Urlhunter – A Recon Tool That Allows Searching On URLs That Are Exposed Via Shortener Services

urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. How? A group named URLTeam (kudos to them) are brute forcing the URL shortener services and publishing matched results on a daily basis. urlhunter downloads their collections andRead More

Urlgrab – A Golang Utility To Spider Through A Website Searching For Additional Links

A golang utility to spider through a website searching for additional links with support for JavaScript rendering. Install go get -u github.com/iamstoxe/urlgrab Features Customizable Parallelism Ability to Render JavaScript (including Single Page Applications such as Angular and React) Usage Usage of urlgrab: -cache-dir string Specify a directory to utilize caching. Works between sessions as well.Read More

Pagodo – Automate Google Hacking Database Scraping And Searching

The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is ghdb_scraper.py that retrieves Google Dorks and the second portion is pagodo.py that leverages the information gathered by ghdb_scraper.py.What are Google Dorks?The awesome folks atRead More

Vhosts-Sieve – Searching For Virtual Hosts Among Non-Resolvable Domains

Searching for virtual hosts among non-resolvable domains.Installation git clone https://github.com/dariusztytko/vhosts-sieve.gitpip3 install -r vhosts-sieve/requirements.txt UsageGet a list of subdomains (e.g. using Amass) $ amass enum -v -passive -o domains.txt -d example.com -d example-related.com Use vhosts-sieve.py to find virtual hosts $ python3 vhosts-sieve.py -d domains.txt -o vhosts.txtMax domains to resolve: -1Max IPs to scan: -1Max vhost candidatesRead More

Git-Hound v1.1 – GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System

A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research. Corporate and Bug Bounty Hunter use cases are outlined below.Features GitHub/Gist code searching. This enablesRead More