pwnedOrNot v1.2.6 – OSINT Tool to Find Passwords for Compromised Email Addresses

OSINT Tool to Find Passwords for Compromised Email AccountspwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps.FeaturedOSINT Collection Tools for Pastebin – Jake CrepsGet In TouchTwitterTelegramBlogChangelogFeatureshaveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:Name of BreachDomain NameDate of BreachFabrication statusVerification StatusRetirement statusSpam StatusAnd with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the passwordTested onKali Linux 2019.1BlackArch LinuxUbuntu 18.04Kali NethunterTermuxInstallationUbuntu / Kali Linux / Nethunter / Termuxgit clone https://github.com/thewhiteh4t/pwnedOrNot.gitcd pwnedOrNotpip3 install requestsBlackArch Linuxpacman -S pwnedornotUpdatescd pwnedOrNotgit pullUsagepython3 pwnedornot.py -husage: pwnedornot.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l] [-c CHECK]optional arguments: -h, –help show this help message and exit -e EMAIL, –email EMAIL Email Address You Want to Test -f FILE, –file FILE Load a File with Multiple Email Addresses -d DOMAIN, –domain DOMAIN Filter Results by Domain Name -n, –nodumps Only Check Breach Info and Skip Password Dumps -l, –list Get List of all pwned Domains -c CHECK, –check CHECK Check if your Domain is pwned# Examples# Check Single Emailpython3 pwnedornot.py -e #ORpython3 pwnedornot.py –email <email># Check Multiple Emails from Filepython3 pwnedornot.py -f <file name>#ORpython3 pwnedornot.py –file <file name># Filter Result for a Domai n Name [Ex : adobe.com]python3 pwnedornot.py -e <email> -d <domain name>#ORpython3 pwnedornot.py -f <file name> –domain <domain name># Get only Breach Info, Skip Password Dumpspython3 pwnedornot.py -e <email> -n#ORpython3 pwnedornot.py -f <file name> –nodumps# Get List of all Breached Domainspython3 pwnedornot.py -l#ORpython3 pwnedornot.py –list# Check if a Domain is Pwnedpython3 pwnedornot.py -c <domain name>#ORpython3 pwnedornot.py –check <domain name>DemoDownload pwnedOrNot

Link: http://feedproxy.google.com/~r/PentestTools/~3/SxvMbSv8GrY/pwnedornot-v126-osint-tool-to-find.html

