Recon Tools
// archived — old content, may be outdated
Recon tooling.
Tools:
## Osint
- Domain information (whois and amass)
- Emails addresses and users (theHarvester and emailfinder)
- Password leaks (pwndb and H8mail)
- Metadata finder (MetaFinder)
- Google Dorks (degoogle_hunter)
- Github Dorks (gitdorks_go)
Subdomains
- Passive (amass and github-subdomains)
- Certificate transparency (ctfr)
- Bruteforce (puredns)
- Permutations (Gotator)
- JS files & Source Code Scraping (gospider)
- DNS Records (dnsx)
- Google Analytics ID (AnalyticsRelationships)
- TLS handshake (tlsx)
- Recursive search.
- Subdomains takeover (nuclei)
- DNS takeover (dnstake)
- DNS Zone Transfer (dig)
- Cloud checkers (S3Scanner and cloud_enum)
Hosts
- IP info (whoisxmlapi API)
- CDN checker (ipcdn)
- WAF checker (wafw00f)
- Port Scanner (Active with nmap and passive with smap)
- Port services vulnerability checks (searchsploit)
- Password spraying (brutespray)
Webs
- Web Prober (httpx and unimap)
- Web screenshot (webscreenshot or gowitness)
- Web templates scanner (nuclei and nuclei geeknik)
- Url extraction (waybackurls, gau, gospider, github-endpoints and JSA)
- URLPatterns Search (gf and gf-patterns)
- XSS (dalfox)
- Open redirect (Oralyzer)
- SSRF (headers interactsh and param values with ffuf)
- CRLF (crlfuzz)
- Favicon Real IP (fav-up)
- Javascript analysis (subjs, JSA, xnLinkFinder, getjswords)
- Fuzzing (ffuf)
- Cors (Corsy)
- LFI Checks (ffuf)
- SQLi Check (SQLMap)
- SSTI (ffuf)
- CMS Scanner (CMSeeK)
- SSL tests (testssl)
- Broken Links Checker (gospider)
- Prototype Pollution (ppfuzz)
- URL sorting by extension
- Wordlist generation
- Passwords dictionary creation (pydictor)