URLextractor – Information Gathering and Website Reconnaissance

Information gathering & website reconnaissanceUsage: ./extractor http://www.hackthissite.org/Tips:Colorex: put colors to the ouput pip install colorex and use it like ./extractor http://www.hackthissite.org/ | colorex -g “INFO" -r "ALERT"Tldextract: is used by dnsenumeration function pip install tldextractFeatures:IP and hosting info like city and country (using FreegeoIP)DNS servers (using dig)ASN, Network range, ISP name (using RISwhois)Load balancer testWhois for abuse mail (using Spamcop)PAC (Proxy Auto Configuration) fileCompares hashes to diff coderobots.txt (recursively looking for hidden stuff)Source code (looking for passwords and users)External links (frames from other websites)Directory FUZZ (like Dirbuster and Wfuzz – using Dirbuster) directory list)URLvoid API – checks Google page rank, Alexa rank and possible blacklistsProvides useful links at other websites to correlate with IP/ASNOption to open ALL results in browser at the endChangelog to version 0.2.0:[Fix] Changed GeoIP from freegeoip to ip-api[Fix/Improvement] Remove duplicates from robots.txt[Improvement] Better whois abuse contacts (abuse.net)[Improvement] Top passwords collection added to sourcecode checking[New feature] Firt run verification to install dependencies if need[New feature] Log file[New feature] Check for hostname on log file[New feature] Check if hostname is listed on Spamaus Domain Blacklist[New feature] Run a quick dnsenumeration with common server namesChangelog to version 0.1.9:Abuse mail using lynx istead of curlTarget server name parsing fixedMore verbose about HTTP codes and directory discoveryMD5 collection for IP fixedLinks found now show unique URLs from array[New feature] Google results[New feature] Bing IP check for other hosts/vhosts[New feature] Opened ports from Shodan[New feature] VirusTotal information about IP[New feature] Alexa Rank information about $TARGET_HOSTRequirements:Tested on Kali light mini AND OSX 10.11.3 with brewsudo apt-get install bc curl dnsutils libxml2-utils whois md5sha1sum lynx openssl -yConfiguration file:CURL_TIMEOUT=15 #timeout in –connect-timeoutCURL_UA=Mozilla #user-agent (keep it simple)INTERNAL=NO #YES OR NO (show internal network info)URLVOID_KEY=your_API_key #using API from http://www.urlvoid.com/FUZZ_LIMIT=10 #how many lines it will read from fuzz fileOPEN_TARGET_URLS=NO #open found URLs at the end of scriptOPEN_EXTERNAL_LINKS=NO #open external links (frames) at the end of scriptFIRST_TIME=YES #if first time check for dependeciesDownload URLextractor

Link: http://feedproxy.google.com/~r/PentestTools/~3/yeRbR31P73k/urlextractor-information-gathering-and.html

