Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages.

Tool count: 31

BlackArch recon
Name Version Description Homepage
activedirectoryenum 269.cfe9982 Enumerate AD through LDAP.
ad-ldap-enum 44.1386673 An LDAP based Active Directory user and group enumeration tool.
aiodnsbrute 38.e773a4c Python 3 DNS asynchronous brute force utility.
altdns 68.689cc81 Generates permutations, alterations and mutations of subdomains and then resolves them.
aquatone 120.854a5d5 A Tool for Domain Flyovers.
attacksurfacemapper 37.f5618db Tool that aims to automate the reconnaissance process.
autosint 234.e1f4937 Tool to automate common osint tasks.
aws-inventory 16.d987097 Discover resources created in an AWS account.
aztarna 1.2.1 A footprinting tool for ROS and SROS systems.
badkarma 85.2c46334 Advanced network reconnaissance toolkit.
basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
bfac 51.a482db2 An automated tool that checks for backup artifacts that may disclose the web-application's source code.
billcipher 28.3d3322a Information Gathering tool for a Website or IP address.
bing-ip2hosts 1.0.3 Enumerates all hostnames which Bing has indexed for a specific IP address.
bloodhound 923.66ffed1 Six Degrees of Domain Admin
bloodhound-python v1.0.1.r16.gfd793b9 Bloodhound python data collector
catnthecanary 7.e9184fe An application to query the data set for leaked data.
ccrawldns 3.6325110 Retrieves from the CommonCrawl data set unique subdomains for a given domain name.
certgraph 146.2e0c18b Crawl the graph of certificate Alternate Names.
chaos-client 73.a5e70d4 Go client to communicate with Chaos dataset API.
citadel 95.3b1adbc A library of OSINT tools.
cloud-buster 194.b55e4a1 A tool that checks Cloudflare enabled sites for origin IP leaks.
cloudfail 61.0f4ed48 Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network.
cloudmare 51.425a4a2 A simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS.
cloudunflare 14.b91a8a7 Reconnaissance Real IP address for Cloudflare Bypass.
cr3dov3r 46.99a1660 Search for public leaks for email addresses + check creds against 16 websites.
cutycapt 10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page.
datasploit 367.a270d50 Performs automated OSINT and more.
dga-detection 78.0a3186e DGA Domain Detection using Bigram Frequency Analysis.
dns-parallel-prober 56.99a7b83 PoC for an adaptive parallelised DNS prober.
dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads.
dnscobra 1.0 DNS subdomain bruteforcing tool with Tor support through torsocks
dnsenum Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
dnsgrep 14.3f4fa7c A utility for quickly searching presorted DNS names.
dnsprobe 54.06405cb Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
dnsrecon 0.10.0 Python script for enumeration of hosts, subdomains and emails from a given domain using google.
dnssearch 20.e4ea439 A subdomain enumeration tool.
dnsspider 1.3 A fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
dnstracer 1.9 Determines where a given DNS server gets its information from, and follows the chain of DNS servers
dnswalk 2.0.2 A DNS debugger and zone-transfer utility.
domain-analyzer 0.8.1 Finds all the security information for a given domain name.
domain-stats 107.5496353 A web API to deliver domain information from whois and alexa.
dradis-ce 3610.784edc99 An open source framework to enable effective information sharing.
enum4linux 0.8.9 A tool for enumerating information from Windows and Samba systems.
enumerid 21.156a7f1 Enumerate RIDs using pure Python.
exitmap 366.13bdbbb A fast and modular scanner for Tor exit relays.
facebot 23.57f6025 A facebook profile and reconnaissance system.
fbid 16.1b35eb9 Show info about the author by facebook photo url.
fierce 126.2ef6794 A DNS reconnaissance tool for locating non-contiguous IP space.
finalrecon 44.90093a6 OSINT Tool for All-In-One Web Reconnaissance.
