image
WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information, such as description, attributes, resource usage etc. WinObjEx64 let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information. WinObjEx64 works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10, including Server variants. WinObjEx64 also supports running on Wine, including Wine Staging. In order to use all program features Windows must be booted in the DEBUG mode. Build WinObjEx64 comes with full source code. In order to build from source you need Microsoft Visual Studio 2013 U4 or Visual Studio 2015 and later versions. Instructions Select Platform ToolSet first for project in solution you want to build (Project->Properties->General): v120 for Visual Studio 2013; v140 for Visual Studio 2015; v141 for Visual Studio 2017. For v140 and above set Target Platform Version (Project->Properties->General): If v140 then select 8.1 (Note that Windows 8.1 SDK must be installed); If v141 then select 10.0.17134.0 (Note that Windows 10.0.17134 SDK must be installed). What is new Whats New in 1.7.3 Authors (c) 2015 – 2019 WinObjEx64 Project Original WinObjEx (c) 2003 – 2005 Four-F Download WinObjEx64

image
Regipy is a python library for parsing offline registry hives. regipy has a lot of capabilities: Use as a library: Recurse over the registry hive, from root or a given path and get all subkeys and values Read specific subkeys and values Apply transaction logs on a registry hive Command Line Tools Dump an entire registry hive to json Apply transaction logs on a registry hive Compare registry hives Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name…) Installation Only python 3.7 is supported: pip install regipy also, it is possible to install from source by cloning the repository and executing: python setup.py install CLI Parse the header: registry-parse-header ~/Documents/TestEvidence/Registry/SYSTEM Example output: ╒════════════════════════╤══════════╕ │ signature │ b’regf’ │ ├────────────────────────┼──────────┤ │ primary_sequence_num │ 11639 │ ├────────────────────────┼──────────┤ │ secondary_sequence_num │ 11638 │ ├────────────────────────┼──────────┤ │ last_modification_time │ 0 │ ├────────────────────────┼──────────┤ │ major_version │ 1 │ ├────────────────────────┼──────────┤ │ minor_version │ 5 │ ├────────────────────────┼──────────┤ │ file_type │ 0 │ ├────────────────────────┼──────────┤ │ file_format │ 1 │ ├────────────────────────┼──────────┤ │ root_key_offset │ 32 │ ├────────────────────────┼──────────┤ │ hive_bins_data_size │ 10534912 │ ├────────────────────────┼──────────┤ │ clustering_factor │ 1 │ ├────────────────────────┼──────────┤ │ file_name │ SYSTEM │ ├────────────────────────┼──────────┤ │ checksum │ 0 │ ╘════════════════════════╧══════════╛ [2019-02-09 13:46:12.111654] WARNING: regipy.cli: Hive is not clean! You should apply transaction logs When parsing the header of a hive, also checksum validation and transaction validations are done Dump entire hive to disk (this might take some time) registry-dump ~/Documents/TestEvidence/Registry/NTUSER-CCLEANER.DAT -o /tmp/output.json registry-dump util can also output a timeline instead of a JSON, by adding the -t flag Run relevant plugins on Hive registry-run-plugins ~/Documents/TestEvidence/Registry/SYSTEM -o /tmp/plugins_output.json The hive type will be detected automatically and the relevant plugins will be executed. See the plugins section for more information Compare registry hives Compare registry hives of the same type and output to CSV (if -o is not specified output will be printed to screen) registry-diff NTUSER.dat NTUSER_modified.dat -o /tmp/diff.csv Example output: [2019-02-11 19:49:18.824245] INFO: regipy.cli: Comparing NTUSER.DAT vs NTUSER_modified.DAT ╒══════════════╤══════════════╤════════════════════════════════════════════════════════════════════════════════╤════════════════════════════════════════════════╕ │ difference │ first_hive │ second_hive │ description │ ╞══════════════╪══════════════╪════════════════════════════════════════════════════════════════════════════════╪════════════════════════════════════════════════╡ │ new_subkey │ │ 