Last updated: December 30, 2017 | 6,864 views
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
It also integrates with subbrute for subdomain brute-forcing with word lists.
Features of Sublist3r Subdomain Enumeration Tool
It enumerates subdomains using many search engines such as:
- Google
- Yahoo
- Bing
- Baidu
- Ask
The tool also enumerates subdomains using:
- Netcraft
- Virustotal
- ThreatCrowd
- DNSdumpster
- ReverseDNS
Requirements of Sublist3r Subdomain Search
It currently supports Python 2 and Python 3.
– The recommended version for Python 2 is 2.7.x
– The recommended version for Python 3 is 3.4.x
The tool depends on the requests, dnspython, and argparse Python modules.
Usage of Sublist3r Subdomain Brute Force Tool
|
|
./sublist3r.py -h -d --domain Domain name to enumerate subdomains of -b --bruteforce Enable the subbrute bruteforce module -p --ports Scan the found subdomains against specific tcp ports -v --verbose Enable the verbose mode and display results in realtime -t --threads Number of threads to use for subbrute bruteforce -e --engines Specify a comma-separated list of search engines -o --output Save the results to text file -h -help show the help message and exit |
Examples
To list all the basic options and switches use -h switch:
To enumerate subdomains of specific domain:
|
|
python sublist3r.py -d example.com |
To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :
|
|
python sublist3r.py -d example.com -p 80,443 |
To enumerate subdomains of specific domain and show the results in realtime:
|
|
python sublist3r.py -v -d example.com |
To enumerate subdomains and enable the bruteforce module:
|
|
python sublist3r.py -b -d example.com |
To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines
|
|
python sublist3r.py -e google,yahoo,virustotal -d example.com |
It’s also possible to use Sublist3r as a Python module in your own scripts.
Other tools to check out are:
– SubBrute – Subdomain Brute-forcing Tool
– Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool
– DNSRecon – DNS Enumeration Script
– InstaRecon – Automated Subdomain Discovery Tool
You can download Sublist3r here:
Sublist3r-master.zip
Or read more here.
Posted in: Networking Hacking
Latest Posts:
RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
July 27, 2019 - 98 Shares
Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network. July 18, 2019 - 226 Shares
Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command. July 11, 2019 - 240 Shares
Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally. July 1, 2019 - 274 Shares
US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling. June 27, 2019 - 41 Shares
BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment. June 24, 2019 - 300 Shares
Last updated: December 20, 2017 | 15,072 views
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.
If you are auditing WPA-PSK networks, you can use this tool to identify weak passphrases that were used to generate the PMK. Supply a libpcap capture file that includes the 4-way handshake, a dictionary file of passphrases to guess with, and the SSID for the network.
What is coWPAtty?
coWPAtty is the implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. coWPAtty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.
coWPAtty Usage
Example:
|
|
./cowpatty -r eap-test.dump -f dict -s somethingclever |
Full Output:
|
|
cowpatty -h cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com> Usage: cowpatty [options] -f Dictionary file -d Hash file (genpmk) -r Packet capture file -s Network SSID (enclose in quotes if SSID includes spaces) -c Check for valid 4-way frames, does not crack -h Print this help information and exit -v Print verbose information (more -v for more verbosity) -V Print program version and exit |
This tool can also accept dictionary words from STDIN, allowing us to utilize a tool such as John the Ripper to create lots of word permutations from a dictionary file.
|
|
john -wordfile:dictfile -rules -session:johnrestore.dat -stdout:63 | \ cowpatty -r eap-test.dump -f - -s somethingclever |
In the default configuration of John the Ripper, common permutations of dictionary words will be sent as potential passwords to coWPAtty.
This tool is based around the whitepaper by Robert Moskowitz:
Weakness in Passphrase Choice in WPA Interface
There are also the following to check out:
– wifite – Mass Wifi WEP / WPA Key Cracking Tool
– aircrack-ng – WEP and WPA-PSK Key Cracking Program
– Reaver Download – Hack WPS Pin WiFi Networks
coWPAtty download
You can download coWPAtty here:
cowpatty-2.0.tgz
Or read more here.
Posted in: Wireless Hacking
Latest Posts:
RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
July 27, 2019 - 98 Shares
Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network. July 18, 2019 - 226 Shares
Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command. July 11, 2019 - 240 Shares
Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally. July 1, 2019 - 274 Shares
US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling. June 27, 2019 - 41 Shares
BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment. June 24, 2019 - 300 Shares
Last updated: December 15, 2017 | 9,515 views
net-creds is a Python-based tool for sniffing plaintext passwords and hashes from a network interface or PCAP file – it doesn’t rely on port numbers for service identification and can concatenate fragmented packets.
Features of net-creds for Sniffing Passwords
It can sniff the following directly from a network interface or from a PCAP file:
- URLs visited
- POST loads sent
- HTTP form logins/passwords
- HTTP basic auth logins/passwords
- HTTP searches
- FTP logins/passwords
- IRC logins/passwords
- POP logins/passwords
- IMAP logins/passwords
- Telnet logins/passwords
- SMTP logins/passwords
- SNMP community string
- NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc.
- Kerberos
There is also:
SniffPass – Simple Password Sniffer
You can download net-creds here:
net-creds-master.zip
Or read more here.
Posted in: Networking Hacking
Latest Posts:
RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
July 27, 2019 - 98 Shares
Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network. July 18, 2019 - 226 Shares
Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command. July 11, 2019 - 240 Shares
Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally. July 1, 2019 - 274 Shares
US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling. June 27, 2019 - 41 Shares
BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment. June 24, 2019 - 300 Shares
Last updated: December 9, 2017 | 4,971 views
In security testing, much like most things technical there are two very contrary methods, Dynamic Application Security Testing or DAST and Static Application Security Testing or SAST.