findomain 2.1.4 The fastest and cross-platform subdomain enumerator, do not waste your time
flashlight 109.90d1dc5 Automated Information Gathering Tool for Penetration Testers.
forager 115.7439b0a Multithreaded threat Intelligence gathering utilizing.
gasmask 170.e0d0f0a All in one Information gathering tool - OSINT.
gatecrasher 2.3ad5225 Network auditing and analysis tool developed in Python.
geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool).
git-hound 110.b18095e Pinpoints exposed API keys on GitHub. A batch-catching, pattern-matching, patch-attacking secret snatcher.
gitem 104.d40a1c9 A Github organization reconnaissance tool.
githack 10.1fed62c A `.git` folder disclosure exploit.
github-dorks 57.07e0472 Collection of github dorks and helper tool to automate the process of checking dorks.
gitleaks 588.ede68fd Audit Git repos for secrets and keys.
gitmails 71.8aa8411 An information gathering tool to collect git commit emails in version control host services.
gitminer 54.16ada58 Tool for advanced mining for content on Github.
goddi 1.2 Dumps Active Directory domain information.
goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line.
goofile 1.5 Command line filetype search
goog-mail 1.0 Enumerate domain emails from google.
googlesub 14.a7a3cc7 A python script to find domains by using google dorks.
goohak 30.576ca53 Automatically Launch Google Hacking Queries Against A Target Domain.
goop 12.39b34eb Perform google searches without being blocked by the CAPTCHA or hitting any rate limits.
gosint 196.9c86ed2 OSINT framework in Go.
grabing 11.9c1aa6c Counts all the hostnames for an IP adress
gwtenum 7.f27a5aa Enumeration of GWT-RCP method calls.
h8mail 321.9f75390 Email OSINT and password breach hunting.
hakrevdns 37.9fa2d59 Small, fast tool for performing reverse DNS lookups en masse.
halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository.
hasere 1.0 Discover the vhosts using google and bing.
hatcloud 33.3012ad6 Bypass CloudFlare with Ruby.
hoper 12.3951159 Trace URL's jumps across the rel links to obtain the last URL.
hosthunter 90.c842375 A recon tool for discovering hostnames using OSINT techniques.
howmanypeoplearearound 123.b05e06a Count the number of people around you by monitoring wifi signals.
id-entify 34.dd064a5 Search for information related to a domain: Emails - IP addresses - Domains - Information on WEB technology - Type of Firewall - NS and MX records.
idswakeup 1.0 A collection of tools that allows to test network intrusion detection systems.
infoga 15.6834c6f Tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers).
inquisitor 28.12a9ec1 OSINT Gathering Tool for Companies and Organizations.
intelplot 12.4dd9fc0 OSINT Tool to Mark Points on Offline Map.
intrace 1.5 Traceroute-like application piggybacking on existing TCP connections
ip-tracer 85.be7f341 Track and retrieve any ip address information.
ip2clue 0.0.95 A small memory/CPU footprint daemon to lookup country (and other info) based on IP (v4 and v6).
iptodomain 18.f1afcd7 This tool extract domains from IP address based in the information saved in virustotal.
ipv666 182.ad45ae8 Golang IPv6 address enumeration.
ircsnapshot 94.cb02a85 Tool to gather information from IRC servers.
isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data.
ivre 0.9.15.dev123 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,...
ivre-docs 0.9.15.dev123 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (documentation)
ivre-web 0.9.15.dev123 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (web application)
kacak 1.0 Tools for penetration testers that can enumerate which users logged on windows system.
kamerka 40.be17620 Build interactive map of cameras from Shodan.
keye 29.d44a578 Recon tool detecting changes of websites based on content-length differences.
lanmap2 127.1197999 Passive network mapping tool.
lbd 20130719 Load Balancing detector,
ldapenum 0.1 Enumerate domain controllers using LDAP.
ldeep 88.255d93a In-depth ldap enumeration utility.
legion 52.036730a Automatic Enumeration Tool based in Open Source tools.
