From 0ccb2304fda464e2148bbe27125a1cc3fc3e3ed9 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sun, 26 Jan 2020 20:56:34 -0500 Subject: [PATCH] Add subbrute, move AQUATONE and OWASP Amass to net recon section. Both AQUATONE and OWASP Amass are not actually direct network device discovery tools, but OSINT and DNS-specific mass querying tools. A domain (or subdomain) is not technicall a network device, and thus I feel like these tools were mis-categorized by being grouped with actual network device discovery search engines like Shodan. --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9966dfd..a72e38a 100644 --- a/README.md +++ b/README.md @@ -378,9 +378,11 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma ### Network Reconnaissance Tools * [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins. +* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools. * [CloudFail](https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. * [DNSDumpster](https://dnsdumpster.com/) - Online DNS recon and search service. * [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. +* [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc. * [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports. * [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool. * [dnsenum](https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. @@ -393,6 +395,7 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma * [passivedns](https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup. * [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. * [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool. +* [subbrute](https://github.com/TheRook/subbrute) - DNS meta-query spider that enumerates DNS records, and subdomains. * [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. ### Protocol Analyzers and Sniffers @@ -530,9 +533,7 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma ### Network device discovery tools -* [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools. * [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans. -* [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc. * [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices. * [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.