Recon for Red Teaming- Practical
Comprehensive list of Online and Offline Recon Tools
Data Leak Search Online Sites/Tools (Mostly used):
| Tool | Remarks |
|---|---|
intelx.io | Somewhat expensive but worth it |
dehashed.com | Paid one but comparatively reasonable |
pastebin.com | Free |
github.com | Free (Register to get the API) |
postman.com & web.postman.com | Free |
leakix.net | Paid |
leakpeek.com | Paid |
grep.app | Paid |
firebase.google.com | Free (Register to get the API) |
haveibeenpwned.com | Free, absolutely the best in the market to check the status of the compromised email IDs |
Data Leak Search Offline Tools (Mostly used):
| Tool | Where to find |
|---|---|
theHarvester | Free- Kali/ParrotOS |
mosint | Free- Kali/ParrotOS |
h8mail | Free- Kali/ParrotOS |
recon-ng | Free- Kali/ParrotOS |
Subdomain Recon- Some popular tools:
| Tool/Site | Remarks |
|---|---|
puredns |
|
amass |
|
subdomainfinder.c99.nl | Online Site |
censys.io | Online Site |
crt.sh | Online Site |
virustotal.com | Online Site |
knockpy |
|
Some examples of subdomain recon:
Last updated
