api-dnsdumpster|26.459abfa|Unofficial Python API for http://dnsdumpster.com/.|https://github.com/PaulSec/API-dnsdumpster.com
basedomainname|0.1|Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.|http://www.morningstarsecurity.com/research
bing-ip2hosts|0.4|Enumerates all hostnames which Bing has indexed for a specific IP address.|http://www.morningstarsecurity.com/research/bing-ip2hosts
catnthecanary|7.e9184fe|An application to query the canary.pw data set for leaked data.|https://github.com/packetassailant/catnthecanary
cutycapt|10|A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page.|http://cutycapt.sourceforge.net/
dnsbrute|2.b1dc84a|Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads.|https://github.com/d4rkcat/dnsbrute
dnsenum|1.2.4.2|Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.|http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=dnsenum
dnsrecon|0.8.9|Python script for enumeration of hosts, subdomains and emails from a given domain using google.|https://github.com/darkoperator/dnsrecon
dnsspider|0.8|A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.|http://nullsecurity.net/tools/scanner.html
dnstracer|1.9|Determines where a given DNS server gets its information from, and follows the chain of DNS servers|http://www.mavetju.org/unix/dnstracer.php
dnswalk|2.0.2|A DNS debugger|http://sourceforge.net/projects/dnswalk/
domain-analyzer|0.8.1|Finds all the security information for a given domain name.|http://sourceforge.net/projects/domainanalyzer/
dradis|3.0.0.rc1|An open source framework to enable effective information sharing.|http://dradisframework.org/
enum4linux|0.8.9|A tool for enumerating information from Windows and Samba systems.|http://labs.portcullis.co.uk/application/enum4linux/
facebot|23.57f6025|A facebook profile and reconnaissance system.|https://github.com/pun1sh3r/facebot
fbid|11.b8106f8|Show info about the author by facebook photo url.|https://github.com/guelfoweb/fbid
flashlight|107.39594b5|Automated Information Gathering Tool for Penetration Testers.|https://github.com/galkan/flashlight
geoedge|0.2|This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool).|
githack|6.b83a744|A `.git` folder disclosure exploit.|https://github.com/lijiejie/githack
gitminer|23.28d2cec|Tool for advanced mining for content on Github.|https://github.com/danilovazb/GitMiner
goodork|2.2|A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line.|http://goo-dork.blogspot.com/
goofile|1.5|Command line filetype search|https://code.google.com/p/goofile/
goog-mail|1.0|Enumerate domain emails from google.|http://www.darkc0de.com/others/goog-mail.py
gwtenum|7.f27a5aa|Enumeration of GWT-RCP method calls.|http://www.gdssecurity.com/l/t/d.php?k=GwtEnum
halcyon|0.1|A repository crawler that runs checksums for static files found within a given git repository.|http://www.blackhatlibrary.net/Halcyon
hasere|1.0|Discover the vhosts using google and bing.|https://github.com/galkan/hasere
idswakeup|1.0|A collection of tools that allows to test network intrusion detection systems.|http://www.hsc.fr/ressources/outils/idswakeup/index.html.en
intrace|1.5|Traceroute-like application piggybacking on existing TCP connections|http://intrace.googlecode.com
ircsnapshot|94.cb02a85|Tool to gather information from IRC servers.|https://github.com/bwall/ircsnapshot
ivre|912.4ea2a72|Network recon framework.|https://ivre.rocks/
kacak|1.0|Tools for penetration testers that can enumerate which users logged on windows system.|https://github.com/galkan/kacak
lanmap2|127.1197999|Passive network mapping tool.|http://github.com/rflynn/lanmap2
lbd|20130719|Load Balancing detector|http://ge.mine.nu/code/lbd
ldapenum|0.1|Enumerate domain controllers using LDAP.|https://gobag.googlecode.com/svn-history/r2/trunk/ldap/ldapenum/
lft|3.73|A layer four traceroute implementing numerous other features.|http://pwhois.org/lft/
linux-exploit-suggester|32.9db2f5a|A Perl script that tries to suggest exploits based OS version number.|https://github.com/PenturaLabs/Linux_Exploit_Suggester
loot|51.656fb85|Sensitive information extraction tool.|https://github.com/GuerrillaWarfare/Loot
machinae|61.67b9725|A tool for collecting intelligence from public sites/feeds about various security-related pieces of data.|https://github.com/HurricaneLabs/machinae
mdns-recon|7.cf67423|An mDNS recon tool written in Python.|https://github.com/chadillac/mdns_recon
