Alternatives and similar repositories for recon

Users that are interested in recon are comparing it to the libraries listed below

• dwisiswant0 / bounty-targets-alert
  It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
  ☆58Updated 3 years ago
• defparam / h1stats
  a tool that compiles a csv of all h1 program stats
  ☆47Updated last year
• gwen001 / myrecon.py
  My recon script
  ☆50Updated 5 years ago
• thelikes / gwdomains
  sub domain wild card filtering tool
  ☆41Updated 5 years ago
• kleiton0x00 / CRLF-one-liner
  A simple Bash one liner with aim to automate CRLF vulnerability scanning.
  ☆69Updated 4 years ago
• Dheerajmadhukar / karma_v1
  KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Po…
  ☆59Updated 3 years ago
• ameenmaali / endpointdiff
  Wrapper around LinkFinder to quickly determine whether endpoints have been added/removed to JavaScript files.
  ☆41Updated 5 years ago
• YashGoti / gal
  Get all possible href | src | url from target url or domain
  ☆41Updated 4 years ago
• MistSpark / DNS-Wordlists
  part of my wordlist to bruteforce DNS to find subdoamains.
  ☆61Updated 3 years ago
• Damian89 / simple-oob-scanner
  Simple tool to test for SSRF/OOB HTTP Read within the Path of a request
  ☆30Updated 5 years ago
• emadshanab / 971-MB-content_discovery_wordlist
  Collection of content discovery wordlists in one wordlist.
  ☆38Updated 3 years ago
• honoki / tools
  A collection of simple tools and poc-builders
  ☆39Updated last month
• th3hack3rwiz / Lazy-FuzzZ
  Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the …
  ☆51Updated 3 years ago
• samirettali / dumpcn
  Get all the CNs from a list of domains
  ☆46Updated 3 years ago
• fngoo / web_cache_poison
  web cache poison - Top 1 web hacking technique of 2019
  ☆25Updated 5 years ago
• In3tinct / Taken
  Takeover AWS ips and have a working POC for Subdomain Takeover.
  ☆91Updated 3 months ago
• Sicks3c / Reconizer
  ☆38Updated 4 years ago
• 1ndianl33t / 1ndiList
  Recon Custom WordList Ganerator
  ☆58Updated 4 years ago
• 0xrishabh / websy
  Keep track of changes in website with WEBSY
  ☆36Updated 2 years ago
• cqsd / daily-commonspeak2
  commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. …
  ☆41Updated 4 years ago
• osamahamad / Interesting-Things
  Single-WebApp-Target essentials testing methodology tool starting at recon-information gathering for the juicy stuff ended up in exploita…
  ☆22Updated 3 years ago
• iamthefrogy / bucketbunny
  AWS S3 open bucket poc automated script.
  ☆57Updated 3 years ago
• dwisiswant0 / wadl-dumper
  Dump all available paths and/or endpoints on WADL file.
  ☆93Updated 3 weeks ago
• InitRoot / BurpSQLTruncSanner
  Messy BurpSuite plugin for SQL Truncation vulnerabilities.
  ☆64Updated 5 years ago
• emadshanab / Huge_DIR_wordlist
  ☆48Updated 4 years ago
• yesnet0 / bounty
  Misc bounty and vulndisc things
  ☆84Updated 4 years ago
• Healdb / Elevate
  Horizontal Domain Discovery
  ☆76Updated 2 years ago
• Sambal0x / Recon-tools
  Some of my bug bounty tools
  ☆51Updated 5 years ago
• Rhynorater / reports
  ☆59Updated 10 months ago
• Cgboal / exclude-cdn
  Wraps projectdiscovery's cdncheck library to exclude CDN hosts from input passed over stdin
  ☆44Updated 2 years ago