30 open-source projects similar to reconurge/flowsint, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Flowsint alternative.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Argus is a modular network reconnaissance framework designed for gathering network intelligence, mapping infrastructure, and assessing security postures through automated discovery tasks. It operates as a containerized security toolset that allows for the consistent execution of specialized information-gathering modules across different operating systems. The system functions as an infrastructure audit tool and a web application security scanner, performing tasks such as DNS lookups, port scanning, and the inspection of HTTP headers to detect vulnerabilities. It also serves as a threat intell
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
OpenCTI is a cyber threat intelligence platform and knowledge base used to store, manage, and analyze technical security data. It functions as a threat intelligence visualization tool and an enterprise security data orchestrator that maps relationships between threat actors, malware, and vulnerabilities. The platform utilizes the STIX and TAXII standards for data representation and exchange, allowing for the sharing and receiving of standardized intelligence bundles. It distinguishes itself by converting complex security information into visual relationship diagrams and geographic maps to ide
vis is a JavaScript data visualization library used to render interactive networks, timelines, and graphs directly in the web browser. It functions as a relational data mapper and browser-based charting tool, turning complex structured data into dynamic visual patterns to expose entity relationships. The library provides specialized tools for force-directed network graphs, where relational data is represented as interactive nodes and edges. It also includes an interactive timeline component for plotting chronological events and time intervals on a scalable temporal axis. The project covers b
Crucix is an open-source intelligence system comprising an OSINT aggregator, a geospatial intelligence dashboard, and an LLM intelligence agent. It functions as a real-time signal monitor and automated alerting system designed to collect, analyze, and visualize geopolitical, economic, and satellite data from diverse open-source intelligence sources. The system utilizes large language models to synthesize intelligence feeds, generate actionable trade ideas, and classify signal priority with confidence scores. It features a geospatial visualization interface that plots intelligence events, such
Nettacker is an automated penetration testing framework designed to orchestrate reconnaissance, port scanning, and vulnerability detection. It functions as a network reconnaissance tool and vulnerability scanner that identifies open ports, fingerprints services, and checks systems against databases of known security flaws. The framework distinguishes itself by combining a web application crawler for discovering hidden paths via fuzzing with a vulnerability management system that persists scan results in a database to track historical assessments. It also includes specialized capabilities for
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
Mr.Holmes is an open-source intelligence investigation framework designed to gather public data from phone numbers, usernames, IP addresses, and domains. It functions as a collection of tools for digital footprint analysis and social media reconnaissance. The system integrates several specialized capabilities, including a search engine dorking tool for uncovering hidden public records and a geolocation utility for identifying the physical location and ownership of network addresses. It also includes a social media reconnaissance system that scrapes and links public profiles using usernames an
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
GHunt is a Google account investigator and open-source intelligence framework designed to retrieve publicly available information and metadata associated with Google accounts. It functions as an OSINT data extractor and offensive security framework used to identify user identities and uncover hidden metadata. The tool extracts public profile data from various Google services and exports the findings into structured JSON formats. This allows for the collection and analysis of digital footprints to support security research and reconnaissance.
SpiderFoot is an open-source reconnaissance and intelligence automation framework designed to streamline the collection and correlation of data for security investigations. It functions as a comprehensive platform that automates the querying of hundreds of public data sources to map digital footprints, identify exposed assets, and uncover potential security threats across an organization's external perimeter. The platform distinguishes itself through a modular, plugin-based architecture that executes data gathering tasks in parallel, supported by a directed graph data model that tracks relati
Maigret is an open-source intelligence framework designed for automated digital footprint discovery and identity investigation. It functions as a search engine that aggregates profile metadata by querying thousands of websites for specific usernames, mapping an individual's online presence across diverse platforms. The tool distinguishes itself through recursive discovery capabilities, which identify links within discovered profiles to expand the scope of an investigation automatically. It supports cross-platform identity correlation by mapping disparate accounts and pseudonymous personas, in
IntelOwl is a threat intelligence platform and security orchestration engine designed to aggregate, analyze, and enrich security observables. It functions as a security incident investigation tool and a threat intelligence aggregator, collecting data on files, domains, and IP addresses from diverse internal and external sources. The system differentiates itself through playbook-based workflow automation, allowing users to define reusable sequences of analysis tasks that trigger subsequent jobs based on prior outputs. It unifies disparate security data into a common schema and utilizes protoco
AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng
fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram
