Recon for Red Teaming- Practical

Comprehensive list of Online and Offline Recon Tools

Data Leak Search Online Sites/Tools (Mostly used):

Tool

Remarks

intelx.io

Somewhat expensive but worth it

dehashed.com

Paid one but comparatively reasonable

pastebin.com

Free

github.com

Free (Register to get the API)

postman.com & web.postman.com

Free

leakix.net

Paid

leakpeek.com

Paid

grep.app

Paid

firebase.google.com

Free (Register to get the API)

haveibeenpwned.com

Free, absolutely the best in the market to check the status of the compromised email IDs

Data Leak Search Offline Tools (Mostly used):

Tool

Where to find

theHarvester

Free- Kali/ParrotOS

mosint

Free- Kali/ParrotOS

h8mail

Free- Kali/ParrotOS

recon-ng

Free- Kali/ParrotOS

Subdomain Recon- Some popular tools:

Tool/Site

Remarks

puredns

puredns bruteforce /usr/share/wordlists/SecLists-master/Discovery/DNS/subdomains-top1million-110000.txt redteamgarage.com -r ./resolvers.txt

amass

amass enum -d redteamgarage.com -rf resolvers.txt

subdomainfinder.c99.nl

Online Site

censys.io

Online Site

crt.sh

Online Site

virustotal.com

Online Site

knockpy

knockpy -d redteamgarage.com --recon --bruteforce

Some examples of subdomain recon:

PreviousRecon for Red Teaming- Theory NextOSINT for Red Teaming

Last updated 1 year ago

hashtagComprehensive list of Online and Offline Recon Tools

hashtagData Leak Search Online Sites/Tools (Mostly used):

hashtagData Leak Search Offline Tools (Mostly used):

hashtagSubdomain Recon- Some popular tools:

hashtagSome examples of subdomain recon:

Comprehensive list of Online and Offline Recon Tools

Data Leak Search Online Sites/Tools (Mostly used):

Data Leak Search Offline Tools (Mostly used):

Subdomain Recon- Some popular tools:

Some examples of subdomain recon: