client area

  • filetype - used to search for any kind of file extensions, for example, if you want to search for jpg files you can use: filetype: jpg

  • inurl - this is exactly the same as allinurl, but it is only useful for one single keyword. inurl: admin

  • intitle - used to search for various keywords inside the title, for example, intitle:security tools will search for titles beginning with “security” but “tools” can be somewhere else in the page.

  • inanchor - this is useful when you need to search for an exact anchor text used on any links. inanchor:"cyber security"

  • intext - useful to locate pages that contain certain characters or strings inside their text. intext:"safe internet"

  • link - will show the list of web pages that have links to the specified URL. link: microsoft.com

  • site - will show you the full list of all indexed URLs for the specified domain and subdomain. site:securitytrails.com

  • * - wildcard used to search pages that contain “anything” before your word. For example, how to * a website, will return “how to…” design/create/hack, etc… “a website”.

  • | - this is a logical operator, for example, "security" "tips" will show all the sites which contain “security” or “tips,” or both words.

  • + - used to concatenate words, useful to detect pages that use more than one specific key. security + trails

  • - minus operator is used to avoiding showing results that contain certain words, for example, security -trails will show pages that use “security” in their text, but not those that have the word “trails.”

Open Source Agenda is not affiliated with "Awesome Recon Tools" Project. README Source: nateahess/awesome-recon-tools
Stars
61
Open Issues
0
Last Commit
3 years ago
Repository
nateahess/awesome-recon-tools
License
Creative Commons Zero v1.0 Universal
Tags
Awesome Awesome List Cybersecurity Footprinting Recon Reconnaissance Red Team Security

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?