πŸ”’
❌
There are new articles available, click to refresh the page.
Before yesterdayDarknet

assetfinder – Find Related Domains and Subdomains

29 December 2021 at 17:05
By: Darknet
assetfinder – Find Related Domains and Subdomains

assetfinder is a Go-based tool to find related domains and subdomains that are potentially related to a given domain from a variety of sources including Facebook, ThreatCrowd, Virustotal and more.

assetfinder uses a variety of sources including those in the infosec space and social networks which can give relevant info:

  • crt.sh
  • certspotter
  • hackertarget
  • threatcrowd
  • wayback machine
  • dns.bufferover.run
  • facebook – Needs FB_APP_ID and FB_APP_SECRET environment variables set (https://developers.facebook.com/) and you need to be careful with your app’s rate limits
  • virustotal – Needs VT_API_KEY environment variable set (https://developers.virustotal.com/reference)
  • findsubdomains – Needs SPYSE_API_TOKEN environment variable set (the free version always gives the first response page, and you also get β€œ25 unlimited requests”) β€” (https://spyse.com/apidocs)

Sources to be implemented:

  • http://api.passivetotal.org/api/docs/
  • https://community.riskiq.com/ (?)
  • https://riddler.io/
  • http://www.dnsdb.org/
  • https://certdb.com/api-documentation

Usage of assetfinder to Find Related Domains and Subdomains

The usage is very simple with only one option basically, to limit the search to subdomains only – by default it will scan for all associated domains and subdomains.

Read the rest of assetfinder – Find Related Domains and Subdomains now! Only available at Darknet.

CredNinja – Test Credential Validity of Dumped Credentials or Hashes

5 January 2022 at 09:55
By: Darknet
CredNinja – Test Credential Validity of Dumped Credentials or Hashes

CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.

At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning for port 445 first, or you can use β€œβ€“scan”). It will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host.

Read the rest of CredNinja – Test Credential Validity of Dumped Credentials or Hashes now! Only available at Darknet.

CFRipper – CloudFormation Security Scanning & Audit Tool

23 January 2022 at 17:15
By: Darknet
CFRipper – CloudFormation Security Scanning & Audit Tool

CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.

You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.

CFRipper should be part of your CI/CD pipeline. It runs just before a CloudFormation stack is deployed or updated and if the CloudFormation script fails to pass the security check it fails the deployment and notifies the team that owns the stack.

Read the rest of CFRipper – CloudFormation Security Scanning & Audit Tool now! Only available at Darknet.

Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage

29 April 2022 at 17:32
By: Darknet
Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage

socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms.

Other similar tools check username availability by requesting the profile page of the username in question and based on information like the HTTP status code or error text on the requested page, determine whether a username is already taken.

Read the rest of Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage now! Only available at Darknet.

  • There are no more articles
❌