Forwarded from SHADOW:Group
⚡️ Небольшая подборка плагинов для OWASP ZAP
▫️ Access Control Testing
Позволяет проводить тестирование контроля доступа и выявлять потенциальные проблемы с контролем доступа.
▫️ Advanced SQLInjection Add-on
Инструмент активного сканирования для обнаружения SQLi (на основе SQLMap).
▫️ Attack Surface Detector
Плагин помогает выявить конечные точки веб-приложения, параметры, которые принимают эти конечные точки, и тип данных этих параметров.
▫️ DOM XSS Active Scan Rule
Активный сканер для обнаружения уязвимостей DOM XSS.
▫️ Directory List v2.3
Предоставляет файлы с именами каталогов для брутфорса или фаззинга.
▫️ Eval Villain
Расширение для ZAP и Firefox, которое будет подключаться к опасным функциям, таким как eval, и предупреждать вас об их использовании.
▫️ GraphQL Support
Плагин для получения структуры и запросов GraphQL.
▫️ Out-of-band Application Security Testing Support
Сервер OAST для обнаружения внешних и слепых уязвимостей. Аналог Burp Collaborator, только для ZAP.
▫️ HUNT v2
Выполняет пассивное сканирование на наличие потенциально уязвимых параметров.
▫️ Community-scripts
Большая коллекция скриптов ZAP предоставленная комьюнити
#web #tools
▫️ Access Control Testing
Позволяет проводить тестирование контроля доступа и выявлять потенциальные проблемы с контролем доступа.
▫️ Advanced SQLInjection Add-on
Инструмент активного сканирования для обнаружения SQLi (на основе SQLMap).
▫️ Attack Surface Detector
Плагин помогает выявить конечные точки веб-приложения, параметры, которые принимают эти конечные точки, и тип данных этих параметров.
▫️ DOM XSS Active Scan Rule
Активный сканер для обнаружения уязвимостей DOM XSS.
▫️ Directory List v2.3
Предоставляет файлы с именами каталогов для брутфорса или фаззинга.
▫️ Eval Villain
Расширение для ZAP и Firefox, которое будет подключаться к опасным функциям, таким как eval, и предупреждать вас об их использовании.
▫️ GraphQL Support
Плагин для получения структуры и запросов GraphQL.
▫️ Out-of-band Application Security Testing Support
Сервер OAST для обнаружения внешних и слепых уязвимостей. Аналог Burp Collaborator, только для ZAP.
▫️ HUNT v2
Выполняет пассивное сканирование на наличие потенциально уязвимых параметров.
▫️ Community-scripts
Большая коллекция скриптов ZAP предоставленная комьюнити
#web #tools
BirdHunt
In order to regularly find geotagged data on Twitter I use a great OSINT tool developed by Louis Tomos Evans entitled BirdHunt which allows me to select any area on the world map to find tweets posted within a certain radius (plus other options).
https://birdhunt.co/
In order to regularly find geotagged data on Twitter I use a great OSINT tool developed by Louis Tomos Evans entitled BirdHunt which allows me to select any area on the world map to find tweets posted within a certain radius (plus other options).
https://birdhunt.co/
birdhunt.huntintel.io
BirdHunt | Find Tweets By Location
BirdHunt is a Free OSINT tool to find tweets by location. BirdHunt uses Twitters GeoCoded tweet search to find tweets by location. BirdHunt is simple to use, mobile friendly and designed for OSINT researchers. How to tell where a tweet came from? Use the…
YouTube Geofind
I came across this tool a while ago whilst looking for something to help me find geotagged YouTube videos specifically. As much as I find twitter and telegram extremely useful to find data from Ukraine, most of the footage shared on those platforms tend to be quite short, often less than a minute long.
https://mattw.io/youtube-geofind/location
I came across this tool a while ago whilst looking for something to help me find geotagged YouTube videos specifically. As much as I find twitter and telegram extremely useful to find data from Ukraine, most of the footage shared on those platforms tend to be quite short, often less than a minute long.
https://mattw.io/youtube-geofind/location
mattw.io
Location Search - Discover Geo-tagged Videos - MW Geofind
Search YouTube for geographically tagged videos by location, topic, or channel. Videos are viewable in a map and data exportable in JSON and CSV.
Google Earth Pro. This tool is a must have to any OSINT analyst and is free to download to any operating systems (yes, even Linux).
If you don’t want to download it you can also use the web version although with some limitations.
https://earth.google.com/
If you don’t want to download it you can also use the web version although with some limitations.
https://earth.google.com/
Google Earth
Create and collaborate on immersive, data-driven maps from anywhere with the new Google Earth. See the world from above with high-resolution satellite imagery, explore 3D terrain and buildings in hundreds of cities, and dive into streets and neighborhoods…
🔥1
CarNet.ai today found it extremely useful for OSINT investigations. According to the description on their website: “CarNET API provides you with the ability to detect a car’s make, model, generation, color and angle from an image of the car. Our API is powered by computer vision and deep learning technologies, and is capable of correctly recognizing cars in different lighting and weather conditions.”
https://carnet.ai/
https://carnet.ai/
carnet.ai
CarNet.AI - Car Make/Model Recognition API
Car Make/Model Recognition API with 97% Accuracy
🔥1
If you type "osint type:user" in the search box on Github, the very first profile in the list is Soxoj (https://github.com/soxoj).
