Reconnaissance and OSINT
95 tools found
MetaFinder
Searches domain documents via search engines to extract relevant metadata.
AAweRT
Recon framework automating phases of info gathering and vulnerability assessment, with organized session folders for each run.
AlterX
Fast, customizable subdomain wordlist generator using Domain-Specific Language (DSL).
uncover
Go wrapper using search engine APIs to discover exposed hosts on the internet for automation.
OSINT Tools
Find subdomains online using 9 hosted tools like Sublist3r, Amass, Findomain, and more.
getallurls
Fetches known URLs for a domain from OTX, Wayback, Common Crawl, and URLScan.
cdncheck
Identifies technologies linked to DNS/IP addresses for infrastructure reconnaissance.
shuffledns
Massdns wrapper for subdomain bruteforce and resolution with wildcard handling support.
Awesome Search Queries
Community-driven list of OSINT queries for multiple search engines and research purposes.
fff
Fast URL fetcher sending parallel requests at intervals without waiting for responses.
waybackurls
Fetches historical URLs for domains from the Wayback Machine for surface analysis.
httprobe
Probes a list of domains to identify which have active HTTP or HTTPS servers.
dishtance
Calculates the location where a photo/video with a satellite dish was taken.
Photon
Extracts URLs, intel (emails, social media), files, secret keys, and DNS data during crawling.
Wappalyzer Next
CLI tool and Python library for web technology detection using updated fingerprints.
Cobra
All-in-one tool with pre-built Go and Python tools for easier hacking and reconnaissance.
D4TA-HUNTER
Automates information gathering on company employees for ethical hacking audits.
SCANNER-INURLBR
PHP tool for advanced search engine queries, capturing and validating emails/URLs via GET/POST.
STRX
Modular Linux string manipulation tool for OSINT, pentesting, and data analysis.
SecretOpt1c
Tool for Red Teams, Pentesters, and Bug Bounty Hunters that finds sensitive info on websites using active and passive techniques.
CHOMTE.SH
Versatile framework for automated reconnaissance in pentesting, with scanning and reporting.
FOCA
Analyzes documents to extract metadata and hidden info from files like PDF, DOC, and more.
Katana
Fast, configurable web crawler with Standard/Headless modes and JavaScript parsing.
Web Sherlock
Web interface for username investigation across 400+ social media platforms.
Expired Domains
Search and analyze expired domains focusing on SEO, backlinks, and threat intelligence.
