Search the Community

Showing results for tags 'recon'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 19 results

  1. Summary This is a simple script intended to perform a full recon on an objective with multiple subdomains Features Tools checker Google Dorks (based on deggogle_hunter) Subdomain enumeration (passive, resolution, bruteforce and permutations) Sub TKO (subjack and nuclei) Web Prober (httpx) Web screenshot (aquatone) Template scanner (nuclei) Port Scanner (naabu) Url extraction (waybackurls, gau, hakrawler, github-endpoints) Pattern Search (gf and gf-patterns) Param discovery (paramspider and arjun) XSS (Gxss and dalfox) Open redirect (Openredirex) SSRF checks (from m4ll0k/Bug-Bounty-Toolz/SSRF.py) Github Check (git-hound) Favicon Real IP (fav-up) JS Checks (LinkFinder, SecretFinder, scripts from JSFScan) Fuzzing (ffuf) Cors (Corsy) SSL Check (testssl) Interlace integration Custom output folder (default under Recon/target.com/) Run standalone steps (subdomains, subtko, web, gdorks...) Polished installer compatible with most distros Verbose mode Update tools script [hide][Hidden Content]]
  2. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.0 – Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template v9.0 – Added CVE-2020-17519 – Apache Flink Path Traversal sc0pe template v9.0 – Added RabbitMQ Management Interface Detected sc0pe template v9.0 – Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX v9.0 – Removed vulnscan NMap CSV updates/downloads to save space/bandwidth v9.0 – Added Nuclei sc0pe parser v9.0 – Added Nuclei vulnerability scanner v9.0 – Added WordPress WPScan sc0pe vulnerability parser v9.0 – Fixed issue with wrong WPscan API key command v9.0 – Added CVE-2020-11738 – WordPress Duplicator plugin Directory Traversal sc0pe template v9.0 – Renamed AUTO_VULNSCAN setting to “VULNSCAN” in sniper.conf to perform vulnerability scans via ‘normal’ mode [hide][Hidden Content]]
  3. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.9 – Tuned sniper.conf around performance for all scans and recon modes v8.9 – Added out of scope options to sniper.conf v8.9 – Added automatic HTTP/HTTPS web scans and vulnerability scans to ‘normal’ mode v8.9 – Added SolarWinds Orion Panel Default Credentials sc0pe template v8.9 – Added SolarWinds Orion Panel sc0pe template v8.9 – Fixed issue with theHarvester not running on Kali 2020.4 v8.9 – Added WPScan API support to sniper.conf v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Path Traversal sc0pe template v8.9 – Removed verbose error for chromium on Ubuntu v8.9 – Added CVE-2020-8209 – Citrix XenMobile Server Path Traversal sc0pe template v8.9 – Fixed F+ in CSP Not Enforced sc0pe template v8.9 – Added CVE-2020-14815 – Oracle Business Intelligence Enterprise DOM XSS sc0pe template v8.9 – Fixed issue with dnscan not working in Kali 2020.3 v8.9 – Fixed issue with screenshots not working in Ubuntu 2020 v8.9 – Added Frontpage Service Password Disclosure sc0pe template v8.9 – Removed Yasuo tool [hide][Hidden Content]]
  4. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.8 – Added automatic ‘flyover’ scans of all discovered domains for ‘recon’ mode v8.8 – Added static grep searching rules of all URL’s and sub-domains (see sniper.conf for details) v8.8 – Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc. v8.8 – Added integration for Port Scanner Add-on for Sn1per Professional v8.8 – Added enhanced scanning of all unique dynamic URL’s via InjectX fuzzer v8.8 – Added CVE-2020-25213 – WP File Manager File Upload sc0pe template v8.8 – Added cPanel Login Found sc0pe template v8.8 – Added WordPress WP-File-Manager Version Detected sc0pe template v8.8 – Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template v8.8 – Added PHP Composer Disclosure sc0pe template v8.8 – Added Git Config Disclosure sc0pe template v8.8 – Added updated NMap vulscan DB files v8.8 – Added CVE-2020-9047 – exacqVision Web Service Remote Code Execution sc0pe template v8.8 – Removed UDP port scan settings/options and combined with full portscan ports v8.8 – Added CVE-2019-8442 – Jira Webroot Directory Traversal sc0pe template v8.8 – Added CVE-2020-2034 – PAN-OS GlobalProtect OS Command Injection sc0pe template v8.8 – Added CVE-2020-2551 – Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template v8.8 – Added CVE-2020-14181 – User Enumeration Via Insecure Jira Endpoint sc0pe template v8.8 – Added Smuggler HTTP request smuggling detection v8.8 – Added CVE-2020-0618 – Remote Code Execution SQL Server Reporting Services sc0pe template v8.8 – Added CVE-2020-5412 – Full-read SSRF in Spring Cloud Netflix sc0pe template v8.8 – Added Jaspersoft Detected sc0pe template v8.8 – Added improved dirsearch exclude options to all web file/dir searches v8.8 – Fixed naming conflict for theharvester v8.8 – Created backups of all NMap HTML reports for fullportonly scans v8.8 – Added line limit to GUA URL’s displayed in console [hide][Hidden Content]]
