Sigurls : A Reconnaissance Tool & It Fetches URLs From AlienVault’s OTX
Sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage To display help message for sigurls use the -h flag: $ sigurls -hUSAGE:sigurls OPTIONS:-d domain to fetch urls for-sE comma(,) separated list of sources to exclude-iS include subdomains' urls-sL list all the available sources-nC...
PongoOS : A Pre-Boot Execution Environment For Apple Boards
PongoOS is a pre-boot execution environment for Apple boards built on top of checkra1n. Building On macOS Install Xcode + command-line utilitiesRun make all Building On Linux Install clang (if in doubt, from apt.llvm.org)Install ld64 and cctools' strip.On Debian/Ubuntu these can be installed from the checkra1n repo: echo 'deb https://assets.checkra.in/debian /' | sudo tee /etc/apt/sources.list.d/checkra1n.listsudo apt-key adv --fetch-keys https://assets.checkra.in/debian/archive.keysudo apt-get updatesudo apt-get install -y...
Wprecon : A Vulnerability Recognition Tool In CMS WordPress
Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. Features StatusFeatures✅Random Agent✅Detection WAF✅User Enumerator✅Plugin Scanner✅Theme Scanner✅Tor Proxy's✅Detection Honeypot✅Fuzzing Backup Files🔨Fuzzing Passwords🔨Vulnerability Scanner Usage Flag(s)Description-u, --url stringTarget URL (Ex: http(s)://example.com/). (Required)--users-enumerateUse the supplied mode to enumerate Users.--themes-enumerateUse the supplied mode to enumerate Themes.--plugins-enumerateUse the supplied mode to enumerate Plugins.--detection-wafI will try to detect if the target is using...
Mud-Visualizer : A Tool To Visualize MUD Files
Mud-Visualizer is a tool can be used to visualize the MUD files in JSON format. Warning: mud-visualizer is currently beta. Use at your own risk. This tool can be used to visualize the MUD files in JSON format. Motivation MUD files are plain text files in JSON format that contain ACL rules for a device. A MUD file can contains tens or hundrends...
Pidrila : Python Interactive Deepweb-Oriented Rapid Intelligent Link Analyzer
Pidrila is a Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.gitcd pidrilapython3 pidrila.py -u Options Usage: pidrila.py Options:-U, --user-agent TEXT User-Agent-t, --timeout INTEGER Request timeout -A, --auth TEXT Basic HTTP auth, i.e. login:password-M, --max-connections-per-host INTEGERHow many simultaneous connections should weopen (per each...
Longtongue : Customized Password/Passphrase List Inputting Target Info
Longtongue is a customized password/passphrase list inputting target info. Installation git clone https://github.com/edoardottt/longtongue.gitcd longtonguepython3 longtongue.py Usage Usage: longtongue.py Customized Password/Passphrase List inputting Target InfoOptional Arguments:-h, --help show this help message and exit-p, --person Set the target to be a person-c, --company Set the target to be a company-v, --version Show the version of this program-l, --leet Add also complete...
Solarflare : SolarWinds Orion Account Audit / Password Dumping Utility
Solarflare is a Credential Dumping Tool for SolarWinds Orion. ============================================ | Collecting RabbitMQ Erlang Cookie | Erlang Cookie: abcdefg12456789abcde ============================================ | Collecting SolarWinds Certificate | SolarWinds Orion Certificate Found! | Subject Name: CN=SolarWinds-Orion | Thumbprint : BE85C6C3AACA8840E166187B6AB8C6BA9DA8DE80 | ...
Exif-Gps-Tracer : A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files
Exif-Gps-Tracer is a python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps. Prerequisite To run this script fluently , (1) You should have Google Maps API (2) You should enable Map JavaScript API in Console To get an API key,See this documentation......
UhOh365 : A Script That Can See If An Email Address Is Valid In Office365
UhOh365 is a script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't. Microsoft does not consider "email enumeration" a vulnerability, so this is taking advantage of a "feature". There are a couple...
Sarenka : OSINT Tool Data From Services Like Shodan, Censys
SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface. The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/). It scraps data about Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and also has database where CVEs are mapped to CWE. It returns data about local machine -...
