🌟 Photon 🌟

Incredibly fast crawler designed for OSINT

Photon can extract the following data while crawling:
⚪️URLs (in-scope & out-of-scope)
⚪️URLs with parameters (example.com/gallery.php?id=2)
⚪️Intel (emails, social media accounts, amazon buckets etc.)
⚪️Files (pdf, png, xml etc.)
⚪️Secret keys (auth/API keys & hashes)
⚪️JavaScript files & Endpoints present in them
⚪️Strings matching custom regex pattern
⚪️Subdomains & DNS related data


⬇️ Download
😸 Github

#Python #Crawler #Osint #Spider
➗➗➗➗➗➗➗➗➗➗➗➗
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3

🥷 PyPhisher 🥷

▶ A video of the pyphisher tool in action

💬
Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, github, reddit, gmail and many others.

⬇️ Download
👁‍🗨 Previous Post

#Python #PyPhisher
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🫥 MobaXterm Keygen 🔘

⚠️ Please see source code. It is not complex. ⚠️

I don't know how to make custom settings take effect in Customizer mode directly.

💬
The only way I found is that you should export custom settings to a file named MobaXterm customization.custom which is also a zip file. Then merge two zip file: Custom.mxtpro and MobaXterm customization.custom to Custom.mxtpro. Finally copy newly-generated Custom.mxtpro to MobaXterm's installation path.

📊 Postscript:
⚪️ This application does not have complex activation algorithm and it is truly fantastic. So please pay for it if possible.

⚪️ The file generated, Custom.mxtpro, is actually a zip file and contains a text file, Pro.key, where there is a key string.

⚪️ MobaXterm.exe has another mode. You can see it by adding a parameter "-customizer".

./MobaXterm.exe -customizer

💻 Usage:

./MobaXterm-Keygen.py "DoubleSine" 10.9

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #MobaXterm #Keygen #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

☠️ xnLinkFinder v4.4 ☠️

💬
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

📊 This is a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:
⚪️ crawling a target (pass a domain/URL)
⚪️ crawling multiple targets (pass a file of domains/URLs)
⚪️ searching files in a given directory (pass a directory name)
⚪️ get them from a Burp project (pass location of a Burp XML file)
⚪️ get them from an OWASP ZAP project (pass location of a ZAP ASCII message file)
⚪️ get them from a Caido project (pass location of a Caido export CSV file)
⚪️ processing a waymore results directory (searching archived response files from waymore -mode R and also requesting URLs from waymore.txt and the original URLs from index.txt - see waymore README.md)

🔼 Installation:

cd xnLinkFinder
sudo python setup.py install

💻 Usage:

python xnLinkFinder.py --help

📂 Examples:

#specific target
python3 xnLinkFinder.py -i target.com -sf target.com

#list of URLs
python3 xnLinkFinder.py -i target_js.txt -sf target.com

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #Discover #Endpoints
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

NetProbe: Network Probe

💬
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.

📊 Features:
⚪️ Scan for devices on a specified IP address or subnet
⚪️ Display the IP address, MAC address, manufacturer, and device model of discovered devices
⚪️ Live tracking of devices (optional)
⚪️ Save scan results to a file (optional)
⚪️ Filter by manufacturer (e.g., 'Apple') (optional)
⚪️ Filter by IP range (e.g., '192.168.1.0/24') (optional)
⚪️ Scan rate in seconds (default: 5) (optional)

🔼 Installation:

cd NetProbe
pip install -r requirements.txt

💻 Usage:

python3 netprobe.py —help

📂 Example:

python3 netprobe.py -t 192.168.1.0/24 -i eth0 -o results.txt -l

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Network #Scanner #Vulnerability #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

10000 h1 disclosed reports

💬
On 31st Dec 2023, I made it my goal to read 10,000 H1 Reports in 2024 Q1 (i.e. first 3 months) to really understand deep down what kind of bugs are being reported, accepted, or rejected and how exactly I should approach my journey in #bugbounty. Also, I thought, there was no better resource than actual disclosed bug reports. Later I decided to cap my goal at *5000* because I think I nailed the common pattern and already accomplished what I wanted to get out of it.

