Domain reconnaissance tools

Tools

Domain Analyzer (domain information gathering)

information gathering, penetration testing

Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.

Infoga (email information gathering)

information gathering, reconnaissance

This tool could be used during penetration testing to learn what information is leaked regarding email addresses. For a company, it may be useful to do security monitoring and learn the same.

OSINT-SPY (open source intelligence gathering tool)

information gathering, penetration testing, reconnaissance

OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.

Recon-ng (web reconnaissance framework)

collaboration, information gathering, information sharing, security assessment

Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.

subDomainsBrute (subdomain scanning tool for pentesters)

The subDomainsBrute tool is one of the tools to perform a scan on a domain to discover subdomains and store the output.

SubFinder (subdomain scanner)

discovery of sensitive information, information gathering, penetration testing, reconnaissance, security assessment

SubFinder is a tool to scan domains and discover subdomains. This may be useful during the reconnaissance phase of penetration testing where information is collected. Some subdomains may reveal sensitive data or point to interesting targets such as a backup location.

Th3inspector (extensive information gathering tool)

discovery of sensitive information, information gathering

This tool can be called a true 'inspector tool' as it helps to discover many types of data.

  • Website information
  • Domain and subdomain information
  • Mail server information and email
  • Phone details
  • IP addresses
  • Detection of used CMS

web-hunter (information gathering tool for target domain)

information gathering

Tools like web-hunter help with information gathering. This can be useful for penetration testing or when doing a self-assessment on your organization.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.