Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: list of tools with future support #51

Open
20 of 118 tasks
ocervell opened this issue Mar 9, 2023 · 0 comments
Open
20 of 118 tasks

feat: list of tools with future support #51

ocervell opened this issue Mar 9, 2023 · 0 comments
Assignees
@ocervell
Labels
enhancement New feature or request important meta

Comments

@ocervell
Copy link
Contributor

ocervell commented Mar 9, 2023
edited
Loading

Tools

Checkbox Tool name Category Description Language
blackwidow recon/multi maybe python
scilla recon/multi
legion recon/multi cmd automator, can get some good CLI commands here
nmap recon/network
fingerprintx recon/network Service detection on open ports
wafwoof recon/network superseeded by httpx
whois recon/network Network utility (WHOIS) shell
ssh-audit recon/network SSH server and client auditing python
arp recon/network
sslscan recon/network
asnip recon/network
hackertarget recon/network Network utilities (traceroute, ping, reverse DNS, zone transfer, whois, ip loc, port scan, subnet lookup) python
BruteX recon/network Bruteforce all services shell
gau recon/web
gospider recon/web
ffuf recon/web
httpx recon/web
dirsearch recon/web
feroxbuster recon/web
katana recon/web
arjun recon/web parameter detection
openapi-fuzzer recon/web
crawlergo recon/web
autoscrape-py recon/web
geziyor recon/web
jsluice recon/web
gobuster recon/web
wfuzz recon/web can use FUZZ keyword in other parts of the URL not just at the end like ffuf
kiterunner recon/web API routes discovery
goscrape recon/web download websites to disk
wapiti3 recon/web maybe python
whatweb recon/web nope ruby
wig recon/web
webtech recon/web
wpscan recon/web Wordpress scan ruby
subfinder [go] recon/dns passive subdomain finder go
spyse recon/dns subdomain finder
censys recon/dns subdomain finder python
dnscan recon/dns DNS bruteforcer maybe
crt.sh recon/dns gather certificate subdomain
github-subdomains recon/dns
urlcrazy recon/dns dns alterations
shodan recon/dns
altdns recon/dns
dnsgen recon/dns
massdns recon/dns
subover recon/dns subdomain hijacking
subjack recon/dns subdomain hijacking scan
PSPKIAudit recon/windows audit windows AD misconfigs
pingcastle recon/windows audit AD
mimikatz recon/windows
s3scanner recon/cloud S3 scanner (GCP, AWS, DigitalOcean, ...)
s3recon recon/cloud S3 reckon
slurp recon/cloud S3 bucket enumerator
3klector recon/osint Company ASN information
degoogle recon/osint Google dorks
'holehe' recon/osint Email to registered accounts
metagoofil recon/osint online documents python
gitgraber recon/osint github secret grabber python
git-vuln-finder recon/osint github vuln finder
goohak recon/osint google hacking queries
h8mail recon/osint checking compromised credentials
amass recon/osint dns subdomains, reverse whois
theHarvester recon/osint OSInt tool python
msfconsole exploit
dalfox exploit LFI / XSS automated tester
sqlmap exploit
bane exploit Python-based XSS / RCE tester + attack framework python
V3n0m-Scanner exploit LFI / RCE / XSS / Dorks / AdminPage finder, DNS bruteforce, FTP scan
jexboss exploit JBoss verify and exploitation tool python
smuggler exploit HTTP request smuggling / desync testing tool python
clusterd exploit JBoss, ColdFusion, WebLogic, Tomcat, Railo, Axis2, Glassfish python
zarp exploit Local networks exploitation tool
gf utils pattern matching
searchsploit utils search exploit from CVEs
cook utils wordlist generator
nuclei vuln
nmap NSE scripts: vulscan, vulners vuln
grype vuln Scan vulnerabilities in code, containers and repositories
gitleaks vuln Scan secrets in Git repositories
trivy vuln Scan vulnerabilities and misconfigurations
nosqli vuln Scan NoSQLI vulns
tfsec vuln Terraform security scanner
nikto vuln HTTP vulnerability scanner perl
cmsmap vuln Find vulnerabilities in common CMS (Wordpress, Joomla, Drupal, Moodle) python
arachni -> scnr vuln
Inject-X fuzzer vuln Scan dynamic URLs for common OWASP vulns python
wapiti3 vuln maybe python
vuls vuln
hydra bruteforce Network service pentest tool
BruteX bruteforce
SecretScanner vuln unprotected secrets in container images and file systems
shocker.py exploit Shellshock tester python
AFplusplus unknown Binary fuzzer for dinosaurs
crytic / echidna unknown Smart contract fuzzer
gmapsapiscanner unknown Check if API keys work
defparam/smuggler unknown HTTP Request Smuggling / Desync testing tool
exploit-searcher unknown
habu unknown Attack framework
emba unknown Firmware vuln analyzer

Related commands:

