Search the Community

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows and Linux systems and applications. [Hidden Content]

jsleak is a tool to find secret , paths or links in the source code during the recon. It is easy-to-use command-line tool designed to uncover secrets and links in JavaScript files or source code. Features: Discover secrets in JS files such as API keys, tokens, and passwords. Identify links in the source code. Complete Url Function Concurrent processing for scanning of multiple Urls Check status code if the url is alive or not [Hidden Content]

Find My Files Use the Find My Files search program to search and find files in a lightning fast way. Powerful Search Technology Practical Fast Access Individual Search Settings [Hidden Content] [hide][Hidden Content]]

What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure (such as accounts, devices, network, cloud-based services), applications, storage, databases, and other kinds of critical data for an organization. For example, passwords, AWS access IDs, AWS secret access keys, Google OAuth Key, etc. are secrets. Secrets should be strictly kept private. However, sometimes attackers can easily access secrets due to flawed security policies or inadvertent mistakes by developers. Sometimes developers use default secrets or leave hard-coded secrets such as passwords, API keys, encryption keys, SSH keys, tokens, etc. in container images, especially during rapid development and deployment cycles in CI/CD pipeline. Also, sometimes users store passwords in plain text. Leakage of secrets to unauthorized entities can put your organization and infrastructure at a serious security risk. Changelog v1.0.8 (feat.) add option to run secretscanner as server in standalone mode by @ibreakthecloud in #67 Add SECURITY.md by @scovetta in #72 [hide][Hidden Content]]

Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary use case. Aleph allows cross-referencing mentions of well-known entities (such as people and companies) against watchlists, e.g. from prior research or public datasets. Here are some key features: Web-based search across large document and data sets. Imports many file formats, including popular office formats, spreadsheets, email and zipped archives. Processing includes optical character recognition, language and encoding detection and named entity extraction. Load structured entity graph data from databases and CSV files. This allows navigation of complex datasets like companies registries, sanctions lists or procurement data. Import tools for OpenSanctions. are included. Receive notifications for new search matches with a personal watchlist. OAuth authorization and access control on a per-source and per-watchlist basis. Changelog v3.12.7 RC1 Bump urllib3 from 1.26.10 to 1.26.11 by @dependabot in #2417 Bump followthemoney from 3.0.2 to 3.0.3 by @dependabot in #2418 removed code smell of function args with mutable defaults by @brassy-endomorph in #2436 Bump normality from 2.3.3 to 2.4.0 by @dependabot in #2430 Switch to rabbitmq based task queue by @sunu in #2199 Remove the public access disabled message by @sunu in #2408 Fix timelines editor by @tillprochaska in #2457 Bump sqlalchemy from 1.4.39 to 1.4.40 by @dependabot in #2455 Make the hide filter button persistent by @Rosencrantz in #2459 Bump jsonschema from 4.7.2 to 4.9.1 by @dependabot in #2443 Quickfix: Set the max_analyzed_offset setting to prevent ES errors by @sunu in #2474 Display highlights in document plaintext view mode by @tillprochaska in #2388 Bump react-dropzone from 11.7.1 to 14.2.2 in /ui by @dependabot in #2375 Bump axios from 0.25.0 to 0.27.2 in /ui by @dependabot in #2250 Bump yaml from 1.10.2 to 2.1.1 in /ui by @dependabot in #2291 Bump urllib3 from 1.26.11 to 1.26.12 by @dependabot in #2479 Fix activation screen by @tillprochaska in #2506 Fix date helper by @tillprochaska in #2490 Till/2400 message banner by @tillprochaska in #2421 Bump uuid from 8.3.2 to 9.0.0 in /ui by @dependabot in #2510 Bump authlib from 0.15.5 to 1.1.0 by @dependabot in #2518 Bump jsonschema from 4.9.1 to 4.16.0 by @dependabot in #2508 Bump sqlalchemy from 1.4.40 to 1.4.41 by @dependabot in #2503 Bump black from 22.6.0 to 22.8.0 by @dependabot in #2493 Update pyjwt requirement from <2.5.0,>=2.0.1 to >=2.0.1,<2.6.0 by @dependabot in #2522 Rollback RabitMQ based task queue changes by @sunu in #2536 change contact to new form by @jlstro in #2541 Bump servicelayer[amazon,google] from 1.20.0 to 1.20.4 by @dependabot in #2537 Bump ftm and ftm-compare by @Rosencrantz in #2544 added ability to set custom settings via env vars by @brassy-endomorph in #2538 Bump servicelayer[amazon,google] from 1.20.4 to 1.20.5 by @dependabot in #2545 [hide][Hidden Content]]

