Showing 31 open source projects for "enumeration"

View related business solutions
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • Ship Agents Faster Icon
    Ship Agents Faster

    Transform your applications and workflows into powerful agentic systems at global scale.

    Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
    Get Started Free
  • 1
    subfinder

    subfinder

    Fast passive subdomain enumeration tool

    Subfinder is a high-performance passive subdomain discovery tool built for fast and reliable asset enumeration. It focuses exclusively on collecting valid subdomains from a wide range of passive online sources, prioritizing accuracy and speed over intrusive scanning techniques. The project is widely used in bug bounty hunting, penetration testing, and attack surface mapping because it minimizes noise while producing actionable results.
    Downloads: 31 This Week
    Last Update:
    See Project
  • 2
    holehe

    holehe

    Check if the mail is used on different sites

    ...It supports more than a hundred websites and is commonly used during reconnaissance, digital investigations, and account exposure assessments. holehe is designed to operate quickly and quietly, emphasizing efficiency and minimal footprint during enumeration tasks. The project can be used both as a standalone command-line tool and as a library embedded into larger automation pipelines. Overall, holehe provides investigators with a focused and scalable method for mapping an email’s online presence.
    Downloads: 43 This Week
    Last Update:
    See Project
  • 3
    X-osint

    X-osint

    Open source OSINT tool for gathering data on emails, phones, and IPs

    ...It provides investigators and researchers with a centralized interface for running information-gathering tasks that would normally require multiple separate tools. X-osint can also perform domain-related reconnaissance activities such as subdomain enumeration, DNS lookups, and host discovery to help identify infrastructure associated with a target. In addition to network and domain intelligence, it includes features for extracting metadata from files or images and analyzing text content to uncover hidden details. X-osint is written primarily in Python and is designed to run in terminal environments, particularly on Linux systems and Termux setups.
    Downloads: 45 This Week
    Last Update:
    See Project
  • 4
    WPScan

    WPScan

    WPScan WordPress security scanner

    WPScan is a black-box WordPress vulnerability scanner written in Ruby. It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators.
    Downloads: 14 This Week
    Last Update:
    See Project
  • Host LLMs in Production With On-Demand GPUs Icon
    Host LLMs in Production With On-Demand GPUs

    NVIDIA L4 GPUs. 5-second cold starts. Scale to zero when idle.

    Deploy your model, get an endpoint, pay only for compute time. No GPU provisioning or infrastructure management required.
    Try Free
  • 5
    Raccoon

    Raccoon

    High-performance reconnaissance and vulnerability scanning tool

    ...The tool combines multiple scanning techniques into a single workflow, helping users identify potential weaknesses, exposed services, and accessible resources on a target host. Raccoon can perform DNS enumeration, subdomain discovery, and URL fuzzing to uncover hidden endpoints and infrastructure components. It also integrates network scanning capabilities through tools such as Nmap to detect open ports, services, and potential vulnerabilities. By consolidating these reconnaissance tasks into a single command-line interface, Raccoon aims to streamline the early phases of security testing and provide actionable information for further investigation.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 6
    discover

    discover

    Automation framework for reconnaissance and penetration testing tasks

    Discover is a collection of custom Bash scripts designed to automate many common tasks involved in penetration testing workflows. The project brings together a variety of security testing functions into a single framework that simplifies reconnaissance, scanning, and enumeration processes. It provides a menu-driven interface that allows security professionals to quickly launch different tools and scripts without manually executing each command. The framework helps streamline activities such as information gathering, network scanning, and web application testing during security assessments. Discover also integrates with well-known security tools like Metasploit to generate malicious payloads and manage listeners for exploitation tasks. ...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 7
    Pacu

    Pacu

    The AWS exploitation framework, designed for testing security

    ...What used to take days to manually enumerate can be now be achieved in minutes. There are currently over 35 modules that range from reconnaissance, persistence, privilege escalation, enumeration, data exfiltration, log manipulation, and miscellaneous general exploitation.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 8
    Username Anarchy

    Username Anarchy

    Username generator for penetration testing and user enumeration

    ...It generates large sets of potential usernames based on a person’s name and common naming conventions used in corporate or online systems. These generated username lists can then be used for activities such as username enumeration, password spraying, or brute force testing during security audits. Username Anarchy supports numerous formatting styles, allowing security testers to replicate patterns commonly used in enterprise environments such as first.last, flast, or firstinitiallastname. Username Anarchy can also utilize name sources gathered from OSINT techniques such as social networks or other public data to produce realistic username lists.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 9
    bettercap

    bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks

    bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks.
    Downloads: 74 This Week
    Last Update:
    See Project
  • AI-powered service management for IT and enterprise teams Icon
    AI-powered service management for IT and enterprise teams

