💀 LeakSearch 💀

💬
LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password.
In addition, you can define how many results you want to display on the terminal and export them as JSON or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future.

Requirements:
⚪️ Python 3
⚪️ Install requirements pip install -r requirements.txt

💻 Usage:
LeakSearch.py [-h] [-d DATABASE] [-k KEYWORD] [-n NUMBER] [-o OUTPUT] [-p PROXY]

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Search #Parse #Password
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Form Finder

This script can be used to find HTML forms in the list of endpoints/URLs.

Usage:

python3 formfinder.py endpoints.txt

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #Form #Finder
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
⛓ T.me/BugCod3Topic
📣 T.me/BugCod3

💜 knoxnl 💜

💬
This is a python wrapper around the amazing KNOXSS API by Brute Logic. To use this tool (and the underlying API), you must have a valid KNOXSS API key. Don't have one? Go visit https://knoxss.me and subscribe! This was inspired by the "knoxssme" tool by @edoardottt2, but developed to allow for greater options.

🔼 Installation:
NOTE: If you already have a `config.yml` file, it will not be overwritten. The file `config.yml.NEW` will be created in the same directory. If you need the new config, remove `config.yml` and rename `config.yml.NEW` back to `config.yml`.

pip install knoxnl

💻 Examples:

knoxnl -i "https://brutelogic.com.br/xss.php"

Or a file of URLs:

knoxnl -i ~/urls.txt

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Scanner #XSS #Knoxnl
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🌐 Ominis OSINT: Secure Web-Search 🌐

📊 Features:
🚀 Enhanced User Interface: Enjoy a redesigned interface for a seamless experience, suitable for both novice and experienced users.
🔎 Expanded Digital Reconnaissance: Conduct thorough investigations with advanced tools to gather and analyze publicly available information from diverse online sources.
💡 Threading Optimization: Experience faster execution times with optimized threading, improving efficiency and reducing waiting periods during username searches.
📊 Detailed Results: Gain comprehensive insights from search results, including detailed information extracted from various sources such as social profiles, mentions, and potential forum links.
⚙️ Proxy Validation: The tool validates proxies for secure and efficient web requests, ensuring anonymity and privacy during the search process. This feature enhances the reliability of the search results by utilizing a pool of validated proxies, mitigating the risk of IP blocking and ensuring seamless execution of the search queries.
🕵️‍♂️ Human-like Behavior Mimicking: To mimic human-like behavior and avoid detection by anti-bot mechanisms, the tool randomizes user agents for each request. This helps in making the requests appear more natural and reduces the likelihood of being flagged as automated activity.
🛡 Randomized Proxy Agents: In addition to proxy validation, the tool utilizes randomized proxy agents for each request, further enhancing user anonymity. By rotating through a pool of proxies, the tool reduces the chances of being tracked or identified by websites, thus safeguarding user privacy throughout the reconnaissance process.
🔍 Username Search: Searches a list of URLs for a specific username. Utilizes threading for parallel execution. Provides detailed results with URL and HTTP status code.

🔼 Installation:

cd Ominis-Osint
pip install -r requirements.txt
python3 Ominis.py

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Search #Engin #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

excludeparked

💬
A lightweight Python 3 script that filters out parked HTTP domains from a list of domains. Useful when pulling a list of domains from a reverse WHOIS lookup service (from a tool such as WHOXY).

This was tested on a list of 100k parked domains but it's subject to improvement as this tool is intended to be a rough method of filtering down thousands of domains in the recon phase of a pentest.

🔼 Install:

cd excludeparked
pip install -r requirements.txt

💻 Usage:

python3 ./excludeparked.py -h

😸 Github

⬇️ Download
🔒BugCod3

#Python #Parked #Domain
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🛜 Freeway 🛜

WiFi Penetration Testing & Auditing Tool

💬
Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.

📊 Features:
⚪️ IEEE 802.11 Packet Monitoring
⚪️ Deauthentication Attack
⚪️ Beacon Flood
⚪️ Packet Fuzzer
⚪️ Network Audit
⚪️ Channel Hopper
⚪️ Evil Twin
⚪️ Packet Crafter

📂 Preparation:
⚪️ A network adapter supporting monitor mode and frame injection.
⚪️ An operating system running a Linux distribution.
⚪️ Python 3+ installed.

