Passive Reconnaissance
Maltego ⭐
Maltego is a tool for open-source intelligence (OSINT) and forensic investigations, used to analyze and visualize connections between various entities.
Download Size: Approx. 300 MB
Key Features:
- Graphical Analysis: Visualizes relationships and connections.
- Data Mining: Aggregates information from multiple sources.
- Customizable Transforms: Create custom data collection scripts.
- Wide Range of Entities: Supports domains, IPs, emails, social media, etc.
- External Integration: Connects with various data sources and APIs.
- Collaboration: Supports team projects and sharing insights.
- Automated Reporting: Generates detailed analysis reports.
Google Dorks ⭐
Metagoofil refers to advanced search techniques using special operators in Google Search to find hidden or sensitive information.
Download Size: Online
Key Features:
- Finds exposed files, databases, and sensitive info
- Uses advanced search operators (intitle:, inurl:, filetype:, etc.)
- Identifies vulnerable websites and directories
- No software installation required
Shodan ⭐
Shodan is a search engine for Internet-connected devices, often referred to as the “search engine for hackers.” It allows users to find specific types of devices (like servers, webcams, routers, and more) connected to the Internet and gather information about their security posture, services, and vulnerabilities.
Download Size: Online
Key Features:
- Device Discovery: Shodan allows users to search for devices connected to the Internet, filtering by device type, geographic location, operating system, and more.
- Port Scanning: It reveals which ports are open and what services are running on them, helping to assess a system’s attack surface.
- Vulnerability Identification: Shodan integrates with vulnerability databases like CVE (Common Vulnerabilities and Exposures) to show potential security risks related to discovered devices.
- Real-Time Monitoring: Users can monitor specific devices or networks in real-time for any changes in their configuration or security status.
- Geolocation and Service Information: Provides details about where a device is located geographically, along with service banners and metadata from connected devices.
- API Access: Shodan offers an API that enables developers to integrate its search functionality into their own applications.
- Data Export: Users can export the search results in different formats, such as CSV or JSON, for further analysis.
- Filters and Alerts: It allows the use of advanced search filters and the setting up of alerts to notify users when a new device or specific service becomes available.
Censys ⭐
Censys is a search engine and platform that scans the internet for devices and services, providing cybersecurity researchers with data to analyze vulnerabilities.
Download Size: Online
Key Features:
- Internet-wide scanning
- Detailed device and service profiles
- SSL/TLS certificate transparency
- API for automated searches
- Security monitoring and alerts
VirusTotal
VirusTotal is a free online service that analyzes files and URLs for viruses, malware, and other security threats using multiple antivirus engines and tools.
Download Size: Online
Key Features:
- Multi-Engine Scanning: Uses numerous antivirus engines to scan files and URLs.
- Threat Detection: Identifies malware and security threats.
- Detailed Reports: Provides comprehensive analysis and threat information.
- File and URL Analysis: Supports both file uploads and URL submissions.
- API Access: Offers an API for integration into other tools and systems.
Metagoofil ⭐
Metagoofil is an OSINT tool used to extract metadata from public documents found online (e.g., PDFs, Word, Excel files) to gather information on a target.
Download Size: Approx. 4 MB
Key Features:
- Extracts metadata (usernames, software versions, etc.)
- Supports multiple file types (PDF, DOCX, PPTX, etc.)
- Helps identify potential security risks
- Useful for penetration testing and reconnaissance
- Generates a report of findings
SpiderFoot
SpiderFoot is an open-source reconnaissance tool that automates the process of gathering intelligence on a target from various online sources.
Download Size: Approx. 40 MB
Key Features:
- Extensive OSINT automation
- Data from 100+ sources (DNS, IPs, emails, etc.)
- Customizable scanning modules
- Web-based GUI and API support
- Integration with other tools (Maltego, Slack)
FOCA
FOCA is an OSINT tool used to find and extract metadata from documents on websites to gather information about a target.
Download Size: Approx. 150 MB
Key Features:
- Extracts metadata (usernames, software versions, paths)
- Supports multiple file types (PDF, DOCX, PPTX, etc.)
- Discovers hidden data in public documents
- Helps map network infrastructure
- Identifies security risks through file analysis
NetCraft
Netcraft is a cybersecurity tool and service that provides data on websites and helps with phishing protection, internet infrastructure monitoring, and threat intelligence.
Download Size: Online
Key Features:
- Phishing protection and alerts
- Website reputation checks
- Internet infrastructure data and analytics
- Security audits and risk assessments
- Web server and hosting analysis
Active Reconnaissance
Nmap ⭐
Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It helps in scanning and identifying devices, services, and vulnerabilities on a network.
Download Size: Approx. 40 MB
Key Features:
- Host discovery
- Port scanning
- Service and version detection
- OS detection
- Scriptable interaction with services (NSE)
- Flexible output formats
- Vulnerability Scanning
OpenVAS ⭐
OpenVAS (Open Vulnerability Assessment System) is an open-source tool for vulnerability scanning and management. It helps identify security issues in networks, applications, and devices.
