Reconnaissance is one of the important stage in any ethical hacking attempt. By performing reconnaissance on any target, an ethical hacker can learn about the details of the target network and identify potential attack vectors such as open ports, sub-domains etc.
There are two types of Reconnaissance:
- Active Reconnaissance
- Passive Reconnaissance
In other words, reconnaissance is the initial step in a cyber-kill chain.
Always remember before scanning any target you should have proper authorization, otherwise you should never use these tools to scan any other targets because while scanning the targets, WAF (Web Application Firewall) monitors your network traffic and tracks your IP address and without authorization if you scan a target, you will violate the legal disclaimer of the application and you could face legal actions.
Our favorite top 5 recon tools are:
1. R3C0Nizer
R3C0Nizer is the first ever CLI based menu-driven automated web application B-Tier recon framework which install every tools and dependencies while running each modules so that the user need not to install any tools manually and R3C0Nizer is used to gather some assets/information’s which should help you to the next step with latest updated, fastest and efficient tools.
- GitHub – https://github.com/Anon-Artist/R3C0Nizer
- Language – Python/Python3/Golang
- Stars – 85 (as per checked on 10-March-2022)
2. Scant3r
scant3r is a module-based web security tool, whose goal is to make customizable tool with providing many functions and features that what you need.
- GitHub Link – https://github.com/knassar702/scant3r
- Language – Python/3.6
- Stars – 511 (as per checked on 10-March-2022)
3. ReconFTW
ReconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. ReconFTW uses lot of techniques (passive, bruteforce, permutations, certificate transparency, source code scraping, analytics, DNS records…) for subdomain enumeration which helps you getting the maximum and the most interesting subdomains so that you be ahead of the competition.
- GitHub Link – https://github.com/six2dez/reconftw
- Language – Golang
- Stars – 2.1k (as per checked on 10-March-2022)
4. MagicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
- GitHub Link – https://github.com/robotshell/magicRecon
- Stars – 374 (as per checked on 10-March-2022)
4. LazyRecon
LazyRecon is a wrapper of various scripts that automates the tedious and redundant process of reconnaissance of a target domain.
- GitHub Link – https://github.com/capt-meelo/LazyRecon
- Stars – 344 (as per checked on 10-March-2022)
5. Bug Bounty Scanner
A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output.
- GitHub Link – https://github.com/chvancooten/BugBountyScanner
- Stars – 465 (as per checked on 10-March-2022)
- 10 Steps to Secure and Manage Your Passwords
- Gmail and Facebook Users Advised to Secure Their Accounts Immediately
- Pentagon’s Proactive Approach to Cybersecurity – Over 50,000 Vulnerability Reports Since 2016
- Windows Hardening – Key Points To Remember
- Top 10 Fundamental Questions for Network Security
- How to Remove x-powered-by in Apache/PHP for Enhanced Security
- 12 Point Checklist – PHP Security Best Practices
- Secure Programming Checklist – 2023 Compilation Guide
- The Ultimate Network Security Checklist – 2023 Complete Guide
- A Comprehensive Guide to Crafting Strong Passwords