Category: Footprinting

Enumeration, Footprinting

Enumerate subdomains through a wordlist

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. Usage knockpy [-h] [-v] [-w WORDLIST] [-r] [-z] domain   positional arguments: domain specific target domain, like   optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -w WORDLIST …

Footprinting, Penetration Testing

EmailHarvester 1.2.6

EmailHarvester is a tool to retrieve Domain email addresses from Search Engines. Requirements * Python 3.x * termcolor * colorama * requests Features * Retrieve Domain email addresses from Search Engines (Google, Bing, Yahoo, ASK). * Export results to txt and xml files. * Limit search results. * Define your own User-Agent string. * Use …

Footprinting, Hacking, Penetration Testing

Email addresses harvester

EmailHarvester is a tool to retrieve Domain email addresses from Search Engines. This project was inspired by: * theHarvester( from laramies. * search_email_collector( from Carlos Perez. Requirements * Python 3.x * termcolor * colorama * requests Features * Retrieve Domain email addresses from Search Engines * Google * Bing * Yahoo * ASK Download/Installation Download …

Footprinting, Hacking, Penetration Testing

Data Exfiltration using single or multiple channels

DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service. Features So far, DET supports multiple protocols, listed here: > HTTP(S) > ICMP > DNS > SMTP/IMAP …

Footprinting, Hacking, Penetration Testing, Reconnaissance

Public documents harvester

Metagoofil is a tool for conducting public documents (pdf,doc,xls,ppt,etc) reconnaissance during a pen test. This information could be useful because you can get emails, usernames, people names etc for later use in bruteforce password attacks (vpn, ftp, webapps). Metagoofil has the ability to search Google for specific types of files being publicly hosted on a …

Footprinting, Penetration Testing, Reconnaissance

IPGeoLocation 1.5 released

IPGeoLocation A tool to retrieve IP Geolocation information from Github Requirements Python 3.x Features Retrieve Geolocation of IP or Domain. Run program with no arguments to get your IP Geolocation. Retrieve Geolocation of multiple IPs or Domains loaded from file. Each target in new line. Define your own custom User Agent string. Proxy support. …

Footprinting, Hacking, Reconnaissance

IPGeoLocation – Retrieve IP Geolocation information

IPGeoLocation is a small free, open-source tool, coded in python 3, capable of retrieving geolocation information for the targeted IP address. IPGeoLocation makes use of this IP Geolocation API – You can find IPGeoLocation source code on Github. IPGeoLocation is licensed under GPLv3.

Footprinting, Penetration Testing

Collect email addresses from multiple search engines

Let’s see how can we collect a company’s email addresses from multiple search engines using Kali Linux and Metasploit. 1. Run your Kali Linux distribution 2. Open a terminal 3. Run Metasploit msfconsolemsfconsole 4. Select email collector module use auxiliary/gather/search_email_collectoruse auxiliary/gather/search_email_collector 5. Set target domain name set domain example.comset domain 6. Type exploitexploit and …

Footprinting, Reconnaissance

SSL Protocol Scanner – Reconnaissance

sslscan – queries SSL/TLS enabled services, such as HTTPS, to discover supported cipher suites. The output includes prefered ciphers of the SSL service, the certificate and is in Text and XML formats. Usage: sslscan [Options] [host:port | host]sslscan [Options] [host:port | host] Options: –targets=<file> A file containing a list of hosts to check. Hosts can …

Footprinting, Penetration Testing, Reconnaissance

Gathering information – Reconnaissance

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. The following is a list of the current …