KUMO

Open-source domain reconnaissance and OSINT framework that runs 26 parallel scanning modules against a target domain.

ToolVulnerability ManagementOpen SourceSelf-hosted

Pricing: Free (Open Source)

Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed July 2026 · How we review listings

What is KUMO?

KUMO is an open-source (MIT-licensed) domain reconnaissance and OSINT framework, run from the command line or a local web UI. Given a domain, it runs 26 parallel modules covering DNS enumeration, subdomain discovery (passive and active), port scanning across 70+ ports, SSL/TLS certificate inspection, HTTP security header grading, sensitive endpoint discovery, vulnerability checks (150+ built-in signatures, CVE matching), leaked-credential and breach-data lookups, and JavaScript secret scanning. It pulls from free OSINT sources (crt.sh, Shodan InternetDB, HaveIBeenPwned, Wayback Machine, AlienVault OTX, and others) out of the box, with optional paid API keys (Shodan, Censys, Chiasmodon) for deeper coverage.

Best for: Security researchers and pentesters who want fast, free domain reconnaissance from the command line.

Key Features

DNS enumeration and email security analysis
Passive and active subdomain enumeration
Port scanning (70+ ports with service banners)
SSL/TLS certificate inspection
HTTP security header grading
Sensitive endpoint discovery
Vulnerability and CVE checks (150+ signatures)
Leaked credential and breach-data lookups
JavaScript secret scanning
Wayback Machine archive mining

Are you KUMO? Improve this listing with screenshots, case studies and more.

Sources & references

Where the information on this listing comes from. Always verify pricing and capabilities against the vendor before a purchasing decision.

Spot an error, or do you represent KUMO? Request a correction.

Quick Info
PricingFree (Open Source)
ModelOpen Source
CloudNo
Self-HostedYes
Open SourceYes

Last updated: Jul 14, 2026