Recon Python Packages

courlan

Clean, filter and sample URLs to optimize data collection – Python & command-line – Deduplication, spam, content and language filters

bbot

The recursive internet scanner for hackers. 🧡

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

arjun

HTTP parameter discovery suite.

h8mail

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

theharvester

E-mails, subdomains and names Harvester - OSINT

recon-tool

Passive domain intelligence: M365 tenant lookup, email security scoring, 225+ SaaS fingerprints, crt.sh enrichment & signal intelligence. Zero-credential, purely passive. Native MCP server for AI agents (Claude, Cursor, etc.).

reconninja

⚡ ReconNinja v8.2.1 — 38-phase recon framework for pentesters & bug bounty hunters. Subdomain enum → port scan → web recon → WAF/CORS/JS/cloud bucket detection → GitHub OSINT → CVE lookup → AI threat analysis → HTML report. Domains, IPs, CIDRs, target lists. Plugin system. 598 tests.

beastcrypt

​Advanced JS Reconnaissance Tool | Wayback & Katana Integration | Auto-Source Map Discovery Automated engine to hunt for exposed secrets, API keys, and sensitive endpoints by analyzing historical JS files and automatically locating hidden .map files.

subsurfer

Recon Subdomain Scan Tool

webhawk

A Web Recon Framework is written in Python 3

dirbpy

This is the new version of dirb in python.

aarya

Validates the existence of registered accounts across social & shopping platforms and extracts rich identity intelligence (Names, Photos, IDs).

gitlab-harvester

Global term search for GitLab via gitlab-python

nettacker

Automates information gathering, vulnerability scanning and aids penetration testing engagements in general

endabyss

Recon Crawling Endpoint and Parameter Scan Tool

r3c0n

A tool for performing reconnaissance on web targets in Python

s3recon

Amazon S3 bucket finder and crawler.

webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

pukpuk

HTTP discovery and change monitoring tool

porch-pirate

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.

chpass

Gather information from Chrome 🔑

aiodnsbrute

Python 3.5+ DNS asynchronous brute force utility

portwarden

A fast multi-threaded TCP port scanner with JSON output.