If you read my last post about V1D0m and liked it, I'm sure you will LOVE this post. As you will remember, the older post was about subdomain enumeration using VirusTotal, this post is about enumerating subdomains and DNS information using the following services: CloudFlare, Censys & Crtsh using Python! Read more about Subdomain Enumeration Using Censys & Crtsh!
VirusTotal for long has provided a free online file and URL scanning service. Infact, I think it is THE site that started this kind of service more than 10 years ago. Wikipedia mentions that it was started in the year 2004! It also offers a "search" service which helps us to find more interesting details about a file hash or a URL. Leveraging this feature, we have an open source script called V1D0m! Read more about V1D0m: Enumerate Subdomains via Virustotal!
Internal network exploitation is a completely different ballgame all together. Many resources are trusted by default and security restrictions are minimal in most cases. One such resource which lacks security restrictions is the Microsoft Windows Server Update Services (WSUS). I have seen internal networks which lack SSL protection, because it is "not needed" for internal networks. This is where a script like WSUXploit comes into picture! Read more about WSUXploit: A Weaponized WSUS Exploit Script!
As the title suggests, OSRFramework is an open source research framework that helps you glean data from multiple sources. This information can be most helpful in multiple OSINT engagements where you are trying to get as much information about a target - user, domain, phone number, DNS lookups, information leaks research, deep web search etc. Read more about OSRFramework: The Open Sources Research Framework!
While at work today I had to deal with a Lotus Domino web application installation that I knew nothing about. This is where I searched a bit and found an open source tool - Domi-Owned. Read more about Domi-Owned: A IBM/Lotus Domino Exploitation Tool!
This is a short post about LFISuite, an open source local file inclusion scanner and exploiter that is coded in Python. It supports multiple attack points and also has TOR proxy support. We all know that Local File Inclusion (also known as LFI) is a process of "including" locally present files, through the exploitation of vulnerable inclusion procedures implemented in the application that accepts un-sanitized input. Read more about LFISuite: An Automatic LFI Exploiter & Scanner!
If you read this blog, you must have read about an earlier post titled - List of Raspberry Pi DIY Projects for Anonymity! Though that post dealt with DIY projects about anonymity, this post is about WarBerryPi, which is more of a device to be used for offensive activities such as red teaming built on the versatile Raspberry Pi platform.The name WarBerryPi was conceived by the author as the red team, blue team nomenclature is based on military terms. This tool allows you to plug it in Read more about WarBerryPi: Red Teaming Hardware Implant!