Merge pull request #205 from enaqx/tools-addition

add various tools based on #204
2024-10-01 01:05:56 -04:00 · 2017-11-19 22:39:49 -06:00 · 2017-11-19 22:39:49 -06:00 · 191b21cb13
commit 191b21cb13
parent 6a0558fe45 f30958f5b2
2 changed files with 13 additions and 3 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -9,4 +9,4 @@ before_script:
  - wget 'http://cdp.pca.dfn.de/uni-potsdam-ca/pub/cacert/cacert.pem' -O potsdam.pem
  - cat bundle.pem dfn.pem potsdam.pem > /tmp/bundle.pem
 script:
-  - SSL_CERT_FILE="/tmp/bundle.pem" awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org"
+  - SSL_CERT_FILE="/tmp/bundle.pem" awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion,creativecommons.org,zoomeye.org"
--- a/README.md
+++ b/README.md
@ -151,7 +151,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
 * [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs.
 * [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
-* [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework.
+* [sobelow](https://github.com/nccgroup/sobelow) - Security-focused static analysis for the Phoenix Framework.
+* [bandit](https://pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code.

 #### Web Scanners
 * [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner.
@ -208,6 +209,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
 * [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
 * [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
+* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) - A swiss army knife for pentesting networks.
+* [impacket](https://github.com/CoreSecurity/impacket) - A collection of Python classes for working with network protocols.

 ### Wireless Network Tools
 * [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks.
@ -219,6 +222,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 ### Transport Layer Security Tools
 * [SSLyze](https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
 * [tls_prober](https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation.
+* [testssl.sh](https://github.com/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

 ### Web Exploitation
 * [OWASP Zed Attack Proxy (ZAP)](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
@ -232,7 +236,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
 * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
 * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
-* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
+* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
 * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
 * [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
 * [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
@ -247,6 +251,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
 * [NoSQLmap](http://nosqlmap.net/) - Automatic NoSQL injection and database takeover tool.
 * [VHostScan](https://github.com/codingo/VHostScan) - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
+* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
+* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
+* [webscreenshot](https://github.com/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites.

 ### Hex Editors
 * [HexEdit.js](https://hexed.it) - Browser-based hex editing.
@ -289,6 +296,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
 * [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
 * [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
+* [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.

 ### GNU/Linux Utilities
 * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
@ -335,6 +343,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
 * [AQUATONE](https://github.com/michenriksen/aquatone) - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
 * [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
+* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.


 ### Anonymity Tools
@ -361,6 +370,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python.
 * [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
 * [rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
+* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

 ### Physical Access Tools
 * [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.