    Enterprise-grade ITSM, for every business

    Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
    Try it Free
  • 10
    SoftEther VPN

    SoftEther VPN

    Cross-platform multi-protocol VPN software

    An open-source free cross-platform multi-protocol VPN program, as an academic project from University of Tsukuba, under the Apache License 2.0. The API Suite allows you to easily develop your original SoftEther VPN Server management application to control the VPN Server (e.g. creating users, adding Virtual Hubs, disconnecting a specified VPN sessions) from JavaScript, TypeScript, C# or other languages. SoftEther VPN ("SoftEther" means "Software Ethernet") is one of the world's most powerful...
    Downloads: 72 This Week
    Last Update:
    See Project
  • 11
    BBOT

    BBOT

    The recursive internet scanner for hackers

    BBOT is an advanced open-source reconnaissance automation framework designed to streamline large-scale OSINT and attack surface discovery workflows. It operates as a modular and recursive scanning tool that can enumerate subdomains, perform port scans, gather metadata, and collect web intelligence through a unified command-line interface. The project emphasizes extensibility, allowing users to create or integrate custom modules that expand the scope of reconnaissance tasks without modifying...
    Downloads: 7 This Week
    Last Update:
    See Project
  • 12
    Inventory

    Inventory

    Asset inventory dataset for public bug bounty program targets

    Trickest Inventory is an open source dataset and workflow collection designed to provide an extensive asset inventory for public bug bounty programs. The repository tracks and organizes security-relevant assets for more than 800 companies participating in public vulnerability disclosure and bug bounty initiatives. It collects information such as DNS records and web server data, helping security researchers better understand the attack surface of these programs. It aims to streamline...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 13
    cloud_enum

    cloud_enum

    Multi-cloud OSINT tool for discovering public cloud resources

    ...It works by taking user-provided keywords and generating variations through mutation wordlists, then testing these combinations against common cloud service naming patterns. cloud_enum performs both HTTP probing and DNS lookups to identify resources such as storage buckets, cloud applications, and databases that may be exposed or accessible. cloud_enum uses concurrent processing to speed up scanning, enabling efficient enumeration of large numbers of possible resource names. It can identify both publicly accessible and protected resources, helping security researchers understand the external cloud footprint of an organization.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 14
    GooFuzz

    GooFuzz

    OSINT fuzzing tool using Google dorks to find exposed resources

    ...It is written in Bash and automates the use of Google Dorking queries to discover publicly accessible information related to a target domain. Instead of directly sending requests to the target server, GooFuzz gathers results through search engine indexing, allowing enumeration without leaving traces in the target’s server logs. This method enables the discovery of potentially sensitive files, directories, subdomains, and parameters that are already exposed on the web. By combining wordlists, search operators, and file extension filters, the tool helps security professionals locate misconfigured or unintentionally exposed resources. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    Ignorant

    Ignorant

    Checks if a phone number is registered on online services

    Ignorant is a Python-based OSINT tool designed to determine whether a specific phone number is associated with accounts on various online platforms. It performs phone number enumeration by sending requests to supported services and analyzing their responses to identify whether an account exists for that number. By querying endpoints used during account registration, login, or other interactions, Ignorant can infer the presence of an account without notifying the phone number owner. This allows investigators, researchers, or security professionals to perform reconnaissance without alerting the target. ...
    Downloads: 37 This Week
    Last Update:
    See Project
  • 16
    socialscan

    socialscan

    Scan platforms to check username and email account usage

    ...It allows users to quickly determine if a specific username or email address is already in use across multiple services, making it useful for security research, digital investigations, and account enumeration tasks. It focuses on accuracy by querying platform endpoints in a way that reliably detects whether a credential exists without producing misleading results. Socialscan can be used both as a Python library and as a command-line utility, making it flexible for developers and analysts alike. It uses asynchronous networking to perform multiple queries efficiently, enabling fast scans across different services. ...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 17
    CrossLinked

