A lightweight Python tool for passive reconnaissance, including subdomain, email, and S3 bucket extraction, with AI-powered scanner for sensitive infrastructure mentions.

Passive OSINT domain reconnaissance tool — CLI + Web UI

Hybrid tool for passive reconnaissance and attack surface analysis in web applications. It combines advanced scraping, technology fingerprinting, security assessment, and reporting into a single CLI solution. Designed for ethical, educational, and auditing purposes. This software MUST NOT be used on third-party systems.

A basic passive reconnaissance tool made using Python. It checks tech stacks, security headers and hidden directories in a website.

Iron Veil is a comprehensive, militarized subdomain enumeration and verification tool built in Python.

SubGhost is a powerful subdomain discovery tool. It helps you discover hidden or less visible subdomains for a given domain using public API services. The tool is designed to be simple to use while offering great flexibility, such as the ability to choose the output format for results.

SubGhost is a powerful subdomain discovery tool. It helps you discover hidden or less visible subdomains for a given domain using public API services. The tool is designed to be simple to use while offering great flexibility, such as the ability to choose the output format for results.

🔍 NEBULA ANTISCAN v2.0– Demo pública de detección de escaneos agresivos, IPs de Killnet y botnets. ✅ 73 fuentes OSINT + 80 feeds de inteligencia ✅ Dashboard cyberpunk con mapa y gráficos ✅ Geolocalización, ASN, clasificación por grupo ✅ Ligera, funciona en Linux, macOS y Termux

VirusTotal Domain Scan

Passive OSINT security auditing framework aligned to OWASP Top 10:2025 - deterministic risk scoring, JSON/PDF reporting, and Streamlit dashboard. No exploitation, no brute force, 100% passive.

Herramienta híbrida para el reconocimiento pasivo y el análisis de superficie de ataque en aplicaciones web. Combina scraping avanzado, fingerprinting tecnológico, evaluación de seguridad y reporting en una sola solución CLI. Diseñada para un uso ético, educativo y de auditoría. Este software NO debe utilizarse en sistemas ajenos.

Passive OSINT reconnaissance agent built with Python and LangGraph for public-source investigation, attack-surface review, and security reporting.

Generate a full domain recon report: DNS, TLS certificate, security headers, redirects and subdomains

With the aid of 43 techniques, including Google dorks. SmartRecon serves as a passive reconnaissance tool that used to gain initial information about an organization OR target domain.

A sleek passive origin IP discovery tool featuring a Flask web UI, real-time SSE streaming, secure session-specific API keys, and automatic CDN edge node pruning.

Passive reconnaissance platform -- 8 parallel intel modules (DNS, SSL/TLS, WHOIS, subdomain enum), weighted risk scoring, automated PDF reports, 8-layer input sanitization

A Comprehensive Web-Based Passive Reconnaissance Tools Directory

The goal of this lab was to collect open source intelligence on a practice target using only publicly available sources, without ever touching the target's systems directly.

🚀 Anonymize PII in real time with IronVeil, a high-performance Rust database proxy that protects sensitive data without altering your application code.