Th3inspector alternatives

SubFinder is a tool to scan domains and discover subdomains. This may be useful during the reconnaissance phase of penetration testing where information is collected. Some subdomains may reveal sensitive data or point to interesting targets such as a backup location.

Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.

This small utility can retrieve information from the WHOIS database, to see who owns an IP address or domain name. Besides that, it can obtain information from the system itself, like the uptime. DMitry also has the option to search for email addresses, perform a TCP port scan, and use modules specified by the user.

Sublist3r helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

Altdns is a security tool to discover subdomains. It generates permutations, alterations, and mutations of subdomains. The generated names can also be tested by performing DNS lookups. An enumeration tool like Altdns is useful during penetrating testing assignments.

Domain is a Python script written by Jason Haddix to combine the tools Recon-ng and altdns. It allows to use the two tool one multiple domains within the same session.

CMSeeK is a security scanner for content management systems (CMS). It can perform a wide range of functions starting from the detection of the CMS, up to vulnerability scanning. The tool claims to support over 100 different CMS tools, with extensive support for the commonly used ones like Drupal, Joomla, and WordPress.

The scans performed by CMSeeK include version detection. It can also do enumeration of users, plugins, and themes. This might be useful to see what users or components are available. The tool includes admin page discovery, file discovery, and directory listing. Anything that might be useful to a penetration test or security assessment, might be displayed.

This tool could be used during penetration testing to learn what information is leaked regarding email addresses. For a company, it may be useful to do security monitoring and learn the same.

OSINT-SPY is a modular tool to query information on different subjects like an IP address, domain, email address, or even Bitcoin address. This tool can be valuable during the reconnaissance phase of a penetration test. It can be used also for defenses purpose, like learning what information is publically available about your organization and its assets.

Tools like web-hunter help with information gathering. This can be useful for penetration testing or when doing a self-assessment on your organization.

GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

This tool can be used to perform reconnaissance on a company or individual target by looking into software repositories. Meta-data like commit activity can reveal who is working for a particular company. This tool helps to extract emails from software repositories.

RTA is helpful to automate scanning public resources of a company. As the project name implies, this may be used during red teaming, like a penetration test. That obviously does not limit its use, as it is similarly useful by the blue team.

With its integration with Nessus and other tools, RTA is more of a toolkit. This can be seen in its functionality, like subdomain enumeration and information gathering capabilities.

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

SubOver is considered a hostile tool to take over a subdomain. It can be used during pentesting and security assessments to discover unconfigured subdomains.

When a project requires resolving or guessing host names, then this tool is a great addition to the toolkit. It focuses on 'fast' by using asynchronous operations. The list of names to try is provided with a wordlist.

Although there are many port scanning utilities, sometimes it is specific functionality that makes a tool really powerful. For example, QuickScan saves the results of a scan, which then can be processed later for follow-up.

ThreatPinch helps to speed up collecting information from common resources like CVE databases or public WHOIS data. As it works from the browser, it is a helpful addition for people who have to perform forensics, security monitoring, or system administration. For example, getting the owner of a domain and IP address becomes almost instant knowledge.