Iron Feather HQ : NOCH : CRUEL WYNDZ

subdomain enumeration (https://github.com/TypeError/domained),

masscan by robertdavidgraham to port scanning (https://github.com/robertdavidgraham/masscan)

wfuzz by xmendez to http request fuzzing / brute forcing (https://github.com/xmendez/wfuzz),

https://www.peerlyst.com/posts/a-list-o ... s-guurhart

prowler - Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark (https://d0.awsstatic.com/whitepapers/co ... chmark.pdf) https://github.com/Alfresco/prowler

nccgroup/Scout2 - Security auditing tool for AWS environments https://github.com/nccgroup/Scout2

cloudsploit/scans - AWS security scanning checks https://github.com/cloudsploit/scans

The amazon inspector‍ - https://aws.amazon.com/inspector/

Netflix/security_monkey - Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations
https://github.com/Netflix/security_monkey

Aardvark - Aardvark is a multi-account AWS IAM Access Advisor API https://github.com/Netflix-Skunkworks/aardvark

Repokid - AWS Least Privilege for Distributed, High-Velocity Deployment https://github.com/Netflix/Repokid

DenizParlak/Zeus - AWS Auditing & Hardening Tool http://www.denizparlak.com/?p=386 https://github.com/DenizParlak/Zeus

Nimbostratus - Tools for fingerprinting and exploiting Amazon cloud infrastructures + video presentation and intro blog post https://andresriancho.github.io/nimbostratus/

Bucket finder - This is a fairly simple tool to run, all it requires is a wordlist and it will go off and check each word to see if that bucket name exists in the Amazon's S3 system. Any that it finds it will check to see if the bucket is public, private or a redirect.
Public buckets are checked for directory indexing being enabled, if it is then all files listed will be checked using HEAD to see if they are public or private.Redirects are followed and the final destination checked. All this is reported on so you can later go through and analyse what has been found. https://digi.ninja/projects/bucket_finder.php

Keye allows hackers to easily monitor changes in URLs. It requests the urls and detects changes based on the responses’ Content-Length. https://github.com/clirimemini/Keye

sample actual pentest report

https://github.com/hmaverickadams/TCM-S ... est-Report

URLextractor - Information Gathering and Website Reconnaissance

https://www.kitploit.com/2019/06/urlext ... g-and.html



URLextractor - Information Gathering and Website Reconnaissance

Information gathering & website reconnaissance

Usage: ./extractor http://www.hackthissite.org/

Tips:
Colorex: put colors to the ouput pip install colorex and use it like ./extractor http://www.hackthissite.org/ | colorex -g "INFO" -r "ALERT"
Tldextract: is used by dnsenumeration function pip install tldextract

Features:
IP and hosting info like city and country (using FreegeoIP)
DNS servers (using dig)
ASN, Network range, ISP name (using RISwhois)
Load balancer test
Whois for abuse mail (using Spamcop)
PAC (Proxy Auto Configuration) file
Compares hashes to diff code
robots.txt (recursively looking for hidden stuff)
Source code (looking for passwords and users)
External links (frames from other websites)
Directory FUZZ (like Dirbuster and Wfuzz - using Dirbuster) directory list)
URLvoid API - checks Google page rank, Alexa rank and possible blacklists
Provides useful links at other websites to correlate with IP/ASN
Option to open ALL results in browser at the end

great collection of articles & tools for pentesting
https://securityonline.info