Metabigor – Command Line Search Engines Without Any API Key

Command line Search Engine without any API key.What is Metabigor?Metabigor allows you do query from command line to awesome Search Engines (like Shodan, Censys, Fofa, etc) without any API key.But Why Metabigor? Don’t use your API key so you don’t have to worry about litmit of API quotation.* Do query from command line without Premium account.* Get more result without Premium account. * But I have an Premium account why do I need this shit? Again Metabigor will not lose your API quotation.Your query will optimized so you gonna get more result than using it by hand or API key.Never get duplicate result.*How it works?Metabigor gonna use your cookie or not to simulate search from browser and optimize the query to get more result.Search Engine currently supportedShodan.Censys.Fofa Pro.Installationgit clone https://github.com/j3ssie/Metabigorcd Metabigorpip3 install -r requirements.txtDemoHow to useBasic Usage./metabigor.py -s-q ‘<your_query>’ [options]Check out the Advanced Usage to explore some awesome optionsExample commandsNote: Fill your credentials or your sessions on config.conf if you wan’t to get more results../metabigor.py -s fofa -q ‘title=”Dashboard – Confluence" && body=".org"’ ./metabigor.py -s fofa -q ‘title="Dashboard – Confluence" && body=".org"’ -b –disable_pages./metabigor.py -s shodan -q ‘port:"3389" os:"Windows"’ –debugOptions[*] Setup session===============Do command below or direct modify config.conf file./metabigor.py -s shodan –cookies=<content of polito cookie>./metabigor.py -s censys –cookies=<content of auth_tkt cookie>./metabigor.py -s fofa –cookies=<content of _fofapro_ars_session cookie>[*] Basic Usage===============./metabigor.py -s <source> -q ‘<your_query>’ [options][*] More Options=============== -d OUTDIR, –outdir OUTDIR Directory output -o OUTPUT, –output OUTPUT Output file name –raw RAW Directory to store raw query –proxy PROXY Proxy for doing request to search engine e.g: http://127.0.0.1:8080 -b Auto brute force the country code –disable_pages Don’t loop though the pages –store_content Store the raw HTML souce or not –hh Print this message –debug Print debug output[*] Example commands===============./metabigor.py -s fofa -q ‘title="Dashboard – Confluence" && body=".org"’ -b./metabigor.py -s fofa -q ‘title="Dashboard – Confluence" && body=".org"’ -b –disable_pages./metabigor.py -s shodan -q ‘port:"3389" os:"Windows"’ –debug./metabigor.py -s shodan -Q list_of_query.txt –debug -o rdp.txt./metabigor.py -s censys -q ‘(scada) AND protocols: "502/modbus"’ -o something –debug –proxy socks4://127.0.0.1:9050TODOPredine query to do specific task like subdomain scan, portscanAdding more search engine. ZoomEyeBaiduCreditsLogo from flaticon by Vitaly Gorbachev and ascii logo converted by picasciiContact@j3ssiejjjDownload Metabigor

Link: http://www.kitploit.com/2019/05/metabigor-command-line-search-engines.html

Kubolt – Utility For Scanning Public Kubernetes Clusters

Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers.Why?Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet:// getRun handles requests to run a command inside a container.func (s *Server) getRun(request *restful.Request, response *restful.Response) { params := getExecRequestParams(request) pod, ok := s.host.GetPodByName(params.podNamespace, params.podName) if !ok { response.WriteError(http.StatusNotFound, fmt.Errorf(“pod does not exist")) return }How?Okay, let’s ask our friend ShodanThe basic query isssl:true port:10250 404Kubelet uses port 10250 with SSL by default, 404 is the HTTP response without URL path.Kubolt asks Shodan by API for list of IP addresses and keeps them for other OSINT actions Firstly, let’s ask Kubelet for running pods and filter hosts where response doesn’t contain Unauthorized and contains container so we can run command inside it.curl -k https://IP-from-Shodan:10250/runningpods/ Anyway, if you find the host without any running pods at the time, keep it for next time when pods might be started You can list all available pods from these requests:curl -k https://IP-from-Shodan:10250/pods/#orcurl http://IP-from-Shodan:10255/pods/ Next kubolt parse response and generate a new request as below:curl -XPOST -k https://IP-from-Shodan:10250/run//<PodName>/<containerName> -d "cmd=<command-to-run>" You can target companies more accurate using Shodan filters such as:asnorgcountrynetInstallmkdir outputpip install -r requirements.txt Runpython kubolt.py –query "asn:123123 org:’ACME Corporation’"#orpython kubolt.py –query "org:’ACME Corporation’ country:UK"ShodanKubolt uses Shodan API and Query Credits accordingly, if you run the tool without query filters then you will probably fire all your creditsImportantThe Tool provided by the author should only be used for educational purposes. The author can not be held responsible for the misuse of the Tool. The author is not responsible for any direct or indirect damage caused due to the usage of the Tool.Download Kubolt

Link: http://feedproxy.google.com/~r/PentestTools/~3/snT7GJXlPRw/kubolt-utility-for-scanning-public.html