Soxoj is one of the world's best known developers of tools for OSINT. You probably know:
Maigret (https://github.com/soxoj/maigret) - tool for username enumeration
Socid Extractor (https://github.com/soxoj/socid-extractor) - tool for extracting accounts info from personal pages
Marple (https://github.com/soxoj/marple) - tool for collecting links to profiles by username through search engines
Gitcolombo (https://github.com/soxoj/gitcolombo) - tool for extractiion and analyze contributors info from git repos
Telegram Bot Dumper (https://github.com/soxoj/telegram-bot-dumper) - dumper & ripper for Telegram bots by token
He has written a detailed and in-depth guide on countering OSINT (https://github.com/soxoj/counter-osint-guide-ru)
Soxoj is one of the world's best known developers of tools for OSINT. You probably know:
Maigret (https://github.com/soxoj/maigret) - tool for username enumeration
Socid Extractor (https://github.com/soxoj/socid-extractor) - tool for extracting accounts info from personal pages
Marple (https://github.com/soxoj/marple) - tool for collecting links to profiles by username through search engines
Gitcolombo (https://github.com/soxoj/gitcolombo) - tool for extractiion and analyze contributors info from git repos
Telegram Bot Dumper (https://github.com/soxoj/telegram-bot-dumper) - dumper & ripper for Telegram bots by token
He has written a detailed and in-depth guide on countering OSINT (https://github.com/soxoj/counter-osint-guide-ru)
GitHub
soxoj - Overview
CPO @ Social Links. soxoj has 93 repositories available. Follow their code on GitHub.
Forwarded from Cyber Detective
Forensic Toolkit
Universal tools
Mobile tools
Memory/RAM tools
Network tools
Cipher/decoding tools
PE (Portable Executable Files)/Malware tools
OSINT tools
EZ (Eric Zummerman) Tools
SANS (Escal Institute of Advanced Technologies) cheatsheets
Test/CTF Images
Test device setup
DFIR start guides and Youtube channels
Forensic blogs and podcasts
Linux distribution and virtual machines
https://start.me/p/q6mw4Q/forensics
Creator https://twitter.com/KevinPagano3
Universal tools
Mobile tools
Memory/RAM tools
Network tools
Cipher/decoding tools
PE (Portable Executable Files)/Malware tools
OSINT tools
EZ (Eric Zummerman) Tools
SANS (Escal Institute of Advanced Technologies) cheatsheets
Test/CTF Images
Test device setup
DFIR start guides and Youtube channels
Forensic blogs and podcasts
Linux distribution and virtual machines
https://start.me/p/q6mw4Q/forensics
Creator https://twitter.com/KevinPagano3
Forwarded from Cyber Detective
There are dozens of tools for automating Google Dorking and collecting search results.
Many of them are based on the python module "googlesearch".
It is extremely simple.
But it can be applied to a multitude of investigative purposes.
You can learn it in two minutes and use it to create the perfect search automation script for your purposes.
1. Installation:
pip install googlesearch-python
2. Simple search:
from googlesearch import search
search("Osint")
3. Search with output URL of the results to the console:
for url in search('Osint'):
print(url)
4. Search in Russian:
search('Osint', lang="ru")
5. Search with a fixed number of results:
search('Osint', num_results=3)
The picture above shows an example of search automation with results output to a text file.
Official project repository: https://github.com/MarioVilas/googlesearch
Many of them are based on the python module "googlesearch".
It is extremely simple.
But it can be applied to a multitude of investigative purposes.
You can learn it in two minutes and use it to create the perfect search automation script for your purposes.
1. Installation:
pip install googlesearch-python
2. Simple search:
from googlesearch import search
search("Osint")
3. Search with output URL of the results to the console:
for url in search('Osint'):
print(url)
4. Search in Russian:
search('Osint', lang="ru")
5. Search with a fixed number of results:
search('Osint', num_results=3)
The picture above shows an example of search automation with results output to a text file.
Official project repository: https://github.com/MarioVilas/googlesearch
Forwarded from Cyber Detective
Control Validation Compass
Database of 9,000+ publicly-accessible detection rules and 2,100+ offensive security tests, aligned with over 500 common attacker techniques.
For #RedTeam and #blueTeam
https://controlcompass.github.io
Database of 9,000+ publicly-accessible detection rules and 2,100+ offensive security tests, aligned with over 500 common attacker techniques.
For #RedTeam and #blueTeam
https://controlcompass.github.io
Forwarded from Cyber Detective
Hacking the Cloud
Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on cloud exploitation (#AWS, #Azure, #GoogleCloud, #Terraform,)
https://hackingthe.cloud
Contributor twitter.com/Frichette_n
Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on cloud exploitation (#AWS, #Azure, #GoogleCloud, #Terraform,)
https://hackingthe.cloud
Contributor twitter.com/Frichette_n