  • sslscan --no-failed $TARGET
  • asnip -t $TARGET
  • curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2022-33-index?url=*.$TARGET&output=json" # passive spider
  • curl -s GET "https://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid|error getting links"
  • spyse -target $TARGET --subdomains
  • python $PLUGINS_DIR/censys-subdomain-finder/censys_subdomain_finder.py --censys-api-id $CENSYS_APP_ID --censys-api-secret $CENSYS_API_SECRET $TARGET
  • curl -s https://crt.sh/?q=%25.$TARGET
  • python "$INSTALL_DIR/plugins/massdns/scripts/subbrute.py" $INSTALL_DIR/wordlists/domains-all.txt $TARGET
  • altdns -i /tmp/domain -w $INSTALL_DIR/wordlists/altdns.txt
  • dnsgen /tmp/domain
  • massdns -r /usr/share/sniper/plugins/massdns/lists/resolvers.txt $LOOT_DIR/domains/domains-$TARGET-alldns.txt -o S -t A -w $LOOT_DIR/domains/domains-$TARGET-massdns.txt
  • subover -l $LOOT_DIR/domains/domains-$TARGET-full.txt
  • ~/go/bin/subjack -w $LOOT_DIR/domains/domains-$TARGET-full.txt -c ~/go/src/github.com/haccer/subjack/fingerprints.json -t $THREADS -timeout 30 -o $LOOT_DIR/nmap/subjack-$TARGET.txt -a -v
  • python metagoofil.py -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html # online documents
  • python3 gitGraber.py -q "\"org:$ORGANIZATION\""
  • goohak $TARGET # google hacking queries
  • amass enum -ip -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -rf /usr/share/sniper/plugins/massdns/lists/resolvers.txt -d $TARGET
  • amass intel -whois -d $TARGET
  • subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -d $TARGET -nW -rL /sniper/wordlists/resolvers.txt
  • ./slurp-linux-amd64 domain --domain $TARGET # S3 bucket scan
  • python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 80
  • msfconsole -x "use auxiliary/gather/search_email_collector; set DOMAIN $TARGET; run; exit y" # gather emails via metasploit

Other interesting commands:

  • curl --insecure -L -s "https://urlscan.io/api/v1/search/?q=domain:$TARGET" 2> /dev/null | egrep "country|server|domain|ip|asn|$TARGET|prt"| sort -u
  • curl -s "https://api.hunter.io/v2/domain-search?domain=$TARGET&api_key=$HUNTERIO_KEY"
  • php /usr/share/sniper/bin/inurlbr.php --dork "site:$TARGET" -s inurlbr-$TARGET
  • curl -s https://www.email-format.com/d/$TARGET| grep @$TARGET | grep -v div | sed "s/\t//g" | sed "s/ //g"
  • dig:
    • dig $TARGET txt | egrep -i 'spf|DMARC|dkim' # email
    • dig iport._domainkey.${TARGET} txt | egrep -i 'spf|DMARC|DKIM' # email
    • dig _dmarc.${TARGET} txt | egrep -i 'spf|DMARC|DKIM' # email
  • curl -fsSL "https://dns.bufferover.run/dns?q=.$TARGET"
  • curl -s "https://rapiddns.io/subdomain/$TARGET?full=1&down=1#exportData()"
  • dig $TARGET CNAME | egrep -i "netlify|anima|bitly|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|modulus|unbounce|uservoice|wpengine|cloudapp" # CNAME subdomain hijacking
  • curl -s https://www.ultratools.com/tools/ipWhoisLookupResult\?ipAddress\=$TARGET | grep -A2 label | grep -v input | grep span | cut -d">" -f2 | cut -d"<" -f1 | sed 's/\&nbsp\;//g'
  • wget -q http://www.intodns.com/$TARGET -O $LOOT_DIR/osint/intodns-$TARGET.html
  • curl -s -L --data "ip=$TARGET" https://2ip.me/en/services/information-service/provider-ip\?a\=act | grep -o -E '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/[0-9]{1,2}' # subnet retrieval
  • curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2022-33-index?url=*.$TARGET&output=json" # passive spider
  • curl -s GET "https://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid|error getting links"

Lists

Nuclei templates

Third-party Integrations

  • Shodan
  • OWASP ZAP
  • Burp Suite
  • Nessus
  • OpenVAS
  • Ivre # network scanner meta tool & relationship manager
  • YETI # relationship manager
  • Snyk # code scanner

References
@ocervell ocervell added bug Something isn't working important enhancement New feature or request and removed bug Something isn't working labels Mar 13, 2023
@ocervell ocervell assigned ocervell and unassigned ocervell Mar 30, 2023
@ocervell ocervell added the v2.0 label Apr 8, 2023
@ocervell ocervell pinned this issue Apr 8, 2023
@ocervell ocervell changed the title feat: list of supported tools feat: list of tools with future support Oct 12, 2023
@ocervell ocervell added tasks and removed v2.0 labels Jan 26, 2024
@ocervell ocervell added meta and removed tasks labels Feb 4, 2024
@ocervell ocervell mentioned this issue Jul 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ocervell ocervell

Labels
enhancement New feature or request important meta
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ocervell