Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nateahess/awesome-recon-tools
A compiled list of tools for reconnaissance and footprinting
https://github.com/nateahess/awesome-recon-tools
List: awesome-recon-tools
awesome awesome-list cybersecurity footprinting recon reconnaissance red-team security
Last synced: 16 days ago
JSON representation
A compiled list of tools for reconnaissance and footprinting
- Host: GitHub
- URL: https://github.com/nateahess/awesome-recon-tools
- Owner: nateahess
- License: cc0-1.0
- Created: 2021-02-11T22:43:49.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-03-27T19:46:58.000Z (over 3 years ago)
- Last Synced: 2024-05-23T08:03:32.596Z (7 months ago)
- Topics: awesome, awesome-list, cybersecurity, footprinting, recon, reconnaissance, red-team, security
- Homepage:
- Size: 425 KB
- Stars: 64
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: contributing.md
- License: LICENSE
- Code of conduct: code-of-conduct.md
Awesome Lists containing this project
- ultimate-awesome - awesome-recon-tools - A compiled list of tools for reconnaissance and footprinting. (Other Lists / Monkey C Lists)
README
![header-image](https://github.com/nahberry/Recon-Tools/blob/main/Logo/Recon-Tools.PNG)
# Recon Tools [![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re)
> A compiled list of tools for reconnaissance and footprinting.## Contents
* [Domain and Network Recon](#Domain-and-Network-Recon) - Tools for grabbing network related information.
* [Personal Information and Email Footprinting](#Personal-Information-and-Email-Footprinting) - Tools for finding personal information such as social networks and emails as well as footprinting tools for mail.
* [Hacking with Google](#Hacking-with-Google) - Use Google commands to your advantage
## Domain and Network Recon
> Robust tools for gathering domain and network information.### Programs and Web Applications
* [ARIN Whois/RDAP](https://arin.net/about/welcom/region) - A public resource that allows a user to retrieve information about IP number resources, organizations, and Points of Contact registered with ARIN.
* [Aquatone](https://github.com/michenriksen/aquatone) - A tool for visual inspection of websites across a large amount of hosts. Very convenient for quickly gaining an overview of HTTP-based attack surfaces.
* [Batch IP Converter](http://sabsoft.com) - An award-winning network tool to work with IP addresses. Domain-to-IP Converter, Batch Ping, Tracert, Whois, and more.
* [BuiltWith](https://builtwith.com) - Scans for over 46,953 different web technologies. Discover what tools a site uses such as shopping carts, hosting, analytics, and more.
* [Censys](https://censys.io) - Mines a global internet dataset to enumerate assets that may compromise an attack surface.
* [DataSploit](https://github.com/DataSploit/datasploit) - Performs automated OSINT on a domain/email/username/phone and finds relevant information from different sources.
* [DNSDumpster](https://dnsdumpster.com) - Can discover hosts related to a domain. Map an organizations attack surface with a virtual "dumpster dive."
* [Domaintools](https://whois.domaintools.com) - Find Whois information quickly and easily including registrar, name servers, and etc.
* [FindSubDomains](https://findsubdomains.com) - From Spyse. Awesome tool to find subdomains.
* [FireCompass](https://firecompass.com) - Discovers and organization's digital attack surface.
* [Informer](https://website.informer.com/) - Retrieves a quick aggregated view of everything the Web can promptly tell you about a site.
* [Maltego](https://maltego.com) - Open Source Intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.
* [Netcraft](https://netcraft.com) - Multiple tools from site report to DNS search.
* [Professional Toolset](https://network-tools.com) - Ping, Tracert, HTTP Headers, and more!
* [Shodan](https://shodan.io) - Shodan has servers around the world that crawl the internet 24/7 to provide the latest internet intelligence.
* [SpiderFoot](https://www.spiderfoot.net/) - Automated OSINT collection!
* [Traceroute NG](https://solarwinds.com/free-tools/traceroute-ng) - Continuous probing, detects path changes, supports IPv4 & IPv6, Creates a txt logfile.
* [URL Fuzzer](https://pentest-tools.com/website-vulnerability-scanning/discover-hidden-directories-and-files#) - Free light scan for hidden files and directories.
* [VisualRoute](http://www.visualroute.com) - Continuous trace routing, reverse tracing, port probing, route analysis, and much more!
* [You Get Signal](https://yougetsignal.com) - Port forwarding, network location, visual trace route, reverse IP domain check, and more!
* [Wappalyzer](https://www.wappalyzer.com) - Identify technologies on websites. Find out the technology stack of any website.
* [WebShag](https://github.com/wereallfeds/webshag) - Multi-threaded, multi-platform web server audit tool. Gathers useful functionalities for web server auditing like website crawling, URL scanning, or file fuzzing.
* [Wireshark](https://wireshark.org) - The world's foremost and widely-used network protocol analyzer.
* [Whois.net](https://whois.net) - Quick and easy Whois lookup. Domain name search, registration and availability, and more.
### Windows CLI
* [nslookup](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup) - Command-line tool for querying the Domain Name System to obtain name or IP address mapping and other DNS records.
* [tracert](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/tracert) - Commmand-line tool for displaying a route and measuring transit delays of packets across an Internal Protocol network.
### Linux CLI // Kali
* [dig](https://linuxhandbook.com/dig-command/) - Domain Information Groper - Queries the DNS of a given server.
* [dnsrecon](https://tools.kali.org/information-gathering/dnsrecon) - Check NS Records for Zone Transfers, enumerate general DNS records, check cached DNS records, and more.
* [dnstracer](https://tools.kali.org/information-gathering/dnstracer) - Determines where a given Domain Name Server gets its information from for a given hostname.
* [Fierce](https://github.com/mschwager/fierce) - DNS reconnaissance tool for locating non-contiguous IP space.
* [Ghost Eye](https://github.com/BullsEye0/ghost_eye) - Information gathering tool for Whois, DNS, EtherApe, Nmap, and more.
* [recon-ng](https://github.com/lanmaster53/recon-ng) - Provides a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.
* [ronin-recon](https://github.com/ronin-rb/ronin-recon#readme) - Recursive recon engine and framework that can enumerate subdomains, DNS records, port scan, grab TLS certs, spider websites, and collect email addresses.
* [traceroute](https://www.commandlinux.com/man-page/man1/traceroute.db.1.html) - Print the route packets trace to network host.
* [unicornscan](https://tools.kali.org/information-gathering/unicornscan) - Provides a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network.
* [whois](https://www.commandlinux.com/man-page/man1/whois.1.html) - Quick and easy client for the whois directory service.
## Personal Information and Email Footprinting
> Tools for gathering personal information, social networks, and email footprinting.### Programs and Web Applications
* [BeenVerified](https://beenverified.com) - Background checks with loads of information.
* [eMailTrackerPro](https://emailtrackerpro.com) - Pull detailed information from an email header. Also includes spam filtering.
* [Followerwonk](https://followerwonk.com) - Information scraped from Twitter.
* [Infoga](https://github.com/m4ll0k/infoga) - Gather email OSINT. Domains, sources, breaches, and more.
* [Jigsaw](https://www.jigsawsecurityenterprise.com/) - OSINT-X Intelligence Collection Tool from Jigsaw allows for the collection of data from RSS feeds, the dark web, Twitter, Facebook, and other sources.
* [PeekYou](https://peekyou.com) - Locate personal information from family members to social media accounts.
### Linux CLI // Kali
* [sherlock](https://github.com/sherlock-project/sherlock) - Crawls the web for social profiles.
* [theHarvester](https://tools.kali.org/information-gathering/theharvester) - Pulls a list of email addresses of a specific domain from multiple search engines.
## Hacking with Google
> Commands (or "dorks") for the world's most popular search engine* __cache__ - this command will show you the cached version of any website.
`cache: securitytrails.com`* __allintext__ - searches for specific text contained on any web page.
`allintext: hacking tools`* __allintitle__ - exactly the same as allintext, but will show pages that contain titles with X characters.
`allintitle:"Security Companies"`* __allinurl__ - it can be used to fetch results whose URL contains all the specified characters.
`allinurl client area`* __filetype__ - used to search for any kind of file extensions, for example, if you want to search for jpg files you can use:
`filetype: jpg`* __inurl__ - this is exactly the same as allinurl, but it is only useful for one single keyword.
`inurl: admin`* __intitle__ - used to search for various keywords inside the title, for example,
`intitle:security tools` will search for titles beginning with “security” but “tools” can be somewhere else in the page.* __inanchor__ - this is useful when you need to search for an exact anchor text used on any links.
`inanchor:"cyber security"`* __intext__ - useful to locate pages that contain certain characters or strings inside their text.
`intext:"safe internet"`* __link__ - will show the list of web pages that have links to the specified URL.
`link: microsoft.com`* __site__ - will show you the full list of all indexed URLs for the specified domain and subdomain.
`site:securitytrails.com`* __*__ - wildcard used to search pages that contain “anything” before your word.
For example, `how to * a website`, will return “how to…” design/create/hack, etc… “a website”.* __|__ - this is a logical operator, for example, `"security" "tips"` will show all the sites which contain “security” or “tips,” or both words.
* __+__ - used to concatenate words, useful to detect pages that use more than one specific key.
`security + trails`* __–__ - minus operator is used to avoiding showing results that contain certain words, for example, `security -trails` will show pages that use “security” in their text, but not those that have the word “trails.”