Reconnaissance Tools

808 tools
reversing-unofficial-APIs
reversing-unofficial-APIs
Free Reconnaissance

Resources for reverse engineering “unofficial APIs”.
RivalSearchMCP
RivalSearchMCP
Open Source Reconnaissance

Deterministic research MCP server on FastMCP 3 — 5-engine web search, 9-platform social search, 6 academic DBs, news aggregation, entity pro…
robin
robin
Open Source Reconnaissance

AI-Powered Dark Web OSINT Tool
robofinder
robofinder
Open Source Reconnaissance

Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to collect old directories and paths for any domain which …
RomBuster
RomBuster
Open Source Exploitation Reconnaissance

RomBuster is a router exploitation tool that allows to disclosure network router admin password.
s1c0n
s1c0n
Open Source Reconnaissance

simple recon tool to help you for searching vulnerability on web server
s3dns
s3dns
Open Source Reconnaissance Scanning & Enumeration

Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern
s3enum
s3enum
Open Source Reconnaissance

Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.
sandmap
sandmap
Open Source Kali Reconnaissance Scanning & Enumeration

Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
satnow-scraper
satnow-scraper
Free Reconnaissance

OSINT web scraper for SatNow to extract details about satellite components and subsystem specs for in-depth reconnaissance 🛸
Scam-Blocklist
Scam-Blocklist
Open Source Reconnaissance Social Engineering

Blocklist for newly created scam, phishing, and other malicious domains automatically retrieved daily using Google Search API, automated det…
ScamIntelLogs
ScamIntelLogs
Free Reconnaissance Social Engineering

Open-source intelligence archive of crypto scam operations — internal chats, admin panels, victim records, and infrastructure data for resea…
scan4all
scan4all
Open Source Password Attacks Reconnaissance

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Po…
ScanCannon
ScanCannon
Free Exploitation Reconnaissance

A script for credentials-based attack surface enumeration and general reconnaissance of massive networks
scanme
scanme
Open Source Forensics Reconnaissance

A Golang package for scanning private and public IPs for open TCP ports 👁️
ScanPro
ScanPro
Free Exploitation Reconnaissance

ScanPro - NMap Scanning Scripts ~ Network Mapper
scilla
scilla
Open Source Reconnaissance Scanning & Enumeration

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
scope
scope
Free Reconnaissance Web Application

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/…
ScopeSentry
ScopeSentry
Free Reconnaissance Web Application

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed n…
scrape-youtube-channel-videos-url
scrape-youtube-channel-videos-url
Open Source Reconnaissance

This Python script is used to scrape all the video links from a youtube channel.
Scrummage
Scrummage
Open Source Reconnaissance Web Application

A Holistic OSINT and Threat Hunting Platform
sd-goo
sd-goo
Open Source Reconnaissance

Enumerate Subdomains Through Google Dorks (Bypassed Page Filter)
Search-Engines
Search-Engines
Free Reconnaissance

A list of Search Engines that will be useful for different aspect of your work, OSINT, Privacy & OPSEC.
SearchMyName
SearchMyName
Open Source Reconnaissance

Welcome to SearchMyName! This tool allows you to enumerate usernames across many websites! OSINT Tool!