Recon Python Packages

courlan

Clean, filter and sample URLs to optimize data collection – Python & command-line – Deduplication, spam, content and language filters

7.3M 169 13

bbot

The recursive internet scanner for hackers. 🧡

93K 10K 799

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

34K 50 4

arjun

HTTP parameter discovery suite.

25K 6K 856

h8mail

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

24K 5K 578

theharvester

E-mails, subdomains and names Harvester - OSINT

19K 16K 2K

recon-tool

Passive domain intelligence: M365 tenant lookup, email security scoring, 225+ SaaS fingerprints, crt.sh enrichment & signal intelligence. Zero-credential, purely passive. Native MCP server for AI agents (Claude, Cursor, etc.).

17K 1 0

reconninja

⚡ ReconNinja v8.2.1 — 38-phase recon framework for pentesters & bug bounty hunters. Subdomain enum → port scan → web recon → WAF/CORS/JS/cloud bucket detection → GitHub OSINT → CVE lookup → AI threat analysis → HTML report. Domains, IPs, CIDRs, target lists. Plugin system. 598 tests.

3K 39 6

beastcrypt

Advanced JS Reconnaissance Tool | Wayback & Katana Integration | Auto-Source Map Discovery Automated engine to hunt for exposed secrets, API keys, and sensitive endpoints by analyzing historical JS files and automatically locating hidden .map files.

2K 0 0

subsurfer

Recon Subdomain Scan Tool

1K 46 4

webhawk

A Web Recon Framework is written in Python 3

1K 4 1

dirbpy

This is the new version of dirb in python.

1K 36 11

aarya

Validates the existence of registered accounts across social & shopping platforms and extracts rich identity intelligence (Names, Photos, IDs).

1K 31 2

gitlab-harvester

Global term search for GitLab via gitlab-python

889 2 0

nettacker

Automates information gathering, vulnerability scanning and aids penetration testing engagements in general

810 5K 1K

endabyss

Recon Crawling Endpoint and Parameter Scan Tool

540 2 0

r3c0n

A tool for performing reconnaissance on web targets in Python

496 3 2

s3recon

Amazon S3 bucket finder and crawler.

477 155 57

webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

460 157 19

porch-pirate

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.

429 454 56