Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.
Passive Reconnaissance Techniques Approach helps for penetration testing and bug bounty hunting by gathering information about a target system or network.
Instagram information gathering
Phone number osint
This is a Python script that provides the ability to perform: Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion.
A lightweight Python tool for passive reconnaissance, including subdomain, email, and S3 bucket extraction, with AI-powered scanner for sensitive infrastructure mentions.
🕵️♂️ Discover and extract endpoints, subdomains, and GraphQL queries effortlessly with this Burp Suite extension for efficient passive reconnaissance.
👻 GhostPath — A powerful modular reconnaissance toolkit built for hackers, OSINT professionals & bug bounty hunters — passive + active recon in a sleek CLI shell. Discover subdomains, probe paths, mine archives and hunt certificates — all from one interactive terminal interface.
JSHound is a recon tool designed for bug bounty hunters and pentesters. It helps you extract JavaScript files of a target domain from multiple sources (Wayback Machine, Common Crawl, urlscan.io), and then searches those files for potentially sensitive information such as API keys, tokens, credentials, and more.
Lightweight OSINT tool for passive DNS/subdomain discovery, DNS record lookup, reverse‑DNS and title extraction.
A fast and live subdomain checker with CLI output.
DNX - Domain Explorer A fast Perl tool for subdomain discovery and reconnaissance. Uses passive/active techniques to find and validate subdomains for security testing.
Passive Recon - Subdomain Enumeration With Sub-Finder.
Web-based passive recon & security posture analyzer. Tech detection, SSL checks, exposure analysis, security-header grading, color-coded dashboard, HTML reports.
Minimal Python tool for subdomain discovery using crt.sh
Add a description, image, and links to the passive-recon topic page so that developers can more easily learn about it.
To associate your repository with the passive-recon topic, visit your repo's landing page and select "manage topics."