30 open-source projects similar to techgaun/github-dorks, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Github Dorks alternative.
SubDomainizer is a security scanning utility designed to map web infrastructure and identify sensitive information exposure. It functions as a reconnaissance tool that aggregates data from web pages, local files, and remote code hosting services to provide a comprehensive assessment of a target's attack surface. The tool specializes in discovering hidden subdomains and infrastructure entry points through recursive web crawling and the analysis of SSL certificate metadata. It further secures environments by scanning source code and external repositories for exposed API keys, passwords, and oth
Command-line Google dork tool. This is an early predecessor to dorkbot, which may be more useful: https://github.com/utiso/dorkbot
A geolocation OSINT tool. Offers geolocation information gathering through social networking platforms.
An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
theHarvester is a command-line utility designed for gathering open-source intelligence and mapping an organization's external attack surface. It functions as a security information gathering framework that automates the collection of publicly available data to assist in reconnaissance and threat analysis. The tool utilizes a plugin-based architecture to execute isolated queries against various search engines and public databases. It employs asynchronous task execution to run multiple discovery operations in parallel, while a centralized pipeline aggregates and deduplicates findings from these
vcsmap is a plugin-based tool to scan public version control systems for sensitive information.
Lepton is a cross-platform snippet manager and cloud-synced code library designed to organize and synchronize reusable code fragments and text snippets across different operating systems. It functions as a developer productivity tool and a markdown-enabled code editor for managing technical documentation. The application supports synchronization via remote backends and private enterprise server instances, including GitHub Enterprise integration. It utilizes token-based authentication to secure private code repository syncing and ensures connectivity in restricted corporate environments throug
AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co
Octotree is a source code browsing tool for GitHub that provides a navigable file tree sidebar for exploring repository folder structures without downloading files locally. It enables the navigation of directory hierarchies and the location of specific files through text-based search queries. The tool includes specialized workflows for reviewing pull requests by filtering the visible file tree to show only modified files. It also supports access to private repositories through the use of personal access tokens and multi-account management. The interface features customizable sidebar behavior
This project is an automated release note tool and markdown history generator that transforms repository activity into structured documentation. It functions as a GitHub API client and CI/CD pipeline component, aggregating tags, issues, and pull requests to produce categorized summaries of project changes. The tool distinguishes itself through native GitHub Enterprise integration, supporting custom API endpoints for self-hosted server instances. It employs a label-based categorization system to group changes into specific sections and utilizes personal access tokens or OAuth to manage API rat
Photon is a command-line web crawler designed for security reconnaissance and information gathering. It systematically traverses websites to discover URLs, map domain infrastructure, and identify associated subdomains by retrieving DNS records. The tool distinguishes itself through its ability to perform deep content analysis, including the extraction of sensitive data such as API keys and authentication tokens using user-defined regular expressions. It supports offline inspection by cloning crawled web content to the local filesystem, allowing for structural analysis without additional netwo
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
Zizmor is a security linter and static analysis tool designed to audit GitHub Actions workflow files. It functions as a CI/CD security scanner that identifies security vulnerabilities, misconfigurations, and software supply chain risks within automation pipelines. The project distinguishes itself by providing an automated workflow remediator that applies security fixes to identified vulnerabilities. It also implements a language server for integration with code editors and supports a variety of analysis personas to scale the sensitivity and volume of reported findings. The tool covers a broa
Gitingest is a tool for extracting, converting, and estimating the token size of codebases to facilitate ingestion by large language models. It transforms GitHub repositories and local directories into a single formatted text file that serves as a structured context window for model analysis. The utility includes a codebase token estimator to calculate file structure and total token counts, helping to determine the scale of the extracted content. It supports both public and private repositories through token-based authentication and respects gitignore configurations to filter out irrelevant p
Ruby exiftool wrapper that is simple, correct, and supports multiget
GHunt is a Google account investigator and open-source intelligence framework designed to retrieve publicly available information and metadata associated with Google accounts. It functions as an OSINT data extractor and offensive security framework used to identify user identities and uncover hidden metadata. The tool extracts public profile data from various Google services and exports the findings into structured JSON formats. This allows for the collection and analysis of digital footprints to support security research and reconnaissance.
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
An open source intelligence tool to crawl the graph of certificate Alternate Names
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
This project is a comprehensive, community-curated directory of resources and methodologies for open-source intelligence gathering. It serves as a centralized reference framework for researchers, providing a structured index of specialized tools, databases, and search techniques used to collect and analyze publicly available information from across the global internet. The directory distinguishes itself through a hierarchical taxonomy that organizes complex investigative domains, ranging from cyber threat intelligence and digital forensic investigation to geospatial analysis and operational s
h8mail is an open-source intelligence tool for searching leaked credentials and compromised accounts across remote APIs and local data dumps. It functions as a credential leak hunter and email reconnaissance framework designed to identify exposed passwords and sensitive information using usernames, domains, IP addresses, and email hashes. The tool distinguishes itself through a recursive target expansion system that feeds newly discovered email addresses back into the search queue to broaden the scope of investigations. It also includes a local breach data parser that employs multiprocessing
XRay is a tool for recon, mapping and OSINT gathering from public networks.
Pentagi is an autonomous security testing framework and agent orchestrator designed to plan and execute end-to-end security assessments. It utilizes a coordination engine to decompose complex goals into actionable subtasks, performing automated penetration testing and vulnerability research within isolated container environments. The system distinguishes itself through a temporal knowledge graph that tracks semantic relationships between entities and vulnerabilities to reuse intelligence across projects. It includes a web intelligence reconnaissance tool for automated data gathering and agent
Apkleaks is a static analysis tool and security auditor designed to extract hardcoded secrets, API endpoints, and sensitive data from Android application packages. It operates as a secret scanner that analyzes compiled binaries without executing them to identify potential information leaks and insecure endpoints. The tool utilizes a regex-based data extraction engine to identify sensitive strings within decompiled code. It supports customization through JSON-defined search patterns and provides configuration flags to tune the behavior of the underlying disassembler. The analysis pipeline enc