Usbrip – Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux

usbrip (derived from “USB Ripper", not "USB R.I.P.") is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.Descriptionusbrip is a small piece of software written in pure Python 3 (using some external modules though, see Dependencies/PIP) which parses Linux log files (/var/log/syslog* or /var/log/messages* depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "User", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time).Besides, it also can:export gathered information as a JSON dump (and open such dumps, of course);generate a list of authorized (trusted) USB devices as a JSON (call it auth.json);search for "violation events" based on the auth.json: show (or generate another JSON with) USB devices that do appear in history and do NOT appear in the auth.json;*when installed with -s flag* create crypted storages (7zip archives) to automatically backup and accumulate USB events with the help of crontab scheduler;search additional details about a specific USB device based on its VID and/or PID.Quick Startusbrip is available for download and installation at PyPI:$ pip3 install usbripScreenshotsGit CloneFor simplicity, lets agree that all the commands where ~/usbrip$ prefix is appeared are executed in the ~/usbrip directory which is created as a result of git clone:~$ git clone https://github.com/snovvcrash/usbrip.git usbrip && cd usbrip~/usbrip$Dependenciesusbrip works with non-modified structure of system log files only, so, unfortunately, it won’t be able to parse USB history if you change the format of syslogs (with syslog-ng or rsyslog, for example). That’s why the timestamps of "Connected" and "Disconnected" fields don’t have the year, by the way. Keep that in mind.DEB Packagespython3.6 (or newer) interpreterpython3-venvp7zip-full (used by storages module)~$ sudo apt install -y python3-venv p7zip-fullPIP Packagesusbrip makes use of the following external modules:terminaltablestermcolorPortableTo resolve Python dependencies manually (it’s not necessary actually because pip or setup.py can automate the process, see Installation) create a virtual environment (optional) and run pip from within:~/usbrip$ python3 -m venv venv && source venv/bin/activate(venv) ~/usbrip$ pip install -r requirements.txtOr let the pipenv one-liner do all the dirty work for you:~/usbrip$ pipenv install && pipenv shellAfter that you can run usbrip portably:(venv) ~/usbrip$ python -m usbrip -hOr(venv) ~/usbrip$ python __main__.py -hInstallationThere are two ways to install usbrip into the system: pip or setup.py.pip or setup.pyFirst of all, usbrip is pip installable. This means that after git cloning the repo you can simply fire up the pip installation process and after that run usbrip from anywhere in your terminal like so:~/usbrip$ python3 -m venv venv && source venv/bin/activate(venv) ~/usbrip$ pip install .(venv) ~/usbrip$ usbrip -hOr if you want to resolve Python dependencies locally (without bothering PyPI), use setup.py:~/usbrip$ python3 -m venv venv && source venv/bin/activate(venv) ~/usbrip$ python setup.py install(venv) ~/usbrip$ usbrip -hNote: you’d likely want to run the installation process while the Python virtual environment is active (like it is shown above).install.shSecondly, usbrip can also be installed into the system with the ./installers/install.sh script.When using the ./installers/install.sh some extra features become available:the virtual environment is created automatically;the storage module becomes available: you can set a crontab job to backup USB events on a schedule (the example of crontab jobs can be found in usbrip/cron/usbrip.cron).Warning: if you are using the crontab scheduling, you want to configure the cron job with sudo crontab -e in order to force the storage update submodule run as root as well as protect the passwords of the USB event storages. The storage passwords are kept in /var/opt/usbrip/usbrip.ini.The ./installers/uninstall.sh script removes all the installation artifacts from your system.To install usbrip use:~/usbrip$ chmod +x ./installers/install.sh~/usbrip$ sudo -H ./installers/install.sh [-l/–local] [-s/–storages]~/usbrip$ cd~$ usbrip -hWhen -l switch is enabled, Python dependencies are resolved from local .tar packages (./3rdPartyTools/) instead of PyPI.When -s switch is enabled, not only the usbrip project is installed, but also the list of trusted USB devices, history and violations storages are created.Note: when using -s option during installation, make sure that system logs do contain at least one external USB device entry. It is a necessary condition for usbrip to successfully create the list of trusted devices (and as a result, successfully create the violations storage).After the installation completes, feel free to remove the usbrip folder.PathsWhen installed, the usbrip uses the following paths:/opt/usbrip/ — project’s main directory;/var/opt/usbrip/usbrip.ini — usbrip configuration file: keeps passwords for 7zip storages;/var/opt/usbrip/storage/ — USB event storages: history.7z and violations.7z (created during the installation process);/var/opt/usbrip/log/ — usbrip logs (recommended to log usbrip activity when using crontab, see usbrip/cron/usbrip.cron);/var/opt/usbrip/trusted/ — list of trusted USB devices (created during the installation process);/usr/local/bin/usbrip — symlink to the /opt/usbrip/venv/bin/usbrip script.cronCron jobs can be set as follows:~/usbrip$ sudo crontab -l > tmpcron && echo "" >> tmpcron~/usbrip$ cat usbrip/cron/usbrip.cron | tee -a tmpcron~/usbrip$ sudo crontab tmpcron~/usbrip$ rm tmpcronuninstall.shTo uninstall usbrip use:~/usbrip$ chmod +x ./installers/uninstall.sh~/usbrip$ sudo ./installers/uninstall.sh [-a/–all]When -a switch is enabled, not only the usbrip project directory is deleted, but also all the storages and usbrip logs are deleted too.And don’t forget to remove the cron job.UsageSynopsis# ———- BANNER ———-$ usbrip bannerGet usbrip banner.# ———- EVENTS ———-$ usbrip events history [-t | -l] [-e] [-n ] [-d <DATE> [<DATE> …]] [–user <USER> [<USER> …]] [–vid <VID> [<VID> …]] [–pid <PID> [<PID> …]] [–prod <PROD> [<PROD> …]] [–manufact <MANUFACT> [<MANUFACT> …]] [–serial <SERIAL> [<SERIAL> …]] [–port <PORT> [<PORT> …]] [-c <COLUMN> [<COLUMN> …]] [-f <FILE> [<FILE> …]] [-q] [–debug]Get USB event history.