Website reconnaissance tools
Tools
Popular website reconnaissance tools
Admin Page Finder (PHP) (admin page discovery tool)
penetration testing, reconnaissance
Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.
BlindElephant (web application fingerprinting)
reconnaissance, web application analysis
BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.
CMSeeK (CMS detection and exploitation)
penetration testing, software exploitation, software identification, vulnerability scanning
CMSeeK is a security scanner for content management systems (CMS). It can perform a wide range of functions starting from the detection of the CMS, up to vulnerability scanning. The tool claims to support over 100 different CMS tools, with extensive support for the commonly used ones like Drupal, Joomla, and WordPress.
The scans performed by CMSeeK include version detection. It can also do enumeration of users, plugins, and themes. This might be useful to see what users or …
CMSmap (reconnaissance tool for popular CMS frameworks)
application testing, information gathering, vulnerability scanning, web application analysis
CMSmap helps saving time in the process of detecting what CMS is used for a given web application. It performs reconnaissance and can do additional vulnerability scanning.
Gitem (GitHub organization reconnaissance tool)
information gathering, security assessment, security monitoring, self-assessment
Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.
Recon-ng (web reconnaissance framework)
collaboration, information gathering, information sharing, security assessment
Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.
VHostScan (virtual host scanner)
penetration testing, reconnaissance
Tools like VHostScan are powerful to perform reconnaissance and discover configuration defaults. This can be useful during penetration tests or security testing, to see if a system has been stripped from default pages. If not, this tool might discover them and provide valuable information about the system.
Wappalyzer (discovery of technology stack)
information gathering, reconnaissance, software identification
Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.
detectem (software enumeration)
application security, application testing, reconnaissance, vulnerability scanning
Detectem can be a good early vulnerability detection system. By scanning regularly the dependencies of web applications, old versions of tools can be detected and upgraded. This tool is also helpful for penetration tests to find out what kind of software components are used.
shcheck (test HTTP headers of web applications)
application security, web application analysis
This simple tool is a good option to test if advised HTTP headers are available on web application and websites. It can be used as a defensive measure during development, or offensive to find weaknesses in existing applications.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.