Reconnaissance Tools
| Tool | Description |
|---|---|
| [Wayback Machine ] | The Internet Archive, also known as the Wayback Machine, allows users to view a website as it appeared on certain date. |
| Maltego | After the user inputs a target (this can be a domain, company, person, etc.), Maltego searches the Internet for all related information on the target including social media links, IP addresses, DNS servers, and much more. |
| Recon-ng | This Linux-based tool contains modules that can be used for information gathering on targets such as web applications, IoT devices, and domains. |
| Shodan (www.shodan.io) | Shodan allows users to search for Internet-connected devices and systems. |
| SpiderFoot | This tool automates the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN, email address, or person’s name. |
| WHOIS | This public database contains the ownership and contact information for a domain owner. |
| nslookup, dig command | These programs are used to retrieve the DNS records of a specified hostname. |
| Censys.io | This web-based platform can be used to scan for Internet-connected devices and systems for security analysis. |
| Hunter.io | This web-based tool, also known as Email Hunter, allows a user to find email addresses associated with a specific domain or individual. |
| Amass | This Linux-based tool performs network mapping and information gathering on a targeted network or domain. Amass can perform network mapping of attack surfaces and perform external asset discovery using open-source information gathering and active reconnaissance techniques. |
| Nmap | This network scanning tool is used to discover hosts and services on a network using a variety of scanning techniques. Nmap also includes the Nmap Scripting Engine (NSE), which allows users to write scripts to automate network tasks. |
| theHarvester | This tool gathers open-source intelligence on a target from a wide range of public resources to discover names, emails, IPs, subdomains, and URLs. |
| WiGLE.net (Wireless Geographic Logging Engine) | This web-based tool, also known as Wireless Geographic Logging Engine, allows users to submit information about wireless hotspots from across the world. |
| InSSIDer | This tool analyzes the configuration of a wireless network including channel settings, security, signal strength, and the impact of neighboring wireless networks. |
| OSINTframework.com | This website allows a user to discover open-source intelligence (OSINT) resources. |
| Wireshark, tcpdump | These packet analyzer tools allows the user to capture data packets flowing through the network for analysis. |
| Aircrack-ng | This tool contains a suite of software that can be used to assess the security of a wireless network. |