Slurp – Amazon AWS S3 Bucket Enumerator

Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.

There are two modes that this tool operates at; blackbox and whitebox mode. Whitebo…

Slurp – Amazon AWS S3 Bucket Enumerator

Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.

There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.

Blackbox (external)

In this mode, you are using the permutations list to conduct scans.

Read the rest of Slurp – Amazon AWS S3 Bucket Enumerator now! Only available at Darknet.

BloodHound – Hacking Active Directory Trust Relationships

BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.

Attackers can use BloodHound to easily identify highly complex atta…

BloodHound – Hacking Active Directory Trust Relationships

BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.

Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use it to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

Read the rest of BloodHound – Hacking Active Directory Trust Relationships now! Only available at Darknet.

SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.

List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, a…

SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.

List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

Contents of SecLists

Each section has tonnes of content including the below:

  • Discovery lists (DNS, SNMP, Web content)
  • Fuzzing Payloads (Databases, LFI, SQLi, XSS)
  • Password lists (Common credentials, cracked hashes, honeypot captures, leaked lists)
  • Data Pattern lists
  • Payload files (Zip bombs, flash, images)
  • Username lists (Honeypot captures)
  • Web shells

Install SecLists

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip

Git (Small)

git clone --depth 1 https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone [email protected]:danielmiessler/SecLists.git

You can access all the lists here:

https://github.com/danielmiessler/SecLists

Read the rest of SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells now! Only available at Darknet.

GoBuster – Directory/File & DNS Busting Tool in Go

GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.

The author built YET ANOTHER directory and DNS brute forcing to…

GoBuster – Directory/File & DNS Busting Tool in Go

GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.

The author built YET ANOTHER directory and DNS brute forcing tool because he wanted..

  • … something that didn’t have a fat Java GUI (console FTW).
  • … to build something that just worked on the command line.
  • … something that did not do recursive brute force.

Read the rest of GoBuster – Directory/File & DNS Busting Tool in Go now! Only available at Darknet.