FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayTools

TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog

By: Unknown


Welcome toΒ TruffleHog Explorer, a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog. TruffleHog is one of the most powerful secrets discovery, classification, validation, and analysis open source tool. In this context, a secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more.

With an improved UI/UX, powerful filtering options, and export capabilities, this tool helps security professionals efficiently review potential secrets and credentials found in their repositories.

⚠️ This dashboard has been tested only with GitHub TruffleHog JSON outputs. Expect updates soon to support additional formats and platforms.

You can use online version here: TruffleHog Explorer


πŸš€ Features

  • Intuitive UI/UX: Beautiful pastel theme with smooth navigation.
  • Powerful Filtering:
  • Filter findings by repository, detector type, and uploaded file.
  • Flexible date range selection with a calendar picker.
  • Verification status categorization for effective review.
  • Advanced search capabilities for faster identification.
  • Batch Operations:
  • Verify or reject multiple findings with a single click.
  • Toggle visibility of rejected results for a streamlined view.
  • Bulk processing to manage large datasets efficiently.
  • Export Capabilities:
  • Export verified secrets or filtered findings effortlessly.
  • Save and load session backups for continuity.
  • Generate reports in multiple formats (JSON, CSV).
  • Dynamic Sorting:
  • Sort results by repository, date, or verification status.
  • Customizable sorting preferences for a personalized experience.

πŸ“₯ Installation & Usage

1. Clone the Repository

$ git clone https://github.com/yourusername/trufflehog-explorer.git
$ cd trufflehog-explorer

2. Open the index.html

Simply open the index.html file in your preferred web browser.

$ open index.html

πŸ“‚ How to Use

  1. Upload TruffleHog JSON Findings:
  2. Click on the "Load Data" section and select your .json files from TruffleHog output.
  3. Multiple files are supported.
  4. Apply Filters:
  5. Choose filters such as repository, detector type, and verification status.
  6. Utilize the date range picker to narrow down findings.
  7. Leverage the search function to locate specific findings quickly.
  8. Review Findings:
  9. Click on a finding to expand and view its details.
  10. Use the action buttons to verify or reject findings.
  11. Add comments and annotations for better tracking.
  12. Export Results:
  13. Export verified or filtered findings for reporting.
  14. Save session data for future review and analysis.
  15. Save Your Progress:
  16. Save your session and resume later without losing any progress.
  17. Automatic backup feature to prevent data loss.

Happy Securing! πŸ”’



Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet

By: Unknown


Torward is an improved version based on the torghost-gn and darktor scripts, designed to enhance anonymity on the Internet. The tool prevents data leaks and forces all traffic from our computer to be routed exclusively through the Tor network, providing a high level of privacy in our connections.


Installation

   git clone https://github.com/chundefined/Torward.git
   cd Torward
   chmod +x install.sh
   ./install.sh

Security Enhancements

This version includes several key security improvements to protect your identity and ensure better network configuration:

  1. IPv6 Leak Prevention
    IPv6 is now disabled to prevent any potential IP leaks. All traffic is forced through the Tor network by modifying system IPv6 settings in network_config.py.

  2. Enhanced iptables Rules
    Strict iptables rules are implemented to ensure only Tor traffic is allowed. Non-Tor traffic is blocked, DNS queries are routed through Tor, and only essential connections to Tor ports are permitted. Additionally, IPv6 traffic is blocked to prevent leaks.

  3. Tor Configuration Adjustments
    The torward file has been updated to enforce that all traffic, including DNS queries, is routed through Tor, improving anonymity.

TODO

  • Get the IP from the last Tor exit node: Currently, the script does not display the IP of the last Tor exit node in the console. This can be achieved by using Tor's API to get the public IP of the exit node.
  • Better error handling: Ensure that the tool properly handles errors, such as Tor disconnection or network issues.


LeakSearch - Search & Parse Password Leaks

By: Zion3R


LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password.

In addition, you can define how many results you want to display on the terminal and export them as JSON or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future.


Requirements
  • Python 3
  • Install requirements

Download

It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:

git clone https://github.com/JoelGMSec/LeakSearch

Usage
  _               _     ____                      _     
 | |    ___  __ _| | __/ ___|  ___  __ _ _ __ ___| |__  
 | |   / _ \/ _` | |/ /\___ \ / _ \/ _` | '__/ __| '_ \ 
 | |__|  __/ (_| |   <  ___) |  __/ (_| | | | (__| | | |
 |_____\___|\__,_|_|\_\|____/ \___|\__,_|_|  \___|_| |_|

  ------------------- by @JoelGMSec -------------------

usage: LeakSearch.py [-h] [-d DATABASE] [-k KEYWORD] [-n NUMBER] [-o OUTPUT] [-p PROXY]

options:
  -h, --help            show this help message and exit
  -d DATABASE, --database DATABASE
                        Database used for the search (ProxyNova or LocalDataBase)
  -k KEYWORD, --keyword KEYWORD
                        Keyword (user/domain/pass) to search for leaks in the DB
  -n NUMBER, --number NUMBER
                        Number of results to show (default is 20)
  -o OUTPUT, --output OUTPUT
                        Save the results as json or txt into a file
  -p PROXY, --proxy PROXY
                        Set HTTP/S proxy (like http://localhost:8080)


The detailed guide of use can be found at the following link:

https://darkbyte.net/buscando-y-filtrando-contrasenas-con-leaksearch


License

This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.


Credits and Acknowledgments

This tool has been created and designed from scratch by Joel GΓ‘mez Molina (@JoelGMSec).


Contact

This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.

For more information, you can find me on Twitter as @JoelGMSec and on my blog darkbyte.net.



EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials

By: Zion3R

Β 

This is a tool designed for Open Source Intelligence (OSINT) purposes, which helps to gather information about employees of a company.

How it Works

The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find their personal email addresses. Finally, it uses those email addresses to search through a custom COMB database to retrieve leaked passwords. You an easily add yours and connect to through the tool.


Installation

To use this tool, you'll need to have Python 3.10 installed on your machine. Clone this repository to your local machine and install the required dependencies using pip in the cli folder:

cd cli
pip install -r requirements.txt

OSX

We know that there is a problem when installing the tool due to the psycopg2 binary. If you run into this problem, you can solve it running:

cd cli
python3 -m pip install psycopg2-binary`

Basic Usage

To use the tool, simply run the following command:

python3 cli/emploleaks.py

If everything went well during the installation, you will be able to start using EmploLeaks:

___________              .__         .__                 __
\_   _____/ _____ ______ |  |   ____ |  |   ____ _____  |  | __  ______
 |    __)_ /     \____  \|  |  /  _ \|  | _/ __ \__   \ |  |/ / /  ___/
 |        \  Y Y  \  |_> >  |_(  <_> )  |_\  ___/ / __ \|    <  \___ \
/_______  /__|_|  /   __/|____/\____/|____/\___  >____  /__|_ \/____  >
        \/      \/|__|                         \/     \/     \/     \/

OSINT tool Γ°ΕΈβ€’Β΅  to chain multiple apis
emploleaks>

Right now, the tool supports two functionalities:

  • Linkedin, for searching all employees from a company and get their personal emails.
    • A GitLab extension, which is capable of finding personal code repositories from the employees.
  • If defined and connected, when the tool is gathering employees profiles, a search to a COMB database will be made in order to retrieve leaked passwords.

Retrieving Linkedin Profiles

First, you must set the plugin to use, which in this case is linkedin. After, you should set your authentication tokens and the run the impersonate process:

emploleaks> use --plugin linkedin
emploleaks(linkedin)> setopt JSESSIONID
JSESSIONID: 
[+] Updating value successfull
emploleaks(linkedin)> setopt li-at
li-at: 
[+] Updating value successfull
emploleaks(linkedin)> show options
Module options:

Name        Current Setting                      Required    Description
----------  -----------------------------------  ----------  -----------------------------------
hide        yes                                  no          hide the JSESSIONID field
JSESSIONID  **************************           no          active cookie session in browser #1
li-at       AQEDAQ74B0YEUS-_AAABilIFFBsAAAGKdhG  no          active cookie session in browser #1
            YG00AxGP34jz1bRrgAcxkXm9RPNeYIAXz3M
            cycrQm5FB6lJ-Tezn8GGAsnl_GRpEANRdPI
            lWTRJJGF9vbv5yZHKOeze_WCHoOpe4ylvET
            kyCyfN58SNNH
emploleaks(linkedin)> run i   mpersonate
[+] Using cookies from the browser
Setting for first time JSESSIONID
Setting for first time li_at

li_at and JSESSIONID are the authentication cookies of your LinkedIn session on the browser. You can use the Web Developer Tools to get it, just sign-in normally at LinkedIn and press right click and Inspect, those cookies will be in the Storage tab.

Now that the module is configured, you can run it and start gathering information from the company:

Get Linkedin accounts + Leaked Passwords

We created a custom workflow, where with the information retrieved by Linkedin, we try to match employees' personal emails to potential leaked passwords. In this case, you can connect to a database (in our case we have a custom indexed COMB database) using the connect command, as it is shown below:

emploleaks(linkedin)> connect --user myuser --passwd mypass123 --dbname mydbname --host 1.2.3.4
[+] Connecting to the Leak Database...
[*] version: PostgreSQL 12.15

Once it's connected, you can run the workflow. With all the users gathered, the tool will try to search in the database if a leaked credential is affecting someone:

As a conclusion, the tool will generate a console output with the following information:
  • A list of employees of the company (obtained from LinkedIn)
  • The social network profiles associated with each employee (obtained from email address)
  • A list of leaked passwords associated with each email address.

How to build the indexed COMB database

An imortant aspect of this project is the use of the indexed COMB database, to build your version you need to download the torrent first. Be careful, because the files and the indexed version downloaded requires, at least, 400 GB of disk space available.

Once the torrent has been completelly downloaded you will get a file folder as following:

Ò”œÒ”€Ò”€ count_total.sh
Ò”œÒ”€Ò”€ data
Γ’β€β€š   Ò”œÒ”€Ò”€ 0
Γ’β€β€š   Ò”œÒ”€Ò”€ 1
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 0
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 1
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 2
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 3
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 4
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò&€ 5
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 6
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 7
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 8
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ 9
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ a
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ b
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ c
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ d
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ e
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ f
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ g
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ h
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ i
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ j
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ k
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ l
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ m
Γ’β€β€š   Γ’β€β€š   Ò”œÒ €Ò”€ n
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ o
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ p
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ q
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ r
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ s
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ symbols
Γ’β€β€š   Γ’β€β€š   Ò”œÒ”€Ò”€ t

At this point, you could import all those files with the command create_db:

The importer takes a lot of time for that reason we recommend to run it with patience.

Next Steps

We are integrating other public sites and applications that may offer about a leaked credential. We may not be able to see the plaintext password, but it will give an insight if the user has any compromised credential:

  • Integration with Have I Been Pwned?
  • Integration with Firefox Monitor
  • Integration with Leak Check
  • Integration with BreachAlarm

Also, we will be focusing on gathering even more information from public sources of every employee. Do you have any idea in mind? Don't hesitate to reach us:

Or you con DM at @pastacls or @gaaabifranco on Twitter.



❌