OSINT-Search – Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting

OSINT-Search is a useful tool for digital forensics investigations or initial black-box pentest footprinting.OSINT-Search DescriptionScript in Python that applies OSINT techniques by searching public data using email addresses, phone numbers, domains, IP addresses or URLs.Create an account at https://pipl.com/api and get the API key.Create an account at https://www.opencnam.com/ and get the Account SID and Auth Token.Create an account at https://www.shodan.io/ and get the Shodan API key.Create an account at https://whatcms.org/API and get the WhatCMS API key.Create an account at https://censys.io/register and get the API ID and API secret.Create an account at https://dashboard.fullcontact.com/consents and get the FullContact API key.FunctionalityPresents personal information like full name, age, gender, location, languages, social networks, etc…Presents information related to data breaches.Presents information related to pastes of data breaches made public.Presents which country a phone number belongs to.Presents results of google hackings searches.Presents results related to a domain or an IP address.Presents CMS for a certain website.Presents DNS Records information for a certain domain.Presents Facebook ID and a facebook page full of photos after getting a facebook profile URL.Presents digital certificates for a certain domain.The script allows specfic searches and in bulk.More functionalities to be added later.Tested OnKubuntu 18.04.2 LTSKali Linux 2019.1Windows 10Requirements (Install) Linux: Python3 – https://docs.python-guide.org/starting/install3/linux/#install3-linux sudo apt-get install git Windows: Python3 – https://www.python.org/downloads/windows/ git – https://git-scm.com/download/win Both: pip3 install unidecode selenium fake_useragent dnsdumpsterpip3 install -r requirements.txtpip3 install git+https://github.com/abenassi/Google-Search-API –upgradepip3 install https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip –userRunOn the first run of the script you need to submit your API fields to get all the functionality of the script. I suggest you create the accounts mentioned in the description.A configuration file called ‘osintSearch.config.ini’ is created with your data and can be edited by you.Usage$ osintS34rCh v1.0USAGES Email ./osintS34rCh -e # All Searches: Pipl, FullContact, Haveibeenpwnded Data Breaches and Credentials Pastes ./osintS34rCh -e <target@email> –pipl # Pipl ./osintS34rCh -e <target@email> –fullcontact # FullContact ./osintS34rCh -e <target@email> –pwned # Haveibeenpwnded Data Breaches and Credentials Pastes Domain ./osintS34rCh.py -t <domain> # All Searches: Shodan Recon, crt.sh, DNSDumpster, All Google Hacking Dorks ./osintS34rCh.py -t <domain> –shodan # Shodan Recon ./osintS34rCh.py -t <domain> –crt # crt.sh ./osintS34rCh.py -t <domain> –dns # DNSDumpster ./osintS34rCh.py -t <domain> -d <dork> -n <num_pages> # Google Hacking ./osintS34rCh.py -t & lt;domain> -d –all # All Google Hacking Dorks IP ./osintS34rCh.py -t <IP> # All Searchs: Shodan and Censys Recon ./osintS34rCh.py -t <IP> –shodan # Shodan Recon ./osintS34rCh.py -t <IP> –censys # Censys Recon URL ./osintS34rCh.py -u <url> –censys # Censys Recon ./osintS34rCh.py -u <url> –cms # WhatCMS Check ./osintS34rCh.py -u <url> –facebook # Facebook Phone ./osintS34rCh.py -p <phonenumber> –callerID # CallerIDOPTIONS: -h or –help -e <email> [–pipl] [–fullcontact] [–pwned] -p <phone> –calledID -t <target IP or Domain> [–shodan] [–crt] [–dns] [-d] [<dork>] [–all] [-n <num_pages>] -u [–cms] [–censys] [–facebook]DORKS: dir_list files docs db login sql sensitive phpCONFIG_FILE: /you rdirectory/osintSearch.config.iniDownload OSINT-Search

Link: http://feedproxy.google.com/~r/PentestTools/~3/D1r1ulQ7KTw/osint-search-useful-for-digital.html

Pocsuite3 – An Open-Sourced Remote Vulnerability Testing Framework

pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers.FeaturesPoC scripts can running with attack,verify, shell mode in different wayPlugin ecosystemDynamic loading PoC script from any where (local file, redis , database, Seebug …)Load multi-target from any where (CIDR, local file, redis , database, Zoomeye, Shodan …)Results can be easily exportedDynamic patch and hook requestsBoth command line tool and python package import to useIPV6 supportGlobal HTTP/HTTPS/SOCKS proxy supportSimple spider API for PoC script to useIntegrate with Seebug (for load PoC from Seebug website)Integrate with ZoomEye (for load target from ZoomEye Dork)Integrate with Shodan (for load target from Shodan Dork)Integrate with Ceye (for verify blind DNS and HTTP request)Friendly debug PoC scripts with IDEsMore …Screenshotspocsuite3 console modepocsuite3 shell modepocsuite3 load PoC from Seebugpocsuite3 load multi-target from ZoomEyepocsuite3 load multi-target from ShodanRequirementsPython 3.4+Works on Linux, Windows, Mac OSX, BSDInstallationThe quick way:$ pip install pocsuite3Or click here to download the latest source zip package and extract$ wget https://github.com/knownsec/pocsuite3/archive/master.zip$ unzip master.zipThe latest version of this software is available from: http://pocsuite.orgDocumentationDocumentation is available in the english docs / chinese docs directory.Download Pocsuite3