  5. NUUBI is a Recon Tools, Scanners, and tools for penetration testing. Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned. So it is an Incredible fast recon tool for penetration tester which is specially designed for the Reconnaissance phase. Features: Infromation Modules : Banner grabing Subnetlookup Cms detect Certificate Transparency log monitor Dnslookup Extract links GeoIP lookup Httpheaders Nmapscan Subdomain lookup Traceroute Find hosts sharing DNS servers URL and website scanner for potentially malicious websites Github username Whois Crawler Reverse ip Reverse DNS Zonetransfer Nping test Ping Response Check an Autonomous System Number (ASN) Cloudflare Cookie Scraper [hide][Hidden Content]]
  6. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.7 – Updated web file bruteforce lists v8.7 – Added updated Slack API integration/notifications v8.7 – Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers v8.7 – Added CVE-2020-15129 – Open Redirect In Traefik sc0pe template v8.7 – Added MobileIron Login sc0pe template v8.7 – Added Revive Adserver XSS sc0pe template v8.7 – Added IceWarp Webmail XSS sc0pe template v8.7 – Added Mara CMS v7.5 XSS sc0pe template v8.7 – Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template v8.7 – Added Magento 2.3.0 SQL Injection sc0pe template v8.7 – Added CVE-2020-15920 – Unauthenticated RCE at Mida eFramework sc0pe template v8.7 – Added CVE-2019-7192 – QNAP Pre-Auth Root RCE sc0pe template v8.7 – Added CVE-2020-10204 – Sonatype Nexus Repository RCE sc0pe template v8.7 – Added CVE-2020-13167 – Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template v8.7 – Added CVE-2020-2140 – Jenkin AuditTrailPlugin XSS sc0pe template v8.7 – Added CVE-2020-7209 – LinuxKI Toolset 6.01 Remote Command Execution sc0pe template v8.7 – Added CVE-2019-16662 – rConfig 3.9.2 Remote Code Execution sc0pe template v8.7 – Added Sitemap.xml Detected sc0pe template v8.7 – Added Robots.txt Detected sc0pe template v8.7 – Added AWS S3 Public Bucket Listing sc0pe template v8.7 – Fixed logic error in stealth mode recon scans not running v8.7 – Added CVE-2020-7048 – WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template v8.7 – Fixed F- detection in WordPress Sc0pe templates v8.7 – Added CVE-2020-11530 – WordPress Chop Slider 3 Plugin SQL Injection sc0pe template v8.7 – Added CVE-2019-11580 – Atlassian Crowd Data Center Unauthenticated RCE sc0pe template v8.7 – Added CVE-2019-16759 – vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template [hide][Hidden Content]]
  7. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.6 – Added new Sn1per configuration flow that allows persistent user configurations and API key transfer v8.6 – Updated port lists to remove duplicate ports error and slim down list v8.6 – Updated PHP to 7.4 v8.6 – Added CVE-2020-12720 – vBulletin Unauthenticaed SQLi v8.6 – Added CVE-2020-9757 – SEOmatic < 3.3.0 Server-Side Template Injection v8.6 – Added CVE-2020-1147 – Remote Code Execution in Microsoft SharePoint Server v8.6 – Added CVE-2020-3187 – Citrix Unauthenticated File Deletion v8.6 – Added CVE-2020-8193 – Citrix Unauthenticated LFI v8.6 – Added CVE-2020-8194 – Citrix ADC & NetScaler Gateway Reflected Code Injection v8.6 – Added CVE-2020-8982 – Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read v8.6 – Added CVE-2020-9484 – Apache Tomcat RCE by deserialization v8.6 – Added Cisco VPN scanner template v8.6 – Added Tiki Wiki CMS scanner template v8.6 – Added Palo Alto PAN OS Portal scanner template v8.6 – Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection v8.6 – Added delete task workspace function to remove running tasks v8.6 – Added CVE-2020-3452 – Cisco ASA/FTD Arbitrary File Reading Vulnerability Sc0pe template v8.6 – Updated theharvester command to exclude github-code search v8.6 – Updated theharvester installer to v3.1 v8.6 – Added urlscan.io API to OSINT mode (-o) v8.6 – Added OpenVAS package to install.sh v8.6 – Added Palo Alto GlobalProtect PAN-OS Portal Sc0pe template v8.6 – Fixed issue with Javascript downloader downloading localhost files instead of target v8.6 – Added CVE-2020-5902 F5 BIG-IP RCE sc0pe template v8.6 – Added CVE-2020-5902 F5 BIG-IP XSS sc0pe template v8.6 – Added F5 BIG-IP detection sc0pe template v8.6 – Added interesting ports sc0pe template v8.6 – Added components with known vulnerabilities sc0pe template v8.6 – Added server header disclosure sc0pe template v8.6 – Added SMBv1 enabled sc0pe template v8.6 – Removed verbose comment from stealth scan [hide][Hidden Content]]
