api-dnsdumpster|26.459abfa|Unofficial Python API for http://dnsdumpster.com/.|https://github.com/PaulSec/API-dnsdumpster.com basedomainname|0.1|Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.|http://www.morningstarsecurity.com/research bing-ip2hosts|0.4|Enumerates all hostnames which Bing has indexed for a specific IP address.|http://www.morningstarsecurity.com/research/bing-ip2hosts catnthecanary|7.e9184fe|An application to query the canary.pw data set for leaked data.|https://github.com/packetassailant/catnthecanary cutycapt|10|A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page.|http://cutycapt.sourceforge.net/ dnsbrute|2.b1dc84a|Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads.|https://github.com/d4rkcat/dnsbrute dnsenum|1.2.4.2|Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.|http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=dnsenum dnsrecon|0.8.9|Python script for enumeration of hosts, subdomains and emails from a given domain using google.|https://github.com/darkoperator/dnsrecon dnsspider|0.8|A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.|http://nullsecurity.net/tools/scanner.html dnstracer|1.9|Determines where a given DNS server gets its information from, and follows the chain of DNS servers|http://www.mavetju.org/unix/dnstracer.php dnswalk|2.0.2|A DNS debugger|http://sourceforge.net/projects/dnswalk/ domain-analyzer|0.8.1|Finds all the security information for a given domain name.|http://sourceforge.net/projects/domainanalyzer/ dradis|3.0.0.rc1|An open source framework to enable effective information sharing.|http://dradisframework.org/ enum4linux|0.8.9|A tool for enumerating information from Windows and Samba systems.|http://labs.portcullis.co.uk/application/enum4linux/ facebot|23.57f6025|A facebook profile and reconnaissance system.|https://github.com/pun1sh3r/facebot fbid|11.b8106f8|Show info about the author by facebook photo url.|https://github.com/guelfoweb/fbid flashlight|107.39594b5|Automated Information Gathering Tool for Penetration Testers.|https://github.com/galkan/flashlight geoedge|0.2|This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool).| githack|6.b83a744|A `.git` folder disclosure exploit.|https://github.com/lijiejie/githack gitminer|29.e25f339|Tool for advanced mining for content on Github.|https://github.com/danilovazb/GitMiner goodork|2.2|A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line.|http://goo-dork.blogspot.com/ goofile|1.5|Command line filetype search|https://code.google.com/p/goofile/ goog-mail|1.0|Enumerate domain emails from google.|http://www.darkc0de.com/others/goog-mail.py gwtenum|7.f27a5aa|Enumeration of GWT-RCP method calls.|http://www.gdssecurity.com/l/t/d.php?k=GwtEnum halcyon|0.1|A repository crawler that runs checksums for static files found within a given git repository.|http://www.blackhatlibrary.net/Halcyon hasere|1.0|Discover the vhosts using google and bing.|https://github.com/galkan/hasere idswakeup|1.0|A collection of tools that allows to test network intrusion detection systems.|http://www.hsc.fr/ressources/outils/idswakeup/index.html.en intrace|1.5|Traceroute-like application piggybacking on existing TCP connections|http://intrace.googlecode.com ircsnapshot|94.cb02a85|Tool to gather information from IRC servers.|https://github.com/bwall/ircsnapshot ivre|954.2a7f74c|Network recon framework.|https://ivre.rocks/ kacak|1.0|Tools for penetration testers that can enumerate which users logged on windows system.|https://github.com/galkan/kacak lanmap2|127.1197999|Passive network mapping tool.|http://github.com/rflynn/lanmap2 lbd|20130719|Load Balancing detector|http://ge.mine.nu/code/lbd ldapenum|0.1|Enumerate domain controllers using LDAP.|https://gobag.googlecode.com/svn-history/r2/trunk/ldap/ldapenum/ lft|3.73|A layer four traceroute implementing numerous other features.|http://pwhois.org/lft/ linux-exploit-suggester|32.9db2f5a|A Perl script that tries to suggest exploits based OS version number.|https://github.com/PenturaLabs/Linux_Exploit_Suggester loot|51.656fb85|Sensitive information extraction tool.|https://github.com/GuerrillaWarfare/Loot machinae|61.67b9725|A tool for collecting intelligence from public sites/feeds about various security-related pieces of data.|https://github.com/HurricaneLabs/machinae mdns-recon|7.cf67423|An mDNS recon tool written in Python.