ct-exposer : An OSINT Tool That Discovers Sub-Domains By Searching Certificate Transparency Logs
ct-exposer will query the CT logs for a given domain, and then try to do DNS lookups for the domains to see which ones exist in DNS. In my experience, so far, I've found numerous sub-domains that were not located with 'site:domain.com' google searches. Keep in mind that the domains that do not resolve, they can either be old domains,...
Munin – Online Hash Checker For Virustotal & Other Services
Munin is a online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based on the script "VT-Checker", which has been maintained in the LOKI repository. Also used plagiarism checker to check and ensure the unique content. Munin Usage usage: munin.py ...
Libssh-Scanner : Script to identify hosts vulnerable to CVE-2018-10933
Libssh-Scanner is a python based script to identify hosts vulnerable to CVE-2018-10933. Libssh scanner has two modes: passive (banner grabbing) and aggressive (bypass auth) to validate vulnerability's existence. By default, libssh scanner uses passive mode but supply the -a argument and aggressive mode will be used which provides more accurate results. Also ReadNameles – Open Source Entropy Based Invalid Traffic...
Metadata-Attacker : A Tool To Generate Media Files With Malicious Metadata
Metadata-Attacker is a open source pentesting tools you're able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data. Metadata-Attacker Installation / Usage First install docker on your host system. Now you can simply run...
Evilginx2 – Standalone MITM Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-factor Authentication
Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version...
Infog – Information Gathering Tool
InfoG is a Shellscript to perform Information Gathering. Infog Features Check Website info Check Phone info IP Tracker Check Valid E-mail Check if site is Up/Down Check internet speed Check Personal info Find IP behind Cloudflare Find Subdomains Port Scan (Multi-threaded) Check CMS Check DNS leaking Also ReadRemoteRecon – Remote Recon and Collection Usage git clone https://github.com/thelinuxchoice/infog cd infog bash infog.sh Install Requirements apt-get install -y curl...
SILENTTRINITY – A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET
SILENTTRINITY is a post-exploitation agent powered by Python, IronPython, C#/.NET. SILENTTRINITY Requirements Server requires Python >= 3.7 SILENTTRINITY C# implant requires .NET >= 4.5 Also ReadAutoRDPwn – The Shadow Attack Framework Notes .NET runtime support The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 which the...
Nameles – Open Source Entropy Based Invalid Traffic Detection & Pre-bid Filtering
Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. Nameles Getting Started wget https://raw.githubusercontent.com/Nameles-Org/Nameles/master/setup chmod +x setup && ./setup Detection Capability While absolute measurement of detection capability is impossible, Nameles is the only detection solution that can be audited...
imR0T – Encryption to Your Whatsapp Contact
imR0T : Send a quick message with simple text encryption to your whatsapp contact and , basically in ROT13 with new multi encryption based algorithm on ASCII and Symbols Substitution. How To Use imR0T It's simple: # Clone this repository git clone https://github.com/Screetsec/imR0T.git # Go into the repository cd imR0T # Permission Acces chmod +x imR0T # Run the app ./imR0T Also ReadAutoRDPwn – The Shadow Attack Framework Command Line help: A...
RemoteRecon – Remote Recon and Collection
RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator's we need to compromise a host, just so we can keylog or screenshot (or some other miniscule task) against a person/host of interest. Why should you have to push over beacon, empire, innuendo, meterpreter, or a custom...
