Reconnaissance is one of the important stage in any ethical hacking attempt. By performing reconnaissance on any target, an ethical hacker can learn about the details of the target network and identify potential attack vectors such as open ports, sub-domains etc.
There are two types of Reconnaissance:
- Active Reconnaissance
- Passive Reconnaissance
In other words, reconnaissance is the initial step in a cyber-kill chain.
Always remember before scanning any target you should have proper authorization, otherwise you should never use these tools to scan any other targets because while scanning the targets, WAF (Web Application Firewall) monitors your network traffic and tracks your IP address and without authorization if you scan a target, you will violate the legal disclaimer of the application and you could face legal actions.
Our favorite top 5 recon tools are:
R3C0Nizer is the first ever CLI based menu-driven automated web application B-Tier recon framework which install every tools and dependencies while running each modules so that the user need not to install any tools manually and R3C0Nizer is used to gather some assets/information’s which should help you to the next step with latest updated, fastest and efficient tools.
- GitHub – https://github.com/Anon-Artist/R3C0Nizer
- Language – Python/Python3/Golang
- Stars – 85 (as per checked on 10-March-2022)
scant3r is a module-based web security tool, whose goal is to make customizable tool with providing many functions and features that what you need.
- GitHub Link – https://github.com/knassar702/scant3r
- Language – Python/3.6
- Stars – 511 (as per checked on 10-March-2022)
ReconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. ReconFTW uses lot of techniques (passive, bruteforce, permutations, certificate transparency, source code scraping, analytics, DNS records…) for subdomain enumeration which helps you getting the maximum and the most interesting subdomains so that you be ahead of the competition.
- GitHub Link – https://github.com/six2dez/reconftw
- Language – Golang
- Stars – 2.1k (as per checked on 10-March-2022)
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
- GitHub Link – https://github.com/robotshell/magicRecon
- Stars – 374 (as per checked on 10-March-2022)
LazyRecon is a wrapper of various scripts that automates the tedious and redundant process of reconnaissance of a target domain.
- GitHub Link – https://github.com/capt-meelo/LazyRecon
- Stars – 344 (as per checked on 10-March-2022)
5. Bug Bounty Scanner
A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output.
- GitHub Link – https://github.com/chvancooten/BugBountyScanner
- Stars – 465 (as per checked on 10-March-2022)
- The Hacker’s Methodology – A Brief Guide
- SSRF (Server Side Request Forgery) – A Basic Understanding
- The 15 Point Checklist For Securing the Web Servers
- 17 Most Common Web Security Vulnerabilities
- Top 10 Different Types of Hacking Attacks
- Detecting Hacker Attacks For Windows and Linux OS
- Top 4 Factors Affecting Physical Security
- Hacking Web Applications and its Countermeasures
- Security Awareness and User Training – Why Is It So Important In 2022?
- 4 Easy Steps To Secure Your Kali Linux Operating System