FinalRecon – OSINT Tool For All-In-One Web Reconnaissance

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease.FeaturesFinalRecon provides detailed information such as :Header InformationWHOISSSL Certificate Details Found Flag in SSL Certificate – Securinets CTF Quals 2019 – Hidden (200 Points)CrawlerMore modules will be added in futureTested onKali Linux 2019.1BlackArch LinuxInstallationgit clone https://github.com/thewhiteh4t/FinalRecon.gitcd FinalReconpip3 install -r requirements.txtUsagepython3 finalrecon.py -husage: finalrecon.py [-h] [–headers] [–sslinfo] [–whois] [–crawl] [–full] urlFinalRecon – OSINT Tool for All-In-One Web Recon | v1.0.0positional arguments: url Target URLoptional arguments: -h, –help show this help message and exit –headers Get Header Information –sslinfo Get SSL Certificate Information –whois Get Whois Lookup –crawl Crawl Target Website –full Get Full Analysis, Test All Available Options# Check headerspython3 finalrecon.py –headers # Check ssl Certificatepython3 finalrecon.py –sslinfo <url># Check whois Informationpython3 finalrecon.py –whois <url># Crawl Targetpython3 finalrecon.py –crawl <url># full scanpython3 finalrecon.py –full <url>DemoDownload FinalRecon

Link: http://www.kitploit.com/2019/05/finalrecon-osint-tool-for-all-in-one.html

[python]Start up script to create VPC to launch EC2

Use case This is an interactive start up script to do from creating VPC to launching EC2. This is a follow up from this post – Functions for aws automation, I have added a few more functions to make it complete. Demonstration This is the interactive script: These are the results in AWS console: VPC … Continue reading [python]Start up script to create VPC to launch EC2

Link: http://cyruslab.net/2019/05/11/pythonstart-up-script-to-create-vpc-to-launch-ec2/

ReconT – Reconnaisance / Footprinting / Information Disclosure

Recon-Tool made for reconnaissance and information gathering with an emphasis on simplicity.It will do everything from.FeaturesInformation Security HeadersWAF DetectorBanner Grabbing Phone NumberCredit Card NumberEmailUS Social Security NumberUrl Crawl Dom Paramter UrlInternal Dynamic ParamterExternal Dynamic ParamterInternal LinkExternal LinkPort ScannerSubdomain EnumerationRequirementsclickrequestscolorlogbs4tldextractUsage & Installation$ apt-get install python3 nmap$ pip3 install -r requirements.txt$ python3 reconT.py http://target.co.li$ python reconT.py –helpUsage: reconT.py [OPTIONS] TARGETOptions: –timeout INTEGER Seconds to wait before timeout connections –proxy TEXT if Use a proxy ex: 0.0.0.0:8888if with auth 0.0.0.0:8888@user:password –cookies TEXT if use cookie comma separated cookies to add the requestex: PHPSESS:123,kontol=True –help Show this message and exit. InfoSupport For Python Version: 3.xReconT Version: 0.1By: 407 Authentic Exploit Codename: JaxBCDDownload ReconT

Link: http://feedproxy.google.com/~r/PentestTools/~3/cODwkrYCciM/recont-reconnaisance-footprinting.html

QRGen – Simple Script For Generating Malformed QRCodes

Simple Script For Generating Malformed QRCodes. These qrcodes are useful if you want to test some QRCode scanner’s parser or how the application handle QRCode data.Down side of this tool: you need to manually scan codes with camera.ProofInstallationWhat do you need:python3qrcodePillowargparseSteps1 git clone https://github.com/h0nus/QRGen2 cd QRGen3 pip3 install -r requirements.txt OR python3 -m pip install -r requirements.txt4 python3 qrcode.py5 Enjoy attacking QRCodes :PPersonalizationYou can change the default wordlists to what you want by passing -w/–wordlist 🙂 Order of default wordlists group:SQL InjectionXSSCommand InjectionFormat StringXXEString FuzzingSSI InjectionLFI/Directory Traversalcustom passed with -w/–wordlistDownload QRGen

Link: http://feedproxy.google.com/~r/PentestTools/~3/l5Kg34GFbeY/qrgen-simple-script-for-generating.html