Link: http://feedproxy.google.com/~r/PentestTools/~3/x6R6agm_yNE/pocsuite3-open-sourced-remote.html

UPDATE: AutoSploit 3.0 – The New Year’s edition

PenTestIT RSS Feed
I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 2.2. Recently, AutoSploit 3.0 was released. This post tries to describe the changes between the last release and the newest version as this release adds a number of features and bug fixes. This release is codeRead more about UPDATE: AutoSploit 3.0 – The New Year’s edition
The post UPDATE: AutoSploit 3.0 – The New Year’s edition appeared first on PenTestIT.

Link: http://pentestit.com/update-autosploit-3-0-the-new-years-edition/

Hostintel – A Modular Python Application To Collect Intelligence For Malicious Hosts

This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added.Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format and sent to STDOUT so the data can be saved or piped into another program. Since the output is in CSV format, spreadsheets such as Excel or database systems will easily be able to import the data.I created a short introduction for this tool on YouTube: https://youtu.be/aYK0gILDA6wThis works with Python v2, but it should also work with Python v3. If you find it does not work with Python v3 please post an issue.Help Screen:$ python hostintel.py -husage: hostintel.py [-h] [-a] [-d] [-v] [-p] [-s] [-c] [-t] [-o] [-i] [-r] ConfigurationFile InputFileModular application to look up host intelligence information. Outputs CSV toSTDOUT. This application will not output information until it has finished allof the input.positional arguments: ConfigurationFile Configuration file InputFile Input file, one host per line (IP, domain, or FQDN host name)optional arguments: -h, –help show this help message and exit -a, –all Perform All Lookups. -d, –dns DNS Lookup. -v, –virustotal VirusTotal Lookup. -p, –passivetotal PassiveTotal Lookup. -s, –shodan Shodan Lookup. -c, –censys Censys Lookup. -t, –threatcrowd ThreatCrowd Lookup. -o, –otx OTX by AlienVault Lookup. -i, –isc Internet Storm Center DShield Lookup. -r, –carriagereturn Use carriage returns with new lines on csv.Install:First, make sure your configuration file is correct for your computer/installation. Add your API keys and usernames as appropriate in the configuration file. Python and Pip are required to run this tool. There are modules that must be installed from GitHub, so be sure the git command is available from your command line. Git is easy to install for any platform. Next, install the python requirements (run this each time you git pull this repository too):$ pip install -r requirements.txtThere have been some problems with the stock version of Python on Mac OSX (http://stackoverflow.com/questions/31649390/python-requests-ssl-handshake-failure). You may have to install the security portion of the requests library with the following command:$ pip install requests[security]Lastly, I am a fan of virtualenv for Python. To make a customized local installation of Python to run this tool, I recommend you read: http://docs.python-guide.org/en/latest/dev/virtualenvs/Running:$ python hostintel.py myconfigfile.conf myhosts.txt -a > myoutput.csvYou should be able to import myoutput.csv into any database or spreadsheet program.Note that depending on your network, your API key limits, and the data you are searching for, this script can run for a very long time! Use each module sparingly! In return for the long wait, you save yourself from having to pull this data manually.Sample Data:There is some sample data in the “sampledata" directory. The IPs, domains, and hosts were picked at random and by no means is meant to target any organization or individual. Running this tool on the sample data works in the following way:Small Hosts List:$ python hostintel.py local/config.conf sampledata/smalllist.txt -a > sampledata/smalllist.csv*** Processing 8.8.8.8 ****** Processing 8.8.4.4 ****** Processing 192.168.1.1 ****** Processing 10.0.0.1 ****** Processing google.com ****** Processing 212.227.247.242 ****** Writing Output ***Larger Hosts List:$ python hostintel.py local/config.conf sampledata/largerlist.txt -a > sampledata/largerlist.csv*** Processing 114.34.84.13 ****** Processing 116.102.34.212 ****** Processing 118.75.180.168 ****** Processing 123.195.184.13 ****** Processing 14.110.216.236 ****** Processing 14.173.147.69 ****** Processing 14.181.192.151 ****** Processing 146.120.11.66 ****** Processing 163.172.149.131 ***…*** Processing 54.239.26.180 ****** Processing 62.141.39.155 ****** Processing 71.6.135.131 ****** Processing 72.30.2.74 ****** Processing 74.125.34.101 ****** Processing 83.31.179.71 ****** Processing 85.25.217.155 ****** Processing 93.174.93.94 ****** Writing Output ***Intelligence Sources:You can get API keys at the sites below for your configuration file.GeoLite2 (No network I/O required)http://www.maxmind.comDNS (Network I/O required)https://github.com/rthalley/dnspythonVirusTotal (Public API key and network I/O required, throttled when appropriate)http://www.virustotal.comPassiveTotal (API key, username, and network I/O required)http://www.passivetotal.comShodan (API key and network I/O required)http://www.shodan.ioCensys (API key, username, and network I/O required)http://www.censys.ioThreatCrowd (Network I/O required, throttled when appropriate)http://www.threatcrowd.orgOTX by AlienVault (API key and network I/O required)https://otx.alienvault.comInternet Storm Center (Network I/O required)https://isc.sans.eduResources:The GeoIP2 Python libraryhttps://github.com/maxmind/GeoIP2-pythonThe Python DNS libraryhttps://github.com/rthalley/dnspythonFoundation of DNS lookups inspired by http://www.iodigitalsec.com/performing-dns-queries-python/The VirusTotal Python libraryhttps://github.com/blacktop/virustotal-apiThe Shodan Python libraryhttp://shodan.readthedocs.io/en/latest/https://github.com/achillean/shodan-pythonThe Censys Python libraryhttps://github.com/censys/censys-pythonhttps://www.censys.io/apiThe PassiveTotal Python libraryhttps://passivetotal.readthedocs.io/en/latest/https://github.com/passivetotal/python_apiThe ThreatCrowd Python libraryhttps://github.com/threatcrowd/ApiV2https://github.com/jheise/threatcrowd_apiThe OTX Python Libraryhttps://github.com/AlienVault-Labs/OTX-Python-SDKhttps://otx.alienvault.com/api/The Internet Storm Center DShield Python Libraryhttps://github.com/rshipp/python-dshieldhttps://isc.sans.edu/api/Notes:Crude notes are available here.Download Hostintel

