SwiftBelt is a macOS enumerator inspired by @harmjoy’s Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities and instead uses Swift code (leveraging the Cocoa Framework, Foundation libraries, OSAKit libraries, etc.) to perform system enumeration. This can be leveraged on the offensive side to perform enumeration once you gain access to aRead More
Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments (i.e. HTB, VulnHub, OSCP) and draws a bit from a number of existing tools including AutoRecon (https://github.com/Tib3rius/AutoRecon), Auto-Recon (https://github.com/Knowledge-Wisdom-Understanding/Auto-Recon), and nmapautomator (https://github.com/21y4d/nmapAutomator). Could also be used in a real-life pentestingRead More
Enumy is portable executable that you drop on target Linux machine during a pentest or CTF in the post exploitation phase. Running enumy will enumerate the box for common security vulnerabilities. Enumy has a Htop like Ncurses interface or a standard interface for dumb reverse shells.InstallationYou can download the final binary from the release x86Read More
Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.Usage $ lulzbuster -H __ __ __ __ / /_ __/ /___ / /_ __ _______/ /____ _____ / / / / / /_ / / __ / / / / ___/ __/ _ / ___/ / / /_/ /Read More
This script is designed for use in situations where you do not have internet access on a Linux host and would like to run enumeration and exploit suggestion scripts, such as Hack The Box. I find myself running a similar set of scripts when I get an initial foothold on a Linux box, and thisRead More
A domain name enumeration toolThe tools contained in domained requires Kali Linux (preferred) or Debian 7+ and Recon-ngdomained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots, server response headers and signature based default credential checking. (resources are saved toRead More
[*] Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimised and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler.The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as the ones below: -training-bucket-dev-attachments-photos-elasticsearch[…] GettingRead More
This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation.I built on the amazing work done by @harmj0y and @mattifestation in PowerUp. I added more checks and also tried to reduce the amount of false positives.It’s stillRead More
This software is a subdomain enumeration tool. Purposednssearch takes an input domain ( -domain parameter ) and a wordlist ( -wordlist parameter ), it will then perform concurrent DNS requests using the lines of the wordlist as sub domains eventually bruteforcing every sub domain available on the top level domain.It supports a custom file extensionRead More
MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers.Major changesThis version of MassDNS is currently experimental. In order toRead More
