7 repositorios
Utilities for mapping and discovering the structure of web applications.
Distinct from Web Application Security: Distinct from Web Application Security: focuses on active discovery and mapping of endpoints rather than defensive security layers.
Explore 7 awesome GitHub repositories matching security & cryptography · Reconnaissance Tools. Refine with filters or upvote what's useful.
Pentagi is an autonomous security testing framework and agent orchestrator designed to plan and execute end-to-end security assessments. It utilizes a coordination engine to decompose complex goals into actionable subtasks, performing automated penetration testing and vulnerability research within isolated container environments. The system distinguishes itself through a temporal knowledge graph that tracks semantic relationships between entities and vulnerabilities to reuse intelligence across projects. It includes a web intelligence reconnaissance tool for automated data gathering and agent
Includes tools for automated web reconnaissance to gather intelligence and map targets for security workflows.
Katana is a web crawler and spider designed for security reconnaissance and web application mapping. It functions as a utility for identifying endpoints, forms, and API structures across web targets by combining standard HTTP request traversal with headless browser automation to render dynamic, JavaScript-heavy content. The tool distinguishes itself through its ability to maintain authenticated sessions and handle complex web interactions, such as automated form submission and captcha resolution. It provides granular control over the discovery process, allowing users to define specific crawl
Maps web application structures and endpoints to identify hidden resources during security assessments.
XSStrike is an automated security scanning engine designed for web application discovery, input
Mapping web application structures and discovering hidden paths to identify potential injection points for comprehensive security analysis.
dirsearch is a command-line security tool and web path scanner used for discovering hidden directories and files on web servers. It functions as a recursive directory fuzzer and brute-force utility that identifies undocumented paths and sensitive files using wordlists and HTTP status codes. The tool distinguishes itself through template-driven path generation and an automated HTTP response filter that uses status codes, content length, and regex patterns to isolate valid targets. It supports recursive directory crawling to map complex web structures and provides state-persistence serializatio
Implements utilities for mapping and discovering the structure of web applications through active reconnaissance.
Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses. The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations. The scanner covers broad capability are
Discovers hidden directories and identifies server software versions through dictionary attacks.
Gau is a command-line tool and passive URL enumerator designed to discover and aggregate known and historical web addresses for specific target domains. It functions as a collection framework that retrieves domain-specific data from public web archives and threat intelligence providers. The tool focuses on passive reconnaissance and open-source intelligence research to map attack surfaces without sending requests directly to target infrastructure. It aggregates data from multiple external sources to identify accessible web endpoints and forgotten pages. The system includes capabilities for r
Aggregates domain-specific URL data from external archives to map an application's attack surface.
LinkFinder es una herramienta de reconocimiento de seguridad y análisis estático diseñada para el descubrimiento de endpoints en JavaScript. Extrae URLs absolutas y relativas y parámetros de archivos JavaScript para mapear la superficie de ataque de aplicaciones web e identificar rutas de API ocultas. La herramienta opera a través de análisis de código estático y coincidencia de patrones de expresiones regulares para encontrar endpoints sin ejecutar el código fuente. Incluye un procesador de datos para importar archivos exportados desde Burp Suite, permitiendo el análisis por lotes de múltiples activos JavaScript en una sola ejecución. El sistema proporciona capacidades para el análisis a nivel de dominio y filtrado específico de dominio para enfocar el descubrimiento en objetivos específicos. También cuenta con notificaciones de detección de palabras clave para alertar a los usuarios cuando cadenas específicas aparecen en los resultados, y soporta la exportación de datos descubiertos en formatos de texto plano o HTML.
Maps and discovers the structure of web applications by scanning JavaScript assets across a target domain.