Reconnaissance Frameworks
- FinalRecon: A Python-based reconnaissance tool offering a range of modules for
different tasks like SSL certificate checking, Whois information
gathering, header analysis, and crawling. Its modular structure enables
easy customisation for specific needs.
- Recon-ng: A powerful framework written in Python that offers a modular structure
with various modules for different reconnaissance tasks. It can perform
DNS enumeration, subdomain discovery, port scanning, web crawling, and
even exploit known vulnerabilities.
- theHarvester: Specifically designed for gathering email addresses, subdomains, hosts, employee names, open ports, and banners from different public sources
like search engines, PGP key servers, and the SHODAN database. It is a
command-line tool written in Python.
- SpiderFoot: An open-source intelligence automation tool that integrates with
various data sources to collect information about a target, including IP addresses, domain names, email addresses, and social media profiles. It can perform DNS lookups, web crawling, port scanning, and more.
- OSINT Framework: A collection of various tools and resources for open-source
intelligence gathering. It covers a wide range of information sources,
including social media, search engines, public records, and more.
FinalRecon
Offers a wealth of recon information:
- Header Information
- Whois Lookup
- SSL Certificate Information
- Crawler: Also crawl on Wayback Machine (uncovers hidden links and historical website data)
- DNS Enumeration
- Subdomain Enumeration
- Directory Enumeration
- Wayback Machine: Retrieves URLs from the last five years to analyse website changes and potential vulnerabilities