🔼 Installation:
PIP:

sudo pip install 3way

Manually:

cd Freeway
sudo pip install .

💻 Usage:

#1 sudo Freeway
#2 sudo Freeway -i wlan2 -a monitor -p 1,2,a
#3 sudo Freeway -i wlan2 -a deauth

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Wifi #Pentesting
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦅 Blackbird 🦅

💬
Blackbird is a robust OSINT tool that facilitates rapid searches for user accounts by username or email across a wide array of platforms, enhancing digital investigations. It features WhatsMyName integration, export options in PDF, CSV, and HTTP response formats, and customizable search filters.

🔼 Installation:

cd blackbird
pip install -r requirements.txt

💻 Usage:
Search by username 👤
python blackbird.py --username username1 username2 username3

Search by email 🌐
python blackbird.py --email email1@email.com email2@email.com email3@email.com

Export results to PDF 📂
python blackbird.py --email email1@email.com --pdf

✨ AI:
Blackbird uses AI-powered NER models to improve metadata extraction, identifying key entities for faster and more accurate insights.
python blackbird.py --username username1 --ai

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CVE-2024-55591

A Fortinet FortiOS Authentication Bypass Vulnerable Behaviour Detection

💬
Description:
This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is vulnerable

Affected Versions:
⚪️ FortiOS 7.0.0 through 7.0.16
⚪️ FortiProxy 7.0.0 through 7.0.19
⚪️ FortiProxy 7.2.0 through 7.2.12

😸 Github

⬇️ Download
🔒 BugCod3

#Python #CVE #Vulnerable #Detection
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

HExHTTP

💬
HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.

📊 Features:
⚪️ Server Error response checking
⚪️ Localhost header response analysis
⚪️ Vhosts checking
⚪️ Methods response analysis
⚪️ HTTP Version analysis [Experimental]
⚪️ Cache Poisoning DoS (CPDoS) techniques
⚪️ Web cache poisoning
⚪️ Range poisoning/error (416 response error) [Experimental]
⚪️ Cookie Reflection
⚪️ CDN/proxies Analysis (Envoy/Apache/Akamai/Nginx) [IP]

🔼 Installation:

pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/'
# OR
python3 hexhttp.py -u 'https://target.tld/'

💻 Usage:

./hexhttp.py -h
# Usage: hexhttp.py [-h] [-u URL] [-f URL_FILE] [-H CUSTOM_HEADER] [-A USER_AGENT] [-F] [-a AUTH] [-b]

😸 Github

⬇️ Download
🔒 BugCod3

#Python #HTTP #Headers #Analyze
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

IDOR-Forge

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

💬 Description:
IDOR Forge is a powerful and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. IDOR vulnerabilities occur when an application exposes direct references to internal objects (e.g., database keys, file paths) without proper authorization checks, allowing attackers to access unauthorized data. This tool automates the process of identifying such vulnerabilities by dynamically generating and testing payloads, analyzing responses, and reporting potential issues.

📊 Features:
⚪️ Dynamic Payload Generation
⚪️ Multi-Parameter Scanning
⚪️ Support for Multiple HTTP Methods
⚪️ Concurrent Scanning
⚪️ Rate Limiting Detection
⚪️ Customizable Test Values
⚪️ Sensitive Data Detection
⚪️ Proxy Support
⚪️ Interactive GUI Mode
⚪️ Verbose Mode
⚪️ Output Options
⚪️ Custom Headers
⚪️ Session Handling

🔼 Installation:

pip install -r requirements.txt
python IDOR-Forge.py

💻 Usage:

# CLI Basic Usage

python IDOR-Forge.py -u "https://example.com/api/resource?id=1"

# Advanced Usage

python IDOR-Forge.py -u "https://example.com/api/resource?id=1" -p -m GET --proxy "http://127.0.0.1:8080" -v -o results.csv --output-format csv

python IDOR-Forge.py -u http://example.com/resource?id=1 -p -m GET --output results.csv --output-format csv --test-values [100,200,300] --sensitive-keywords ["password", "email"]

🖼 Interactive GUI Mode:

python idor_hunter.py --interactive

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Idor #Vulnerability #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3