Dynamic testing relying on a black-box external approach, attacking the application in its running state as a regular malicious attacker would.
Static testing is more white-box looking at the source-code of the application for potential flaws.
Personally, I don’t see them as ‘vs’ each other, but more like they compliment each other – it’s easy to have SAST tests as part of your CI/CD pipeline with tools like Code Climate.
DAST – Dynamic Application Security Testing
There are also pros and cons for each methodology, with DAST you aren’t bound to any particular technology or language – but on the downside, you are also limited to the parts of the application visible to the outside World.
An example of such a tool would be:
– Wikto Scanner Download – Web Server Security Tool
– Spaghetti Download – Web Application Security Scanner
It’s always good to simulate attacks from the outside with the kind of access a real World attacker would have, but it doesn’t give you full visibility of the potentials flaws in your system.
SAST – Static Application Security Testing
For SAST a big con is the toolset you are using needs to be language and even framework specific, for example tools we’ve mentioned before such as:
– Brakeman – Static Analysis Rails Security Scanner
– RIPS – Static Source Code Analysis For PHP Vulnerabilities
The upside to this is that you get full oversight of the app, libraries, dependencies and parts not visible to the outside World.
IAST – Interactive Application Security Testing
There is actually a combination of the two, a form of ‘greybox’ testing that combines the DAST approach with the the SAST tooling by installing a sensor into the application itself.
A great example of this is Acunetix AcuSensor which is installed on the back-end and relays information during the DAST testing phase (so it acts as a whitebox DAST component).
You can read more in depth about this subject here:
DAST vs SAST: A Case for Dynamic Application Security Testing
Posted in: Security Software
Latest Posts:
RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
July 27, 2019 - 98 Shares
Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network. July 18, 2019 - 226 Shares
Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command. July 11, 2019 - 240 Shares
Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally. July 1, 2019 - 274 Shares
US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling. June 27, 2019 - 41 Shares
BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment. June 24, 2019 - 300 Shares
Last updated: December 5, 2017 | 8,659 views
Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.
You just give the tool your target email address then it does two fairly straightforward (but useful) jobs:
- Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
- Then you give it this email’s old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) and notifies of any successful logins.
So how would this Credential Reuse Attack Tool work?
Just imagine this scenario:
- You check a targeted email with this tool.
- The tool finds the email address involved in a leak so you open the leakage link.
- You get the leaked password after searching the leak details.
- You return to the tool and enter the password to check if there’s any website the user uses the same password in it.
- PROFIT
How to use Cr3dOv3r for a Credential Reuse Attack
|
|
usage: Cr3d0v3r.py [-h] email positional arguments: email Email/username to check optional arguments: -h,--help show this help message and exit |
Another useful tool could be:
– credmap – The Credential Mapper
You can download Cr3dOv3r here:
Cr3dOv3r-master.zip
Or read more here.
Posted in: Hacking Tools
Latest Posts:
RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
July 27, 2019 - 98 Shares
Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network. July 18, 2019 - 226 Shares
Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command. July 11, 2019 - 240 Shares
Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally. July 1, 2019 - 274 Shares
US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling. June 27, 2019 - 41 Shares
BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment. June 24, 2019 - 300 Shares
Last updated: November 29, 2017 | 7,166 views
Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defence approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version.
Mr.SIP – SIP Attack Features
Mr.SIP currently comprises of four sub-modules named SIP-NES, SIP-ENUM, SIP-DAS and SIP-ASP. Since it provides a modular structure to developers, more modules will continue to be added by the authors and it is open to being contributed to by the open-source developer community.
- SIP-NES needs to enter the IP range or IP subnet information. It sends SIP OPTIONS message to each IP addresses in the subnet and according to the responses outputs the potential SIP clients and servers on that subnet.
- SIP-ENUM outputs which SIP users are valid according to the responses in that network by sending REGISTER messages to each client IP addresses on the output of SIP-NES.
- SIP-DAS (DoS Attack Simulator) is a module developed to simulate SIP-based DoS attacks. It comprises four components: spoofed IP address generator, SIP message generator, message sender and scenario player. It needs outputs of SIP-NES (Network Scanner) and SIP-ENUM (Enumerator) along with some pre-defined files.
- SIP-DAS basically generates legitimate SIP INVITE message and sends it to the target SIP component via TCP or UDP. It has three different options for spoofed IP address generation, i.e., manual, random and by selecting spoofed IP address from subnet. IP addresses could be specified manually or generated randomly. Furthermore, in order to bypass URPF filtering, which is used to block IP addresses that do not belong to the subnet from passing onto the Internet, we designed a spoofed IP address generation module. Spoofed IP generation module calculated the subnet used and randomly generated spoofed IP addresses that appeared to come from within the subnet.
There is also:
– ohrwurm – RTP Fuzzing Tool (SIP Phones)
– SIPcrack – SIP Login Dumper & Hash/Password Cracker
– Sipflanker – Locate SIP (VoIP) Device Web Interfaces
– SIP Proxy – VoIP Security Testing Tool
– SIPVicious SIP Scanner – VoIP Hacking Security Auditing Tool
You can download Mr.SIP here:
Mr.SIP-master.zip
Or read more here.
Posted in: Hacking Tools
Latest Posts:
RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
July 27, 2019 - 98 Shares
Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network. July 18, 2019 - 226 Shares
Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command. July 11, 2019 - 240 Shares
Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally. July 1, 2019 - 274 Shares
US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling. June 27, 2019 - 41 Shares
BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment. June 24, 2019 - 300 Shares
