DefaScan: Defacement Scan and Alert
Defascan: Defacement Scan and Alert Defascan is a python tool that will scrape the internet for your given google dork queries using APIs and alerts using the email provided during...
Category: Information Gathering
ADReaper: fast enumeration tool for Windows Active Directory Pentesting
ADReaper ADReaper is a tool written in Golang which enumerates an Active Directory environment with LDAP queries within a few seconds. Use To query the properties of the Domain Controller of...
S3cret Scanner: Hunting For Secrets Uploaded To Public S3 Buckets
S3cret Scanner: Hunting For Secrets Uploaded To Public S3 Buckets S3cret Scanner tool is designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets...
SilentHound: Quietly enumerate an Active Directory Domain
SilentHound Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. A lightweight tool to quickly and quietly enumerate an Active Directory...
Kscan: Simple Asset Mapping Tool
Kscan – Simple Asset Mapping Tool kscan is an asset mapping tool that can perform port scanning, TCP fingerprinting, and banner capture for specified assets, and obtain as much port...
exifLooter: finds geolocation on all image urls and directories also integrates with OpenStreetMap
exifLooter ExifLooter finds geolocation on all image urls and directories and also integrates with OpenStreetMap. Installation go install github.com/aydinnyunus/exifLooter@latest Exif Looter depends on exiftool, so make sure it is on your...
GooFuzz v1.2.3 releases: enumerate directories, files, subdomains or parameters
GooFuzz GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. GooFuzz performs...
wtfis v0.8 releases: Passive host and domain name lookup tool for non-robots
wtfis Passive host and domain name lookup tool for non-robots WTF is it? wtfis is a commandline tool that gathers information about a domain or FQDN using various OSINT services. Unlike...
Octopii: AI-powered Personal Identifiable Information scanner
Octopii Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos, and signatures in a directory. Working Octopii...
ReconPal: Leveraging NLP for Infosec
ReconPal: Leveraging NLP for Infosec Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to...
CrossC2Kit: infiltration expansion around the Unix platform
CrossC2 Kit CrossC2Kit is an infiltration expansion around the Unix platform derived from CrossC2. Use Aggressor Script Open Source Script engine. It can be used to create automation to simulate the operation...
Fofa Viewer v1.1.13 releases: simple FOFA (cyberspace search engine) client
Fofa Viewer A simple FOFA client written in JavaFX Features Support tabs Feature-rich Context Menu on items Export query result into Excel spreadsheet Manually set max query count pre-query for...
stunner v0.5.3 releases: test and exploit STUN, TURN and TURN over TCP servers
STUNNER Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. TURN is a protocol mostly used in videoconferencing and audio chats (WebRTC). If you...
infoooze v1.1.9 releases: Open-source intelligence (OSINT) tool in NodeJs
Infoooze Infoooze is an Information collection tool (OSINT) in NodeJs. It provides various modules that allow efficient searches. Features Insta Recon Subdomain Scanner Ports Scan User Recon Mail finder URL...
DDWPasteRecon: identify code leak, sensitive files, plaintext passwords, password hashes
DDWPasteRecon Pastesites are websites that allow users to share plain text through public posts called “pastes.” Once attackers compromise the external perimeter and gain access to the internal resources they...