😸 Github

⬇️ Download
🔒 BugCod3

#Python #H1 #Report
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

💀 LeakSearch 💀

💬
LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password.
In addition, you can define how many results you want to display on the terminal and export them as JSON or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future.

Requirements:
⚪️ Python 3
⚪️ Install requirements pip install -r requirements.txt

💻 Usage:
LeakSearch.py [-h] [-d DATABASE] [-k KEYWORD] [-n NUMBER] [-o OUTPUT] [-p PROXY]

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Search #Parse #Password
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Form Finder

This script can be used to find HTML forms in the list of endpoints/URLs.

Usage:

python3 formfinder.py endpoints.txt

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #Form #Finder
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
⛓ T.me/BugCod3Topic
📣 T.me/BugCod3

💜 knoxnl 💜

💬
This is a python wrapper around the amazing KNOXSS API by Brute Logic. To use this tool (and the underlying API), you must have a valid KNOXSS API key. Don't have one? Go visit https://knoxss.me and subscribe! This was inspired by the "knoxssme" tool by @edoardottt2, but developed to allow for greater options.

🔼 Installation:
NOTE: If you already have a `config.yml` file, it will not be overwritten. The file `config.yml.NEW` will be created in the same directory. If you need the new config, remove `config.yml` and rename `config.yml.NEW` back to `config.yml`.

pip install knoxnl

💻 Examples:

knoxnl -i "https://brutelogic.com.br/xss.php"

Or a file of URLs:

knoxnl -i ~/urls.txt

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Scanner #XSS #Knoxnl
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🌐 Ominis OSINT: Secure Web-Search 🌐

📊 Features:
🚀 Enhanced User Interface: Enjoy a redesigned interface for a seamless experience, suitable for both novice and experienced users.
🔎 Expanded Digital Reconnaissance: Conduct thorough investigations with advanced tools to gather and analyze publicly available information from diverse online sources.
💡 Threading Optimization: Experience faster execution times with optimized threading, improving efficiency and reducing waiting periods during username searches.
📊 Detailed Results: Gain comprehensive insights from search results, including detailed information extracted from various sources such as social profiles, mentions, and potential forum links.
⚙️ Proxy Validation: The tool validates proxies for secure and efficient web requests, ensuring anonymity and privacy during the search process. This feature enhances the reliability of the search results by utilizing a pool of validated proxies, mitigating the risk of IP blocking and ensuring seamless execution of the search queries.
🕵️‍♂️ Human-like Behavior Mimicking: To mimic human-like behavior and avoid detection by anti-bot mechanisms, the tool randomizes user agents for each request. This helps in making the requests appear more natural and reduces the likelihood of being flagged as automated activity.
🛡 Randomized Proxy Agents: In addition to proxy validation, the tool utilizes randomized proxy agents for each request, further enhancing user anonymity. By rotating through a pool of proxies, the tool reduces the chances of being tracked or identified by websites, thus safeguarding user privacy throughout the reconnaissance process.
🔍 Username Search: Searches a list of URLs for a specific username. Utilizes threading for parallel execution. Provides detailed results with URL and HTTP status code.

🔼 Installation:

cd Ominis-Osint
pip install -r requirements.txt
python3 Ominis.py

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Search #Engin #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

excludeparked

💬
A lightweight Python 3 script that filters out parked HTTP domains from a list of domains. Useful when pulling a list of domains from a reverse WHOIS lookup service (from a tool such as WHOXY).

This was tested on a list of 100k parked domains but it's subject to improvement as this tool is intended to be a rough method of filtering down thousands of domains in the recon phase of a pentest.

🔼 Install:

cd excludeparked
pip install -r requirements.txt

💻 Usage:

python3 ./excludeparked.py -h

😸 Github

⬇️ Download
🔒BugCod3

#Python #Parked #Domain
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🛜 Freeway 🛜

WiFi Penetration Testing & Auditing Tool

💬
Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.

📊 Features:
⚪️ IEEE 802.11 Packet Monitoring
⚪️ Deauthentication Attack
⚪️ Beacon Flood
⚪️ Packet Fuzzer
⚪️ Network Audit
⚪️ Channel Hopper
⚪️ Evil Twin
⚪️ Packet Crafter

📂 Preparation:
⚪️ A network adapter supporting monitor mode and frame injection.
⚪️ An operating system running a Linux distribution.
⚪️ Python 3+ installed.