FindFunc is an IDA PRO plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary for cases where classical bindiffing fails. Filtering with Rules The main functionality of FindFunc is letting the user specify a set of “Rules” or constraints that a code function in IDA PRO has to satisfy. FF will then find and list all functions that satisfy ALL rules (so currently all Rules are in an AND-conjunction). Exception: Rules can be “inverted” to be negative matches. Such rules thus conform to “AND NOT”. FF will schedule the rules in a smart order to minimize processing time. Feature overview: Currently, 6 Rules are available, see below Code matching respects Addressing-Size-Prefix and Operand-Size-Prefix Aware of function chunks Smart scheduling of rules for performance Saving/Loading rules from/to file in simple ascii format Several independent Tabs for experimentation Copying rules between Tabs via clipboard (same format as a file format) Advanced copying of instruction bytes (all, opcodes only, all except immediate) Button “Search Functions” clears existing results and starts a fresh search, “Refine Results” considers only results of the previous search. Advanced Binary Copying A secondary feature of FF is the option to copy binary representation of instructions with the following options: copy all -> copy all bytes to the clipboard copy without immediate -> blank out (AA ?? BB) any immediate values in the instruction bytes opcode only -> will blank out everything except the actual opcode(s) of the instruction (and prefixes) Changelog v1.4 new: clone tab option to clone rule + result list (right click on tab) new: add advanced copy menu: mask all but opcode and immediate guard against empty or invalid input when editing middle-click copies the resp. cell in rules and result tables to clipboard allow pasting immediates directly (0xABC or ABCh for hex, else dec) immediate-rules are now serialized in hex representation inverted rules now have red font-color rename button ‘Search Functions’ to ‘Find Functions’ – branding! 😉 [hide][Hidden Content]]

FindFunc is an IDA PRO plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary for cases where classical bindiffing fails. Filtering with Rules The main functionality of FindFunc is letting the user specify a set of “Rules” or constraints that a code function in IDA PRO has to satisfy. FF will then find and list all functions that satisfy ALL rules (so currently all Rules are in an AND-conjunction). Exception: Rules can be “inverted” to be negative matches. Such rules thus conform to “AND NOT”. FF will schedule the rules in a smart order to minimize processing time. Feature overview: Currently, 6 Rules are available, see below Code matching respects Addressing-Size-Prefix and Operand-Size-Prefix Aware of function chunks Smart scheduling of rules for performance Saving/Loading rules from/to file in simple ascii format Several independent Tabs for experimentation Copying rules between Tabs via clipboard (same format as a file format) Advanced copying of instruction bytes (all, opcodes only, all except immediate) Button “Search Functions” clears existing results and starts a fresh search, “Refine Results” considers only results of the previous search. Advanced Binary Copying A secondary feature of FF is the option to copy binary representation of instructions with the following options: copy all -> copy all bytes to the clipboard copy without immediate -> blank out (AA ?? BB) any immediate values in the instruction bytes opcode only -> will blank out everything except the actual opcode(s) of the instruction (and prefixes) [hide][Hidden Content]]

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. Disclaimer This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool. [hide][Hidden Content]]

[Hidden Content]

A Burp Suite extension was made to automate the process of finding reverse proxy path-based SSRF. [hide][Hidden Content]]

