Skip to content

Latest commit

 

History

History
243 lines (122 loc) · 8.14 KB

recon.md

File metadata and controls

243 lines (122 loc) · 8.14 KB

RECON

DNS/Domains

CloudFail

  • A PoC to help one gather information about a target protected by CloudFlare with configuration issues.

Domain Analyzer

  • A security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.

Domain Hunter

XRay

  • A tool for recon, mapping and OSINT gathering from public networks.

Dorking

GooDork

  • A command line google dorking tool.

Github Dorks

  • A collection of github dorks and helper tool to automate the process of checking dorks.

Snitch

  • Automated information gathering using built in Dorks.

Hashes, Keys, Creds and Dumps

credmap

  • Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.

Gitem

  • A Github organization recon tool.

Gitrob

  • A tool to help one find sensitive information in public files on GitHub.

GitLeak

  • A tool library for searching sourcecode on github.

Gitleaks

  • Site is currently down, but claims to be coming back online (see tool above).

hashes.org

pwdology

  • generate custom password lists based off of OSINT on a target.

Steamer

  • Import, manage, search public dumps

HoneyPots

Yeah yeah, this should probably be in a better section or something.

Canary

  • Not freeware or OSS, but brought to you by the same people that make Canarytokens.

Feedback on how to build SMB Honeypot

  • A nice little writeup about making a SMB honeypot to observe WannaCry attacks.

HoneyPy

Modern Noneypot Network

  • Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management.

Miscellaneous

Account Analysis

  • A solid twitter account analysis webapp.

Awesome OSINT

  • A curated list of amazingly awesome open source intelligence tools and resources.

Canarytokens

  • Track when someone queries a database, reads a file, performs a bitcoin transaction, views a Linkedin Profile and many other randomly amazing things.

CloudFire

  • Discover potential IP's leaking from behind cloud-proxied services, e.g. Cloudflare.

ExtractHosts

  • Extracts hosts (IP/Hostnames) from files.

Just-Metadata

  • A tool that analyzes metadata on a given IP address.

IntelTechniques Search Tool

  • All the recon.

Metagoofil

  • A tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.

Reconnoitre

  • A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags.

Snoopy-ng

  • A distributed sensor, data collection, interception, analysis and visualization framework written in python.

SpiderFoot

  • An open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target.

WaubackUnfinder

  • A tool that allows one to take a look at how a file has ever looked by aggregating all versions of this file, and creating a unified version that contains every line that has ever been in it.

Organizations

Gitem

  • A Github organization reconnaissance tool.

People

Family Tree

Hunchly

Launchfeed Firehose

Search/Recon Engines, API's & Programs

CheckPwnedEmail

Censys

  • Python code to query the Censys public scan database.

datasploit

  • An OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.

Esoteric sub-domain enumeration techniques

  • This repository contains all the talk materials, videos and scripts from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference.

Insecam

InSpy

  • A python based LinkedIn enumeration tool.

IOT Scanner

LinkedInt

  • A LinkedIn scraper for reconnaissance based off of deprecated linkedin-gatherer.

Machinae

  • A tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints.

O.D.I.N.

  • A Python tool for automating penetration testing work, like intelligence gathering, testing, and reporting.

OSRFramework

  • The Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.

Paterva - Maltego

Prowl

  • Scrape LinkedIn for company staff members.

PwnedConsole

Shodan.io

Sonar

  • Sonar is a reconnaissance tool for enumerating sub domains.

subsearch

  • A tool for discovering subdomains via third party services and wordlists.

theHarvester

  • E-mail, subdomain and people names harvester.

Threat Crowd

Theory, Articles & Blogs

Automatically Discover Website Connections Through Tracking Codes

Email Reconnaissance: Phishing Template Generation Made Simple

Galvanize Capstone Series: Geolocation of Twitter Users

[Ichidan Is A Shodan-Like Search Engine For the Dark Web]https://www.bleepingcomputer.com/news/security/ichidan-is-a-shodan-like-search-engine-for-the-dark-web/

Metadata: a hacker's best friend

Working Around Twitter API Restrictions To Identify Bots

VCS

vcsmap

  • vcsmap is a plugin-based tool to scan public version control systems for sensitive information.