theHarvester

An easy-to-use but powerful tool for reconnaissance during the red team assessment or penetration test phase. With OSINT, it collects names, emails, IP addresses, subdomains and URLs from public sources.

Nmap

It scans networks to identify active hosts, open ports, running services with versions, and operating system details

WPScan

It can detect known plugin and theme issues, enumerate users, and check for outdated core versions, making it useful for security assessments and hardening WordPress installations.

Nikto

Open-source web server scanner designed to identify security issues such as outdated software, misconfigurations, and dangerous files or scripts.

Amass

Developed by OWASP, it combines passive and active reconnaissance techniques to collect information about domains, DNS records, IP addresses, and infrastructure.

DNSRecon

It allows security professionals to perform various DNS enumeration tasks, including zone transfers, brute-forcing subdomains, and gathering DNS records such as A, AAAA, MX, NS, and TXT.

WhatWeb

Next generation web scanner