Browsing category
HatCloud is built in Ruby. It tries to bypass CloudFlare and discover real IP. This can be useful if you need to test your web server and website. HatCloud simply uses another website to pull the data and the script is not making any use of a vulnerability or bug within CloudFlare. Installation and Usage: […]
OSINT tool, CLI Tool For Open Source And Threat Intelligence Install You can simply pip install the tool: pip3 install git+http://[email protected]/Te-k/harpoon –process-dependency-links Optionally if you want to use the screenshot plugin, you need phantomjs and npm installed: npm install -g phantomjs To configure harpoon, run harpoon config and fill in the needed API keys. Then run […]
Python script that gets Twitter users’ tweets location Features Gets Twitter Usernames based on a latitude and longitude Profiles URLs Tweet Latitude and Longitude Google Maps link to Latitude and Longitude Usage TwLocation should work on all Linux distros running Python 2.7 First, clone it by entering the following command in the terminal git clone […]
theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet. […]
Tool to check if a given IP is a node tor or an open proxy. Why? Sometimes all your throttles are not enough to stop brute force attacks or any kind of massive attacks, so it can help you to drop, some attackers who use tor or open proxies. How it works The ipChecker has […]
An OSINT tool to find contacts in order to report security vulnerabilities. Installation Linux Make sure you have installed the whois and jq packages. $ git clone https://github.com/EdOverflow/contact.sh.git $ cd contact.sh/ $ chmod u+x contact.sh $ ./contact.sh -d google.com -c google OSX $ brew install gnu-sed –with-default-names $ brew install jq $ git clone https://github.com/EdOverflow/contact.sh.git […]
Monitor illegal wireless network activities. Similar SSID broadcasts Same SSID broadcasts Calculates unencrypted wireless networks density Watches SSID broadcasts at the blacklist. Capabilities (Now) Calculates Unencrypted wireless network density Finds same ssid, different encryption Working Principle for PiDense Collects all the packets from Wireless Networks. Analyzes all the beacon packets. If PiDens detects more than defined threshold of […]
gOSINT is a small OSINT framework in golang, it’s actually in development and still not ready for production if you want, feel free to contribute! What gOSINT can do Find mails from git repository Find Dumps for mail address Search for mail address linked to domain/mail address in PGP keyring Retrive Info from domain whois (waiting to […]
The Nmap Scanner for Telco. With the current focus on telecom security, there used tools in day to day IT side penetration testing should be extended to telecom as well. From here came the motivation for an nmap-like scanner but for telco The current security interconnect security controls might fail against reconnaissance , although mobile […]
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP, SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for […]
SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands […]
Halcyon IDE lets you quickly and easily develop scripts for performing advanced scans on applications and infrastructures with a range from recon to exploitation capabilities. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project (always will be) to provide an easier development interface to rapidly growing […]
BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities. Features: Automatically collect all URL’s from a target website Automatically collect all dynamic URL’s and parameters from a […]
Anubis is a subdomain enumeration and information gathering tool. Anubis collates data from a variety of sources, including HackerTarget, DNSDumpster, x509 certs, VirusTotal, Google, Pkey, and NetCraft. Anubis also has a sister project, AnubisDB, which serves as a centralized repository of subdomains. Subdomains are automatically sent to AnubisDB – to disable this functionality, pass the […]
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog. Installation The python Git module is required (python-git on Debian). Usage ./reposcanner -r <repository> Options: optional arguments: -h, –help show this help message and exit -r REPO, –repo REPO Repo to […]
This Tools is a collection of online IP Tools that can be used to quickly get information about IP Address’s, Web Pages and DNS records. Menu Whois lookup Traceroute DNS Lookup Reverse DNS Lookup GeoIP Lookup Port Scan Reverse IP Lookup INSTALL & UPDATE Exit Whois lookup Determine the registered owner of a domain or […]
All in one tool for Information Gathering and Vulnerability Scanning RED HAWK : https://github.com/Tuhinshubhra/RED_HAWK Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois Lookup IMPROVED Geo-IP Lookup Grab Banners IMPROVED DNS Lookup Subnet Calculator Nmap Port Scan […]
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third […]
dirsearch is a simple command line tool designed to brute force directories and files in websites. Operating Systems supported Windows XP/7/8/10 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for multiple extensions (-e|–extensions asp,php) Reporting (plain text, JSON) Heuristically detects invalid web pages Recursive brute forcing HTTP proxy support User agent randomization Batch processing Request […]
Listing subdomains about the main domain using the technique called Hacking with search engines. Usage usage: n4xd0rk.py [-h] [-d DOMAIN] [-i IP] -o OPTION -n SEARCH [-e EXPORT] [-l LANGUAGE] This script searchs the subdomains about a domain using the results indexed of Bing search. optional arguments: -h, –help show this help message and exit […]
Tool to identify if a domain is a CMS such as WordPress, Moodle, Joomla, Drupal or Prestashop. Use python cmssc4n.py -h _____ __ __ _____ _ _ / ____| / |/ ____| | || | | | | / | (___ ___ ___| || |_ _ __ | | | |/| |___ / __|/ __|__ […]