Find MAC Address This tool is an easy way to find the MAC address of a local or remote computer on the network. Select the target and method and find the MAC address of a remote computer on the network. With Find MAC Address, you can find the MAC address of not only their local or remote computer, but also of any other computer that fits within the specified range of IP addresses. Unlike similar softwares, Find MAC Address can find the MAC addresses of computers using five methods (ARP, NetBios, NetAPI, WMI, SNMP). The software can not only find the MAC address of a computer, but also lookup the manufacturer of its network card. After selecting one of the four methods and specifying the target, users will obtain all possible information about the MAC addresses. Key features Getting the MAC address of the local computer. Getting the MAC address of one remote computer either by its name or IP address. Getting the MAC addresses of all computers on the network. Getting the MAC addresses of all computers within the specified range of IP addresses. Getting the MAC addresses of all computers from the specified computer list. Five methods for finding MAC addresses (ARP, NetBIOS, NetAPI, WMI, SNMP). Detecting the manufacturer of the network card by its MAC address. Detecting the names of network cards (only if WMI or SNMP is used). Searching the scan results. Saving the scan results to and loading them from a file in the XML format. Exporting the network scan results to text files or a Web document. Change MAC Address In the firmware of the network adapter chip, every network adapter has a unique MAC address embedded by the manufacturer. Sometimes you may need to find out or change the MAC address of the network adapter especially if it is used for Internet access authentication. Some users, for security reasons, opt to hide their MAC address. With our program, you can now easily spoof the MAC address. With a few clicks, users will be able to change their MAC addresses. During this operation, it is possible to select a different manufacturer or generate a completely random MAC address. Key features Showing the MAC address of your network adapter. Showing the manufacturer of you network adapter. Replacing the MAC address with any other address. Generating a completely random MAC address. Setting a MAC address of another manufacturer. Setting a MAC address without changing the manufacturer. Automatically activating the new MAC address after the change. And all that in just a couple of mouse clicks! [Hidden Content] [Hidden Content]

pwnedOrNot pwnedOrNot is a python script which checks if the email account has been compromised in a data breach if the email account is compromised it proceeds to find passwords for the compromised account. It uses haveibeenpwned v2 API to test email accounts and searches for the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of Breach Domain Name Date of Breach Fabrication status Verification Status Retirement status Spam Status And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password. [hide][Hidden Content]]

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. Misconfigured DNS scan using DNSDumpster.com. Scan the Crimeflare.com database. Bruteforce scan over 2500 subdomains. Disclaimer This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool. [hide][Hidden Content]]

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Features Domain TLD (.com, .org, .net, etc…) Emails Data leaks Emails Social Instagram Facebook Twitter Tiktok Linktr.ee MySpace Flickr Programming Github Pastebin LessWrong Forum Hackernews Jeuxvideo.com Web Hosting AboutMe [hide][Hidden Content]]

Profil3r Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Features Emails Data leaks Emails Social Instagram Facebook Twitter Tiktok Music Soundcloud Programming Github Forum 0x00sec.org Jeuxvideo.com Tchat Skype [hide][Hidden Content]]

