pentesting Sn1per - All In One Offensive Security Framework
-
Similar Content
-
By cwade12c
URLCrazy is a domain typo generator that looks useful for testing domain typos and variations, which can have a ton of uses: typo squatting, URL hijacking, phishing, etc. Other use cases might include detecting who is using variations of your domain name (to inform your users), which can help protect your brand and inform your users.
Link to the repository: https://github.com/urbanadventurer/urlcrazy
-
By cwade12c
Shodan is an Internet of Things search engine that allows you to search and scan a wide variety of devices using a wide array of filters. Some will limit their information gathering to things that they see on the web. You can go beyond this, and Shodan is a tool to help with that: phones, controllers, refrigerators, etc. Shodan has powerful dashboards, community curated filters, and a powerful API to let you plug right into their platform.
Here is a HackerSploit video covering some of the basics of Shodan:
And if you want to check out the engine for yourself...well, here you go!
Link to website: https://www.shodan.io/
-
By cwade12c
The Recon-ng Framework provides a web-based environment to conduct reconnaissance quickly and easily. It is written in python and has a look similar to Metasploit, is modular, and has a development guide for building new modules. Here is an included video introduction to help you learn more about and get started with Recon-ng:
Link to the repository: https://github.com/lanmaster53/recon-ng
-
By cwade12c
I'd recommend checking this tool out if you are conducting some recon to gain an overview of HTTP-based attack surface. According to the Aquatone Github repository,
You can also use it alongside other tools, like Amass, Nmap, Masscan, etc.
Link to the tool: https://github.com/michenriksen/aquatone
-
By cwade12c
emailrep.io is a simple tool with a nice API that will tell you information about an email address, including:
Reputation Level Is it suspicious? References Is it blacklisted? Has its credentials been leaked? Has it been part of any data breach? Is it a spammer? Is it spoofable? And much more. A further description from their website states:
As this is posted in pentesting, some of the offensive usecases of this tool might include:
Conduct recon on a target to prepare for credential bruteforcing Constructing targeted phishing attacks Avoid the spam folder There are also defenses ways in which this tool might be used, like to detect phishing attacks, prevent fraud, require additional layer of verification during registration, etc.
Check it out!
Link to site: https://emailrep.io/
-
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now