Twint : Twitter Intelligence Tool
TWINT is an advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's...
HostHunter : To Discover Hostnames Using OSINT
HostHunter is a recon tool for discovering hostnames using OSINT techniques. HostHunter v1.5 is a tool to efficiently discover and extract hostnames over a large set of target IP addresses. It utilises simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance. Taking screenshots was also added as a beta functionality. Demo Currently GitLab's markup language does not...
Adidnsdump : Active Directory Integrated DNS Dump Tool
Adidnsdump tool is an Active Directory Integrated DNS dumping by any authenticated user. By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones, similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks. Install and usage You...
Flerken : Obfuscated Command Detection Tool
Flerken is an Open-source obfuscated command detection tool. Command line obfuscation has been proved to be a non-negligible factor in file-less malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile, numerous obfuscators (namely tools perform syntax transformation) are...
Top 5 Writing Tools Every Linux Enthusiast Should Use
Good writing skills are very important and necessary especially to students and people that do professional writing. The quality of the final work is as a result of two key factors; the commitment of the writer to the work and the support the writer receives. In order to be an excellent writer, it is important to identify the best...
ScanQLi – To Detect SQL Vulns
ScanQLi is a simple SQL injection scanner with somes additional features. This tool can't exploit the SQLi, it just detect them. Tested on Debian 9. ScanQLi is a SQLi scanner to detect SQL vulns. Features Classic Blind Time based GBK (soon) Recursive scan (follow all hrefs of the scanned web site) Cookies integration Adjustable wait delay between requests Ignore given URLs Prerequisites Install...
ParamPamPam : Tool For Brute Discover Parameters
ParamPamPam is a tool for brute discover GET and POST parameters Installation With Docker ,Install Docker git clone https://github.com/Bo0oM/ParamPamPam.git cd ParamPamPam docker build -t parampp . echo -e '#!'"/bin/bashndocker run -ti --rm parampp $@" > /usr/local/bin/parampp parampp -u "https://vk.com/login" Also Read : PYWhatCMS – Unofficial WhatCMS API Package If you are lazy, Install Python3 git clone https://github.com/Bo0oM/ParamPamPam.git cd ParamPamPam pip3 install --no-cache-dir -r requirements.txt...
EvilClippy : For Creating Malicious MS Office Documents
EvilClippy is a cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.EvilClippy tool was released during our BlackHat Asia talk (March 28, 2019). A video recording will be online in 90 days. Evil Clippy A cross-platform assistant for creating malicious MS Office documents....
Okadminfinder 3 : To Find Admin Panel Of Site
OKadminFinder is an Apache2 Licensed utility, rewritten in Python 3.x, for admins/pentesters who want to find admin panel of a website. There are many other tools but not as effective and secure. Yeah, it has the the ability to use tor and hide your identity Requirements Linux sudo apt install tor sudo apt install python3-socks (optional) pip3 install --user -r requirements.txt Windows Download...
NAXSI : WAF For NGINX
NAXSI is an Open-Source, High Performance, Low Rules Maintenance WAF For NGINX. NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For...