Download Size: Approx. 2 GB
Key Features:
- Comprehensive vulnerability scanning
- Regularly updated vulnerability database
- Supports multiple scan configurations
- Detailed vulnerability reports
- Web-based management interface
- Integration with other security tools
Masscan ⭐
Masscan is a high-performance port scanner designed to scan the entire internet quickly. It’s similar to Nmap but optimized for speed.
Download Size: Approx 2 MB
Key Features:
- Extremely fast scanning (millions of packets per second)
- Customizable packet rates
- Supports IP address ranges
- Can output in formats compatible with Nmap
- Stateless scanning for efficiency
Metasploit ⭐
Although it was designed as an exploit toolkit, Metasploit can also be effectively used for reconnaissance. More targeted analysis can allow a hacker to perform reconnaissance using Metasploit with more subtlety.
Download Size: Approx. 300-400 MB
Key Features:
- Information Gathering Modules: Collects data about target systems and networks, including DNS, IP, and service information.
- Port Scanning: Identifies open ports and services running on the target systems.
- Vulnerability Scanning: Detects potential vulnerabilities and security weaknesses in the target systems.
- Network Scanning: Maps out the network structure and connected devices.
- Service Enumeration: Gathers detailed information about services and software versions running on target systems.
- Web Application Scanning: Identifies potential vulnerabilities in web applications and services.
- Social Engineering Modules: Assists in performing social engineering attacks to gather sensitive information.
Nessus
Nessus is a widely used vulnerability scanner designed to identify security issues in networks, systems, and applications.
Download Size: Approx. 50-70 MB (Without Plugins)
Key Features:
- Extensive vulnerability scanning
- Configuration and compliance auditing
- Malware detection
- Customizable reporting
- Regularly updated vulnerability database
- Integration with other security tools
Netcat
Netcat (nc) is a simple, versatile networking tool used for reading from and writing to network connections, often referred to as the “Swiss Army knife” of networking.
Download Size: Approx 1 MB
Key Features:
- TCP/UDP port scanning
- Data transfer between computers
- Listening on ports for incoming connections
- Creating reverse/backdoor shells
- Debugging and network testing
Hping3
Hping3 is a command-line tool for packet crafting and network security testing. It’s often used for testing firewall rules, network performance, and security auditing.
Download Size: Approx. 1 MB
Key Features:
- Craft custom TCP, UDP, ICMP, and raw IP packets
- Traceroute mode
- Network performance and bandwidth testing
- Firewall and intrusion detection testing
- Advanced port scanning
Zmap
Zmap is an open-source network scanner designed for high-speed internet-wide scanning. It efficiently scans large networks, including the entire IPv4 address space.
Download Size: Approx. 3 MB
Key Features:
- Fast scanning of large address spaces
- IPv4 scanning
- Customizable scan modules (e.g., TCP SYN, ICMP, etc.)
- Simple configuration and output
- Integration with security tools
Angry IP Scanner
Angry IP Scanner is a fast, open-source network scanner that is easy to use for detecting live hosts and open ports on a network.
Download Size: Approx. 3 MB
Key Features:
- Scans IP addresses and ports
- Exports results in multiple formats (CSV, TXT, etc.)
- No installation required (portable)
- Customizable scanning options
- Cross-platform (Windows, macOS, Linux)
Traceroute
Traceroute is a network diagnostic tool used to track the path data packets take from one computer to another over a network. It helps identify where delays or problems occur along the route.
Download Size: Approx. 1 MB
Key Features:
- Maps the route of packets to a destination.
- Shows each hop along the path, including intermediate routers.
- Provides response times for each hop, helping diagnose network issues.
- Supports various network protocols (e.g., ICMP, UDP).
Honorable Mentions
- Xprobe2 – Active OS fingerprinting tool for discovering information about remote hosts.
- Arping – Utility for discovering hosts and testing reachability using ARP requests.
- EtherApe – A graphical network monitoring tool that allows visualization of traffic.
- SolarWinds Network Performance Monitor – A tool for network discovery and monitoring.
- Superscan – A powerful TCP port scanner with ping sweeps and other features.
- Babel – A loop-avoiding distance-vector routing protocol used in network recon.
- Scanrand – Part of the Paketto Keiretsu suite, it’s used for stateless network scanning.
- PSAD (Port Scan Attack Detector) – Monitors iptables logs for port scans and other recon activity.
- LanSpy – A network scanner that gathers information about networked computers.
- Icmpenum – ICMP-based scanner for discovering live hosts on a network.
- Netdiscover – A simple ARP scanner useful for identifying live hosts in a local network.
- Netscan – A network discovery and inventory tool.
- IPerf – A tool to measure bandwidth and network performance, often used in network recon.
- Probe Networks – Allows automated probing of a network to discover services.
- p0f – Passive OS fingerprinting tool that can infer details about the hosts.
- PingPlotter – A network monitoring and diagnostic tool that traces the route and measures packet loss and latency.
- PRADS – Passive real-time asset detection system, useful in discovering network hosts.
- Zebb – A network discovery tool designed to identify active devices on a network.