Linux tips

Linux TIPS WORLD

Gophish – Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.InstallInstallation of Gophish is dead-simple – just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for […]

Linux TIPS WORLD

Aaia – AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia (pronounced as shown here ) helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies.Aaia also supports modules to programatically fetch data from […]

Linux TIPS WORLD

Scallion – GPU-based Onion Addresses Hash Generator

Scallion lets you create vanity GPG keys and .onion addresses (for Tor’s hidden services) using OpenCL.Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008).Scallion is currently in beta stage and under active development. Nevertheless, we feel that it is ready for use. Improvements are expected primarily […]

Linux TIPS WORLD

Gowitness – A Golang, Web Screenshot Utility Using Chrome Headless

gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line. Both Linux and macOS is supported, with Windows support ‘partially working’.Inspiration for gowitness comes from Eyewitness. If you are looking for something with lots of extra features, be sure to check it […]

Linux TIPS WORLD

Hakrawler – Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application

hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover: Forms Endpoints Subdomains Related domains JavaScript files The goal is to create the tool in a way that it can be easily chained with other tools such as subdomain enumeration […]

Linux TIPS WORLD

Gtfo – Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions

This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be exploited to bypass system security restrictions. These binaries can be abused to get the f**k break out of restricted shells, escalate privileges, transfer files, spawn bind and reverse shells, etc… The functions are from https://github.com/GTFOBins/GTFOBins.github.io […]

Linux TIPS WORLD

SWFPFinder – SWF Potential Parameters Finder

SWFPFinder is a simple and open source bash script designed to discovery the potential swf (file) parameters on the webapp analysing the swf file. SWFPFinder use swfmill tool, swfmill is a tool to process Adobe Flash (SWF) files. It can convert SWF from and to an XML dialect called “swfml”, which is closely modeled after […]

Linux TIPS WORLD

Kamerka GUI – Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. Powered by Shodan – Supported by Binary Edge & WhoisXMLAPIwriteup – https://medium.com/@woj_ciech/hack-the-planet-with-%EA%93%98amerka-gui-ultimate-internet-of-things-industrial-control-systems-5ff7d9686b29Demo – https://woj-ciech.github.io/kamerka-demo/kamerka.html Requirements beautiful soup python3 django pynmea2 celery redis Shodan BinaryEdge WHOISXMLAPI Flickr Google Maps API pip3 install -r requirements.txtMake sure your API keys are correct and put them in keys.json in main directory.Run […]

Linux TIPS WORLD

SQLMap v1.4 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the […]

Linux TIPS WORLD

Turbolist3r – Subdomain Enumeration Tool With Analysis Features For Discovered Domains

Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover.Turbolist3r queries public DNS servers for each discovered subdomain. If the subdomain exists (i.e. the resolver replied with an address), the answer is categorized […]