[*] VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc…). Why I developed it Make the VPN spraying phase much quicker andRead More
A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight forward as cloning the repo, double clicking the solutionRead More
𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework) 𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about their target. Shodan Premium API key is required to use this automation. OutputRead More
sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. _ _ __ _ _ _____ ___(_) __ _ _ _ _ __| |/ _(_)_Read More
Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous execution CI/CD ready HTML/pdf reports Discord integration Background listen server Domain name, listRead More
A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output. Helpful? BugBountyScanner helped you net a bounty? Description Note: Using the script over a VPN is highly recommended. It’s recommended to run BugBountyScanner from a server (VPS or home server), and not from yourRead More
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacker with some preliminary knowledge on the target organisation. Furthermore, it willRead More
sigurls is a reconnaissance tool, it fetches URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h _ _ ___(_) __ _ _ _ _ __| |___/ __| |/ _` | | | | ‘__| / __|__ | (_|Read More
NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do “some” CVE checks, but this is primarily coming fromRead More
Perform automated network reconnaissance scans to gather network intelligence.IntelSpy is a multi-threaded network intelligence spy tool which performs automated enumeration of network services. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-force, detailed off-line exploits searches and more.The tool will also launch further enumeration scans for each detected serviceRead More
