InstaRecon is an automated basic digital reconnaissance tool which is great for getting an initial footprint of your targets and discovering additional subdomains. In basic terms, it’s an automated subdomain discovery tool for the information gathering phase of penetration tests. There are other tools which cover some parts of the InstaRecon functionality such as: – […]
information gathering
dirs3arch – HTTP File & Directory Brute Forcing Tool
dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options] Options: -h, --help show this help message and exit Mandatory: -u URL, --url=URL URL target -e EXTENSIONS, --extensions=EXTENSIONS Extensions list separated by comma (Example: php, asp) Dictionary Settings: -w WORDLIST, --wordlist=WORDLIST -l, --lowercase General Settings: -r, --recursive Bruteforce recursively -t THREADSCOUNT, --threads=THREADSCOUNT Number of Threads -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES Exclude status code, separated by comma (example: 301, 500) --cookie=COOKIE, --cookie=COOKIE --user-agent=USERAGENT, --user-agent=USERAGENT --no-follow-redirects, --no-follow-redirects Connection Settings: --timeout=TIMEOUT, --timeout=TIMEOUT Connection timeout --ip=IP, --ip=IP Destination IP (instead of resolving domain, use this ip) --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY Http Proxy (example: localhost:8080 --max-retries=MAXRETRIES, --max-retries=MAXRETRIES Reports: -o OUTPUTFILE, --output=OUTPUTFILE --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE |
You […]
Host-Extract – Enumerate All IP/Host Patterns In A Web Page
host-extract is a little ruby script that tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment […]
RAWR – Rapid Assessment of Web Resources
Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and […]
EyeWitness โ A Rapid Web Application Triage Tool
EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code […]