[python]Creating security group and inbound rule

This is the extension of Functions of aws automation.I have added some methods to create security groups and apply rules. In addition to the functions/methods describe here, I have created 4 more methods to accomplish these: Security group creation Inbound rule creation to the security group. Demonstration create_security_group method This method create a security group … Continue reading [python]Creating security group and inbound rule

Link: http://cyruslab.net/2019/05/08/pythoncreating-security-group-and-inbound-rule/

[python]Making a list of dictionaries

Use case I am trying to write a script for doing security group based on user’s input. the IpRanges is a list of dictionary. I intend to do a method which generate multiple dictionaries with the same key but different values, and put these dictionaries into a list. ipaddress.ip_network method can evaluate both host ip … Continue reading [python]Making a list of dictionaries

Link: http://cyruslab.net/2019/05/08/pythonmaking-a-list-of-dictionaries/

BruteDum – Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC With Hydra, Medusa And Ncrack

BruteDum is a SSH, FTP, Telnet, PostgreSQL, RDP, VNC brute forcing tool with Hydra, Medusa and Ncrack. BruteDum can work with aany Linux distros if they have Python 3.Features of BruteDumSSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra (recommended)SSH, FTP, Telnet, PostgreSQL, RDP, VNC with MedusaSSH, FTP, Telnet, PostgreSQL, RDP, VNC with NcrackScan victim’s ports with NmapInstall and run on LinuxYou have to install Python 3 first:Install Python 3 on Arch Linux and its distros: sudo pacman -S python3Install Python 3 on Debian and its distros: sudo apt install python3You have to install Hydra, Medusa, Nmap and Ncrack too: On Arch Linux and its distros: sudo pacman -S nmap hydra medusa ncrack On Debian and its distros: sudo apt install nmap hydra medusa ncrack git clone https://github.com/GitHackTools/BruteDumcd BruteDumpython3 brutedum.pyScreenshotsScanning victim’s ports with NmapReady to brute force Brute force has done ContactTwitter: @SecureGFDownload BruteDum

Link: http://feedproxy.google.com/~r/PentestTools/~3/3Z-_-kI5aD8/brutedum-brute-force-attacks-ssh-ftp.html

10Minutemail – Python Temporary Email

10minutemail.net is a free, disposable e-mail service. Your temporary e-mail address will expire after 10 minutes, after which you cannot access it. You can extend the time by 10 minutes. The website you are registering with could be selling your personal information; you never know where your e-mail will be published. An email address with a 10-minute lifespan is the best solution to prevent this.Installationwget https://raw.githubusercontent.com/m4ll0k/10minutemail/master/10minutemail.py && python 10minutemail.pyUsagepython 10minutemail.pypython 10minutemail.py –save emails.txtDownload 10Minutemail

Link: http://feedproxy.google.com/~r/PentestTools/~3/6P5wkV_3yTU/10minutemail-python-temporary-email.html

PeekABoo – Tool To Enable Remote Desktop On The Targeted Machine

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task.The tool only works if WinRM is enabled. Since Windows Server 2012 WinRM is enabled by default on all Windows server operating systems, but not on client operating systems.Note: Remote desktop is disabled by default on all Windows operating systems. User would require local administrator password or administrator privileges on the server to enable RDP on a targeted machine.ScreenshotsTargeted machine on an internal network has RDP disabled:Enabling remote desktop service on a targeted machine by pressing option 2:Successfully enabled remote desktop service on a targeted machine:How to install?- git clone https://github.com/Viralmaniar/PeekABoo.git- cd PeekABoo- python peekaboo.pyHow do I use this?Press 1: This will set the PowerShell to unrestricted mode.Press 2: It enables the Remote Desktop on the targeted machine and shows the RDP port (3389) status.Press 3: It disables the Remote Desktop on the targeted machine.Press 4: To exit from the program.My Windows machine does not have Python installed, what should I do? Download an exe from the release section of the Github along with PowerShell files available here or do it on your own using PyInstaller after reviewing the source code. Compile peekaboo.py into an executable using Pyinstaller PyInstaller is available on PyPI. You can install it through pip: pip install pyinstallerQuestions?Twitter: https://twitter.com/maniarviral LinkedIn: https://au.linkedin.com/in/viralmaniarDownload PeekABoo

Link: http://feedproxy.google.com/~r/PentestTools/~3/pKwJLmFuw_Y/peekaboo-tool-to-enable-remote-desktop.html