Browsing category
LightBulb is an open source python framework for auditing web application firewalls and filters. Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a […]
IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is a network recon framework, including tools for passive recon (flow analytics relying on Bro, Argus, Nfdump, fingerprint analytics based on Bro and p0f and active recon (IVRE uses Nmap to run scans, can use ZMap as a pre-scanner; IVRE […]
A tool to automate Active Directory enumeration. Tool Prereq This tool requires that you have a runas /netonly shell. Functions Start-PreReqCheck Install-Tools Start-ADEnum Start-PreReqCheck This function determines if the current Windows 10 OS is 1809+ and installs all the prerequisites. The list of prerequisites includes the following: Identifies if current Windows 10 host is on […]
Cangibrina is a multi platform tool which aims to obtain the admin Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap (–nmap) TOR (–tor) Install: Linux git clone https://github.com/fnk0c/cangibrina.git cd cangibrina pip install -r requirements.txt Usage usage: cangibrina.py [-h] -u U [-w W] [-t T] […]
If comparision gives you a idea why you should use findomain instead of another tools. The domain used for the test was microsoft.com in the following BlackArch virtual machine: Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1) Kernel: 5.2.6-arch1-1-ARCH CPU: Intel (Skylake, IBRS) (4) @ 2.904GHz Memory: 139MiB / 3943MiB The tool used to […]
Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time, Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions. By using bash script multiprocessing feature, all processors […]
Attack Surface Mapper is a reconaissaince tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and […]
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements. The tool works by firstly performing port scans / service detection scans. From those initial results, […]
This is a security tool that’s meant for pen-testers and security professionals to perform audits of s3 buckets. Features Scan via domain(s); you can target a single domain or a list of domains Scan via keyword(s); you can target a single keyword or a list of keywords Scan via AWS credentials; you can target […]
WeebDNS is an ‘Asynchronous’ DNS Enumeration Tool made with Python3 which makes it much faster than normal Tools. PREREQUISITES Python 3.x pip3 git PYTHON 3 PREREQUISITES aiohttp asyncio aiodns Installation Resolve dependencies Ubuntu/Debian System $ sudo apt-get install git python3 python3-pip -y Getting and Running WeebDNS $ git clone https://github.com/WeebSec/weebdns.git $ cd weebdns $ sudo […]
Cloudmare is a simple tool to find origin servers of websites protected by CloudFlare with a misconfiguration DNS. Cloudmare Setup Clone the repository $ git clone https://github.com/MrH0wl/Cloudmare.git Install the dependencies $ cd cloudmare $ pip install -r requirements.txt Run Cloudmare (see Usage below for more detail) $ python cloudmare.py target.site -s Usage $ python cloudmare.py […]
MegaPing is the ultimate must-have toolkit that provides essential utilities for Information System specialists, system administrators, IT solution providers or individuals. The tool allow user to scan remote system, monitor live hosts and ports and check for vulnerable system on the network. MegaPing includes: Scanners: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP […]
Reconnaissance Swiss Army Knife Main Features Wizard + CLA interface Can extracts targets from STDIN (piped input) and act upon them All the information is extracted with APIs, no direct contact is made to the target Utilities Censys: Uses censys.io to gather massive amount of information about an IP address. NS Lookup: Does name server […]
Subdomain takeover is a class of vulnerability where subdomain points to an external service that has been deleted. The external services are Github, Heroku, Gitlab, Tumblr and so on. Let’s assume we have a subdomain sub.example.com that points to an external service such as GitHub. If the Github page is removed by its owner and […]
Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to make sure your DNS […]
badKarma is a python3 GTK+ toolkit that aim to assist penetration testers during all the network infrastructure penetration testing activity phases. It allow testers to save time by having point-and-click access to their toolkits, launch them against single or multiple targets and interacte with them through semplified GUIs or Terminals. Every task’s output is logged […]
Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting and altering of names, reverse DNS sweeping, and machine learning […]
Neofetch displays information about your operating system, software and hardware in an aesthetic and visually pleasing way. The overall purpose of Neofetch is to be used in screen-shots of your system. Neofetch shows the information other people want to see. There are other tools available for proper system statistic/diagnostics. The information by default is displayed […]
Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won’t complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that’s kind of boring so Photon […]
Dnsenum is a tool for DNS enumeration, which is the process of locating all DNS servers and DNS entries for an organization. DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on. DNSENUM OPTIONS –dnsserver <server> Use this DNS server for A, NS and MX […]
Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Key Features simple CLI with the ability to run pure Nmap engine predefined scans included in the modules support Nmap Scripting Engine (NSE) TOR support (with proxychains) multiple scans at […]