$ usbrip events open <DUMP.JSON> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> …]] [–user <USER> [<USER> …]] [–vid <VID> [<VID> …]] [–pid <PID> [<PID> …]] [–prod <PROD> [<PROD> …]] [–manufact <MANUFACT> [<MANUFACT> …]] [–serial <SERIAL> [<SERIAL> …]] [–port <PORT> [<PORT> …]] [-c <COLUMN> [<COLUMN> …]] [-f <FILE> [<FILE> …]] [-q] [–debug]Open USB event dump.$ usbrip events gen_auth <OUT_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> …]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> …]] [–user <USER> [<USER> …]] [–vid <VID> [<VID> …]] [–pid <PID> [<PID> …]] [–prod <PROD> [<PROD> …]] [–manufact <MANUFACT> [<MANUFACT> …]] [–serial <SERIAL> [<SERIAL> …]] [–port <PORT> [<PORT> …]] [-f <FILE> [<FILE> …]] [-q] [–debug]Generate a list of trusted (authorized) USB devices.$ usbrip events violations <IN_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> …]] [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> …]] [–user <USE R> [<USER> …]] [–vid <VID> [<VID> …]] [–pid <PID> [<PID> …]] [–prod <PROD> [<PROD> …]] [–manufact <MANUFACT> [<MANUFACT> …]] [–serial <SERIAL> [<SERIAL> …]] [–port <PORT> [<PORT> …]] [-c <COLUMN> [<COLUMN> …]] [-f <FILE> [<FILE> …]] [-q] [–debug]Get USB violation events based on the list of trusted devices.# ———- STORAGE ———-$ usbrip storage list <STORAGE_TYPE> [-q] [–debug]List contents of the selected storage (7zip archive). STORAGE_TYPE is "history" or "violations".$ usbrip storage open <STORAGE_TYPE> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> …]] [–user <USER> [<USER> …]] [–vid <VID> [<VID> …]] [–pid <PID> [<PID> …]] [–prod <PROD> [<PROD> …]] [–manufact <MANUFACT> [<MANUFACT> …]] [–serial <SERIAL> [<SERIAL> …]] [–port <PORT> [<PORT> …]] [-c <COLUMN> [<COLUMN> …]] [-q] [–debug]Open selected storage (7zip archive). Behaves similary to the EVENTS OPEN submodule.$ usbrip storage update <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> …]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> …]] [–user <USER> [<USER> …]] [–vid <VID> [<VID> …]] [–pid <PID> [<PID> …]] [–prod <PROD> [<PROD> …]] [–manufact <MANUFACT> [<MANUFACT> …]] [–serial <SERIAL> [<SERIAL> …]] [–port <PORT> [<PORT> …]] [–lvl <COMPRESSION_LEVEL>] [-q] [–debug]Update storage — add USB events to the existing storage (7zip archive). COMPRESSION_LEVEL is a number in [0..9].$ usbrip storage create <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> …]] [-e] [-n <NUMBE R_OF_EVENTS>] [-d <DATE> [<DATE> …]] [–user <USER> [<USER> …]] [–vid <VID> [<VID> …]] [–pid <PID> [<PID> …]] [–prod <PROD> [<PROD> …]] [–manufact <MANUFACT> [<MANUFACT> …]] [–serial <SERIAL> [<SERIAL> …]] [–port <PORT> [<PORT> …]] [–lvl <COMPRESSION_LEVEL>] [-q] [–debug]Create storage — create 7zip archive and add USB events to it according to the selected options.$ usbrip storage passwd <STORAGE_TYPE> [–lvl <COMPRESSION_LEVEL>] [-q] [–debug]Change password of the existing storage.# ———- IDs ———-$ usbrip ids search [–vid <VID>] [–pid <PID>] [–offline] [-q] [–debug]Get extra details about a specific USB device by its <VID> and/or <PID> from the USB ID database.$ usbrip ids download [-q] [–debug]Update (download) the USB ID database. HelpTo get a list of module names use:$ usbrip -hTo get a list of submodule names for a specific module use:$ usbrip <module> -hTo get a list of all switches for a specific submodule use:$ usbrip <module> <submodule> -hExamples Show the event history of all USB devices, supressing banner output, info messages and user interaction (-q, –quiet), represented as a list (-l, –list) with latest 100 entries (-n NUMBER, –number NUMBER): $ usbrip events history -ql -n 100 Show the event history of the external USB devices (-e, –external, which were actually disconnected) represented as a table (-t, –table) containing "Connected", "VID", "PID", "Disconnected" and "Serial Number" columns (-c COLUMN [COLUMN], –column COLUMN [COLUMN]) filtered by date (-d DATE [DATE …], –date DATE [DATE …]) with logs taken from the outer files (-f FILE [FILE …], –file FILE [FILE …]): $ usbrip events history -et -c conn vid pid disconn serial -d "Dec 9" "Dec 10" -f /var/log/syslog.1 /var/log/syslog.2.gz Build the event history of all USB devices and redirect the output to a file for further analysis. When the output stream is NOT terminal stdout (| or > for example) there would be no ANSI escape characters (color) in the output so feel free to use it that way. Also notice that usbrip uses some UNICODE symbols so it would be nice to convert the resulting file to UTF-8 encoding (with encov for example) as well as change newline characters to Windows style for portability (with awk for example): usbrip history events -t | awk ‘{ sub("$", "\r"); print }’ > usbrip.out && enconv -x UTF8 usbrip.outRemark: you can always get rid of the escape characters by yourself even if you have already got the output to stdout. To do that just copy the output data to usbrip.out and add one more awk instruction: awk ‘{ sub("$", "\r"); gsub("\\x1B\\[[0-?]*[ -/]*[@-~]", ""); print }’ usbrip.out && enconv -x UTF8 usbrip.out Generate a list of trusted USB devices as a JSON-file (trusted/auth.json) with "VID" and "PID" attributes containing the first three devices connected on September 26: $ usbrip events gen_auth trusted/auth.json -a vid pid -n 3 -d "Sep 26" Search the event history of the external USB devices for violations based on the list of trusted USB devices (trusted/auth.json) by "PID" attribute, restrict resulting events to those which have "Bob" as a user, "EvilUSBManufacturer" as a manufacturer, "1234567890" as a serial number and represent the output as a table with "Connected", "VID" and "PID" columns: $ usbrip events violations trusted/auth.json -a pid -et –user Bob –manufact EvilUSBManufacturer –serial 1234567890 -c conn vid pid Search for details about a specific USB device by its VID (–vid VID) and PID (–pid PID): $ usbrip ids search –vid 0781 –pid 5580 Download the latest version of usb_ids/usb.ids database (the source is here): $ usbrip ids downloadCredits & ReferencesLinux-форензика в лице трекинга истории подключений USB-устройств / Хабрusbrip: USB-форензика для Линуксов, или Как Алиса стала Евойusbrip – A tiny command line forensics tool for tracking USB device artifacts on linux. – Security List Network™Download Usbrip