Link: http://feedproxy.google.com/~r/PentestTools/~3/MPHA1vA45o0/hostintel-modular-python-application-to.html

OSINT-SPY – Search using OSINT (Open Source Intelligence)

Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target.OSINT-SPY Documentation (beta)File Name : READMEAuthor : @sk_securityVersion : 0.0.1Website : osint-spy.comOverview of this tool:Perform scan on IP Address / domain / email address / BTC(bitcoin) address / deviceFind out latest bitcoin block informationList out all the ciphers supported by particular website and serverCheck whether a particular website is vulnerable to heartbleed or not ?Dump all the contacts and messages from skype databaseAnalyze malware or malicous file remotelyLicenses informationOSINT-SPY and its documents are covered with GPL-3.0 (General Public License v3.0)Using OSINT-SPY @@@@@@@@@ @@@@@@@@@ | @@ @ 88888|88888 @@@@@@@@@ 8@@@@@@@@ 8 @ 88888888888 | | @ @ @ | | 8 @ 8 @ @@@@@@@@@@@ | | @ @ @ | | 8 @ 8 @ 88888888888 |@@@@@@@@ | @ @ @ | —- |@@@@@@@@ 8@@@@@@@@ 8 @ @@@@@@@@@@@ | | @ @ @ | | 8 @ @@@@@@@@@@@ | | @ @ @ | | 8 @ 888888888 @@@@@@@@| | @ @@ | @@@@@@@@| 8 @ Search using OSINT Website: www.osint-spy.com Usage: osint-spy.py [options] Options: -h, –help show this help message and exit. –btc_block Find latest Bitcoin blockchain info. –btc_date Find Bitcoin blockchain information from given date. –btc_address Find out balance and transaction information of given bitcoin address. –ssl_cipher List out all the ciphers used by given server. –ssl_bleed Check whether server is vulnerable to heart bleed flaw or not. –domain Get bunch of detail of given website or organization. –email Gather information of a given email address. –device Find out devices which are connected to internet. –ip Enumerate information from given IP Addresss. –skype_db Give the location of skype database in order to fetch all the information from that including chats and contacts. –malware Find out whether a given file is infected by malware or not. –carrier Give path of carrier file behind which you want to add text. –setgo_text Enter text to hide behind carrier file. –stego_find Give a stego file and it will try to find hidden text.Required setupPython 2.7Use install_linux.py (for installing all dependencies and libraries on linux)Use install_windows.py (for installing all dependencies and libraries on windows)Contributors1. Sharad Kumar – @sk_security DocumentationSetting up the enviornmentInstalling and using OSINT-SPY is very easy.Installation process is very simple and is of 4 steps.1.Downloading or cloning OSINT-SPY github repository.2.Downloading and installing all dependencies.3.Generating API Keys4.Adding API Keys in config fileLet’s Begin !!Step 1 – Download OSINT-PSY on your system.In order to install OSINT-SPY simply clone the github repository.Below is the command which you can use in order to clone OSINT-SPY repository.git clone https://github.com/SharadKumar97/OSINT-SPY.gitStep 2 – Downloading and Installing dependencies.Once you clone OSINT-SPY, you will find one directory name as OSINT-SPY. Just go that directory and install dependencies. If you are using OSINT-SPY on windows then run install_linux.py file and if you are using linux then run install_linux.pypython install_linux.pyORpython install_windows.pyGenerating API KeysWe need some API Keys before using this tool.Following are the API’s which we are using in this tool for a time being.1.Clearbit API2.Shodan API3.Fullcontact