  8. Blue Eye is a python Recon Toolkit script. It shows ports and headers. Subdomain resolves to the IP addresses, company email addresses and much more ..! Author: Jolanda de Koff Blue Eye shows the: ✓ Subdomain resolves to the IP addresses ✓ Ports ✓ HTTP Header ✓ Mail Servers ✓ DNS Text Records ✓ Nameserver Records ✓ List of GitHub user pages ✓ List of possible company email addresses harvested from GitHub user pages and from DuckDuckGo and Linkedin searches [hide][Hidden Content]]
  9. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.5 – Added manual installer for Metasploit v8.5 – Added Phantomjs manual installer v8.5 – Added sc0pe template to check for default credentials via BruteX v8.5 – Added fullportscans to all ‘web’ mode scans to ensure full port coverage v8.5 – Fixed issue with 2nd stage OSINT scans not running v8.5 – Added port values to sc0pe engine to define port numbers v8.5 – Fixed issue with LinkFinder not working v8.5 – Fixed issue with Javascript link parser v8.5 – Added phantomjs dependency to fix webscreenshots on Ubuntu v8.5 – Added http-default-accounts NMap NSE to check for default web credentials v8.5 – Fixed several issues with install.sh to resolve deps on Ubuntu and Kali 2020.2 v8.5 – Removed larger wordlists to reduce install size of Sn1per v8.5 – Added 20+ new active/passive sc0pe templates v8.5 – Fixed issue with installer on latest Kali and Docker builds v8.5 – Fixed custom installer for Arachni v8.5 – Fixed Dockerfile with updated Kali image (CC. @stevemcilwain) [hide][Hidden Content]]
  10. Additions: MkCheck - MikroTik Router Exploitation Framework. RouterSploit - Network Router Exploitation Framework. XSStrike - Cross Site Scripting detection suite. HoneyTel - TelNet-IoT-HoneyPot used to analyze collected botnet payloads. ACLight2 - Used to discover Shadow Admin accounts on an exploited system. SMBGhost - Now has a scanner, as well as an exploitative option. Overview Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM. Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test. [hide][Hidden Content]]
  11. FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Features FinalRecon provides detailed information such as : Header Information Whois SSL Certificate Information Crawler html CSS Javascripts Internal Links External Links Images robots sitemaps Links inside Javascripts Links from Wayback Machine from Last 1 Year DNS Enumeration A, AAAA, ANY, CNAME, MX, NS, SOA, TXT Records DMARC Records Subdomain Enumeration Data Sources BuffOver crt.sh ThreatCrowd AnubisDB ThreatMiner Facebook Certificate Transparency API Auth Token is Required for this source, read Configuration below Traceroute Protocols UDP TCP ICMP Directory Searching Support for File Extensions Directories from Wayback Machine from Last 1 Year Port Scan Fast Top 1000 Ports Open Ports with Standard Services Export Formats txt xml csv [Hidden Content]
  12. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.3 – Added Github subdomain retrieval (requires API key/conf options enabled) v8.3 – Added NMAP_OPTIONS setting to sniper.conf to configure optional NMap scan settings v8.3 – Added option to specify custom Sn1per configuration via (-c) switch v8.3 – Created several custom config files to select from, including: bug_bounty_quick, bug_bounty_max_javascript, super_stealth_mode, webpwn_only + more v8.3 – Added workspace –export option to backup/export a workspace v8.3 – Added flyover mode tuning options to sniper.conf v8.3 – Added GitGraber automated Github leak search ([Hidden Content]) v8.3 – Added static Javascript parsing for sub-domains, URL’s, path relative links and comments v8.3 – Added js-beautifier v8.3 – Added LinkFinder Javascript link finder ([Hidden Content]) v8.3 – Added fprobe HTTP probe checker ([Hidden Content]) v8.3 – Added Cisco RV320 and RV325 Unauthenticated Remote Code Execution CVE-2019-1653 MSF exploit v8.3 – Improved performance of ‘stealth’ and ‘recon’ modes v8.3 – Updated default port lists v8.3 – Improved performance of all port scans v8.3 – Removed all pip v2 commands from installer v8.3 – Added fix for missing Amass package v8.3 – Added sniper.conf options for OPENVAS_HOST and OPENVAS_PORT selection for remote instances v8.3 – Improved ‘vulnscan’ mode via OpenVAS to scan the same asset multiple times with improved error handling [HIDE][Hidden Content]]