2019-02-11T19:46:31.832134+00:00 │ SoftwareMicrosoftlegitimate_subkey │ ├──────────────┼──────────────┼────────────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────────────┤ │ new_value │ │ not_a_malware: c:templegitimate_binary.exe @ 2019-02-11 19:45:25.516346+0:00 │ SoftwareMicrosoftWindowsCurrentVersionRun │ ╘══════════════╧══════════════╧════════════════════════════════════════════════════════════════════════════════╧════════════════════════════════════════════════╛ [2019-02-11 19:49:18.825328] INFO: regipy.cli: Detected 2 differences Recover a registry hive, using transaction logs: registry-transaction-logs NTUSER.DAT -p ntuser.dat.log1 -s ntuser.dat.log2 -o recovered_NTUSER.dat After recovering, compare the hives with registry-diff to see what changed Using as a library Initiate the registry hive object from regipy.registry import RegistryHive reg = RegistryHive(‘/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT’) Iterate recursively over the entire hive, from root key for entry in reg.recurse_subkeys(as_json=True): print(entry) Iterate over a key and get all subkeys and their modification time: for sk in reg.get_key(‘Software’).iter_subkeys(): print(sk.name, convert_wintime(sk.header.last_modified).isoformat()) Adobe 2019-02-03T22:05:32.525965 AppDataLow 2019-02-03T22:05:32.526047 McAfee 2019-02-03T22:05:32.526140 Microsoft 2019-02-03T22:05:32.526282 Netscape 2019-02-03T22:05:32.526352 ODBC 2019-02-03T22:05:32.526521 Policies 2019-02-03T22:05:32.526592 Get the values of a key: reg.get_key(‘SoftwareMicrosoftInternet ExplorerBrowserEmulation’).get_values(as_json=True) [{‘name’: ‘CVListTTL’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘UnattendLoaded’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘TLDUpdates’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘CVListXMLVersionLow’, ‘value’: 2097211, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘CVListXMLVersionHigh’, ‘value’: None, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘CVListLastUpdateTime’, ‘value’: None, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘IECompatVersionHigh’, ‘value’: None, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘IECompatVersionLow’, ‘value’: 2097211, ‘value_t ype’: ‘REG_DWORD’, ‘is_corrupted’: False}, {‘name’: ‘StaleCompatCache’, ‘value’: 0, ‘value_type’: ‘REG_DWORD’, ‘is_corrupted’: False}] Use as a plugin: from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin NTUserPersistencePlugin(reg, as_json=True).run() { ‘Software\Microsoft\Windows\CurrentVersion\Run’: { ‘timestamp’: ‘2019-02-03T22:10:52.655462’, ‘values’: [{ ‘name’: ‘Sidebar’, ‘value’: ‘%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun’, ‘value_type’: ‘REG_EXPAND_SZ’, ‘is_corrupted’: False }] } } Run all relevant plugins for a specific hive from regipy.plugins.utils import run_relevant_plugins reg = RegistryHive(‘/Users/martinkorman/Documents/TestEvidence/Registry/SYSTEM’) run_relevant_plugins(reg, as_json=True) { ‘routes’: {}, ‘computer_name’: [{ ‘control_set’: ‘ControlSet001\Control\ComputerName\ComputerName’, ‘computer_name’: ‘DESKTOP-5EG84UG’, ‘timestamp’: ‘2019-02-03T22:19:28.853219’ }] } Download Regipy

image
Rifiuti2 is a for analyzing Windows Recycle Bin INFO2 file. Analysis of Windows Recycle Bin is usually carried out during Windows computer forensics. Rifiuti2 can extract file deletion time, original path and size of deleted files and whether the trashed files have been permanently removed. For those interested in what it does, and what functionality it provides, please check out official site for more info. Latest features and changes can be found in NEWS file . Special note for 0.7.0 Windows binaries will be automatically built from Appveyor and published to Github. Systems supporting UTF-8 encoding is mandatory, except on Windows console (file output is also in UTF-8). This shouldn’t be problematic though, as UTF-8 locale is pretty much standard for Linux and macOS these years. On Windows front, there are already many featureful text editors capable of opening UTF-8 unicode text files. As a result, -8 option is obsolete and no more affects output in any way. Usage rifiuti2 is designed to