Tell Me Your Secrets A simple module which finds files with different secrets keys present inside a directory. Secrets derived from 120 different signatures. Signatures Derived from shhgit Available Signatures : Chef private key, Potential Linux shadow file, Potential Linux passwd file, Docker configuration file, NPM configuration file, Environment configuration file, Contains a private key, AWS Access Key ID Value, AWS Access Key ID, AWS Account ID, AWS Secret Access Key, AWS Session Token, Artifactory, CodeClimate, Facebook access token, Google (GCM) Service account, Stripe API key, Google OAuth Key, Google Cloud API Key Google OAuth Access Token, Picatic API key, Square Access Token, Square OAuth Secret, PayPal/Braintree Access Token, Amazon MWS Auth Token, Twilo API Key, MailGun API Key, MailChimp API Key, SSH Password, Outlook team, Sauce Token, Slack Token, Slack Webhook, SonarQube Docs API Key, HockeyApp, Username and password in URI, NuGet API Key, Potential cryptographic private key, Log file, Potential cryptographic key bundle, Potential cryptographic key bundle Potential cryptographic key bundle, Potential cryptographic key bundle, Pidgin OTR private key, OpenVPN client configuration file, Azure service configuration schema file, Remote Desktop connection file, Microsoft SQL database file, Microsoft SQL server compact database file, SQLite database file, SQLite3 database file, Microsoft BitLocker recovery key file Microsoft BitLocker Trusted Platform Module password file, Windows BitLocker full volume encrypted data file, Java keystore file, Password Safe database file, Ruby On Rails secret token configuration file, Carrierwave configuration file, Potential Ruby On Rails database configuration file, OmniAuth configuration file, Django configuration file 1Password password manager database file, Apple Keychain database file, Network traffic capture file, GnuCash database file, Jenkins publish over SSH plugin file, Potential Jenkins credentials file, KDE Wallet Manager database file, Potential MediaWiki configuration file, Tunnelblick VPN configuration file, Sequel Pro MySQL database manager bookmark file, Little Snitch firewall configuration file, Day One journal file, Potential jrnl journal file, Chef Knife configuration file, cPanel backup ProFTPd credentials file Robomongo MongoDB manager configuration file, FileZilla FTP configuration file, FileZilla FTP recent servers file, Ventrilo server configuration file, Terraform variable config file, Shell configuration file, Shell configuration file, Shell configuration file, Private SSH key, Private SSH key, Private SSH key, Private SSH key, SSH configuration file, Potential cryptographic private key, Shell command history file MySQL client command history file, PostgreSQL client command history file, PostgreSQL password file, Ruby IRB console history file, Pidgin chat client account configuration file, Hexchat/XChat IRC client server list configuration file, Irssi IRC client configuration file, Recon-ng web reconnaissance framework API key database, DBeaver SQL database manager configuration file, Mutt e-mail client configuration file, S3cmd configuration file, AWS CLI credentials file, SFTP connection configuration file, T command-line Twitter client configuration file, Shell configuration file Shell profile configuration file, Shell command alias configuration file, PHP configuration file, GNOME Keyring database file, KeePass password manager database file, SQL dump file, Apache htpasswd file, Configuration file for auto-login process, Rubygems credentials file, Tugboat DigitalOcean management tool configuration, DigitalOcean doctl command-line client configuration file, git-credential-store helper credentials file, GitHub Hub command-line client configuration file, Git configuration file [hide][Hidden Content]]

XSSTRON Electron JS Browser To Find XSS Vulnerabilities Powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing the web, it can detect many case scenarios with support for POST requests too. [hide][Hidden Content]]

SubDomainizer SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascript present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and a similar case for cloudfront. It also scans inside the given folder which contains your files. Cloud Storage Services Supported: SubDomainizer can find URL for following cloud storage services: 1. Amazon AWS services (cloudfront and S3 buckets) 2. Digitalocean spaces 3. Microsoft Azure 4. Google Cloud Services 5. Dreamhost 6. RackCDN. Changelog v2.0 SANs Feature: Added a feature to find Subject Alternative Names for already found subdomains from different sources. Two options can be used with -san argument i.e. all or same. same will find only subdomains for TLD of the URL. all will find all (sub)domains having the same SAN for a given subdomain. Secret Location Feature: Added a feature to display the location of secrets. Inline in case if secret(s) found within the page (used in -u argument) URL of file in case if secret(s) found on External JS file or Github URL or File path (in case of the folder). [hide][Hidden Content]]

Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes “copysploit” to copy any exploit-db exploit to the current directory and “compilesploit” to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c). Changelog v2.0 Updated all NMap/Metasploit modules 7/26/2020 [hide][Hidden Content]]

lorsrf Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods. [hide][Hidden Content]]

FrameDomain Framework - Find Subdomains Mode Of Execution: apt-get install python3 apt-get install git git clone [HIDE][Hidden Content]] cd FrameDomain pip3 install -r requierements.txt python3 FrameDomain.py

How to easily find Reflected XSS vulnerabilities! [Hidden Content]

[Hidden Content]

Find usernames across social networks Sherlock : Find Usernames Across Social Networks Sherlock Project provides a very powerfull command line tool called Sherlock to find usernames across many social networks [HIDE][Hidden Content]]

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. Misconfigured DNS scan using DNSDumpster.com. Scan the Crimeflare.com database. Bruteforce scan over 2500 subdomains. Disclaimer This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool. [HIDE][Hidden Content]]