Link: http://feedproxy.google.com/~r/PentestTools/~3/kreZO6BHsfE/usbrip-simple-command-line-forensics.html

Luis Giraldo, Kaseya – Enterprise Security Weekly #146

Luis is IT Glue s VP, Product. In his native Colombia, he was in the music business, once playing keyboards on tour with Shakira. Luis will be talking about Unified IT, and the Capabilities of Kaseya’s IT Complete Platform What are organizations struggling with, and how the value of a unified platform can help drive […]
The post Luis Giraldo, Kaseya – Enterprise Security Weekly #146 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/bE9chWsLVl0/

Hvazard – Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!

Remove short passwords & duplicates, change lowercase to uppercase & reverse, combine wordlists!Manual & explaination-d –dict Specifies the file you want to modify. This is the only parameter / argument that is not optional.-o –out The output filename (optional). Default is out.txt.-s –short This operation removes the lines with length shorter/equal to the specified number. Example: python dm.py -d dictionary.txt -s 5 <- This removes all lines with 5 or less characters of the file dictionary.txt-d --dupli This operation removes duplicate lines. If a line appears more than once, it gets removed. This is done so no password is tried more than once, since it is a waste of time. Example: python dm.py -d wordlist -d-l --lower This operation turns all upper-case letters to lower-case. Lower-case letters remain that way. Example: python dm.py --lower -d dictionary-u --upper This operation turns all lower-case letters to upper-case. upper-case letters remain that way. Example: python dm.py -u -d file.txt-j --join This operation joins two files together to great one larger file. Example: python dm.py -d wd1.txt -j wd2.txt <- The result is saved on the second wordlist (wd2.txt)-c --cut This operation removes all lines before the line number you specify. Useful if you have already used a large part of the wordlist and do not want to go through the same process. Example: python --cut rockyou.txt -o cutrocku.txt-e --exp This option shows this message.-a --arg This option shows the arguments & options.Download Hvazard

Link: http://feedproxy.google.com/~r/PentestTools/~3/V6_EesPs7B0/hvazard-remove-short-passwords.html

