Statistics indicate that over 4.5 billion records of data were compromised in 2019. With hackers increasingly adopting modern cyber tools, these figures will increase in 2020. One strategy that hackers use when attacking a system is to gather relevant information about the target. This step is called reconnaissance. According to the Lockheed-Martin Corporation, reconnaissance is the initial step in a cyber-kill chain. The Recon step involves research, identification, and selection of targets and attempts to identify the target network's vulnerabilities. 

Here Are Some Of The Top Recon Tools:

1. Google

For every penetration tester, Google should be the first tool to use for continuous cyber recon. Google and other search engines like Bing, are vital during reconnaissance because it provides vital data about individuals, companies, and data, including leaked content. The obtained information is free and can help to determine the direction a penetration tester will take. 

2. Maltego CE 

Maltego is an interactive data mining tool that presents data informed by graphs for analysis. The tool is mainly applied for online investigations to provide links between pieces of information from various sources. 

How It Helps You :

• Maltego can be used for the information gathering phase of all security-related work. It will save you time and will allow you to work more accurately and smarter.
• Maltego provides you with a much more powerful search, giving you smarter results. If access to “hidden” information determines your success, Maltego can help you discover it.
• Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.

3. FireCompass

Firecompass uses elaborate reconnaissance techniques like the nation-state actors. The platform automatically discovers an organization’s dynamic digital attack surface, including unknown exposed databases, cloud buckets, code leaks, exposed credentials, risky cloud assets and open ports & more. 

• Continuous Reconnaissance for a Dynamic Perimeter
• Discover your external attack surface, shadow risks and complete asset inventory
• Identify all possible vulnerabilities from known and unknown assets.

Learn More About FireCompass RECON Platform

FireCompass also offers a free Recon Report for organizations, you can reach out for a free " Recon Report on Hackers View Of Your Attack ...

4. Recon- NG

Recon-Ng is a web-based web reconnaissance tool written in Python. This tool is mainly applied by pen testers seeking web-based information. Recon-NG is preferred due to its intuitive functionalities, making it fast and effective to gather a lot of data quickly. More details on links here and here

5. Shodan

Shodan is among the first search engines for internet-connected devices. With servers located all over the world, it provides real-time intelligence regarding attest technological trends. It also has APIs that other recon tools like Nmap, Metasploit, Maltego, and FOCA use for analysis. Click here for more details.

6. Censys

Censys provides an avenue to gather data regarding all your assets to help you prevent target attacks. This tool provides actionable insights and helps you track changes in all your assets and identify potential vulnerabilities. Click here to access the user guide.

7. nMap

nMap is among the best network recon tools used by both hackers and pen testers. nMap scans networks to determine available hosts, running services and operating systems, and whether the network uses network filters like a firewall.

8. Spiderfoot

Spiderfoot is a continuous cyber recon tool that automatically queries over 100 public data sources. This tool gathers intelligence on IP addresses, domain names, and emails, among others. During recon, you specify which modules to activate based on the information that you need. Find more details here.

9. Dataspoilt

An #OSINT Framework performs various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.

Datasploit is useful for collecting relevant information about a target to expand your attack and defence surface quickly. The feature list includes:

• Automated OSINT on domain/email/username/phone for relevant information from different sources.
• Useful for penetration testers, cyber investigators, defensive security professionals, etc.
• Correlates and collaborative results show them in a consolidated manner.
• Tries to find out credentials, API keys, tokens, subdomains, domain history, legacy portals, and more related to the target.
• Available as a single consolidating tool as well as standalone scripts.
• Performs Active Scans on collected data.
• Generates HTML and JSON reports along with text files.
• More details here and here

10. Aquatone

A Tool for Domain Flyovers. AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources and the more common subdomain dictionary brute force approach.

More details here and here.

Reference 1

References 2

Reference 3