Karma v2
Passive Open Source Intelligence Automated Reconnaissance Framework
https://github.com/Dheerajmadhukar/karma_v2
#osint #recon
Passive Open Source Intelligence Automated Reconnaissance Framework
https://github.com/Dheerajmadhukar/karma_v2
#osint #recon
GitHub
GitHub - Dheerajmadhukar/karma_v2: ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework) - Dheerajmadhukar/karma_v2
Information Gathering and Scanning for Sensitive Information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
OffSec/OSINT Resources
http://Urlscan.io
http://Hunter.io
http://snov.io
http://Osint.link
http://DNSdumpster.com
http://osintframework.com
http://shodan.io
http://censys.io
http://zoomeye.org
http://opencorporates.com
http://kitploit.com
http://ipv4info.com
http://robtex.com
http://securitytrails.com
http://intelx.io
http://crt.sh
http://spyse.com
#offsec #osint
http://Urlscan.io
http://Hunter.io
http://snov.io
http://Osint.link
http://DNSdumpster.com
http://osintframework.com
http://shodan.io
http://censys.io
http://zoomeye.org
http://opencorporates.com
http://kitploit.com
http://ipv4info.com
http://robtex.com
http://securitytrails.com
http://intelx.io
http://crt.sh
http://spyse.com
#offsec #osint
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.
https://github.com/j3ssie/Osmedeus
#osint #vulnerability #scanner #bugbounty
VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit (Vortex)
A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).
Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks
https://github.com/klezVirus/vortex
#osint #vpn #enumeration #spraying #tools
A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).
Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks
https://github.com/klezVirus/vortex
#osint #vpn #enumeration #spraying #tools
❤1
API Guesser
A simple website to guess API Key / OAuth Token
When you do pentest / Github recon and find API key / OAuth token but you don't know what API key it is, you can use my website that I built from javascript
https://api-guesser.netlify.app
Source:
https://github.com/daffainfo/apiguesser-web
#api #token #osint #bugbounty
A simple website to guess API Key / OAuth Token
When you do pentest / Github recon and find API key / OAuth token but you don't know what API key it is, you can use my website that I built from javascript
https://api-guesser.netlify.app
Source:
https://github.com/daffainfo/apiguesser-web
#api #token #osint #bugbounty
Recon — Horizontal Enumeration
https://aaryanapex.medium.com/bug-bounty-methodology-horizontal-enumeration-89f7cd172e6e
#osint #recon #enumeration
https://aaryanapex.medium.com/bug-bounty-methodology-horizontal-enumeration-89f7cd172e6e
#osint #recon #enumeration
Medium
Bug Bounty Methodology — Horizontal Enumeration
While performing a security assessment our main goal is to map out all the domains owned by a single entity. This means knowing all the…
Google Groups Dork
Some Devs use "Google Groups" as a workplace because it is easy and free.
But a lot of sensitive information is leaked Such as "access keys", "aws secrets" ...etc .
Dork:
Some Devs use "Google Groups" as a workplace because it is easy and free.
But a lot of sensitive information is leaked Such as "access keys", "aws secrets" ...etc .
Dork:
site:http://groups.google.com "COMPANY"
#osint #dorks #bugbounty👍2
🕵️ OSINT Collection
Collection of 4000+ OSINT resources
https://metaosint.github.io/table
#osint #recon #collection
Collection of 4000+ OSINT resources
https://metaosint.github.io/table
#osint #recon #collection
👍6
🔍 OSINT Tools
Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.
Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/
Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/
#OSINT #IMINT #ImageAnalysis #tools
Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.
Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/
Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/
#OSINT #IMINT #ImageAnalysis #tools
👍9
🤖 BBOT: OSINT automation for hackers
This tools is capable of executing the entire OSINT process in a single command, including subdomain enumeration, port scanning, web screenshots (with its gowitness module), vulnerability scanning (with nuclei), and much more. BBOT currently has over 50 modules and counting.
Features:
— Recursive;
— Graphing;
— Modular;
— Multi-Target;
— Automatic Dependencies;
— Smart Dictionary Attacks;
— Scope Distance;
— Easily Configurable via YAML.
Blog:
https://blog.blacklanternsecurity.com/p/bbot
Source:
https://github.com/blacklanternsecurity/bbot
#external #recon #osint #redteam #bugbounty
This tools is capable of executing the entire OSINT process in a single command, including subdomain enumeration, port scanning, web screenshots (with its gowitness module), vulnerability scanning (with nuclei), and much more. BBOT currently has over 50 modules and counting.
Features:
— Recursive;
— Graphing;
— Modular;
— Multi-Target;
— Automatic Dependencies;
— Smart Dictionary Attacks;
— Scope Distance;
— Easily Configurable via YAML.
Blog:
https://blog.blacklanternsecurity.com/p/bbot
Source:
https://github.com/blacklanternsecurity/bbot
#external #recon #osint #redteam #bugbounty
👍9🔥2
🔎 GEOINT Protip
Landmark identification and pinpointing locations where an image or video was taken is a very good skill when investigating current and past events.
— geohints.com
— landmark.toolpie.com
— brueckenweb.de/2content/suchen/suche.php
#geoint #osint #tips
Landmark identification and pinpointing locations where an image or video was taken is a very good skill when investigating current and past events.
— geohints.com
— landmark.toolpie.com
— brueckenweb.de/2content/suchen/suche.php
#geoint #osint #tips
👍6
🌐 URLFinder
URLFinder is a high-speed, passive URL discovery tool designed to simplify and accelerate web asset discovery, ideal for penetration testers, security researchers, and developers looking to gather URLs without active scanning.
🚀 Features:
— Passive source discovery
— JSON/file/stdout output
— Optimized speed & efficiency
🔗 Source:
https://github.com/projectdiscovery/urlfinder
#url #domain #finder #osint
URLFinder is a high-speed, passive URL discovery tool designed to simplify and accelerate web asset discovery, ideal for penetration testers, security researchers, and developers looking to gather URLs without active scanning.
🚀 Features:
— Passive source discovery
— JSON/file/stdout output
— Optimized speed & efficiency
🔗 Source:
https://github.com/projectdiscovery/urlfinder
#url #domain #finder #osint
❤16❤🔥1👍1