Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages.

Tool count: 26

BlackArch recon
Name Version Description Homepage
ad-ldap-enum 39.41ac756 An LDAP based Active Directory user and group enumeration tool.
altdns 58.319404d Generates permutations, alterations and mutations of subdomains and then resolves them.
api-dnsdumpster 59.eda15d6 Unofficial Python API for
aquatone 63.8d3496b a set of tools for performing reconnaissance on domain names.
autosint 234.e1f4937 Tool to automate common osint tasks.
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
bfac 44.33be807 An automated tool that checks for backup artifacts that may disclose the web-application's source code.
bing-ip2hosts 0.4 Enumerates all hostnames which Bing has indexed for a specific IP address.
bloodhound 501.9e27031 Six Degrees of Domain Admin
catnthecanary 7.e9184fe An application to query the data set for leaked data.
cloudfail 56.1b1549a Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network.
cutycapt 10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page.
datasploit 359.c7c9ef4 Performs automated OSINT and more.
dga-detection 78.0a3186e DGA Domain Detection using Bigram Frequency Analysis.
dns-parallel-prober 56.99a7b83 PoC for an adaptive parallelised DNS prober.
dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads.
dnsenum Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
dnsrecon 0.8.13 Python script for enumeration of hosts, subdomains and emails from a given domain using google.
dnssearch 20.e4ea439 A subdomain enumeration tool.
dnsspider 0.9 A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
dnstracer 1.9 Determines where a given DNS server gets its information from, and follows the chain of DNS servers
dnswalk 2.0.2 A DNS debugger.
domain-analyzer 0.8.1 Finds all the security information for a given domain name.
domain-stats 13.5539546 A web API to deliver domain information from whois and alexa.
dradis 3.0.0.rc1 An open source framework to enable effective information sharing.
dradis-ce 857.692d172 An open source framework to enable effective information sharing.
enum4linux 0.8.9 A tool for enumerating information from Windows and Samba systems.
exitmap 357.0897703 A fast and modular scanner for Tor exit relays.
facebot 23.57f6025 A facebook profile and reconnaissance system.
fbid 16.1b35eb9 Show info about the author by facebook photo url.
flashlight 109.90d1dc5 Automated Information Gathering Tool for Penetration Testers.
forager 2.0.3 Multithreaded threat Intelligence gathering utilizing.
gasmask 118.cd58a20 All in one Information gathering tool - OSINT.
gatecrasher 2.3ad5225 Network auditing and analysis tool developed in Python.
geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool).
gitem 53.d068b00 A Github organization reconnaissance tool.
githack 7.dad9d5c A `.git` folder disclosure exploit.
gitmails 70.ee11da1 An information gathering tool to collect git commit emails in version control host services.
gitminer 44.4292b5e Tool for advanced mining for content on Github.
goddi 1.1 Dumps Active Directory domain information.
goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line.
goofile 1.5 Command line filetype search
goog-mail 1.0 Enumerate domain emails from google.
goohak 22.c103f43 Automatically Launch Google Hacking Queries Against A Target Domain.
gosint 104.07b811c OSINT framework in Go.
grabing 11.9c1aa6c Counts all the hostnames for an IP adress
gwtenum 7.f27a5aa Enumeration of GWT-RCP method calls.
halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository.
hasere 1.0 Discover the vhosts using google and bing.
hatcloud 32.996ff9e Bypass CloudFlare with Ruby.
hoper 12.3951159 Trace URL's jumps across the rel links to obtain the last URL.
howmanypeoplearearound 115.e074d40 Count the number of people around you by monitoring wifi signals.
id-entify 10.7489597 Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records.
idswakeup 1.0 A collection of tools that allows to test network intrusion detection systems.
infoga 7.0811d0c Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers).
inquisitor 28.12a9ec1 OSINT Gathering Tool for Companies and Organizations.
intrace 1.5 Traceroute-like application piggybacking on existing TCP connections
ip2clue 0.0.94 A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6).
iptodomain 18.f1afcd7 This tool extract domains from IP address based in the information saved in virustotal.
ircsnapshot 94.cb02a85 Tool to gather information from IRC servers.