be portable, and runs on command line environment. Depending on relevant Windows recycle bin format, there are 2 binaries to choose from (most users would want first one): Program | Recycle bin from OS | Purpose —|—|— rifiuti-vista | Vista – Win10 | Scans $Recycle.bin style folder rifiuti | Win95 – XP/2003 | Reads INFO or INFO2 file in RECYCLED or RECYCLER folder Run programs without any option for more detail. Here are some more frequently used options: Option | Purpose —|— -o | Output to file -x | Output XML instead of tab-separated fields -l | Display legacy (8.3) filenames and specify its codepage Please consult manpage (Unix) or README.html (bundled with Windows binaries) for complete options and detailed usage description. Examples rifiuti-vista.exe -x -z -o result.xml caseS-1-2-3 Scan for index files under caseS-1-2-3 , adjust all deletion time for local time zone, and write XML output to result.xml rifiuti -l CP932 -t “n” INFO2 Assume INFO2 file is generated from Japanese Windows (codepage 932), and display each field line by line, instead of separated by tab Supported platform It has been tested on Linux, Windows 7 and FreeBSD. Some testing on big endian platforms are done with Qemu emulator. More compatibility fix for other architectures welcome. Download Windows Windows binaries are officially provided on Github release page . Note that 0.6.1 version is the last version that can run on Windows XP and 2003; upcoming versions would require Vista or above. Linux DEB packages available officially on Debian and Ubuntu , hence also available on most (if not all) derivatives focusing on security and forensics, such as (this is incomplete list): Kali Linux Deft X Virtual Appliance BackBox Linux RPM packages from Linux Forensics Tools Repository (LiFTeR) can be used on Fedora, and very likely CentOS and RHEL. ArchStrike (formerly ArchAssault) , a penetration testing derivative of Arch Linux, has rifiuti2 packaged since late 2014. FreeBSD Official FreeBSD port is available since 8.4. Others (Compile from source) For OS where rifiuti2 is not readily available, it is always possible to compile from source. rifiuti2 follows the usual autotools based procedure: ./configure && make check && make install Please refer to wiki page for more detail. Download Rifiuti2

image
First, a couple of useful oneliners 😉 wget “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh” -O lse.sh curl “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh” -o lse.sh linux-smart-enumeration Linux enumeration tools for pentesting and CTFs This project was inspired by https://github.com/rebootuser/LinEnum and uses many of its tests. Unlike LinEnum, lse tries to gradualy expose the information depending on its importance from a privesc point of view. What is it? This script will show relevant information about the security of the local Linux system. It has 3 levels of verbosity so you can control how much information you see. In the default level you should see the highly important security flaws in the system. The level 1 ( ./lse.sh -l1 ) shows interesting information that should help you to privesc. The level 2 ( ./lse.sh -l2 ) will just dump all the information it gathers about the system. By default it will ask you some questions: mainly the current user password (if you know it 😉 so it can do some additional tests. How to use it? The idea is to get the information gradually. First you should execute it just like ./lse.sh . If you see some green yes! , you probably have already some good stuff to work with. If not, you should try the level 1 verbosity with ./lse.sh -l1 and you will see some more information that can be interesting. If that does not help, level 2 will just dump everything you can gather about the service using ./lse.sh -l2 . In this case you might find useful to use ./lse.sh -l2 | less -r . You can also select what tests to execute by passing the -s parameter. With it you can select specific tests or sections to be executed. For example ./lse.sh -l2 -s usr010,net,pro will execute the test usr010 and all the tests in the sections net and pro . Use: ./lse.sh [options] OPTIONS -c Disable color -i Non interactive mode -h This help -l LEVEL Output verbosity level 0: Show highly important results. (default) 1: Show interesting results. 