Javatpoint Logo
Javatpoint Logo

Information Gathering Tools

Information Gathering Tools

Tools Description
ace-voip ACE (Automated Corporate Enumerator) is a powerful tool that mimics the behavior of IP phones to download the name and extension entries. It is developed to automate VoIP attacks that can be targeted against names in an enterprise directory.
Amap It is a tool that identifies applications even if they are running on a different port and also identifies non-ASCII based applications.
APT2 It is the acronym for "Automated Penetration Testing". It is a tool that performs an NMap or imports the results of a scan from Nexpose, Nessus, or NMap.
arp-scan It is also called as ARP sweep or MAC Scanner. It is a very fast ARP packet scanner that shows every active IPv4 device on your Subnet even if they have firewalls. ARP is non-routable, so it only works on the Local LAN.
Automater It is a URL or Domain, IP Address, and Md5 Hash OSINT analysis tool that eases the analysis process for intrusion Analyst.
bing-ip2hosts It enumerates hostnames for an IP using It comes with a feature to search for websites hosted on a specific IP address.
braa It is a mass SNMP scanner able to query dozens or hundreds of hosts simultaneously and in a single process. It is very fast as it consumes few system resources.
CaseFile CaseFile is a limited form of Maltego. It has the same graphic application as Maltego but not has the ability to run the transformation.
CDPSnarf It is a network sniffing tool exclusively written to extract information from CDP (Cisco Discovery Protocol) packets. It also provides the information a "show cdp neighbors detail" command would return on a Cisco router.
cisco-torch It is a Cisco device scanner that extensively uses forking to launch multiple scanning processes on the background for maximum scanning efficiency.
copy-router-config It copies configuration files from Cisco devices running SNMP (Simple Network Management Protocol).
Dmitry It stands for Deepmagic Information Gathering Tool. It is a UNIX/ (GNU) Linux Command Line Application coded in C language. It is able to gather as many details as possible about a host.
Dnmap It is a framework to distribute nmap scans among n number of clients. It always reads an already created file with nmap commands and sends those commands to each client connected to it.
Dnsmap It is used by pen-testers during the information gathering/enumeration phase of infrastructure security assessments to find the target company's IP netblocks, domain names, phone numbers, etc...
DNSRecon It is a powerful DNS enumeration script that provides the ability to perform- check all NS records for zone transfer, General DNS Record and SRV Record Enumeration, checks Wildcard Resolution, PTR record lookup, etc.
Dnstracer It traces DNS queries to the source and determines whether a given Domain Name Server gets its information from a given hostname.
Dnswalk It is a DNS debugger that performs zone transfers of specified domains and checks the database in many ways for internal consistency and accuracy.
DotDotPwn It is a fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers and Web platforms such as CMSs, ERPs, Blogs, etc.
Enum4Linux It is a tool to enumerate information from Windows and Samba systems.
enumIAX It is an Inter Asterisk Exchange protocol username brute-force enumerator. It operates in two distinct modes- Sequential Username Guessing and Dictionary Attack.
EyeWitness It is a tool to take screenshots of websites, RDP (Remote Desktop) services, and open VNC (Virtual Network Computing) servers. It also provides some server header info and identifies default credentials if possible.
Faraday It introduces IPE (Integrated Penetration-Test Environment), which is a multiuser Penetration test IDE that is designed for distribution, indexing and analysis of the data generated during a security audit. The main purpose if this tool is to re-use the available tools.
Fierce It is a survey tool that is used to locate likely targets both inside and outside a corporate network.
Firewalk It is a network security survey tool that is used to determine what will be passed by the layer 4 protocol (a given IP forwarding device). It works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway.
fragroute It provides a simple rule set language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise hop with all outbound packets destined for a target host with minimal support for random behaviour.
fragrouter It is a network intrusion detection toolkit. It is a one-way fragmenting router, i.e. IP packets get sent from the attackers to the fragrouter, which changes them into a fragmented data stream to forward to the victim.
Ghost Phisher It is a GUI suit for phishing and penetration attacks. Or a wireless and Ethernet security auditing and attack software program to emulate and deploy access points.
GoLismero It is an open source framework for security testing. It is currently used for web security but can be easily expanded to other kinds of the scan.
goofile This tool is used to search a specific file type in a given domain.
hping3 It is an Active Network Smashing Tool used as a security tool to perform Firewall testing, advance port scanning, network testing, manual path MTU discovery, remote OS fingerprinting, TCP/IP stacks auditing, etc....
ident-user-enum It is used to determine the owner of the TCP network process listening on each TCP port of a target system. It can help to prioritise target service during a pen-test.
