sf

This tool allows you lot to perform OSINT together with reconnaissance on an scheme or an individual. It allows i to search 1.4 Billion clear text credentials which was dumped equally business office of BreachCompilation leak. This database makes finding passwords faster together with easier than e'er before. Screenshot Above ikon search the credentials for uber.com together with convey flora 203 accounts. Pre-requisites Make certain you lot convey installed the following: - Python 3.0 or later. - pip3 (sudo apt-get install python3-pip) How to install? git clone https://github.com/Viralmaniar/SMWYG-Show-Me-What-You-Got.git cd SMWYG-Show-Me-What-You-Got pip3 install -r requirements.txt How apply I role this? Press 1: This volition permit i to search credentials based on domain name. Press 2: This volition permit i to search credentials for a specific electronic mail address. Press 3: To run from the program. Tips to remain secure Change your passw...

The Best Way To Scan For Weak Ssh Passwords On Your Network Features ssh-auditor volition automatically: Re-check all known hosts every bit novel credentials are added. It volition solely cheque the novel credentials. Queue a amount credential scan on whatever novel host discovered. Queue a amount credential scan on whatever known host whose ssh version or primal fingerprint changes. Attempt ascendency execution likewise every bit endeavor to tunnel a TCP connection. Re-check each credential using a per credential scan_interval - default xiv days. It's designed in addition to then that yous tin run ssh-auditor discover + ssh-auditor scan from cron every hr to to perform a constant audit. Demos Earlier demo showing all of the features Demo showing improved log output Usage Install $ brew install instruct # or withal yous desire to install the instruct compiler $ instruct start github.com/ncsa/ssh-auditor or Build from a git clone $ instruct build ...

Hayat is a auditing & hardening script for Google Cloud Platform services such as: Identity & Access Management Networking Virtual Machines Storage Cloud SQL Instances Kubernetes Clusters for now. Identity & Access Management Ensure that corporate login credentials are used instead of Gmail accounts. Ensure that at that spot are entirely GCP-managed service trouble concern human relationship keys for each service account. Ensure that ServiceAccount has no Admin privileges. Ensure that IAM users are non assigned Service Account User role at projection level. Networking Ensure the default network does non be inward a project. Ensure legacy networks does non exists for a project. Ensure that DNSSEC is enabled for Cloud DNS. Ensure that RSASHA1 is non used for key-signing cardinal inward Cloud DNS DNSSEC. Ensure that RSASHA1 is non used for zone-signing cardinal inward Cloud DNS DNSSEC. Ensure that RDP access is restricted from the Internet. Ensur...

SharpWeb is a .NET 2.0 CLR compliant projection that tin john call back saved logins from Google Chrome, Firefox, Internet Explorer as well as Microsoft Edge. In the future, this projection volition last expanded upon to call back Cookies as well as History items from these browsers. Usage Usage: .\SharpWeb.exe arg0 [arg1 arg2 ...] Arguments: all - Retrieve all Chrome, FireFox as well as IE/Edge credentials. amount - The same every bit 'all' chrome - Fetch saved Chrome logins. firefox - Fetch saved FireFox logins. border - Fetch saved Internet Explorer/Microsoft Edge logins. Example: Retrieve Edge as well as Firefox Credentials .\SharpWeb.exe border firefox Example: Retrieve All Saved Browser Credentials .\SharpWeb.exe all Standing on the Shoulders of Giants This projection uses the function of @plainprogrammer as well as his function on a compliant .NET 2.0 CLR compliant SQLite parser, which tin john last instit...

Modlishka is a flexible too powerful contrary proxy, that volition stimulate got your phishing campaigns to the adjacent marking (with minimal endeavor required from your side). Enjoy :-) Features Some of the near of import 'Modlishka' features : Support for bulk of 2FA authentication schemes (by design). No website templates (just indicate Modlishka to the target domain - inwards near cases, it volition hold upwardly handled automatically). Full command of "cross" root TLS traffic period of time from your victims browsers. Flexible too easily configurable phishing scenarios through configuration options. Pattern based JavaScript payload injection. Striping website from all encryption too safety headers (back to 90's MITM style). User credential harvesting (with context based on URL parameter passed identifiers). Can hold upwardly extended alongside your ideas through plugins. Stateless design. Can hold upwardly scaled upwardly easily for an arb...

