Nmap https://nmap.org/ GPL-2.0 Windows Linux Recon Active Vulnerability Scanning Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Use system package manager nmap -A example.com NMAP Vulscan https://github.com/scipag/vulscan GLP-3.0 Windows Linux NMap Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB See git page for installation instructions nmap -sV --script=vulscan/vulscan.nse www.example.com The Harvester https://github.com/laramies/theHarvester GPL-2.0 Python Recon Passive Passive and Active emails, subdomains and names harvester GitRepo ``` git clone https://github.com/laramies/theHarvester.git python3 -m pip install -r requirements.txt ``` If you have API keys for shodan ect... add them to `api-keys.yaml`]]> theHarvester -d example.com TODO Shodan https://www.shodan.io> Commercial Webapp Recon Passive Web based search engine for internet devices Register at https://www.shodan.io TODO Haveibeenpawned https://haveibeenpwned.com/ Unknown Webapp Recon Incident Response Check if you have an account that has been compromised in a data breach Farsight DNSDB Community Edition https://www.farsightsecurity.com/dnsdb-community-edition/ Commercial Webapp Recon DNS Passive Farsight's DNSDB Community Edition gives threat hunters and security professionals free access to the World’s Largest DNS Intelligence Database OpenVAS http://www.openvas.org/ GPL-2.0 Linux Vulnerability Scanning Active OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test TODO ZMap https://zmap.io/ GPL-2.0 Linux Recon Active ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in under 5 minutes Install using distro package management system. GitLeaks https://github.com/zricethezav/gitleaks GPL-2.0 Windows Linux Git Tag2 Audit git repos for secrets. Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories IInstall and run using Go package manager or Docker ``` docker run --rm --name=gitleaks zricethezav/gitleaks ``` truffleHog https://github.com/dxa4481/truffleHog GPL-2.0 Python git Tag2 Searches through git repositories for high entropy strings and secrets, digging deep into commit history pip install truffleHog truffleHog --regex --entropy=False https://github.com/dxa4481/truffleHog.git GPL-2.0 Tag1 Tag2