Passpie – Multiplatform Command-Line Password Manager

Passpie is a command line tool to manage passwords from the terminal with a colorful and configurable interface. Use a master passphrase to decrypt login credentials, copy passwords to clipboard, syncronize with a git repository, check the state of your passwords, and more.Password files are encrypted using GnuPG and saved into yaml text files. Passpie supports Linux, OSX and Windows.What does it look like? Here is an example of a simple Passpie usage:passpie initpasspie add foo@example.com –randompasspie add bar@example.com –pattern “[0-9]{5}[a-z]{5}"passpie update foo@example –comment "Hello"passpiepasspie copy foo@example.comOutputs:=========== ======= ========== =========Name Login Password Comment=========== ======= ========== =========example.com bar ********example.com foo ******** Hello=========== ======= ========== =========Password copied to clipboardCheck example remote passpie database: https://github.com/marcwebbie/passpiedb. Installpip install passpieOr if you are on a mac, install via Homebrew:brew install passpie DependenciesPasspie depends on GnuPG for encryption CommandsUsage: passpie [OPTIONS] COMMAND [ARGS]…Options: -D, –database TEXT Database path or url to remote repository –autopull TEXT Autopull changes from remote pository –autopush TEXT Autopush changes to remote pository –config PATH Path to configuration file -v, –verbose Activate verbose output –version Show the version and exit. –help Show this message and exit.Commands: add Add new credential to database complete Generate completion scripts for shells config Show current configuration for shell copy Copy credential password to clipboard/stdout export Export credentials in plain text import Import credentials from path init Initialize new passpie database list Print credential as a table log Shows passpie database changes history purge Remove all credentials from database remove Remove credential reset Renew passpie database and re-encrypt… search Search credentials by regular expressions status Diagnose database for improvements update Update credential Learn moreGitter: https://gitter.im/marcwebbie/passpieDocumentation: http://passpie.readthedocs.orgFAQ: http://passpie.readthedocs.org/en/latest/faq.html Download Passpie

Link: http://feedproxy.google.com/~r/PentestTools/~3/2SEdl8ow5w8/passpie-multiplatform-command-line.html

