What is reconnaissance?

Reconnaissance is the process of collecting information about a target. It is used in the military to learn about the enemy. During penetration testing assignments it has a similar role. Good reconnaissance will improve the quality of the pentest and increase the chances of successful service exploitation.

See Information gathering for more details.

Tool categories

There are 3 tool collections available that cover reconnaissance:

Security tools

The following security tools are linked to reconnaissance and are worth investigating.

  • 0trace (reconnaissance tool and firewall bypassing)
  • (reconnaissance and firewall bypass tool)
  • CMSmap (reconnaissance tool for popular CMS frameworks)
  • DataSploit (OSINT framework)
  • Domain Analyzer (domain information gathering)
  • Gitem (GitHub organization reconnaissance tool)
  • IVRE (reconnaissance for network traffic)
  • InstaRecon (automated digital reconnaissance)
  • Intrigue Core (attack surface discovery)
  • OSINT Framework (collection of OSINT resources)
  • OSINT-SPY (open source intelligence gathering tool)
  • Recon-ng (web reconnaissance framework)
  • Sandmap (network and system reconnaissance)
  • Sn1per (automated pentest recon scanner)
  • SpiderFoot (OSINT tool)
  • Wappalyzer (discovery of technology stack)
  • YASAT (local security scanner)
  • detectem (software enumeration)
  • p0f (passive fingerprinting tool)
  • tlsenum (enumeration tool for TLS)
  • wig (reconnaissance tool for web applications)