An opensource linux based tool that analyses as well as dumps memory. Its developed every bit an offensive pentration testing tool which tin displace live on used to scan retention for mortal keys, ips, as well as passwords using regexes. Remember your results are alone every bit practiced every bit your regexes. Screenshots Scan amongst verbose as well as amongst a elementary IP regex, scanning every information segment. Scan amongst verbose as well as amongst a elementary IP regex, scanning alone heap as well as stack. Scan without verbose, as well as amongst a elementary IP regex. Why dump straight from memory? In well-nigh linux environments users tin displace access the retention of processes, this allows attackers to harvest credentials, mortal keys, or anything that isnt suppose to live on seen but is beingness processed yesteryear a plan inwards clear text. Features Ability to come inwards regex lists Clear as well as Readable Display Ability to Mas...

mXtract is an opensource linux based tool that analyzes in addition to dumps memory . It is developed equally an offensive pentration testing tool, its original usage is to scan retentiveness for soul keys, ips, in addition to passwords using regexes. Remember, your results are solely equally expert equally your regexes. Screenshots Scan amongst verbose in addition to amongst a unproblematic IP regex, scanning every information segment, displaying procedure information in addition to scanning surroundings files. Scan amongst verbose in addition to amongst a unproblematic IP regex, scanning solely heap in addition to stack, displaying procedure information in addition to scanning surroundings files. Scan without verbose, in addition to amongst a unproblematic IP regex, displaying procedure information in addition to scanning surroundings files. Why dump straight from memory? In nigh linux environments users tin access the retentiveness of processes, this allows...

Collect information near leaked electronic mail addresses from Pastebin About Script parses Pastebin email:password dumps together with get together information near each electronic mail address. It supports Google, Trumail, Pipl, FullContact together with HaveIBeenPwned . Moreover, it allows you lot to shipping an informational postal service to someone near his leaked password, at the terminate every information lands inward Elasticsearch for farther exploration. It supports alone ane format - email:password. Everything else volition non work! For now, notification plant when it finds jibe on FullContact together with side past times side sends you lot electronic mail address together with associated social media accounts. Requirements: Python 3 FullContact API https://www.fullcontact.com/developer/ Google Pipl API https://pipl.com/api/ HaveIBeenPwned SafePush (for notification - optional - In progress) https://www.pushsafer.com/ Trumail https://trumail.io/ Gmai...

Tool to respect as well as extract credentials from telephone configuration files inwards environments managed past times Cisco's CUCM (Call Manager). When using Cisco's CUCM (Call Manager), telephone configuration files are stored on a TFTP server. These telephone configuration files quite oft incorporate sensitive data, including telephone SSH/admin credentials. There is also an number amongst how closed to browsers autofill fields such every bit the SSH Username & Password fields amongst their CUCM credentials (commonly their AD credentials) , if the administrator has saved the credentials inwards their browser. This number has also been faced past times administrators using password managers that automatically plug inwards credentials, where they flora that their credentials were beingness automatically inputted into the SSH Username & Password fields, as well as thence beingness saved (and stored inwards plaintext inwards the configuration files). W...

Just the code of my OSINT bot searching for sensitive information leaks on dissimilar glue sites. Search terms: credentials private RSA keys Wordpress configuration files MySQL connect strings onion links links to files hosted within the onion network (PDF, DOC, DOCX, XLS, XLSX) Keep inwards mind: This bot is non beautiful. The code is non consummate so far. Some parts similar integrating the credentials inwards a database are missing inwards this online repository. If you lot desire to piece of occupation this code, experience costless to create so. Keep inwards hear you lot accept to customize things to become inwards run on your system. IMPORTANT The bot tin give the sack locomote run inwards ii major modes: API mode Scraping fashion (using TOR) Is highly recommend using the API mode. It is the intended method of scraping pastes from Pastebin.com too it is only fair to create so. The only matter you lot require is a Pastebin.com PRO draw of pi...

Command trace Search Engine without whatsoever API key. What is Metabigor? Metabigor allows y'all produce enquiry from command line to awesome Search Engines (like Shodan, Censys, Fofa, etc) without whatsoever API key. But Why Metabigor? Don't role your API telephone commutation together with then y'all don't convey to worry most litmit of API quotation. * Do enquiry from ascendance trace without Premium account. * Get to a greater extent than lawsuit without Premium account. * But I convey an Premium trace of piece of job organisation human relationship why produce I demand this shit? Again Metabigor volition non lose your API quotation. Your enquiry volition optimized together with then y'all gonna instruct to a greater extent than lawsuit than using it past times manus or API key. Never instruct duplicate result. * How it works? Metabigor gonna role your cookie or non to copy search from browser together with opti...

Seth is a tool written inwards Python in addition to Bash to MitM RDP connections yesteryear attempting to downgrade the connexion inwards guild to extract clear text credentials. It was developed to heighten awareness in addition to educate nigh the importance of properly configured RDP connections inwards the context of pentests, workshops or talks. The writer is Adrian Vollmer (SySS GmbH). Usage Run it similar this: $ ./seth.sh <INTERFACE> <ATTACKER IP> <VICTIM IP> <GATEWAY IP|HOST IP> [<COMMAND>] Unless the RDP host is on the same subnet every bit the victim machine, the final IP address must hold upward that of the gateway. The final parameter is optional. It tin comprise a ascendency that is executed on the RDP host yesteryear simulating WIN+R via primal press resultant injection. Keystroke injection depends on which keyboard layout the victim is using - currently it's solely reliable amongst the English linguistic communication ...