A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

JSpider is a smart crawler for hidden endpoints. It crawls and extracts hidden API endpoints and URLs from JavaScript files and HTML source code - all directly in your browser.

A tool for finding CNAME of subdomains and checking clickjacking vulnerability.

A modern, browser-based reconnaissance dashboard built for security professionals and bug bounty hunters.

EndpointHunter is a powerful bug bounty tool designed to hunt and extract API endpoints, LFI paths, secrets, and cloud storage URLs from JS, CSS, and HTML files. It's built for efficiency, supporting multi-threaded scanning and seamless integration with other popular recon tools.

Get historical URLs from the Wayback Machine using Node.js. Supports CLI and library usage.

RoboRecon is an advanced reconnaissance framework that automates robots.txt, sitemap crawling, hidden URL discovery, and deep target intelligence collection — built for ethical hackers and bug bounty hunters

👻 GhostPath — A powerful modular reconnaissance toolkit built for hackers, OSINT professionals & bug bounty hunters — passive + active recon in a sleek CLI shell. Discover subdomains, probe paths, mine archives and hunt certificates — all from one interactive terminal interface.

DuskProbe is a web security testing framework that combines passive reconnaissance and active vulnerability scanning. Built with aiohttp and Streamlit, it identifies OWASP Top 10 risks and business logic flaws to provide coverage of modern web attack surfaces.

Async directory brute forcer for web reconnaissance. Built-in wordlists, extension brute, status filtering, and real-time dark-themed GUI.

RoverCrawler is a single-file Python web crawler designed to explore websites and generate a tree-mapped representation of their structure.

DirX is a high-performance directory brute-force tool designed for fast and precise web reconnaissance. Powered by async scanning, it offers status filters, response exclusion, proxy support, and real-time progress with ETA, helping pentesters and bug bounty hunters discover hidden endpoints efficiently.

A comprehensive web security analysis tool that performs automated reconnaissance and vulnerability scanning on websites. WebReconX provides real-time insights into web technologies, security configurations, and potential vulnerabilities.

Purpose-built web recon CLI tool for bug bounty/web app penetration tests

An CLI tool to find Web Technologies Direct In Terminal It identifies technologies on websites, such as CMS, web frameworks, ecommerce platforms, JavaScript libraries, analytics tools A long list of regular expressions is used to identify technologies on web pages. It inspects HTML code, as well as JavaScript variables, response headers and more

Whois-enum herramienta que permite obtener información de registro whois de un dominio. tales como registro whois-root, registros whois, whois server. Además permite obtener consulta ASN.

NOEMVEX-WEB-RECON v2.0: Advanced Anti-WAF Web Reconnaissance Framework. Engineered with Smart Soft-404 Baseline Filtering, Hybrid Subdomain Discovery, Protocol Downgrade Resilience, and Dynamic Jitter for stealth fuzzing. Built for Red Team OPSEC and zero-false-positive reporting.

Herramienta de línea de comandos para reconocimiento web: encabezados HTTP, detección de tecnología, registros DNS y WHOIS — con tecnología de Rich.

a deep dive of worldviewosnit

DNSRecon herramienta para la obtención de registros DNS tales como, registros IPv4 (A), registros Mail Exchange (MX), registro Name Server (NS). Además, automatiza el proceso de transferencia de zonas y opcionalmente la ejecución de fuerza bruta, para el descubrimiento de servicios.