InSpy It is a LinkedIn enumeration tool with two functionalities i.e., TechSpy and EmpSpy. TechSpy takes LinkedIn job listings for technologies used by the target company. InSpy is used to identify technologies by matching job descriptions to the keyword from a newline-delimited file.
InTrace It enables users to enumerate IP hops, which are exploiting existing TCP connections from the local network as well as from remote hosts. It can be used for network survey and firewall bypassing.
iSMTP It tests for the SMTP user enumeration (RCPT TO and VRFY), internal spoofing, and relay.
lbd It stands for Load Balancing Detector. It is used if a given domain uses DNS or HTTP Load-Balancing.
Maltego Teeth It can be used for the information gathering phase of all security related work. It helps you in your thinking process by visually demonstrating interconnected links between searched items. It gives you access to hidden information.
Masscan It is the fastest internet port scanner that scans the entire internet under 6 minutes, transmitting 10 million packets per second.
Metagoofil It is an information gathering tool designed for extracting metadata of a public document that belongs to a target company.
Miranda It is a Plug-N-Play client application designed to discover, query, and interact with UPNP devices, Internet Gateway Devices.
nbtscan-unixwiz It is a command-line tool that scans for open NETBIOS name servers on a local or remote TCP/IP network.
Nikto It is an open source web server scanner used to run the comprehensive test against web servers for multiple items that includes huge number of potentially dangerous files, run checks for outdated version over thousands of servers and also version specific problems
Nmap This utility is used for network discovery and security auditing. It uses raw IP packets in simple ways to determine what hosts are available on the network.
ntop It shows the network uses and can be used in both interactive or web mode. It uses libcap, a system-independent interface for user-level packet capture.
OSRFramework It is a set of libraries that checks for a user profile in up to 290 different platforms. It provides a way of making these queries graphically.
p0f This tool utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the processes behind any TCP/IP communication without interfering in any way.
Parsero It is used to read the Robots.txt files of a web server and look at the banned entries. These entries tell the search engines what directories or files hosted on a web server mustn't be indexed.
Recon-ng It is a fully loaded web survey framework in which open-source web-based reconnaissance can be conducted quickly and thoroughly.
SET SET stands for Social Engineer Toolkit. It is an open-source penetration testing framework that is designed for Social-Engineering. It contains a number of custom attack vectors that allow you to make a believable attack in a fraction of the time.
SMBMap It allows the user to enumerate samba share drives across an entire domain. It contains the list of share drives, drives permissions, shares contents, upload/download functionality, etc.? It is designed to simplify searching for potentially sensitive data across large networks.
smtp-user-enum It is a username guessing tool primarily for the SMTP service. It is used to enumerate OS level user accounts on Solaris via the SMTP (Simple Mail Transfer Protocol) service.
snmp-check It allows you to enumerate the SNMP devices and places the output in a readable format. It is useful for penetration testing or system monitoring.
SPARTA It is a network infrastructure penetration testing tool that aids the penetration tester in the scanning and enumeration phase. It eases access to the toolkits and displays output in a convenient way.
sslcaudit It can be used against the MIMT attacks and useful for testing thick clients and anything communicating over SSL/TLS over TCP.
SSLsplit It is a tool for man-in-the-middle-attack against SSL/TLS encrypted network connections. It is very useful for network forensics and penetration testing.
sslstrip It is used to transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects to it. It maps those links into similar HTTP links or homographs.
SSLyze It analyses the SSL configuration of a server by connecting to it. It is very fast and comprehensive, and help the tester to identify mis-configuration that are affecting their SSL servers.
Sublist3r It is a fast subdomain enumeration tool for penetration testers. It iterates subdomains using many search engines such as Google Yahoo, Bing, and Ask, etc
THC-IPV6 It is a tool to attack the inherited weakness of IPV6 and ICMP6 protocol. It converts a MAC or IPv4 address to an IPv6 address.
theharvester It is used to gather e-mail accounts and subdomain names from public sources.
TLSSLed It is used to evaluate the security of a target SSL/TLS (HTTPS) web servers' implementation.
twofi It stands for Twitter Words of Interest. It will take multiple search terms and return a word list sorted by most common first.
Unicornscan It is an information gathering and correlation engine that is scalable, accurate, flexible, and efficient. It measures the response from a TCP/IP enabled device or network.
URLCrazy It is a Domain typo generator that detects and performs typo squatting, URL hijacking, phishing, and corporate espionage.
Wireshark It is a network protocol/traffic analyser. It allows us to monitor our network at a microscopic level.
WOL-E A complete suite of tools for the Wake on LAN feature of network attached computers.
Xplico It is a Network Forensic Analysis Tool (NFAT), which is used to extract the application data from internet traffic.

Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials


Trending Technologies

B.Tech / MCA