Recon & Enumeration

Tools for intelligence-gathering.

24 listed tools Last update on 2025-04-28

Up a Level Contribute

Cyber Kill Chain

Recon: Information gathering stage, where attackers gather as much information as possible about the target.

Weaponization: Crafting of tools or payloads to exploit vulnerabilities.

Delivery: The transmission of the weaponized payload to the target.

Exploitation: Exploiting a vulnerability to gain access to the target system.

Installation: Establishing a foothold on the target system.

Command & Control (C2): Setting up channels for communication with the compromised system.

Actions on Objectives: Achieving the intended goal of the attack, such as data exfiltration or system disruption.

Asnlookup 

Open-source    

ASN Information tool

BlindElephant 

Open-source    

Web application identifier and fingerprinter.

Chaos 

Open-source    

Internet-wide asset data for research and recon

cms-explorer 

Open-source    

Reveal the specific modules, plugins, components, and themes run by CMS websites + associated vulnerabilities

DET 

Open-source    

Data exfiltration tool for DLP configuration errors

EyeWitness 

Open-source    

Screenshot, server header, and default credentials tool

FuzzDB 

Open-source    

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery

Have I Been Pwned? 

Free    

Service to check if your email or phone number has been compromised in a data breach

IntelX 

Commercial    

OSINT search engine and data archive for email, domain, IP, Bitcoin address, and more

OnionScan 

Open-source    

Discover vulnerabilities available through Onion-operated services

Recon_profile 

Open-source    

Alias creation tool

Retire.JS 

Open-source    

Browser plugin for finding vulnerable js libraries

Skipfish 

Open-source    

An active web-application security reconnaissance tool

smbmap 

Open-source    

SMB enumeration tool

Spiderfoot 

Open-source    

Automated OSINT and data collection

Teh_s3_bucketeers 

Open-source    

Discover S3 buckets on Amazon's AWS platform.

Transformations 

Open-source    

Browser-based data obscurity detection tool

VHostScan 

Open-source    

Virtual host scanner that performs reverse lookups

Virtual-host-discovery 

Open-source    

Enumerate virtual hosts on an IP / HTTP scanner

wafw00f 

Open-source    

Identifies and fingerprints Web Application Firewall (WAF)

Wappalyzer 

Open-source    

A browser extension to identify technologies used on websites

webscreenshot 

Open-source    

Screenshot script

WhatWeb 

Open-source    

Web scanner and fingerprinter

zmap 

Open-source    

Open source network scanner with 13+ tools for further research & scans