In the near future I plan to bring everything in a convenient form with git and tags.
❤2
Forwarded from SHADOW:Group
🔎 Инструменты для работы с дорками
Небольшая подборка инструментов, которые позволят вам автоматизировать процесс доркинга.
▫️ GitDorker
▫️ Katana
▫️ Fast-Google-Dorks-Scan
▫️ oxdork
▫️ SDorker
▫️ pagodo
▫️ dorks-eye
Online инструменты:
▫️ Dorksearch
▫️ FilePhish
▫️ Bug Bounty Helper
▫️ Pentest-tools google-hacking
#web #recon #dork
Небольшая подборка инструментов, которые позволят вам автоматизировать процесс доркинга.
▫️ GitDorker
▫️ Katana
▫️ Fast-Google-Dorks-Scan
▫️ oxdork
▫️ SDorker
▫️ pagodo
▫️ dorks-eye
Online инструменты:
▫️ Dorksearch
▫️ FilePhish
▫️ Bug Bounty Helper
▫️ Pentest-tools google-hacking
#web #recon #dork
Forwarded from SHADOW:Group
⚡️ Небольшая подборка плагинов для OWASP ZAP
▫️ Access Control Testing
Позволяет проводить тестирование контроля доступа и выявлять потенциальные проблемы с контролем доступа.
▫️ Advanced SQLInjection Add-on
Инструмент активного сканирования для обнаружения SQLi (на основе SQLMap).
▫️ Attack Surface Detector
Плагин помогает выявить конечные точки веб-приложения, параметры, которые принимают эти конечные точки, и тип данных этих параметров.
▫️ DOM XSS Active Scan Rule
Активный сканер для обнаружения уязвимостей DOM XSS.
▫️ Directory List v2.3
Предоставляет файлы с именами каталогов для брутфорса или фаззинга.
▫️ Eval Villain
Расширение для ZAP и Firefox, которое будет подключаться к опасным функциям, таким как eval, и предупреждать вас об их использовании.
▫️ GraphQL Support
Плагин для получения структуры и запросов GraphQL.
▫️ Out-of-band Application Security Testing Support
Сервер OAST для обнаружения внешних и слепых уязвимостей. Аналог Burp Collaborator, только для ZAP.
▫️ HUNT v2
Выполняет пассивное сканирование на наличие потенциально уязвимых параметров.
▫️ Community-scripts
Большая коллекция скриптов ZAP предоставленная комьюнити
#web #tools
▫️ Access Control Testing
Позволяет проводить тестирование контроля доступа и выявлять потенциальные проблемы с контролем доступа.
▫️ Advanced SQLInjection Add-on
Инструмент активного сканирования для обнаружения SQLi (на основе SQLMap).
▫️ Attack Surface Detector
Плагин помогает выявить конечные точки веб-приложения, параметры, которые принимают эти конечные точки, и тип данных этих параметров.
▫️ DOM XSS Active Scan Rule
Активный сканер для обнаружения уязвимостей DOM XSS.
▫️ Directory List v2.3
Предоставляет файлы с именами каталогов для брутфорса или фаззинга.
▫️ Eval Villain
Расширение для ZAP и Firefox, которое будет подключаться к опасным функциям, таким как eval, и предупреждать вас об их использовании.
▫️ GraphQL Support
Плагин для получения структуры и запросов GraphQL.
▫️ Out-of-band Application Security Testing Support
Сервер OAST для обнаружения внешних и слепых уязвимостей. Аналог Burp Collaborator, только для ZAP.
▫️ HUNT v2
Выполняет пассивное сканирование на наличие потенциально уязвимых параметров.
