Reconnaissance and OSINT
107 tools found
PywerView
Python re-implementation of PowerView functionalities for AD enumeration on Linux.
Katana
Fast, configurable web crawler with Standard/Headless modes and JavaScript parsing.
Awesome Search Queries
Community-driven list of OSINT queries for multiple search engines and research purposes.
whatweb
Identifies website technologies, CMS, servers, libraries, and more, with over 1700 plugins.
jsluice
jsluice is a Go package and command-line tool for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.
D4TA-HUNTER
Automates information gathering on company employees for ethical hacking audits.
Raccoon
Offensive security tool for detailed reconnaissance and information gathering.
getallurls
Fetches known URLs for a domain from OTX, Wayback, Common Crawl, and URLScan.
OSINT Cheat Sheet
A curated list of OSINT tools, tips, datasets, and Maltego transforms free and paid shared for educational use. Some links may be outdated; contributions and updates are welcome via the Jieyaboo Wiki.
GIT Wild Hunt
Hunts for exposed credentials on GitHub to aid OSINT and leak-hunting activities.
Bounty Targets Data
Collects HackerOne and Bugcrowd bounty scopes to aid recon and program targeting.
adidnsdump
Tool to enumerate and export DNS records from Active Directory zones for reconnaissance.
PIDRILA
Fast async web path scanner focused on deepweb link analysis for ethical netstalkers.
OSINT Tools
Find subdomains online using 9 hosted tools like Sublist3r, Amass, Findomain, and more.
Asnlookup
Searches for organization ASNs, finds IP space, with integrated port scanning.
Porch Pirate
Porch Pirate is evolving from a Postman secret discovery tool into a multifunctional reconnaissance and OSINT framework. It goes beyond simple keyword searches, acting as a "secret-agnostic" tool to uncover any information with potential offensive value.