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data.
ivre 1723.99e7861 Network recon framework.
kacak 1.0 Tools for penetration testers that can enumerate which users logged on windows system.
lanmap2 127.1197999 Passive network mapping tool.
lbd 20130719 Load Balancing detector
ldapenum 0.1 Enumerate domain controllers using LDAP.
lft 3.8 A layer four traceroute implementing numerous other features.
lhf 40.51568ee A modular recon tool for pentesting.
linux-exploit-suggester 32.9db2f5a A Perl script that tries to suggest exploits based OS version number. 90.b94ce90 Linux privilege escalation auditing tool.
loot 51.656fb85 Sensitive information extraction tool.
machinae 76.1dfdad6 A tool for collecting intelligence from public sites/feeds about various security-related pieces of data.
mail-crawl 0.1 Tool to harvest emails from website.
massbleed 16.cf7c5d6 SSL Vulnerability Scanner.
mdns-recon 10.81ecf94 An mDNS recon tool written in Python.
metagoofil 1.4b An information gathering tool designed for extracting metadata of public documents.
missidentify 1.0 A program to find Win32 applications.
monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network.
nasnum 5.df5df19 Script to enumerate network attached storages.
necromant 3.acbc448 Python Script that search unused Virtual Hosts in Web Servers.
neglected 8.68d02b3 Facebook CDN Photo Resolver.
netdiscover 0.3 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.
netkit-bsd-finger 0.17 BSD-finger ported to Linux.
netmask 2.4.3 Helps determine network masks
nipper 0.11.7 Network Infrastructure Parser
nohidy 67.22c1283 The system admins best friend, multi platform auditing tool.
nsec3walker 20101223 Enumerates domain names using DNSSEC
ntp-ip-enum 0.1 Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset.
nullinux 80.ae6e1a6 Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions.
onioff 80.91bdffc An onion url inspector for inspecting deep web links.
osint-spy 12.1fe81d9 Performs OSINT scan on email/domain/ip_address/organization.
osinterator 3.8447f58 Open Source Toolkit for Open Source Intelligence Gathering.
osrframework 739.461506f A project focused on providing API and tools to perform more accurate online researches.
parsero 81.e5b585a A robots.txt audit tool.
punter 42.39270a2 Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare.
pwned 309.c6ad27e A command-line tool for querying the 'Have I been pwned?' service.
quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
raven 17.ba6d2bd A Linkedin information gathering tool used to gather information.
recon-ng 4.9.3 A full-featured Web Reconnaissance framework written in Python.
reconnoitre 303.1db3335 A security tool for multithreaded information gathering and service enumeration.
reconscan 37.d321842 Network reconnaissance and vulnerability assessment tools.
red-hawk 25.d1bdac7 All in one tool for Information Gathering, Vulnerability Scanning and Crawling.
reverseip 13.42cc9c3 Ruby based reverse IP-lookup tool.
revipd 5.2aaacfb A simple reverse IP domain scanner.
ripdc 0.3 A script which maps domains related to an given ip address or domainname.
sctpscan 34.4d44706 A network scanner for discovery and security.
server-status-pwn 5.1067aac A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
shard 1.5 A command line tool to detect shared passwords.
shodanhat 13.e5e7e68 Search for hosts info with shodan.
simplyemail 616.4092533 Email recon made fast and easy, with a framework to build on
sipi 10.10f087f Simple IP Information Tools for Reputation Data Analysis.
smbcrunch 12.313400e 3 tools that work together to simplify reconaissance of Windows File Shares.
smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.
sn1per 238.29e4897 Automated Pentest Recon Scanner.
spfmap 8.a42d15a A program to map out SPF and DKIM records for a large number of domains.
spiderfoot 2.12.0 The Open Source Footprinting Tool.
spoofcheck 16.8cce591 Simple script that checks a domain for email protections.
ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS.
subdomainer 1.2 A tool designed for obtaining subdomain names from public sources.
subfinder 207.e4699b2 Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target.
sublist3r 115.832d544 A Fast subdomains enumeration tool for penetration testers.
sysdig 0.21.0 Open source system-level exploration and troubleshooting tool
theharvester 76.cd55809 Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).
tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup.
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity.
tinfoleak2 41.c45c33e The most complete open-source tool for Twitter intelligence analysis.
traceroute 2.1.0 Tracks the route taken by packets over an IP network
treasure 6.a91d52b Hunt for sensitive information through githubs code search.
trufflehog 116.1760c0a Searches through git repositories for high entropy strings, digging deep into commit history.
trusttrees 7.0665877 A Tool for DNS Delegation Trust Graphing.
twofi 2.0 Twitter Words of Interest.
ubiquiti-probing 5.c28f4c1 A Ubiquiti device discovery tool.
vbrute 1.11dda8b Virtual hosts brute forcer.
vpnpivot 22.37bbde0 Explore the network using this tool.
waldo 29.ee4f960 A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python.
websearch 3.09935a5 Search vhost names given a host range. Powered by Bing..
whatweb 4254.f3948d4a Next generation web scanner that identifies what websites are running.
windows-exploit-suggester 41.776bd91 This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
zeus-scanner 407.55ba7ca Advanced dork searching utility.
zgrab 797.bb274be Grab banners (optionally over TLS).