Smogcloud – Find Cloud Assets That No One Wants Exposed

Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis. May beRead More

Godehashed – Tool That Uses The Dehashed.Com API To Search For Compromised Assets

A golang tool that uses the dehashed.com API to search for compromised assets. Results can then be compiled into a CSV for further analysis. Dehashed API You must supply the tool an api key. See apikey_template.txt for example. Installation To install the tool in CLI run the following command. Your $GOPATH must already be set.Read More

Cloudlist – A Tool For Listing Assets From Multiple Cloud Providers

Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts. Features Easily list Cloud assets with multiple configurations. Multiple cloudRead More

Token-Hunter – Collect OSINT For GitLab Groups And Members And Search The Group And Group Members’ Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets

Collect OSINT for GitLab groups and members and search the group and group members’ snippets, issues, and issue discussions for sensitive data that may be included in these assets. The information gathered is intended to compliment and inform the use of additional tools such as TruffleHog or GitRob, which search git commit history using aRead More

Kenzer – Automated Web Assets Enumeration And Scanning

Automated Web Assets Enumeration & Scanning Instructions for running Create an account on Zulip Navigate to Settings > Your Bots > Add a new bot Create a new generic bot named kenzer Add all the configurations in configs/kenzer.conf Install/Run using – ./install.sh -b [if you need kenzer-compatible binaries to be installed] ./install.sh [if you doRead More

ReconNote – Web Application Security Automation Framework Which Recons The Target For Various Assets To Maximize The Attack Surface For Security Professionals & Bug-Hunters

Web Application Security Recon Automation Framework It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like – Subdomains from – Amass ,findomain, subfinder & resolvable subdomains using shuffledns Screenshots Port Scan JS files Httpx Status codes of subdomains Dirsearch file/dir paths by fuzzingRead More

X