2: Show all gathered information. -s SELECTION Comma separated list of sections or tests to run. Available sections: usr: User related tests. sud: Sudo related tests. fst: File system related tests. sys: System related tests. sec: Security measures related tests. ret: Recurren tasks (cron, timers) related tests. net: Network related tests. srv: Services related tests. pro: Processes related tests. sof: Softw are related tests. ctn: Container (docker, lxc) related tests. Specific tests can be used with their IDs (i.e.: usr020,sud) Is it pretty? Usage demo Also available in webm video Level 0 (default) output sample Level 1 verbosity output sample Level 2 verbosity output sample Download Linux-Smart-Enumeration

image
Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. After approximately one year of development, the Whonix Project is proud to announce the release of Whonix 15. Whonix 15 is based on the Debian buster (Debian 10 ) distribution. This means users have access to many new software packages in concert with existing packages, such as a modern branch of GNuPG, and more. Major Changes and New Features port Whonix from Debian stretch to Debian buster 5 kernel hardening 7 Blacklist uncommon network protocols 6 systemd unit sandboxing 5 improve entropy collection through extensive research and installation by default of jitterentropy-rngd 3 research implications of spectre / meltdown / retpoline / L1 Terminal Fault (L1TF) 5 vs Whonix Non-Qubes-Whonix: kloak – Keystroke Anonymization Tool 5 Non-Qubes-Whonix: Whonix Live 3 / Live Mode Indicator / grub-live / grub-default-live 1 Non-Qubes-Whonix: switch desktop environment from KDE to XFCE ( poll 2 ) ( other desktop environments 3 ) Non-Qubes-Whonix: reduced image size using zerofree 2 Whonix VirtualBox: CLI version 2 (Whonix ™ with CLI is a version suited for advanced users – those who want Whonix ™ without a GUI.) Whonix VirtualBox: unified ova downloads 5 Qubes-Whonix: change Qubes-Whonix default applications from KDE-ish to XFCE-ish 5 Qubes-Whonix: simplify installation of VM kernel 2 by installing the same recommended Qubes packages as Qubes Debian packages ( source 1 ( source 2 ) Whonix KVM: serial console support 3 update sdwdate time sources 1 List of processed Whonix 15 tickets arm64 / RPi 5 port install by default zulucrypt, qtox, onionshare, keepassxc, firejail new usability wrappers: scurlget 1 , curlget , pwchange , upgrade-nonroot 1 , apt-get-noninteractive , apt-get-update-plus remove mixmaster, ricochet since dead upstream support for Bisq – The P2P Exchange Network 4 port build script to cowbuilder; build packages in chroot and use mmdebstrap for better security add UsrMerge compatibility ChangeLog Full ChangeLog 6 list of all source code between Whonix 14 and Whonix 15 Download Whonix v15

image
A tool which helps you embedding UAC-Bypassing function into your custom Win32 payloads ( x86_64 architecture specifically ) Tested on Windows 7,8,10 ( 64bit) Free and Open-sourced with full source codes published Tutorial Requirements: | Linux | Windows —|—|— Architecture | Optional | x86_64 Python 3.x > | YES | NO Module | termcolor | NO Distros | Any | Windows Version | Any | Windows 7,8,10 Usage: [ Linux ]: This tool does require a python module called termcolor . When you run the script it will automatically install it if you haven’t, but if you want the tool to function faster, i would suggest you doing it manually before proceeding $ pip3 install termcolor #installing termcolor $ #Temporary usage only, installation below $ git clone https://github.com/Zenix-Blurryface/SneakyEXE.git $ cd SneakyEXE/Linux $ chmod +x sneakyexe.py $ ./sneakyexe = out= visit https://github.com/Zenix-Blurryface/SneakyEXE Download the repository, “clone or download” -> “Download ZIP” Unzip it into your optional directory Change dir to SneakyEXEWin32 Execute sneakyexe.exe ( or syssneakyexe.exe for an improved startup speed ) ( Optional : you can copy sneakyexe.exe to whatever directory you want and delete the unzipped one ) NOTE – The payload