🔼 Installation:
PIP:

sudo pip install 3way

Manually:

cd Freeway
sudo pip install .

💻 Usage:

#1 sudo Freeway
#2 sudo Freeway -i wlan2 -a monitor -p 1,2,a
#3 sudo Freeway -i wlan2 -a deauth

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Wifi #Pentesting
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦅 Blackbird 🦅

💬
Blackbird is a robust OSINT tool that facilitates rapid searches for user accounts by username or email across a wide array of platforms, enhancing digital investigations. It features WhatsMyName integration, export options in PDF, CSV, and HTTP response formats, and customizable search filters.

🔼 Installation:

cd blackbird
pip install -r requirements.txt

💻 Usage:
Search by username 👤
python blackbird.py --username username1 username2 username3

Search by email 🌐
python blackbird.py --email email1@email.com email2@email.com email3@email.com

Export results to PDF 📂
python blackbird.py --email email1@email.com --pdf

✨ AI:
Blackbird uses AI-powered NER models to improve metadata extraction, identifying key entities for faster and more accurate insights.
python blackbird.py --username username1 --ai

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CVE-2024-55591

A Fortinet FortiOS Authentication Bypass Vulnerable Behaviour Detection

💬
Description:
This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is vulnerable

Affected Versions:
⚪️ FortiOS 7.0.0 through 7.0.16
⚪️ FortiProxy 7.0.0 through 7.0.19
⚪️ FortiProxy 7.2.0 through 7.2.12

😸 Github

⬇️ Download
🔒 BugCod3

#Python #CVE #Vulnerable #Detection
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

HExHTTP

💬
HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.

📊 Features:
⚪️ Server Error response checking
⚪️ Localhost header response analysis
⚪️ Vhosts checking
⚪️ Methods response analysis
⚪️ HTTP Version analysis [Experimental]
⚪️ Cache Poisoning DoS (CPDoS) techniques
⚪️ Web cache poisoning
⚪️ Range poisoning/error (416 response error) [Experimental]
⚪️ Cookie Reflection
⚪️ CDN/proxies Analysis (Envoy/Apache/Akamai/Nginx) [IP]

🔼 Installation:

pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/'
# OR
python3 hexhttp.py -u 'https://target.tld/'

💻 Usage:

./hexhttp.py -h
# Usage: hexhttp.py [-h] [-u URL] [-f URL_FILE] [-H CUSTOM_HEADER] [-A USER_AGENT] [-F] [-a AUTH] [-b]

😸 Github

⬇️ Download
🔒 BugCod3

#Python #HTTP #Headers #Analyze
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

IDOR-Forge

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

💬 Description:
IDOR Forge is a powerful and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. IDOR vulnerabilities occur when an application exposes direct references to internal objects (e.g., database keys, file paths) without proper authorization checks, allowing attackers to access unauthorized data. This tool automates the process of identifying such vulnerabilities by dynamically generating and testing payloads, analyzing responses, and reporting potential issues.

📊 Features:
⚪️ Dynamic Payload Generation
⚪️ Multi-Parameter Scanning
⚪️ Support for Multiple HTTP Methods
⚪️ Concurrent Scanning
⚪️ Rate Limiting Detection
⚪️ Customizable Test Values
⚪️ Sensitive Data Detection
⚪️ Proxy Support
⚪️ Interactive GUI Mode
⚪️ Verbose Mode
⚪️ Output Options
⚪️ Custom Headers
⚪️ Session Handling

🔼 Installation:

pip install -r requirements.txt
python IDOR-Forge.py

💻 Usage:

# CLI Basic Usage

python IDOR-Forge.py -u "https://example.com/api/resource?id=1"

# Advanced Usage

python IDOR-Forge.py -u "https://example.com/api/resource?id=1" -p -m GET --proxy "http://127.0.0.1:8080" -v -o results.csv --output-format csv

python IDOR-Forge.py -u http://example.com/resource?id=1 -p -m GET --output results.csv --output-format csv --test-values [100,200,300] --sensitive-keywords ["password", "email"]

🖼 Interactive GUI Mode:

python idor_hunter.py --interactive

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Idor #Vulnerability #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3