Subdomain Discovery Engine
Python script combining 8 passive sources for subdomain discovery: crt.sh, SecurityTrails, VirusTotal, Shodan, Archive.org, and more.
Arsenal
Professional offensive security tools & exploit frameworks
120
Tools
12
Categories
GitHub Secrets Scanner
Tool that scans an organization's GitHub repositories for leaked secrets: API keys, passwords, tokens, private keys.
Email OSINT Collector
Script that collects corporate emails from a domain using Hunter.io, TheHarvester, LinkedIn scraping, and automated Google dorks.
Shodan Dorking Automation
Collection of 200+ Shodan dorks organized by technology and vulnerability, with automated execution script and alerts.
Web Fingerprinting Module
Python web fingerprinting module that identifies technologies, versions, WAFs, CDNs, and frameworks by analyzing headers, cookies, HTML, and JavaScript.
Metadata Extractor for Documents
Script that downloads and analyzes public documents (PDF, DOCX, XLSX) from a domain, extracting metadata: authors, software, internal paths, emails.
Cloud Asset Discovery Tool
Tool that discovers an organization's cloud assets: S3 buckets, Azure blobs, GCP storage, cloud subdomains, and cloud service IPs.
Social Media Intelligence Gatherer
SOCMINT collection framework: employee profiles on LinkedIn, Twitter, GitHub with identity correlation and timeline analysis.
DNS Intelligence Analyzer
Passive and active DNS analysis tool: zone transfers, DNSSEC walking, DNS history, and misconfiguration detection.
Dark Web Monitoring Script
Python script with Tor integration that monitors paste sites, forums, and .onion marketplaces for mentions of a domain or organization.