can only be successfully executed by the user with Administrator privilege. Users with limited token wouldn’t succeed. Installation: $ git clone https://github.com/Zenix-Blurryface/SneakyEXE.git $ cd SneakyEXE $ chmod +x install.sh $ sudo ./install.sh UNAVAILABLE ( Soon will if many people demand ) Build: Built on Opensuse Leap 15.0 Developed using Python 3.6.5 Developed with gcc (MinGW.org GCC-8.2.0-3) 8.2.0 for the payload compilation [ Payload Embedding ] In order to build the elevator from source, you will need gcc gcc 8.2.0 ( c11 ) and a AMD64 machine with Windows 10(7/8) 64-bit installed. Windows 10/7/8 (AMD64) Open cmd.exe / powershell.exe gcc -mwindows -o .exe /source/main.c [ GUI Version ] In order to build the GUI version from source, you will need Python 3.5.6 ( or higher ) with modules like Pyinstaller , Pillow and a AMD64 machine with Windows 10 (7/8) 64-bit installed. Assume we already had Python preinstalled Open cmd.exe / powershell.exe pip install pillow # Installing Pillow pip install pyinstaller # Installing Pyinstaller mkdir compile # Optional directory name cd compile pyinstaller –windowed –onefile –icon=Icon.ico /source/Win32/GUI.py # For sysematic version ( /sys ), remove –onefile cd dist GUI.exe # The compiled executable :} Disclaimer: This tool was made for academic purposes or ethical cases only. I ain’t taking any resposibility upon your actions if you abuse this tool for any black-hat acitivity Feel free to use this project in your software, just don’t reclaim the ownerhsip . Release: v0.9 beta Credits: This tool does embed UACme which was originally coded by hfiref0x but the rest was pretty much all coded by me ( Zenix Blurryface ) hfiref0x –> https://github.com/hfiref0x Author: Copyright © 2019 by Zenix Blurryface Download SneakyEXE

image
Operational Security utility and automator. NetSet is designed to automate a number of operations that will help the user with securing their network traffic. It also provides an easy way to gather proxies and run utilities through Tor. All the utilities installed and used by NetSet will be automatically configured as well. Of course the tool itself isn’t the be all of Operational Security. Rather it is a convenient way of getting yourself set up with the basics. NetSet facilitates, among other things; A terminal multiplexer on demand, that has it’s sessions routed through Tor. Secured DNS traffic through automatic installation and configuration of DNSCrypt-proxy. Tor Wall functionality that forces all traffic through the Tor Network. Easy access to online OPSEC resources, the web resources in question can be opened in-script And more. Usage After cloning the repo navigate to the NetSet directory and run the following: chmod +x *.sh ./netset-main.sh –install #sudo ./netset-main.sh –install This will install and configure everything you’ll need for NetSet to function properly. Update Using sudo to start the script will execute every operation within the script as root, this means you won’t be prompted for your sudo password when an operation requires elevated privileges. However all items written by NetSet will consequently be owned by root as well, including backup directories. Last but not least; when considering security implications, it is not recommended to run everything with super user privileges. Starting the main script with sudo will be optional from now on to reflect the above considerations. Options Please see an option overview below. CLI Arguments ‘-t’ or ‘–terminal’ Starts terminal multiplexer with all connections routed through Tor ‘-s’ or ‘–status’ prints a status overview of NetSet related network utilities and their current state. ‘-i’ or ‘–install’ runs a script designed to install all of NetSet’s dependencies and configures them Menu Options ‘Usage’ – Print options overview ‘Status’ – Print Status overview ‘Spoof MAC’ – Spoof MAC Address ‘Random Proxies’ – Scrape random proxies ‘GeoSort Proxies’- Scrape GeoSorted proxies ‘ProtonVPN’ – Start ProtonVPN ‘Tor Terminal’ – Start terminal multi- plexer, with all sessions routed through Tor ‘Tor Wall’ – Configures iptables to force all connections through Tor. ‘OPSEC Resources’- Display NetSet’s included list of web resources. Select an entry to open it in your default browser Note Tested on Ubuntu 19.04 I plan on expanding this tool in the future with even more OPSEC related resources and/or operations. Should you happen to come across a bug or have any questions regarding this tool. Please feel free to Open a Ticket Download NetSet