▫️ Community-scripts
Большая коллекция скриптов ZAP предоставленная комьюнити
#web #tools
BirdHunt
In order to regularly find geotagged data on Twitter I use a great OSINT tool developed by Louis Tomos Evans entitled BirdHunt which allows me to select any area on the world map to find tweets posted within a certain radius (plus other options).
https://birdhunt.co/
In order to regularly find geotagged data on Twitter I use a great OSINT tool developed by Louis Tomos Evans entitled BirdHunt which allows me to select any area on the world map to find tweets posted within a certain radius (plus other options).
https://birdhunt.co/
birdhunt.huntintel.io
BirdHunt | Find Tweets By Location
BirdHunt is a Free OSINT tool to find tweets by location. BirdHunt uses Twitters GeoCoded tweet search to find tweets by location. BirdHunt is simple to use, mobile friendly and designed for OSINT researchers. How to tell where a tweet came from? Use the…
YouTube Geofind
I came across this tool a while ago whilst looking for something to help me find geotagged YouTube videos specifically. As much as I find twitter and telegram extremely useful to find data from Ukraine, most of the footage shared on those platforms tend to be quite short, often less than a minute long.
https://mattw.io/youtube-geofind/location
I came across this tool a while ago whilst looking for something to help me find geotagged YouTube videos specifically. As much as I find twitter and telegram extremely useful to find data from Ukraine, most of the footage shared on those platforms tend to be quite short, often less than a minute long.
https://mattw.io/youtube-geofind/location
mattw.io
Location Search - Discover Geo-tagged Videos - MW Geofind
Search YouTube for geographically tagged videos by location, topic, or channel. Videos are viewable in a map and data exportable in JSON and CSV.
Google Earth Pro. This tool is a must have to any OSINT analyst and is free to download to any operating systems (yes, even Linux).
If you don’t want to download it you can also use the web version although with some limitations.
https://earth.google.com/
If you don’t want to download it you can also use the web version although with some limitations.
https://earth.google.com/
Google Earth
Create and collaborate on immersive, data-driven maps from anywhere with the new Google Earth. See the world from above with high-resolution satellite imagery, explore 3D terrain and buildings in hundreds of cities, and dive into streets and neighborhoods…
🔥1
CarNet.ai today found it extremely useful for OSINT investigations. According to the description on their website: “CarNET API provides you with the ability to detect a car’s make, model, generation, color and angle from an image of the car. Our API is powered by computer vision and deep learning technologies, and is capable of correctly recognizing cars in different lighting and weather conditions.”
https://carnet.ai/
https://carnet.ai/
carnet.ai
CarNet.AI - Car Make/Model Recognition API
Car Make/Model Recognition API with 97% Accuracy
🔥1
If you type "osint type:user" in the search box on Github, the very first profile in the list is Soxoj (https://github.com/soxoj).
Soxoj is one of the world's best known developers of tools for OSINT. You probably know:
Maigret (https://github.com/soxoj/maigret) - tool for username enumeration
Socid Extractor (https://github.com/soxoj/socid-extractor) - tool for extracting accounts info from personal pages
Marple (https://github.com/soxoj/marple) - tool for collecting links to profiles by username through search engines
Gitcolombo (https://github.com/soxoj/gitcolombo) - tool for extractiion and analyze contributors info from git repos
Telegram Bot Dumper (https://github.com/soxoj/telegram-bot-dumper) - dumper & ripper for Telegram bots by token
He has written a detailed and in-depth guide on countering OSINT (https://github.com/soxoj/counter-osint-guide-ru)
Soxoj is one of the world's best known developers of tools for OSINT. You probably know:
Maigret (https://github.com/soxoj/maigret) - tool for username enumeration
Socid Extractor (https://github.com/soxoj/socid-extractor) - tool for extracting accounts info from personal pages
Marple (https://github.com/soxoj/marple) - tool for collecting links to profiles by username through search engines
Gitcolombo (https://github.com/soxoj/gitcolombo) - tool for extractiion and analyze contributors info from git repos
Telegram Bot Dumper (https://github.com/soxoj/telegram-bot-dumper) - dumper & ripper for Telegram bots by token
He has written a detailed and in-depth guide on countering OSINT (https://github.com/soxoj/counter-osint-guide-ru)
GitHub
soxoj - Overview
CPO @ Social Links. soxoj has 93 repositories available. Follow their code on GitHub.