API4.Virus_Total API5.EmailHunter APIClearbit API Register yourself at Clearbitand activate your account. Once you login, you will find one section of API. Go there and copy your secret API Key and paste inside config.py file. Config.py file can be find in modules directory of OSINT-SPY.Shodan API Register yourself at Shodan and activate your account. Once you activated your account then login to Shodan. Once you login, you will find an API key in overview tab. Copy that key and paste inside config.py file.FullContact API Register yourself at Full Contact. You can sign up by using your email or you can Sign Up with Google. Once you login, you will find your API Key on front of your dashboard. Just copy that key and paste it inside config.py file.VirusTotal API Register yourself at VirusTotal. Once you login, you will find My Api Key section in your profile menu. Just go there and copy your public API Key and paste in config.py file.EmailHunter API Register yourself at Email Hunter . Once you login, go to API tab and click on EYE icon to view your API Key. Copy your API Key in config.py file.UsageOSINT-SPY is very handy tool and easy to use.All you have to do is just have to pass values to parameter.In order to start OSINT-SPY just write — python osint-spy.com–btc_block –btc_block parameter gives you the information of latest bitcoin block chain.Usage:python osint-spy.py –btc_block–btc_date –btc_date parameter will give you an information of bitcoin block chain from given date.Usage:python osint-spy.py –btc_date 20170620–btc_address –btc_address will give you an information about particular bitcoin owner.python osint-spy.py –btc_address 1DST3gm6JthxhuoNKFqXrdpzPFfz1WgHpW–ssl_cipher –ssl_cipher will show you all the ciphers supported by given website.python osint-spy.py –ssl_cipher google.com–ssl_bleed –ssl_bleed will find out whether given website is vulnerable to heartbleed or not ? .python osint-spy.py –ssl_bleed google.com–domain –domain will give you in depth-information about particular domain including whois,dns,ciphers,location and so more.python osint-spy.py –domain google.com–email –email will gather information about given email address from various public sources.python osint-spy.py –email david@toorcon.org–device –device will search for a given device from shodan and will list out all the available devices on public IP.python osint-spy.py –device webcam–ip –ip will gather all the information of given IP Address from public sources.python osint-spy.py –ip 127.0.0.1–skype_db –skype_db will find out all the contacts and message history from given skype database.This can be useful for forensics investigator.In Windows,Skype database can be found in AppData\Roaming\Skype\(Your username)\main.db and in Mac OSX , database can be found in /Users/(Your mac user anme)/Library/Support/Skype/(your skyoe username)/main.dbpython osint-spy.py –skype_db main.db–malware –malware will send a given piece of file to virustotal and will give you a result whether given file is malware or not? .python osint-spy.py –malware abc.exe–carrier and –stego_text –carrier and –stego_text are used to hide text behind any image. –carrier will specify the image behind which you want to hide the text. –stego_text will specify the text you want to add.python osint-spy.py –carrier image.jpg –stego_text This_is_secre_text–stego_find –stego_find will find out hidden text behind any image.python osint-spy.py –stego_find hidden.jpgDownload OSINT-SPY

