Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

Passive Reconnaissance Techniques Approach helps for penetration testing and bug bounty hunting by gathering information about a target system or network.

Instagram information gathering

Phone number osint

A lightweight Python tool for passive reconnaissance, including subdomain, email, and S3 bucket extraction, with AI-powered scanner for sensitive infrastructure mentions.

This is a Python script that provides the ability to perform: Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion.

Passive subdomain enumeration tool in Python. Collects subdomains, resolves DNS, and optionally checks HTTP/HTTPS status.

Static is a lightweight, dependency-free typosquatting reconnaissance tool written in pure Python. It generates common typo variations of a target domain and checks them using DNS and HTTP/HTTPS heuristics to identify potentially available domains and redirect behavior.

JSHound is a recon tool designed for bug bounty hunters and pentesters. It helps you extract JavaScript files of a target domain from multiple sources (Wayback Machine, Common Crawl, urlscan.io), and then searches those files for potentially sensitive information such as API keys, tokens, credentials, and more.

🕵️♂️ Discover and extract endpoints, subdomains, and GraphQL queries effortlessly with this Burp Suite extension for efficient passive reconnaissance.

👻 GhostPath — A powerful modular reconnaissance toolkit built for hackers, OSINT professionals & bug bounty hunters — passive + active recon in a sleek CLI shell. Discover subdomains, probe paths, mine archives and hunt certificates — all from one interactive terminal interface.

A basic passive reconnaissance tool made using Python. It checks tech stacks, security headers and hidden directories in a website.

Lightweight OSINT tool for passive DNS/subdomain discovery, DNS record lookup, reverse‑DNS and title extraction.

Dork Factory is a cross-platform, interactive command-line tool designed to generate high-quality Google and Yandex dorks for Passive Recon & Discovery.

ReqEye is a CLI assistant for HTTP request analysis, designed to help security researchers, bug bounty hunters, and pentesters identify high‑value entry points worth manual testing. It does not scan targets, send traffic, or claim vulnerabilities. ReqEye focuses on where to look, not on making assumptions.

DNX - Domain Explorer A fast Perl tool for subdomain discovery and reconnaissance. Uses passive/active techniques to find and validate subdomains for security testing.

A fast and live subdomain checker with CLI output.

Scopex is a lightweight, passive-first reconnaissance tool designed to identify WordPress attack surfaces safely and efficiently, while strictly respecting scope boundaries.

Simple Python3 Script to Enumerate Authentik Version

IPFinder is a lightweight, cross-platform CLI tool written in Python that allows you to retrieve detailed information about any IPv4 address.