lft 3.91 A layer four traceroute implementing numerous other features.
lhf 40.51568ee A modular recon tool for pentesting.
linux-exploit-suggester 32.9db2f5a A Perl script that tries to suggest exploits based OS version number. 152.a55ad95 Linux privilege escalation auditing tool.
littlebrother 95.6043a46 OSINT tool to get informations on French, Belgian and Swizerland people.
loot 51.656fb85 Sensitive information extraction tool.
machinae 188.ded042d A tool for collecting intelligence from public sites/feeds about various security-related pieces of data.
mail-crawl 0.1 Tool to harvest emails from website.
massbleed 20.44b7e85 SSL Vulnerability Scanner.
mdns-recon 10.81ecf94 An mDNS recon tool written in Python.
metabigor 35.30dce4b Intelligence Tool but without API key.
metagoofil 12.823b114 An information gathering tool designed for extracting metadata of public documents.
missidentify 1.0 A program to find Win32 applications.
monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network.
nasnum 5.df5df19 Script to enumerate network attached storages.
necromant 3.acbc448 Python Script that search unused Virtual Hosts in Web Servers.
neglected 8.68d02b3 Facebook CDN Photo Resolver.
netdiscover 162.e3c3331 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.
netkit-bsd-finger 0.17 BSD-finger ported to Linux.
netmask 2.4.4 Helps determine network masks
nohidy 67.22c1283 The system admins best friend, multi platform auditing tool.
nsec3walker 20101223 Enumerates domain names using DNSSEC
ntp-ip-enum 0.1 Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset.
nullinux 116.e24aacc Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions.
omnibus 129.88dbf5d OSINT tool for intelligence collection, research and artifact management.
onioff 84.34dc309 An onion url inspector for inspecting deep web links.
osint-spy 25.03dcf48 Performs OSINT scan on email/domain/ip_address/organization.
osinterator 3.8447f58 Open Source Toolkit for Open Source Intelligence Gathering.
osrframework 830.82f9e46 A project focused on providing API and tools to perform more accurate online researches.
parsero 81.e5b585a A robots.txt audit tool.
pdfgrab 15.1327508 Tool for searching pdfs withthin google and extracting pdf metadata.
pmapper 68.712fa14 A tool for quickly evaluating IAM permissions in AWS.
postenum 108.27bb431 Clean, nice and easy tool for basic/advanced privilege escalation techniques.
punter 45.97b7bed Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare.
pwned 1133.740f608 A command-line tool for querying the 'Have I been pwned?' service.
pwned-search 38.96cd7db Pwned Password API lookup.
pwnedornot 137.4707b81 Tool to find passwords for compromised email addresses.
pymeta 13.fa74e64 Auto Scanning to SSL Vulnerability.
python-api-dnsdumpster 67.5b8c820 Unofficial Python API for
python-ivre 0.9.15.dev123 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (library)
python-shodan 1.23.1 Python library and command-line utility for Shodan (
python2-api-dnsdumpster 67.5b8c820 Unofficial Python API for
python2-ivre 0.9.15.dev123 Network recon framework based on Nmap, Masscan, Zeek (Bro), Argus, Netflow,... (library)
python2-shodan 1.23.1 Python library and command-line utility for Shodan (
quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
raccoon 183.985797f A high performance offensive security tool for reconnaissance and vulnerability scanning.
recon-ng 1017.093a9e6 A full-featured Web Reconnaissance framework written in Python.
reconnoitre 441.f62afba A security tool for multithreaded information gathering and service enumeration.
reconscan 37.d321842 Network reconnaissance and vulnerability assessment tools.
recsech 123.1fc298a Tool for doing Footprinting and Reconnaissance on the target web.
red-hawk 36.fa54e23 All in one tool for Information Gathering, Vulnerability Scanning and Crawling.
reverseip 13.42cc9c3 Ruby based reverse IP-lookup tool.
revipd 5.2aaacfb A simple reverse IP domain scanner.
