Category: Information Gathering
CMLoot CMLoot was created to easily find interesting files stored on System Center Configuration Manager (SCCM/CM) SMB shares. The shares are used for distributing software to Windows clients in Windows enterprise environments and can...
Defascan: Defacement Scan and Alert Defascan is a python tool that will scrape the internet for your given google dork queries using APIs and alerts using the email provided during runtime. Installation git clone...
ADReaper ADReaper is a tool written in Golang which enumerates an Active Directory environment with LDAP queries within a few seconds. Use To query the properties of the Domain Controller of the domain, .\ADReaper.exe -dc...
legitify Detect and remediate misconfigurations, security, and compliance issues across all your GitHub assets with ease. Scorecard Support scorecard is an OSSF’s open-source project: Scorecards is an automated tool that assesses a number of important...
S3cret Scanner: Hunting For Secrets Uploaded To Public S3 Buckets S3cret Scanner tool is designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets in public S3 buckets....
SilentHound Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. A lightweight tool to quickly and quietly enumerate an Active Directory environment. The goal of...
Kscan – Simple Asset Mapping Tool kscan is an asset mapping tool that can perform port scanning, TCP fingerprinting, and banner capture for specified assets, and obtain as much port information as possible without...
exifLooter ExifLooter finds geolocation on all image urls and directories and also integrates with OpenStreetMap. Installation go install github.com/aydinnyunus/exifLooter@latest Exif Looter depends on exiftool, so make sure it is on your PATH. Use Analyze Image...
GooFuzz GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. GooFuzz performs fuzzing with an OSINT...
wtfis Passive host and domain name lookup tool for non-robots WTF is it? wtfis is a commandline tool that gathers information about a domain or FQDN using various OSINT services. Unlike other tools of its...
Octopii Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos, and signatures in a directory. Working Octopii uses Tesseract’s Optical Character...
ReconPal: Leveraging NLP for Infosec Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right...
CrossC2 Kit CrossC2Kit is an infiltration expansion around the Unix platform derived from CrossC2. Use Aggressor Script Open Source Script engine. It can be used to create automation to simulate the operation process of the Red...
Fofa Viewer A simple FOFA client written in JavaFX Features Support tabs Feature-rich Context Menu on items Export query result into Excel spreadsheet Manually set max query count pre-query for non-premium users (Change the...
STUNNER Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. TURN is a protocol mostly used in videoconferencing and audio chats (WebRTC). If you find a misconfigured server...