    CrossLinked

    LinkedIn employee enumeration tool using search engine scraping

    CrossLinked is an open source LinkedIn enumeration tool designed to collect employee names associated with a target organization. Instead of accessing LinkedIn directly or relying on its API, it performs search engine scraping using services such as Google and Bing to discover public LinkedIn profile results. By analyzing these search results, CrossLinked extracts employee names and processes them into usable formats for security assessments or reconnaissance activities.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 18
    CrackMapExec

    CrackMapExec

    A swiss army knife for pentesting networks

    CrackMapExec (CME) is a versatile post-exploitation and enumeration tool designed for pentesters and red teams to assess Active Directory environments. It supports credential spraying, command execution, file transfers, and module-based extensions across SMB, RDP, LDAP, and other protocols. CME provides automation and insight into Windows networks and is commonly used during lateral movement and domain enumeration phases.
    Downloads: 13 This Week
    Last Update:
    See Project
  • 19
    OneForAll

    OneForAll

    OneForAll is a powerful subdomain collection tool

    OneForAll is a comprehensive subdomain enumeration and reconnaissance tool primarily used in penetration testing and bug bounty workflows. Built in Python, it aggregates results from numerous DNS, certificate transparency, search engine, and threat intelligence sources to uncover hidden subdomains. The tool is particularly notable for incorporating many Chinese data sources that are often missed by Western-focused recon tools, increasing discovery coverage.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Hakrawler

    Hakrawler

    Fast Go web crawler for discovering URLs and web app endpoints

    ...It accepts URLs through standard input, making it easy to integrate into command-line pipelines with other security tools. This workflow enables researchers to combine it with subdomain enumeration, HTTP probing, and vulnerability scanning utilities to automate reconnaissance processes. hakrawler can follow links within a website and optionally include subdomains.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21
    ReconSpider

    ReconSpider

    Most Advanced Open Source Intelligence (OSINT) Framework

    ...ReconSpider aggregate all the raw data, visualize it on a dashboard, and facilitate alerting and monitoring on the data. Recon Spider also combines the capabilities of Wave, Photon and Recon Dog to do a comprehensive enumeration of attack surfaces. Reconnaissance is a mission to obtain information by various detection methods, about the activities and resources of an enemy or potential enemy, or geographic characteristics of a particular area. A Web crawler, sometimes called a spider or spiderbot and often shortened to crawler, is an Internet bot that systematically browses the World Wide Web, typically for the purpose of Web indexing (web spidering).
    Downloads: 1 This Week
    Last Update:
    See Project
  • 22
    Sudomy

    Sudomy

    Sudomy is a subdomain enumeration tool to collect subdomains

    ...Subdomain enumeration process can be achieved by using active method or passive method. Sudomy utilize Gobuster tools because of its highspeed performance in carrying out DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contains around 3 million entries. By evaluating and selecting the good third-party sites/resources, the enumeration process can be optimized.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 23
    AttackSurfaceMapper

    AttackSurfaceMapper

    Automated tool for mapping & expanding organization’s attack surface

    ...Users can supply domains, subdomains, or IP addresses as input, and applies multiple discovery methods to identify additional related assets such as new subdomains, associated IP ranges, and hosts within the same network ownership. It performs both brute-force and passive enumeration techniques to uncover infrastructure components that may not be immediately visible. After building an expanded list of targets, AttackSurfaceMapper collects intelligence such as screenshots of web applications, information about exposed services, and possible vulnerabilities identified through integrated services. It can also search for publicly exposed credentials.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 24
    AQUATONE

    AQUATONE

    A tool for domain flyovers

    ...This means that you can pretty much give it output of any tool you use for host discovery. Aquatone is now completely focused on screenshotting and reporting. I know a lot of people used Aquatone for its DNS enumeration capabilities and it was definitely very good at that when it was released. Now other tools are doing a much better job of this, so I decided to leave it out of the new Aquatone, and instead make it easy to use it with your tool of choice.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 25
    Proxyp

    Proxyp

    Multithreaded Proxy Enumeration Utility

    Proxyp is a small multithreaded Perl script written to enumerate latency, port numbers, server names, & geolocations of proxy IP addresses. This script started as a way to speed up use of proxychains, which is why I've added an append option for resulting live IP addresses to be placed at the end of a file if need be. Requires IP::Country module and root/administrator privileges. "No man is free who is not master of himself" --Epictetus "For a man to conquer himself is the first...
    Downloads: 1 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • Next
Auth0 Logo