Order by:
BuiltWith
BuiltWith checks websites for snippets of code or tags related to some technologies. Since that data is publicly...
crt.sh
A popular CT search tool is crt.sh. Subdomains can be detected using Certificate Transparency (CT). SSL/TLS certificates...
DataSploit
DataSploit is an open source intelligence collection (OSINT) tool. It is a simple way to dump data for a domain...
GoLismero
GoLismero is an open source framework for security testing. It's currently geared towards web security, but...
GrayhatWarfare
GrayhatWarfare is a searchable database where a list of open S3 buckets can be found. Amazon's S3 cloud storage,...
Nmap
Nmap is a free and open source utility for network discovery and security auditing. Many systems and...
Recon-NG
Recon-NG is a reconnaissance tool with an interface similar to Metasploit. Running Recon-NG from the command line,...
ReVeRsE-IP
A python based non-interactive ugly reverse IP lookup script to find domains on a target server.
Shodan
Shodan is a search engine, like Google, but instead of searching for websites, it searches for internet-connected...
Sn1per
Sn1per works by automating a bunch of processes that collect basic recon on a target domain, (for example executing...
SpiderFoot
SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence...
Sublist3r
Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers...
