Kerbrute : A Tool to Perform Kerberos Pre-Auth Bruteforcing
Kerbrute is a tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication. Find the latest binaries from the releases page to get started. This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos client from Linux. They wanted something that didn't require privileges to...
Joy : To Capture & Analyse Network Flow Data & Intraflow Data
Joy is a package for capturing and analysing network flow data and intraflow data, for network research, forensics, and security monitoring. Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture (pcap) files, using a flow-oriented model similar to...
Important Reasons Why Hiding Your IP Address is a Good Idea
The internet can be a goldmine of information, but if you’re not careful enough, it can also be the reason why you’ll experience identity theft and security breaches. Aside from being careful about your online activities, hiding your IP address can be a good idea to maintain your safety and security online. The Internet Protocol address or IP address is a numerical label...
Kostebek : Tool To Discover Firms Domains
The Kostebek is a reconnaissance tool which uses firms' trademark information to discover their domains. Installation Tested on Kali Linux 2018.2, Ubuntu 16.04 sudo apt-get -y install python3-pippip3 install -r requirements.txt Download latest version of Chromedriver and configure your driver-path #sudo apt-get install unzip #sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/ Download latest version of Chrome https://www.google.com/chrome/browser/desktop/ #dpkg -i google-chrome-stable_current_amd64.deb...
Termshark : A Terminal UI For Tshark
Termshark is a terminal user-interface for tshark, inspired by Wireshark. If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, it can help! Features Read pcap files or sniff live interfaces (where tshark is permitted). Inspect each packet using familiar Wireshark-inspired views Filter pcaps or live captures using Wireshark's display filters...
Bashter : Web Crawler, Scanner & Analyser Framework
Bashter is a Shell-Script based Web Crawler, Scanner, and Analyser Framework. Bashter is a tool for scanning a Web-based Application. Bashter is very suitable for doing Bug Bounty or Penetration Testing. It is designed like a framework so you can easily add a script for detect vulnerability. For Example To be more powerful, You can add something script (custom) like this: modules/form/yourscript.bash {WEB-URL}...
Twint : Twitter Intelligence Tool
TWINT is an advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's...
HostHunter : To Discover Hostnames Using OSINT
HostHunter is a recon tool for discovering hostnames using OSINT techniques. HostHunter v1.5 is a tool to efficiently discover and extract hostnames over a large set of target IP addresses. It utilises simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance. Taking screenshots was also added as a beta functionality. Demo Currently GitLab's markup language does not...
Adidnsdump : Active Directory Integrated DNS Dump Tool
Adidnsdump tool is an Active Directory Integrated DNS dumping by any authenticated user. By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones, similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks. Install and usage You...
Flerken : Obfuscated Command Detection Tool
Flerken is an Open-source obfuscated command detection tool. Command line obfuscation has been proved to be a non-negligible factor in file-less malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile, numerous obfuscators (namely tools perform syntax transformation) are...