metagoofil|1.4b|An information gathering tool designed for extracting metadata of public documents|http://www.edge-security.com/metagoofil.php
missidentify|1.0|A program to find Win32 applications.|http://missidentify.sourceforge.net/
monocle|1.0|A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network.|http://packetstormsecurity.com/files/99823/Monocle-Host-Discovery-Tool.0.html
nasnum|5.df5df19|Script to enumerate network attached storages.|https://github.com/tcstool/nasnum.git
necromant|3.acbc448|Python Script that search unused Virtual Hosts in Web Servers.|https://github.com/PentesterES/Necromant
neglected|8.68d02b3|Facebook CDN Photo Resolver.|https://github.com/GuerrillaWarfare/neglected
netdiscover|0.3|An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.|http://nixgeneration.com/~jaime/netdiscover/
netmask|2.4.3|Helps determine network masks|http://packages.qa.debian.org/n/netmask.html
nipper|0.11.7|Network Infrastructure Parser|https://www.titania-security.com/
nsec3walker|20101223|Enumerates domain names using DNSSEC|http://dnscurve.org/nsec3walker.html
ntp-ip-enum|0.1|Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset.|http://www.securepla.net/
osinterator|3.8447f58|Open Source Toolkit for Open Source Intelligence Gathering.|https://github.com/guitarmanj/OSINTerator
parsero|81.e5b585a|A robots.txt audit tool.|https://github.com/behindthefirewalls/Parsero
pastenum|0.4.1|Search Pastebins for content, fork from nullthreat corelan pastenum2|http://github.com/shadowbq/pastenum
quickrecon|0.3.2|A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.|http://packetstormsecurity.com/files/104314/QuickRecon.3.2.html
recon-ng|4.8.0|A full-featured Web Reconnaissance framework written in Python.|https://bitbucket.org/LaNMaSteR53/recon-ng
revipd|5.2aaacfb|A simple reverse IP domain scanner.|https://github.com/PypeRanger/revipd
ripdc|0.2|A script which maps domains related to an given ip address or domainname.|http://nullsecurity.net/tools/scanner
sctpscan|34.4d44706|A network scanner for discovery and security.|http://www.p1sec.com/
simplyemail|456.c094a8f|Email recon made fast and easy, with a framework to build on http://CyberSyndicates.com.|https://github.com/killswitch-GUI/SimplyEmail
sipi|10.10f087f|Simple IP Information Tools for Reputation Data Analysis.|https://github.com/ST2Labs/SIPI
smbcrunch|4.46267a3|3 tools that work together to simplify reconaissance of Windows File Shares.|https://github.com/Raikia/SMBCrunch
smtp-user-enum|1.2|Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.|http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum
sn1per|80.81324fe|Automated Pentest Recon Scanner.|https://github.com/1N3/Sn1per
spiderfoot|2.6.1|The Open Source Footprinting Tool.|http://spiderfoot.net/
ssl-hostname-resolver|1|CN (Common Name) grabber on X.509 Certificates over HTTPS.|http://packetstormsecurity.com/files/120634/Common-Name-Grabber-Script.html
subdomainer|1.2|A tool designed for obtaining subdomain names from public sources.|http://www.edge-security.com/subdomainer.php
sysdig|0.10.1|Open source system-level exploration and troubleshooting tool|http://www.sysdig.org/
theharvester|53.0f9a670|Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).|http://www.edge-security.com/theHarvester.php
tilt|90.2bc2ef2|An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup.|https://github.com/AeonDave/tilt
tinfoleak|3.6469eb3|Get detailed information about a Twitter user activity.|https://github.com/technoskald/tinfoleak/
traceroute|2.0.21|Tracks the route taken by packets over an IP network|http://traceroute.sourceforge.net/
treasure|6.a91d52b|Hunt for sensitive information through githubs code search.|https://github.com/GuerrillaWarfare/Treasure
twofi|2.0|Twitter Words of Interest.|http://www.digininja.org/projects/twofi.php
vbrute|1.11dda8b|Virtual hosts brute forcer.|https://github.com/nccgroup/vbrute
waldo|28.a33de7a|A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python.|https://github.com/red-team-labs/waldo
websearch|1.cce2384|Search vhost names given a host range. Powered by Bing..|https://github.com/PentesterES/WebSearch
whatweb|4188.f467aa2|Next generation web scanner that identifies what websites are running.|http://www.morningstarsecurity.com/research/whatweb
zgrab|501.750e13a|Grab banners (optionally over TLS).|https://github.com/zmap/zgrab