Enum4Linux – A Linux Alternative To Enum.Exe For Enumerating Data From Windows And Samba Hosts

A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from www.bindview.com. It is written in Perl and is basically a wrapper around the Samba tools smbclient, rpclient, net andRead More

Netenum – A Tool To Passively Discover Active Hosts On A Network

Network reconnaisance tool that sniffs for active hosts IntroductionNetenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without generating too much noise.Features Provides basic information about the network,Read More

Vhosts-Sieve – Searching For Virtual Hosts Among Non-Resolvable Domains

Searching for virtual hosts among non-resolvable domains.Installation git clone https://github.com/dariusztytko/vhosts-sieve.gitpip3 install -r vhosts-sieve/requirements.txt UsageGet a list of subdomains (e.g. using Amass) $ amass enum -v -passive -o domains.txt -d example.com -d example-related.com Use vhosts-sieve.py to find virtual hosts $ python3 vhosts-sieve.py -d domains.txt -o vhosts.txtMax domains to resolve: -1Max IPs to scan: -1Max vhost candidatesRead More

Eavesarp – Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)

A reconnaissance tool that analyzes ARP requests to identify hosts that are likely communicating with one another, which is useful in those dreaded situations where LLMNR/NBNS aren’t in use for name resolution.Requirements/InstallationThis is only gon’ work on Kali or other Debian-based Linux distributionseavesarp requires Python3.7 and Scapy. After installing Python, run the following to installRead More

Check-LocalAdminHash – A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local Administrator

Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It’s useful if you obtain a password hash for a user and want to see where they are local admin on a network. ItRead More