CACTUSTORCH Payload Generation for Adversary Simulations.Office-DDE-Payloads collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.demiguise is a HTA encryption tool for RedTeams.Exploit toolkit CVE-2017-0199 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE.CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.Exploit toolkit CVE-2017-8759 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft.Composite Moniker Proof of Concept exploit for CVE-2017-8570.Recon-ng is a full-featured Web Reconnaissance framework written in Python.datasploit is an OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
SpiderFoot the open source footprinting and intelligence-gathering tool.
pwndb is a python command-line tool for searching leaked credentials using the Onion service with the same name.GitHarvester This tool is used for harvesting information from GitHub like google dork.pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account.typofinder a finder of domain typos showing country of IP address.It attempts to find relationships between systems within a large dataset. Just-Metadata is a tool that gathers and analyzes metadata about IP addresses.truffleHog searches through git repositories for secrets, digging deep into commit history and branches.SimplyEmail Email recon made fast and easy, with a framework to build on.Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources.FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans.linkScrape A LinkedIn user/company enumeration tool.ScrapedIn a tool to scrape LinkedIn without API restrictions for data reconnaissance.skiptracer OSINT scraping framework, utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.Outputs reports to aid in correlating targets across sites. Not restricted by APIs as it instruments a browser using Selenium. Social Mapper OSINT Social Media Mapping Tool, takes a list of names & images (or LinkedIn company name) and performs automated target searching on a huge scale across multiple social media sites.dnsrecon a tool DNS Enumeration Script.Nmap is used to discover hosts and services on a computer network, thus building a “map” of the network.The program checks SPF and DMARC records for weak configurations that allow spoofing. spoofcheck a program that checks if a domain can be spoofed from.AQUATONE is a set of tools for performing reconnaissance on domain names.AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot.EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.Reconnaissance Active Intelligence Gathering please join our telegram channel Telegram Channel.