image
OSINT Tool to find Media Links in Tor Sites. Tested On Kali Linux 2019.2 Ubuntu 18.04 Nethunter Arc Linux Installation git clone https://github.com/itsmehacker/DarkScrape.git pip3 install -r requirements.txt Features Download Media Scrape From Single Url Scraping From Files Txt Csv Excel Inspired By: Jake Creps @jakecreps Download DarkScrape

image
Fake User Generator for Active Directory Environments Introduction The goal of Youzer is to create information rich Active Directory environments. This uses the python3 library ‘faker’ to generate random accounts. pip3 install faker You can either supply a wordlist or have the passwords generated. The generated option is great for testing things like hashcat rule masks. Wordlist option is useful when wanting to supply a specific password list seeded into an environment, or to practice dictionary attacks. The output is a CSV and a PowerShell script where both can be copied to the target. When executed, the PowerShell script binds over LDAP so doesn’t rely on the newer Active Directory modules and creates each user object. Currently the OU’s need to exist, but this tool is a sub-project of ‘Labseed’ where the Active Directory structure will be created. RoadMap Generate multiple departments (OU’s) Generate grouping structure and randomly assign Implement additional Faker object options to populate other LDAP fields such as Address, Region Create an organisational chart of the nested grouping structure Examples Youzer can create 100,000 users in under 30 seconds and 1,000,000 users in around 3 minutes. [-] Domain Name set to : example [*] Writing to output file : sales_example.csv [!] Generating 100000 users in password generate mode [!] Creating Powershell script for import : sales_example.ps1 python3 youzer.py –generate –generate_length 20 –ou –domain example 20.35s user 0.11s system 95% cpu 21.354 total YouTube Video Creating 1000 user accounts with a randomly generated alphanumeric password choice of 20 characters python3 youzer.py –generate –generate_length 20 –ou “ou=sales,dc=example,dc=domain” –domain example –users 1000 –output sales_example.csv ?88 d8P d8888b ?88 d8Pd88888P d8888b 88bd88b d88 88 d8P’ ?88d88 88 d8P’ d8b_,dP 88P’ ` ?8( d88 88b d88?8( d88 d8P’ 88b d88 `?88P’?8b `?8888P’`?88P’?8bd88888P’`?888P’d88′ )88 ,d8P version : 0.1 `?888P’ author : @lorentzenman team : SpiderLabs [-] Domain Name set to : example [*] Writing to output file : sales_example.csv [!] Generating 1000 users in password generate mode [!] Creating Powershell script for import : sales_example.ps1 Sample output from CSV file created from generate option Name,GivenName,sn,ou,password,address,description Dennis Shaw,Dennis,Shaw,”ou=sales,dc=example,dc=domain”,VwVeloi09FaECRdNbbXD, Sam Francis,Sam,Francis,”ou=sales,dc=example,dc=domain”,qhitxgjDW4gZFuraLJbB, Ellie Freeman,Ellie,Freeman,”ou=sales,dc=example,dc=domain”,7qbLcknqlPtpkOzdLyw3, Terence Arnold,Terence,Arnold,”ou=sales,dc=example,dc=domain”,lumPMbDk1YomypRj26by, Anne Murphy,Anne,Murphy,”ou=sales,dc=example,dc=domain”,6r42EGGoEJYe9PydHRTV, Wendy Smith,Wendy,Smith,”ou=sales,dc=example,dc=domain”,tKI2zFUOU8XdK4ZTUJas, Jay Lyons,Jay,Lyons,”ou=sales,dc=example,dc=domain”,wxEIbw18tW9uFYXtMI9H, Jonathan White,Jonathan,White,”ou=sales,dc=example,dc=domain”,caoHcm2Y90lIH7zskJYr, Adam Roberts,Adam,Roberts,”ou=sales,dc=example,dc=domain”,Qu0y7mlb2haQQddxYrcN, Georgina Jones,Georgina,Jones,”ou=sales,dc=example,dc=domain”,rYBjxs4tpj9Qza7HcKYI, Lee Newton,Lee,Newton,”ou=sales,dc=example,dc=domain”,6CVlBvEutc3Ahco2UI5q, Aaron Smith,A aron,Smith,”ou=sales,dc=example,dc=domain”,hmSSoKILfvrHuHbPTDIQ, Max Hall,Max,Hall,”ou=sales,dc=example,dc=domain”,11Ys9Zdk2M8J1JAScBkP, Kimberley Douglas,Kimberley,Douglas,”ou=sales,dc=example,dc=domain”,WQ9285gSHv2MXkwoLYlg, Denise