  13. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.1 – Added Citrix Gateway Arbitary Code Execution CVE-2019-19781 vulnerability detection v8.1 – Added Pulse Secure VPN Arbitrary File Disclosure CVE-2019-11510 exploit v8.1 – Added –data-length=50 for NMap IPS evasion v8.1 – Removed NMap vulscan script due to F+ results v8.1 – Fixed issue with CRT.SH sub-domain retrieval v8.1 – Updated Kali Linux keyring package v8.1 – Fixed “[: ==: unary operator expected” in all code v8.1 – Updated Sn1per Professional autoload settings v8.1 – Updated web brute force wordlists v8.1 – Removed null and debug errors from passive spider API output v8.1 – Updated Commoncrawl index repo v8.1 – Updated DockerFile repository v8.1 – Fixed issue with -dh flag to delete host with Sn1per Pro v8.0 v8.1 – Fixed issue with subfinder missing v8.1 – Fixed issue with 7zip missing v8.1 – Added check for Ubuntu to install.sh automatically [HIDE][Hidden Content]]
  14. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.0 – Added ASnip tool to retrieve ASN’s via ‘recon’ mode v8.0 – Added Shodan sub-domain lookup v8.0 – Added script timeout flag for NMap scripts v8.0 – Fixed issue with dnsenum getting stuck on gathering dns info stage v8.0 – Added option to force upgrade/install.sh without user prompt (ie. ./install.sh force) v8.0 – Fixed issue with theHarvester package on Ubuntu systems v8.0 – Fixed error “[: ==: unary operator expected” in all modes v8.0 – Added net-tools package for Ubuntu OS deps [HIDE][Hidden Content]]
  15. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.3 – Added CVE-2019-15107 Webmin <= 1.920 – Unauthenticated RCE MSF exploit v7.3 – Added massdns plugin v7.3 – Added altdns plugin v7.3 – Added dnsgen plugin v7.3 – Updated web file/dir wordlists from public exploits and honeypots v7.3 – Added time stamps to all commands v7.3 – Removed CloudFront from domain hijacking checks v7.3 – Removed snmp-brute.nse script due to scan issues v7.3 – Fixed issue with discover scan workspace names v7.3 – Fixed issue with DockerFile (sed: can’t read /usr/bin/msfdb: No such file or directory) v7.3 – Fixed issue with installer on docker not having pip installed v7.3 – Fixed issue with port 161 not being referenced correctly in scans [HIDE][Hidden Content]]
  16. 0x1

    Pown Recon

    Pown Recon Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between different types of information which comes quite handy in many situations. Graph theory algorithms also help with diffing, searching, like finding the shortest path, and many other helpful tasks to aid information discovery and intelligence gathering. More info & Download: [hide][Hidden Content]] Preview Generated graphs: [hide][Hidden Content]]
  17. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.2 – Added experimental OpenVAS API integration v7.2 – Improved Burpsuite 2.x API integration with vuln reporting v7.2 – Added hunter.io API integration to recon mode scans v7.2 – Added Cisco IKE Key Disclosure MSF exploit v7.2 – Added JBoss MSF vuln scanner module v7.2 – Added Apache CouchDB RCE MSF exploit v7.2 – Added IBM Tivoli Endpoint Manager POST Query Buffer Overflow exploit v7.2 – Added Java RMI MSF scanner v7.2 – New scan mode “vulnscan” v7.2 – New scan mode “massportscan” v7.2 – New scan mode “massweb” v7.2 – New scan mode “masswebscan” v7.2 – New scan mode “massvulnscan” v7.2 – Added additional Slack API notification settings v7.2 – Improved NMap port detection and scan modes v7.2 – Fixed issue with Censys API being enabled by default v7.2 – Fixed verbose errors in subjack/subover tools v7.2 – Fixed issue with NMap http scripts not working [HIDE][Hidden Content]]
  18. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.1 – Added KeepBlue CVE-2019-0708 MSF scanner v7.1 – Added automatic workspace generation for single target scans v7.1 – Added new slack.sh API integration script v7.1 – Added differential Slack notifications for new domains, new URL’s and various scan outputs v7.1 – Added vulners and vulscan NMap scripts v7.1 – Added installer and support for Debian, Parrot and Ubuntu OS (install_debian.sh) (CC. @imhaxormad) v7.1 – Fixed various issues with the DockerFile v7.1 – Fixed/added Metasploit LHOST/LPORT values to all exploits based on sniper.conf settings v7.1 – Fixed issue with Amass/Golang 1.11 not installing correctly [HIDE][Hidden Content]]
  19. > [Hidden Content] This is a IP Tool kit its the central backbone of IPs on the whole internet ! You can Find any sort of company to IP to IP ranges that run certain OS for hackign and scanning i use for !