Lucifer – A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration And More…

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More… Use Or Build Automation Modules To Speed Up Your Cyber Security Life Setup git clone https://github.com/Skiller9090/Lucifer.gitcd Luciferpip install -r requirements.txtpython main.py –help If you want the cutting edge changes add -b dev to the end of git cloneRead More

SlackPirate – Slack Enumeration And Extraction Tool – Extract Sensitive Information From A Slack Workspace

This is a tool developed in Python which uses the native Slack APIs to extract ‘interesting’ information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million customers and that number is rapidly rising – the integration and ‘ChatOps’ possibilities are endless and allows teams (not just developers!)Read More

CrossLinked – LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from a target organization. This technique provides accurate results without the use of API keys, credentials, or even accessing the site directly. Formats can then be applied in the command line arguments to turn these names into email addresses,Read More

PentestBro – Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool

Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes for banner grabbing. Uses list of paths for web enumeration. Example scan of “www.ccc.de“: Scanned subdomain, IPs and ports Grabbed banner for each IP and port whoisRead More

Subcert – An Subdomain Enumeration Tool, That Finds All The Subdomains From Certificate Transparency Logs

Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. Setup Step 1: Install Python 3 apt-get install python3-pip Step 2: Clone the Repository git clone https://github.com/A3h1nt/Subcert.git Step 3: Install Dependencies pip3 install -r requirements.txt Step 4: Move the Directory to /opt mv subcert /opt/ Step 5: Add anRead More

Remote-Method-Guesser – Tool For Java RMI Enumeration And Bruteforce Of Remote Methods

remote-method-guesser (rmg) is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations (if exposed by the remote server) Check for known vulnerabilities (enabled class loader, missingRead More

UhOh365 – A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)

A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don’t. Microsoft does not consider “email enumeration” a vulnerability, so this is taking advantage of a “feature”. ThereRead More

Kenzer – Automated Web Assets Enumeration And Scanning

Automated Web Assets Enumeration & Scanning Instructions for running Create an account on Zulip Navigate to Settings > Your Bots > Add a new bot Create a new generic bot named kenzer Add all the configurations in configs/kenzer.conf Install/Run using – ./install.sh -b [if you need kenzer-compatible binaries to be installed] ./install.sh [if you doRead More

Scilla – Information Gathering Tool (DNS/Subdomain/Port Enumeration)

Information Gathering Tool – Dns/Subdomain/Port Enumeration Installation First of all, clone the repo locally git clone https://github.com/edoardottt/scilla.git Scilla has external dependencies, so they need to be pulled in: go get Working on installation… See the open issue. For now you can run it inside the scilla folder with go run scilla.go … Too late.. :Read More

X