Fisher,Denise,Fisher,”ou=sales,dc=example,dc=domain”,CT1pbfAnCoezuyrJbQX9, Creating 1000 user accounts from a source word list python3 youzer.py –wordlist ~/tools/pw/Probable-Wordlists/Real-Passwords/Top12Thousand-probable-v2.txt –ou “ou=IT,dc=example,dc=domain” –domain example –users 1000 –output IT_example.csv ?88 d8P d8888b ?88 d8Pd88888P d8888b 88bd88b d88 88 d8P’ ?88d88 88 d8P’ d8b_,dP 88P’ ` ?8( d88 88b d88?8( d88 d8P’ 88b d88 `?88P’?8b `?8888P’`?88P’?8bd88888P’`?888P’d88′ )88 ,d8P version : 0.1 `?888P’ author : @lorentzenman team : SpiderLabs [-] Domain Name set to : example [*] Writing to output file : IT_example.csv [!] Generating 1000 users in wordlist mode [!] Creating Powershell script for import : IT_example.ps1 Sample output of CSV file from above wordlist option Name,GivenName,sn,ou,password,address,description Rhys Parker,Rhys,Parker,”ou=IT,dc=example,dc=domain”,houston, Geoffrey Harris,Geoffrey,Harris,”ou=IT,dc=example,dc=domain”,clothing, Georgia Davis,Georgia,Davis,”ou=IT,dc=example,dc=domain”,spotty, Gemma Norris,Gemma,Norris,”ou=IT,dc=example,dc=domain”,brendan1, Daniel Marsh,Daniel,Marsh,”ou=IT,dc=example,dc=domain”,pauline, Dominic Harvey,Dominic,Harvey,”ou=IT,dc=example,dc=domain”,devin, Teresa Stokes,Teresa,Stokes,”ou=IT,dc=example,dc=domain”,snapple, Joanna Morgan,Joanna,Morgan,”ou=IT,dc=example,dc=domain”,volcom, Oliver Middleton,Oliver,Middleton,”ou=IT,dc=example,dc=domain”,master, Download Youzer

image
Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a UI. Features Sub Domain Scraping Finding A.S.N -> Netblocks -> IP’s Resolving Finding Ports Finding VHost Finding Directories Finding Sub Takeovers Asset tracker with live monitoring Push Notifications to Slack Finding JS link then relative links in them and some sensitive files Active and passive crawling Recommendation Machine Configuration – Debian- 9.4, 4 GB RAM on DigitalOcean and its will be good to run this tool on a new and fresh VPS. For Censys: Set the API and SECRET KEY in the sub.sh unless you want to set it again and again. For removing: 1. Delete the lines 13-18 2. Then set you API and SECRET KEY on line 47 & 48 like this: export CENSYS_API_ID=your_key_here For getting notification on Slack: Change the webhook address to your one in sub.sh, ASN.sh and Sublert.py-> config.py to get notification while you do your other works. For changing: 1. Replace the Webhook address at line 113 in sub.sh and 15 in ASN.sh 2. Replace the Webhook address in Tools/sublert/config.py AND Follow @yassineaboukir guide to configure the slack for sublert and also for creating a webhook address for sub.sh and ASN.sh here: https://medium.com/@yassineaboukir/automated-monitoring-of-subdomains-for-fun-and-profit-release-of-sublert-634cfc5d7708 Tools Added Thanks to all the aurthors who have written these scripts and making a huge contribution to the great community. A big shout-out for @ehsahil for his blog on recon that helped me a lot while making this tool and taking examples for the repository. Sublist3r Knock Subfinder Censys Amass CT Logs CTFR Wayback San Domains AltDns NMAP Masscan MassDNS Sublert Aquatone Vhost Rapid7 FDNS DB AWS-CLI Dirsearch More to be added… Requirements Go-Languange Install by Following methods: wget https://dl.google.com/go/go1.12.5.linux-amd64.tar.gz tar -C /usr/local -xzf go1.12.5.linux-amd64.tar.gz rm -f go1.12.5.linux-amd64.tar.gz nano ~/.profile Add this lines export PATH=$PATH:/usr/local/go/bin export GOROOT=/usr/local/go Installation Note: For a new Fresh VPS run this commands first: sudo apt-get upgrade && sudo apt-get update && sudo apt-get install git git clone https://github.com/SilverPoision/Rock-ON.git cd Rock-ON chmod +x rockon.sh ./rockon.sh 1 Also don’t forget to configure your AWS credentials by running aws configure Usage ./rockon.sh Enter your choice and then the required Information. Screenshot Note: Run the below command while running the 4th option for the first time. gem install colorize Give Rock-On some Love If this tool was useful to you during your recon stages – I would love to know. Any suggestions or ideas for this tool are appreciated – Just DM me on Facebook or Twitter Download Rock-ON