Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.

Passive recon & attack surface mapper — zero requests sent

Passive Reconnaissance Techniques Approach helps for penetration testing and bug bounty hunting by gathering information about a target system or network.

Grassmarlin replacement. Open-source multi-user ICS/SCADA passive network discovery and topology platform. Upload PCAPs, visualize OT networks, generate assessment reports. Flask + Docker. The open-source engine behind Fathom.

Instagram information gathering

Phone number osint

A lightweight Python tool for passive reconnaissance, including subdomain, email, and S3 bucket extraction, with AI-powered scanner for sensitive infrastructure mentions.

This is a Python script that provides the ability to perform: Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion.

Recon-Scan: open‑source passive reconnaissance with AI‑powered security analysis. Zero‑touch, developer‑first, and privacy‑focused.

A basic passive reconnaissance tool made using Python. It checks tech stacks, security headers and hidden directories in a website.

Passive subdomain enumeration tool in Python. Collects subdomains, resolves DNS, and optionally checks HTTP/HTTPS status.

🕵️♂️ Discover and extract endpoints, subdomains, and GraphQL queries effortlessly with this Burp Suite extension for efficient passive reconnaissance.

⚡ Passive OSINT reconnaissance tool — subdomains, GitHub leaks, Shodan, Wayback Machine

WP-Dex is an advanced passive WordPress reconnaissance tool built in Python for security auditing and intelligence gathering. It extracts detailed information about WordPress websites including plugins, themes, users, server fingerprinting, exposed paths, and known vulnerabilities — without performing any exploitation or modification. Designed for

Static is a lightweight, dependency-free typosquatting reconnaissance tool written in pure Python. It generates common typo variations of a target domain and checks them using DNS and HTTP/HTTPS heuristics to identify potentially available domains and redirect behavior.

Passive Recon - Subdomain Enumeration With sub-finder.

From a domain or IP: subdomains, open ports, CVE scores, reputation, leaks — all passive.

👻 GhostPath — A powerful modular reconnaissance toolkit built for hackers, OSINT professionals & bug bounty hunters — passive + active recon in a sleek CLI shell. Discover subdomains, probe paths, mine archives and hunt certificates — all from one interactive terminal interface.

Lightweight OSINT tool for passive DNS/subdomain discovery, DNS record lookup, reverse‑DNS and title extraction.

An intelligent, Human-in-the-Loop OSINT framework.