t94j0 / Airmaster
Licence: gpl-3.0
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Airmaster
Packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (+170%)
Mutual labels: security-tools, pentesting, pentest-tool, red-team
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+416.67%)
Mutual labels: security-tools, pentesting, pentest-tool, red-team
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+657.33%)
Mutual labels: security-tools, pentesting, pentest-tool, red-team
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (+233.33%)
Mutual labels: security-tools, pentesting, pentest-tool
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+146.67%)
Mutual labels: security-tools, pentesting, red-team
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+3164.67%)
Mutual labels: pentest-tool, pentesting, security-tools
Hack Tools
The all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+1733.33%)
Mutual labels: pentesting, pentest-tool, red-team
Blackmamba
C2/post-exploitation framework
Stars: ✭ 544 (+262.67%)
Mutual labels: security-tools, pentest-tool, red-team
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+244.67%)
Mutual labels: security-tools, pentesting, pentest-tool
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-22.67%)
Mutual labels: security-tools, pentesting, pentest-tool
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-13.33%)
Mutual labels: security-tools, pentesting, pentest-tool
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (+136.67%)
Mutual labels: security-tools, pentesting, pentest-tool
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (+385.33%)
Mutual labels: security-tools, pentesting, pentest-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+409.33%)
Mutual labels: security-tools, pentesting, pentest-tool
Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-24.67%)
Mutual labels: security-tools, pentesting, red-team
Susanoo
A REST API security testing framework.
Stars: ✭ 287 (+91.33%)
Mutual labels: security-tools, pentesting, pentest-tool
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+260.67%)
Mutual labels: pentesting, pentest-tool, red-team
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+619.33%)
Mutual labels: security-tools, pentesting, pentest-tool
Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-30%)
Mutual labels: security-tools, pentesting
AIRMASTER
(Thanks NSA Name-O-Matic for the name)
Installation
macOS
- Install homebrew
- In your terminal, run
brew install tesseract - Build Go project or download a release
- Copy the configuration found in the Config section and place it in
~/.AIRMASTER.json
How to use
Listing domain names
A good way to get a domain list is registering for ExpiredDomains and using the Export .COM feature.
If you want to get a domain with specific keywords, you can use the keywords feature. This will take a bit longer and have less results, but it can still work extremely well.
- With a domain list file
AIRMASTER list --file ./path/to/file.txt
- With keywords
AIRMASTER list --keyword max --keyword cool
If multiple keywords are specified, they are combined by AND, so in the example above, you will get maxiscool.com, max-is-kinda-cool.com, cool-memes-to-the-max.com
Purchasing domain names
Purchasing domain names uses the domains found by listing domains (see above) and adds an extra step to allow you to purchase the domain name. This is very simple: just add the --purchase flag to the end of a list command
Example:
AIRMASTER list --file ./path/to/file.txt --purchase
[email protected] ~> AIRMASTER list --file ~/Downloads/domains_2017-08-01_16_07_03.txt --purchase
Using config file: /Users/max/.AIRMASTER.json
Found available domain pavpal-login-account.com (Phishing)
-1. Do not purchase
0. Purchase with GoDaddy for $7490000
Choose an option: 0
Success!
Another way to purchase domains is actually to use output from the list command. This is useful if you want to leave AIRMASTER alone for a while while you grab a coffee, or while you're reading documentation on Windows Me because your target is using that for some reason.
AIRMASTER list --file ~/Downloads/domains.txt > /tmp/available
*20 minuites later* - Edit list from /tmp/available as you'd like to
AIRMASTER purchase --list /tmp/available
The help should be obvious, so if you are stuck, try using AIRMASTER --help. (Although if you are still stuck, please create an issue)
Config
You can access the configuration by editing the ~/.AIRMASTER.json file.
The options are:
- (*) user - Used for whois data
- first - Your first name
- middle - Your middle name
- last - Your last name
- organization - Organization that you belong to
- title - Title at organization
- email - Email for contact
- phone - Phone number (format: +[country_code].XXXXXXXXXX. Ex: +1.9999999999)
- fax - Fax number
- address
- city
- postal
- country_code - ISO "Alpha 2 Code"
- godaddy - Godaddy configuration
- godaddyKey
- godaddySecret
- namecheap - Namecheap configuration (Not built yet!)
- namecheapUser
- namecheapKey
- namecheapUsername
- file - Sets location for file to check domains from
- keyword - Set keywords
(*) is required
Example Config
Before anyone freaks out, the API key is a test key taken from the GoDaddy docs
{
"godaddyKey": "UzQxLikm_46KxDFnbjN7cQjmw6wocia",
"godaddySecret": "46L26ydpkwMaKZV6uVdDWe",
"first": "Max",
"last": "Harley",
"organization": "Max Co.",
"title": "CEO",
"email": "[email protected]",
"phone": "+1.9999999",
"address": "1 Awesome Dr.",
"city": "Charleston",
"state": "SC",
"postal": "2946X",
"country_code": "US"
}
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].