信息收集
----------------------------------------

子域爆破
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `subDomainsBrute <https://github.com/lijiejie/subDomainsBrute>`_
- `wydomain <https://github.com/ring04h/wydomain>`_
- `broDomain <https://github.com/code-scan/BroDomain>`_
- `ESD <https://github.com/FeeiCN/ESD>`_
- `aiodnsbrute <https://github.com/blark/aiodnsbrute>`_
- `OneForAll <https://github.com/shmilylty/OneForAll>`_
- `subfinder <https://github.com/subfinder/subfinder>`_

域名获取
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `the art of subdomain enumeration <https://github.com/appsecco/the-art-of-subdomain-enumeration>`_
- `sslScrape <https://github.com/cheetz/sslScrape/blob/master/sslScrape.py>`_
- `aquatone <https://github.com/michenriksen/aquatone>`_ A Tool for Domain Flyovers

弱密码爆破
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `hydra <https://github.com/vanhauser-thc/thc-hydra>`_
- `medusa <https://github.com/jmk-foofus/medusa>`_
- `htpwdScan <https://github.com/lijiejie/htpwdScan>`_
- `patator <https://github.com/lanjelot/patator>`_

Git信息泄漏
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `GitHack By lijiejie <https://github.com/lijiejie/GitHack>`_
- `GitHack By BugScan <https://github.com/BugScanTeam/GitHack>`_
- `GitTools <https://github.com/internetwache/GitTools>`_
- `Zen <https://github.com/s0md3v/Zen>`_
- `dig github history <https://github.com/dxa4481/truffleHog>`_
- `gitrob Reconnaissance tool for GitHub organizations <https://github.com/michenriksen/gitrob>`_
- `git secrets <https://github.com/awslabs/git-secrets>`_
- `shhgit <https://github.com/eth0izzle/shhgit>`_ Find GitHub secrets in real time
- `GitHound <https://github.com/tillson/git-hound>`_ GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher. 

Github监控
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Github Monitor <https://github.com/VKSRC/Github-Monitor>`_
- `Github Dorks <https://github.com/techgaun/github-dorks>`_
- `GSIL <https://github.com/FeeiCN/GSIL>`_
- `Hawkeye <https://github.com/0xbug/Hawkeye>`_
- `gshark <https://github.com/neal1991/gshark>`_
- `GitGot <https://github.com/BishopFox/GitGot>`_
- `gitGraber <https://github.com/hisxo/gitGraber>`_

路径及文件扫描
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `weakfilescan <https://github.com/ring04h/weakfilescan>`_
- `DirBrute <https://github.com/Xyntax/DirBrute>`_
- `dirsearch <https://github.com/maurosoria/dirsearch>`_
- `bfac <https://github.com/mazen160/bfac>`_
- `ds_store_exp <https://github.com/lijiejie/ds_store_exp>`_

路径爬虫
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `crawlergo <https://github.com/0Kee-Team/crawlergo>`_ A powerful dynamic crawler for web vulnerability scanners

指纹识别
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Wappalyzer <https://github.com/AliasIO/Wappalyzer>`_
- `whatweb <https://github.com/urbanadventurer/whatweb>`_
- `Wordpress Finger Print <https://github.com/iniqua/plecost>`_
- `CMS指纹识别 <https://github.com/n4xh4ck5/CMSsc4n>`_
- `JA3 <https://github.com/salesforce/ja3>`_ is a standard for creating SSL client fingerprints in an easy to produce and shareable way

Waf指纹
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `identywaf <https://github.com/enablesecurity/identywaf>`_
- `wafw00f <https://github.com/enablesecurity/wafw00f>`_
- `WhatWaf <https://github.com/Ekultek/WhatWaf>`_

端口扫描
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `nmap <https://github.com/nmap/nmap>`_
- `zmap <https://github.com/zmap/zmap>`_
- `masscan <https://github.com/robertdavidgraham/masscan>`_
- `ShodanHat <https://github.com/HatBashBR/ShodanHat>`_
- DNS ``dnsenum nslookup dig fierce``
- SNMP ``snmpwalk``

DNS数据查询
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `VirusTotal <https://www.virustotal.com/>`_
- `PassiveTotal <https://passivetotal.org>`_
- `DNSDB <https://www.dnsdb.info/>`_
- `sitedossier <http://www.sitedossier.com/>`_

DNS关联
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Cloudflare Enumeration Tool <https://github.com/mandatoryprogrammer/cloudflare_enum>`_
- `amass <https://github.com/caffix/amass>`_
- `Certificate Search <https://crt.sh/>`_

云服务
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Find aws s3 buckets <https://github.com/gwen001/s3-buckets-finder>`_
- `CloudScraper <https://github.com/jordanpotti/CloudScraper>`_
- `AWS Bucket Dump <https://github.com/jordanpotti/AWSBucketDump>`_

数据查询
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Censys <https://censys.io>`_
- `Shodan <https://www.shodan.io/>`_
- `Zoomeye <https://www.zoomeye.org/>`_
- `fofa <https://fofa.so/>`_
- `scans <https://scans.io/>`_
- `Just Metadata <https://github.com/FortyNorthSecurity/Just-Metadata>`_
- `publicwww - Find Web Pages via Snippet <https://publicwww.com/>`_

Password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Probable Wordlists <https://github.com/berzerk0/Probable-Wordlists>`_ Wordlists sorted by probability originally created for password generation and testing
- `Common User Passwords Profiler <https://github.com/Mebus/cupp>`_
- `chrome password grabber <https://github.com/x899/chrome_password_grabber>`_

字典
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Blasting dictionary <https://github.com/rootphantomer/Blasting_dictionary>`_
- `pydictor <https://github.com/LandGrey/pydictor>`_

CI信息泄露
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `secretz <https://github.com/lc/secretz>`_ minimizing the large attack surface of Travis CI

其他
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `datasploit <https://github.com/DataSploit/datasploit>`_
- `watchdog <https://github.com/flipkart-incubator/watchdog>`_
- `archive <https://archive.org/web/>`_
- `HTTPLeaks <https://github.com/cure53/HTTPLeaks>`_
- `htrace <https://github.com/trimstray/htrace.sh>`_
- `AWSBucketDump <https://github.com/jordanpotti/AWSBucketDump>`_