Company reconnaissance tools

Tools

Gitmails (email harvesting from repositories)

email harvesting, information gathering, reconnaissance

This tool can be used to perform reconnaissance on a company or individual target by looking into software repositories. Meta-data like commit activity can reveal who is working for a particular company. This tool helps to extract emails from software repositories.

Gitrob (discovery of sensitive data in repositories)

data leak prevention, information gathering, penetration testing, security assessment

Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

Infoga (email information gathering)

information gathering, reconnaissance

This tool could be used during penetration testing to learn what information is leaked regarding email addresses. For a company, it may be useful to do security monitoring and learn the same.

OSINT-SPY (open source intelligence gathering tool)

information gathering, penetration testing, reconnaissance

OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.

Recon-ng (web reconnaissance framework)

collaboration, information gathering, information sharing, security assessment

Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.

Wappalyzer (discovery of technology stack)

information gathering, reconnaissance, software identification

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.