Youzer – Fake User Generator For Active Directory Environments

Fake User Generator for Active Directory EnvironmentsIntroductionThe goal of Youzer is to create information rich Active Directory environments. This uses the python3 library ‘faker’ to generate random accounts.pip3 install fakerYou can either supply a wordlist or have the passwords generated. The generated option is great for testing things like hashcat rule masks. Wordlist option is useful when wanting to supply a specific password list seeded into an environment, or to practice dictionary attacks.The output is a CSV and a PowerShell script where both can be copied to the target. When executed, the PowerShell script binds over LDAP so doesn’t rely on the newer Active Directory modules and creates each user object. Currently the OU’s need to exist, but this tool is a sub-project of ‘Labseed’ where the Active Directory structure will be created.RoadMapGenerate multiple departments (OU’s)Generate grouping structure and randomly assignImplement additional Faker object options to populate other LDAP fields such as Address, RegionCreate an organisational chart of the nested grouping structureExamplesYouzer can create 100,000 users in under 30 seconds and 1,000,000 users in around 3 minutes.[-] Domain Name set to : example[*] Writing to output file : sales_example.csv[!] Generating 100000 users in password generate mode[!] Creating Powershell script for import : sales_example.ps1python3 youzer.py –generate –generate_length 20 –ou –domain example 20.35s user 0.11s system 95% cpu 21.354 totalYouTube VideoCreating 1000 user accounts with a randomly generated alphanumeric password choice of 20 characterspython3 youzer.py –generate –generate_length 20 –ou “ou=sales,dc=example,dc=domain" –domain example –users 1000 –output sales_example.csv?88 d8P d8888b ?88 d8Pd88888P d8888b 88bd88bd88 88 d8P’ ?88d88 88 d8P’ d8b_,dP 88P’ `?8( d88 88b d88?8( d88 d8P’ 88b d88`?88P’?8b `?8888P’`?88P’?8bd88888P’`?888P’d88′ )88 ,d8P version : 0.1 `?888P’author : @lorentzenmanteam : SpiderLabs[-] Domain Name set to : example[*] Writing to output file : sales_example.csv[!] Generating 1000 users in password generate mode[!] Creating Powershell script for import : sales_example.ps1Sample output from CSV file created from generate optionName,GivenName,sn,ou,password,address,descriptionDennis Shaw,Dennis,Shaw,"ou=sales,dc=example,dc=domain",VwVeloi09FaECRdNbbXD,Sam Francis,Sam,Francis,"ou=sales,dc=example,dc=domain",qhitxgjDW4gZFuraLJbB,Ellie Freeman,Ellie,Freeman,"ou=sales,dc=example,dc=domain",7qbLcknqlPtpkOzdLyw3,Terence Arnold,Terence,Arnold,"ou=sales,dc=example,dc=domain",lumPMbDk1YomypRj26by,Anne Murphy,Anne,Murphy,"ou=sales,dc=example,dc=domain",6r42EGGoEJYe9PydHRTV,Wendy Smith,Wendy,Smith,"ou=sales,dc=example,dc=domain",tKI2zFUOU8XdK4ZTUJas,Jay Lyons,Jay,Lyons,"ou=sales,dc=example,dc=domain",wxEIbw18tW9uFYXtMI9H,Jonathan White,Jonathan,White,"ou=sales,dc=example,dc=domain",caoHcm2Y90lIH7zskJYr,Adam Roberts,Adam,Roberts,"ou=sales,dc=example,dc=domain",Qu0y7mlb2haQQddxYrcN,Georgina Jones,Georgina,Jones,"ou=sales,dc=example,dc=domain",rYBjxs4tpj9Qza7HcKYI,Lee Newton,Lee,Newton,"ou=sales,dc=example,dc=domain",6CVlBvEutc3Ahco2UI5q,Aaron Smith,A aron,Smith,"ou=sales,dc=example,dc=domain",hmSSoKILfvrHuHbPTDIQ,Max Hall,Max,Hall,"ou=sales,dc=example,dc=domain",11Ys9Zdk2M8J1JAScBkP,Kimberley Douglas,Kimberley,Douglas,"ou=sales,dc=example,dc=domain",WQ9285gSHv2MXkwoLYlg,Denise Fisher,Denise,Fisher,"ou=sales,dc=example,dc=domain",CT1pbfAnCoezuyrJbQX9,Creating 1000 user accounts from a source word listpython3 youzer.py –wordlist ~/tools/pw/Probable-Wordlists/Real-Passwords/Top12Thousand-probable-v2.txt –ou "ou=IT,dc=example,dc=domain" –domain example –users 1000 –output IT_example.csv?88 d8P d8888b ?88 d8Pd88888P d8888b 88bd88bd88 88 d8P’ ?88d88 88 d8P’ d8b_,dP 88P’ `?8( d88 88b d88?8( d88 d8P’ 88b d88`?88P’?8b `?8888P’`?88P’?8bd88888P’`?888P’d88′ )88 ,d8P version : 0.1 `?888P’author : @lorentzenmanteam : SpiderLabs[-] Domain Name set to : example[*] Writing to output file : IT_example.csv[!] Generating 1000 users in wordlist mode[!] Creating Powershell script for import : IT_example.ps1Sample output of CSV file from above wordlist optionName,GivenName,sn,ou,password,address,descriptionRhys Parker,Rhys,Parker,"ou=IT,dc=example,dc=domain",houston,Geoffrey Harris,Geoffrey,Harris,"ou=IT,dc=example,dc=domain",clothing,Georgia Davis,Georgia,Davis,"ou=IT,dc=example,dc=domain",spotty,Gemma Norris,Gemma,Norris,"ou=IT,dc=example,dc=domain",brendan1,Daniel Marsh,Daniel,Marsh,"ou=IT,dc=example,dc=domain",pauline,Dominic Harvey,Dominic,Harvey,"ou=IT,dc=example,dc=domain",devin,Teresa Stokes,Teresa,Stokes,"ou=IT,dc=example,dc=domain",snapple,Joanna Morgan,Joanna,Morgan,"ou=IT,dc=example,dc=domain",volcom,Oliver Middleton,Oliver,Middleton,"ou=IT,dc=example,dc=domain",master,Download Youzer

Link: http://www.kitploit.com/2019/07/youzer-fake-user-generator-for-active.html

FTP Logs Used to Determine Attack Vector

Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find out more on how a website has been compromised. Since our job at Sucuri is to clean website malware, we don’t have any access to logs, or what we can see is very limited.
However, to help make the internet a safer place, we like to extend ourselves and conduct some forensics to investigate how some accounts are compromised.
Continue reading FTP Logs Used to Determine Attack Vector at Sucuri Blog.

Link: https://blog.sucuri.net/2019/06/ftp-logs-used-to-determine-attack-vector.html