System reconnaissance tools


Popular system reconnaissance tools

Intrigue Core (attack surface discovery)

OSINT research, asset discovery, attack surface measurement, intelligence gathering, penetration testing, security assessment

Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.

Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.

Recon-ng (web reconnaissance framework)

collaboration, information gathering, information sharing, security assessment

Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.

Sandmap (network and system reconnaissance)


Where Nmap is a powerful tool, it comes with many bells and whistles. Sandmap helps with the automation of using the Nmap engine, making it more user-friendly interface. It simplifies, automates, and speeds up the scanning, while still using the advanced scanning techniques available.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.

Related topics

Looking for more specific topics within this tool group? Have a look at the following relevant topics.