Link: http://feedproxy.google.com/~r/PentestTools/~3/-x63Tn8Ij2w/osint-spy-search-using-osint-open.html

LeakLooker – Find Open Databases With Shodan

Find open databases with ShodanBackground:https://medium.com/@woj_ciech/leaklooker-find-open-databases-in-a-second-9da4249c8472Requirements:Python 3Shodan paid plan, except Kibana searchPut your Shodan API key in line 65pip3 install shodanpip3 install coloramapip3 install hurry.filesizeUsageroot@kali:~/# python leaklooker.py -h , )\ / \ ‘ # ‘ ‘, ,’ `’ , )\ / \ ‘ ~ ‘ ‘, ,’ `’LeakLooker – Find open databaseshttps://medium.com/@woj_ciech https://github.com/woj-ciech/usage: leaklooker.py [-h] [–elastic] [–couchdb] [–mongodb] [–kibana] [–first FIRST] [–last LAST]LeakLookeroptional arguments: -h, –help show this help message and exit –elastic Elasti search (default: False) –couchdb CouchDB (default: False) –mongodb MongoDB (default: False) –kibana Kibana (default: False)Pages: –first FIRST First page (default: None) –last LAST Last page (default: None)You need to specify first and last pageExampleroot@kali:~/# python leaklooker.py –mongodb –couchdb –kibana –elastic –first 12 –last 14[…]———————————-Elastic – Page 12——————————–Found 25069 resultsIP: http://xxx.xxx.xxx.xxx:9200/_cat/indices?vSize: 1GCountry: FranceIndices: .monitoring-kibana-6-2019.01.08[…]—————————-IP: http://yyy.yyy.yyy.yyy:9200/_cat/indices?vSize: 144GCountry: ChinaIndices: zhuanlihx_person[…]———————————-CouchDB – Page 12——————————–Found 5932 results—————————–IP: http://xxx.xxx.xxx:5984/_utilsCountry: Austrianew_fron_dbtest_db—————————–IP: http://yyy.yyy.yyy.yyy:5984/_utilsCountry: United States_replicator_usersbackup_20180917backup_dbeio_localtfa_pos———————————-MongoDB – Page 12——————————–Found 66680 resultsIP: xxx.xxx.xxx.xxxSize: 6GCountry: FranceDatabase name: WarnSize: 80MCollections: Warnsystem.indexesDatabase name: xhprofprodSize: 5GCollections: resultssystem.indexes—————————–IP: yyy.yyy.yyy.yyySize: 544MCountry: UkraineDatabase name: localSize: 32MCollections: startup_logDatabase name: ace_statSize: 256MCollections: stat_minutesystem.indexesstat_hourlystat_daily[…]Database name: aceSize: 256MCollections: usergroupsystem.indexesscheduletaskdpigroupportforwardwlangroup[…]———————————-Kibana – Page 12——————————–Found 10464 resultsIP: http://xxx.xxx.xxx.xxx:5601/app/kibana#/discover?_g=()Country: Germany—IP: http://yyy.yyy.yyy.yyy:5601/app/kibana#/discover?_g=()Country: United States—IP: http://zzz.zzz.zzz.zzz:5601/app/kibana#/discover?_g=()Country: United KingdomScreenshotsDownload LeakLooker

Link: http://www.kitploit.com/2019/01/leaklooker-find-open-databases-with.html