Unovis is a modular SVG and Canvas data visualization library used to build interactive charts, maps, and network graphs. It provides a framework-agnostic set of primitives for creating data dashboards and specialized visualizations. The library is distinguished by its dedicated toolkits for different visualization domains, including an XY charting library for coordinated plots, a network graph framework for relational data, and a geospatial visualization toolkit for TopoJSON-based mapping. Its capability surface covers a wide range of data representations, including linear, area, and bar ch
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
Twint is an open-source intelligence and data extraction framework designed to gather public social media information. It functions as a command-line utility that retrieves posts, user profiles, and follower lists directly from web interfaces, bypassing the need for official platform developer credentials or authentication keys. The tool distinguishes itself by enabling automated, large-scale data collection through terminal-based orchestration. It supports granular filtering by keywords, geographic locations, time ranges, and account status, allowing researchers to build targeted datasets fo
Cayley is a graph database engine designed for storing and querying interconnected data using a quad-based data model. It functions as an RDF quad store, managing information through subjects, predicates, objects, and labels. The system features a modular graph store architecture with pluggable backends, allowing it to swap between in-memory storage and various external persistent databases. It includes a GraphQL-inspired API and a dedicated data visualizer for the interactive exploration of nodes and edges. Query capabilities cover bidirectional path traversal and multi-syntax execution usi
NetworkX is a Python library designed for the creation, manipulation, and study of the structure, dynamics, and functions of complex networks. It provides a comprehensive framework for modeling relationships between entities as graphs, directed graphs, or multigraphs, allowing users to attach arbitrary metadata and properties to nodes and edges. The library distinguishes itself through a modular architecture that decouples graph analysis logic from data storage, utilizing nested dictionaries and adjacency lists to manage topology. It features a pluggable backend system that delegates computat
Noi is an AI-powered web browser designed to organize AI prompts and manage parallel browsing workspaces. It serves as a local-first browsing environment that stores history and settings on the local device for privacy and offline access. The browser distinguishes itself through a command line interface that allows users to trigger application actions and manage environments from external tools. It also includes a system for storing and organizing reusable AI prompt templates to streamline chat-based productivity. The platform provides multi-workspace organization, enabling side-by-side wind
T-Pot is a multi-honeypot orchestration platform and threat intelligence collector. It utilizes a Docker-based security sandbox to deploy and manage a collection of diverse decoy services that simulate vulnerable targets to lure attackers and record their activity. The system features a distributed sensor network where remote nodes capture attack logs and transmit them via encrypted communication to a central hub. This central hub employs an analytics stack to transform raw logs into geographic maps and interactive dashboards for adversary behavior visualization. To increase the realism of si
EcoPaste is a local clipboard manager and history database designed to store and retrieve text, images, and files copied to the system clipboard. It functions as a privacy-focused content archive that keeps all clipboard history and user settings on the local machine to ensure full user control. The project focuses on a content organization workflow, allowing users to categorize clipped snippets and attach descriptive notes to saved items. This enables the retrieval of specific entries and the management of frequent information more efficiently. The system provides capabilities for local dat
Superdesign is an AI-powered design platform that generates UI mockups, wireframes, and multi-page user flows from natural language prompts within a collaborative canvas environment. It functions as a design-to-code exporter, producing production-ready HTML, ZIP archives, or Shopify Liquid templates for direct implementation, and includes an OpenAPI specification importer that automatically generates API documentation and client code from schema definitions. The platform distinguishes itself through a branch-based design exploration system that creates independent design variations from a sin
PTF is a penetration testing tool manager and modular software orchestrator designed to automate the installation, compilation, and updating of security tools across different operating system distributions. It functions as a security tooling automation utility that fetches the latest releases and creates global system launchers for a curated collection of security binaries. The framework allows for the packaging of security tool suites into portable container images to ensure consistent execution across different infrastructure environments. It enables the distribution of specific sets of co
Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to
Photon is a command-line web crawler designed for security reconnaissance and information gathering. It systematically traverses websites to discover URLs, map domain infrastructure, and identify associated subdomains by retrieving DNS records. The tool distinguishes itself through its ability to perform deep content analysis, including the extraction of sensitive data such as API keys and authentication tokens using user-defined regular expressions. It supports offline inspection by cloning crawled web content to the local filesystem, allowing for structural analysis without additional netwo
Valibot is a modular, type-safe schema library for validating and parsing structural data in TypeScript environments.
PentestGPT is an autonomous security testing framework that leverages large language models to plan, execute, and coordinate end-to-end penetration testing engagements. By functioning as an autonomous agent, the system automates the entire testing lifecycle, from initial reconnaissance and vulnerability analysis to the generation of custom exploits and the execution of post-exploitation tasks. The platform distinguishes itself through a multi-agent orchestration system that coordinates specialized AI agents to collaborate on complex, multi-stage attack chains. It integrates multimodal context