Website reconnaissance tools

Tools

Admin Page Finder (PHP) (admin page discovery tool)

penetration testing, reconnaissance

Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.

BlindElephant (web application fingerprinting)

reconnaissance, web application analysis

BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.

CMSeeK (CMS detection and exploitation)

penetration testing, software exploitation, software identification, vulnerability scanning

CMSeeK is a security scanner for content management systems (CMS). It can perform a wide range of functions starting from the detection of the CMS, up to vulnerability scanning. The tool claims to support over 100 different CMS tools, with extensive support for the commonly used ones like Drupal, Joomla, and WordPress.

The scans performed by CMSeeK include version detection. It can also do enumeration of users, plugins, and themes. This might be useful to see what users o...

CMSmap (reconnaissance tool for popular CMS frameworks)

application testing, information gathering, vulnerability scanning, web application analysis

CMSmap helps saving time in the process of detecting what CMS is used for a given web application. It performs reconnaissance and can do additional vulnerability scanning.

detectem (software enumeration)

application security, application testing, reconnaissance, vulnerability scanning

Detectem can be a good early vulnerability detection system. By scanning regularly the dependencies of web applications, old versions of tools can be detected and upgraded. This tool is also helpful for penetration tests to find out what kind of software components are used.

Gitem (GitHub organization reconnaissance tool)

information gathering, security assessment, security monitoring, self-assessment

Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Recon-ng (web reconnaissance framework)

collaboration, information gathering, information sharing, security assessment

Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.

shcheck (test HTTP headers of web applications)

application security, web application analysis

This simple tool is a good option to test if advised HTTP headers are available on web application and websites. It can be used as a defensive measure during development, or offensive to find weaknesses in existing applications.

VHostScan (virtual host scanner)

penetration testing, reconnaissance

Tools like VHostScan are powerful to perform reconnaissance and discover configuration defaults. This can be useful during penetration tests or security testing, to see if a system has been stripped from default pages. If not, this tool might discover them and provide valuable information about the system.

Wappalyzer (discovery of technology stack)

information gathering, reconnaissance, software identification

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.