System reconnaissance tools
Tools
Popular system reconnaissance tools
Intrigue Core (attack surface discovery)
OSINT research, asset discovery, attack surface measurement, intelligence gathering, penetration testing, security assessment
Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.
Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.
Recon-ng (web reconnaissance framework)
collaboration, information gathering, information sharing, security assessment
Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.
Sandmap (network and system reconnaissance)
reconnaissance
Where Nmap is a powerful tool, it comes with many bells and whistles. Sandmap helps with the automation of using the Nmap engine, making it more user-friendly interface. It simplifies, automates, and speeds up the scanning, while still using the advanced scanning techniques available.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.