Scanning & Recon

Applications that assist either passively or actively with enumeration and reconnaissance

Tool	Description	Source
Amass	The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.	https://github.com/OWASP/Amass/
Arachni	Web application security scanner framework	https://github.com/Arachni/arachni
AutoRecon	Multithreaded network recon tool - Simplifies Nmap - OSCP friendly	https://github.com/Tib3rius/AutoRecon
Basilisk	A tool using Shodan and RTSP to find vulnerable cameras around the world	https://github.com/spicesouls/basilisk
BurpeSuite	Webapp scan and manipulation tool	https://portswigger.net/burp
bXSS	bXSS is a utility which can be used by bug hunters and organizations to identify Blind XSS	https://github.com/LewisArdern/bXSS
Commix	Can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks	https://github.com/commixproject/commix
DalFox	XSS detection written in Go	https://github.com/hahwul/dalfox
DamnWebScanner	Chrome/Opera extension that identifies vulnerabilities on web pages	https://github.com/swisskyrepo/DamnWebScanner
Dirsearch	Discover URIs/Subdomains/Virtual hostnames brute-force and dictionary	https://github.com/maurosoria/dirsearch
dnsenum2	multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks	https://github.com/SparrowOchon/dnsenum2
DNSRecon	DNS Query Tool	https://github.com/darkoperator/dnsrecon
DotDotPwn	The Directory Traversal Fuzzer	https://github.com/wireghoul/dotdotpwn
DOMDig	DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively.	https://github.com/fcavallarin/domdig
ezXSS	ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.	https://github.com/ssl/ezXSS
Gobuster	Discover URIs/Subdomains/Virtual hostnames brute-force and dictionary	https://github.com/OJ/gobuster
KiteRunner	Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications (API) (1)	https://github.com/assetnote/kiterunner
LazyRecon	Bash script that automates recon tasks	https://github.com/nahamsec/lazyrecon
LFISuite	LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack	https://github.com/D35m0nd142/LFISuite
Masscan	This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.	https://github.com/robertdavidgraham/masscan
mzap	Multiple target ZAP Scanning	https://github.com/hahwul/mzap
Nikto	Webapp vulnerability scanner	https://sullo/nikto
Nmap	Network Scanner	https://nmap.org/download.html
onesixtyone	An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply	https://github.com/trailofbits/onesixtyone
sandmap	sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine	https://github.com/trimstray/sandmap
S3Scanner	A tool to find open S3 buckets and dump their contents	https://github.com/sa7mon/S3Scanner
Sn1per	Automated vulnerability scanner	https://github.com/1N3/Sn1per
SQLiv	Massive SQL injection scanner	https://github.com/the-robot/sqliv
w3af	w3af is a Web Application Attack and Audit Framework.	https://w3af.org/
Wapiti	Web App vulnerability scanner	https://sourceforge.net/projects/wapiti/files/
Wordpresscan	A Wordpress vulnerability scanner	https://github.com/swisskyrepo/Wordpresscan
XSStrike	Advanced XSS detection suite	https://github.com/s0md3v/XSStrike
XSpear	XSpear is XSS Scanner on ruby gems	https://github.com/hahwul/XSpear
xsser	Automatic framework to detect, exploit and report xss vulnerabilities	https://github.com/epsylon/xsser
Zaproxy	Web application vulnerability scanner and exploit automation provided by OWASP	https://www.zaproxy.org/
Zenmap	GUI for Nmap	https://github.com/nmap/nmap/tree/master/zenmap