|https://github.com/chadillac/mdns_recon metagoofil|1.4b|An information gathering tool designed for extracting metadata of public documents|http://www.edge-security.com/metagoofil.php missidentify|1.0|A program to find Win32 applications.|http://missidentify.sourceforge.net/ monocle|1.0|A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network.|http://packetstormsecurity.com/files/99823/Monocle-Host-Discovery-Tool.0.html nasnum|5.df5df19|Script to enumerate network attached storages.|https://github.com/tcstool/nasnum.git necromant|3.acbc448|Python Script that search unused Virtual Hosts in Web Servers.|https://github.com/PentesterES/Necromant neglected|8.68d02b3|Facebook CDN Photo Resolver.|https://github.com/GuerrillaWarfare/neglected netdiscover|0.3|An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.|http://nixgeneration.com/~jaime/netdiscover/ netmask|2.4.3|Helps determine network masks|http://packages.qa.debian.org/n/netmask.html nipper|0.11.7|Network Infrastructure Parser|https://www.titania-security.com/ nsec3walker|20101223|Enumerates domain names using DNSSEC|http://dnscurve.org/nsec3walker.html ntp-ip-enum|0.1|Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset.|http://www.securepla.net/ osinterator|3.8447f58|Open Source Toolkit for Open Source Intelligence Gathering.|https://github.com/guitarmanj/OSINTerator parsero|81.e5b585a|A robots.txt audit tool.|https://github.com/behindthefirewalls/Parsero pastenum|0.4.1|Search Pastebins for content, fork from nullthreat corelan pastenum2|http://github.com/shadowbq/pastenum quickrecon|0.3.2|A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.|http://packetstormsecurity.com/files/104314/QuickRecon.3.2.html recon-ng|4.8.0|A full-featured Web Reconnaissance framework written in Python.|https://bitbucket.org/LaNMaSteR53/recon-ng revipd|5.2aaacfb|A simple reverse IP domain scanner.|https://github.com/PypeRanger/revipd ripdc|0.2|A script which maps domains related to an given ip address or domainname.|http://nullsecurity.net/tools/scanner sctpscan|34.4d44706|A network scanner for discovery and security.|http://www.p1sec.com/ simplyemail|482.67fe027|Email recon made fast and easy, with a framework to build on http://CyberSyndicates.com.|https://github.com/killswitch-GUI/SimplyEmail sipi|10.10f087f|Simple IP Information Tools for Reputation Data Analysis.|https://github.com/ST2Labs/SIPI smbcrunch|4.46267a3|3 tools that work together to simplify reconaissance of Windows File Shares.|https://github.com/Raikia/SMBCrunch smtp-user-enum|1.2|Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.|http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum sn1per|83.f402b9a|Automated Pentest Recon Scanner.|https://github.com/1N3/Sn1per spiderfoot|2.6.1|The Open Source Footprinting Tool.|http://spiderfoot.net/ ssl-hostname-resolver|1|CN (Common Name) grabber on X.509 Certificates over HTTPS.|http://packetstormsecurity.com/files/120634/Common-Name-Grabber-Script.html subdomainer|1.2|A tool designed for obtaining subdomain names from public sources.|http://www.edge-security.com/subdomainer.php sysdig|0.10.1|Open source system-level exploration and troubleshooting tool|http://www.sysdig.org/ theharvester|53.0f9a670|Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).|http://www.edge-security.com/theHarvester.php tilt|90.2bc2ef2|An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup.|https://github.com/AeonDave/tilt tinfoleak|3.6469eb3|Get detailed information about a Twitter user activity.|https://github.com/technoskald/tinfoleak/ traceroute|2.0.21|Tracks the route taken by packets over an IP network|http://traceroute.sourceforge.net/ treasure|6.a91d52b|Hunt for sensitive information through githubs code search.|https://github.com/GuerrillaWarfare/Treasure twofi|2.0|Twitter Words of Interest.|http://www.digininja.org/projects/twofi.php vbrute|1.11dda8b|Virtual hosts brute forcer.|https://github.com/nccgroup/vbrute waldo|28.a33de7a|A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python.|https://github.com/red-team-labs/waldo websearch|1.cce2384|Search vhost names given a host range. Powered by Bing..|https://github.com/PentesterES/WebSearch whatweb|4188.f467aa2|Next generation web scanner that identifies what websites are running.|http://www.morningstarsecurity.com/research/whatweb zgrab|511.7b65b58|Grab banners (optionally over TLS).|https://github.com/zmap/zgrab