ridrelay 34.f2fa99c Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
ripdc 0.3 A script which maps domains related to an given ip address or domainname.
rita 745.c4ae2f7 Real Intelligence Threat Analytics.
scavenger 93.2326de0 Crawler (Bot) searching for credential leaks on different paste sites.
sctpscan 34.4d44706 A network scanner for discovery and security.
server-status-pwn 7.0c02af0 A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
shard 1.5 A command line tool to detect shared passwords.
shodanhat 13.e5e7e68 Search for hosts info with shodan.
simplyemail 1.4.10.r7.6a42d37 Email recon made fast and easy, with a framework to build on CyberSyndicates
sipi 13.58f0dcc Simple IP Information Tools for Reputation Data Analysis.
smbcrunch 12.313400e 3 tools that work together to simplify reconnaissance of Windows File Shares.
smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.
socialscan 101.e4a3b29 Check email address and username availability on online platforms.
spfmap 8.a42d15a A program to map out SPF and DKIM records for a large number of domains.
spiderfoot 3.2.1 The Open Source Footprinting Tool.
spoofcheck 16.8cce591 Simple script that checks a domain for email protections.
spyse 47.cd11ba9 Python API wrapper and command-line client for the tools hosted on
ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS.
stardox 41.95b0a97 Github stargazers information gathering tool.
subdomainer 1.2 A tool designed for obtaining subdomain names from public sources.
subfinder 752.61e8dd2 Modular subdomain discovery tool that can discover massive amounts of valid subdomains for any target.
sublert 65.e902430 A security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
sublist3r 138.729d649 A Fast subdomains enumeration tool for penetration testers.
subscraper 32.f4a62ff Tool that performs subdomain enumeration through various techniques.
swamp 59.3c8be65 An OSINT tool for discovering associated sites through Google Analytics Tracking IDs.
syborg 35.288129e Recursive DNS Subdomain Enumerator with dead-end avoidance system.
sysdig 0.27.0 Open source system-level exploration and troubleshooting tool
thedorkbox 7.43852d3 Comprehensive collection of Google Dorks & OSINT techniques to find Confidential Data.
theharvester 2022.3c5479e Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).
tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup.
tinfoleak 3.6469eb3 Get detailed information about a Twitter user activity.
tinfoleak2 41.c45c33e The most complete open-source tool for Twitter intelligence analysis.
traceroute 2.1.0 Tracks the route taken by packets over an IP network
treasure 2.b3249be Hunt for sensitive information through githubs code search.
trufflehog 162.0d6f2df Searches through git repositories for high entropy strings, digging deep into commit history.
trusttrees 98.d0ef659 A Tool for DNS Delegation Trust Graphing.
twofi 2.0 Twitter Words of Interest.
ubiquiti-probing 5.c28f4c1 A Ubiquiti device discovery tool.
udork 89.9eb7cae Python script that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications.
uhoh365 24.bc22611 Script to enumerate Office 365 users without performing login attempts
userrecon 10.3b56891 Find usernames across over 75 social networks.
vbrute 1.11dda8b Virtual hosts brute forcer.
vpnpivot 22.37bbde0 Explore the network using this tool.
waldo 29.ee4f960 A lightweight and multithreaded directory and subdomain bruteforcer implemented in Python.
waybackurls 9.58bbafe Fetch all the URLs that the Wayback Machine knows about for a domain.
websearch 3.09935a5 Search vhost names given a host range. Powered by Bing..
weebdns 14.c01c04f DNS Enumeration with Asynchronicity.
whatweb 4771.a214dc80 Next generation web scanner that identifies what websites are running.
windapsearch 28.7724ec4 Script to enumerate users, groups and computers from a Windows domain through LDAP queries.
windows-exploit-suggester 41.776bd91 This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
xray 91.ca50a32 A tool for recon, mapping and OSINT gathering from public networks.
zeus-scanner 414.21b8756 Advanced dork searching utility.
zgrab 803.031475e Grab banners (optionally over TLS).