GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → s1l3nt78 → Sifter

s1l3nt78 / Sifter

Licence: gpl-3.0
Sifter aims to be a fully loaded Op Centre for Pentesters

Programming Languages

shell
77523 projects

Labels

networkpentestingpenetration-testingscannerosintpentestexploitationreconpost-exploitationvulnerability-scanner

Projects that are alternatives of or similar to Sifter

Oscp Prep
my oscp prep collection
Stars: ✭ 105 (-73.95%)
Mutual labels:  osint, pentesting, penetration-testing, scanner, recon
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+753.35%)
Mutual labels:  osint, scanner, recon, penetration-testing, pentesting
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+769.23%)
Mutual labels:  pentesting, penetration-testing, scanner, pentest, recon
Scilla
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-71.22%)
Mutual labels:  network, pentesting, penetration-testing, recon
Hacker Roadmap
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+1823.57%)
Mutual labels:  penetration-testing, pentest, exploitation, post-exploitation
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-68.98%)
Mutual labels:  pentesting, penetration-testing, scanner, pentest
Cloudfail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+207.44%)
Mutual labels:  pentesting, scanner, pentest, recon
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+5.96%)
Mutual labels:  osint, pentesting, penetration-testing, recon
Reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (+54.09%)
Mutual labels:  osint, scanner, pentest, recon
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-56.08%)
Mutual labels:  osint, pentesting, pentest, recon
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-64.76%)
Mutual labels:  scanner, penetration-testing, recon, pentest
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+122.58%)
Mutual labels:  scanner, pentest, exploitation, vulnerability-scanner
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-58.56%)
Mutual labels:  osint, penetration-testing, recon, exploitation
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+473.7%)
Mutual labels:  osint, pentesting, scanner, vulnerability-scanner
PXXTF
Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨
Stars: ✭ 23 (-94.29%)
Mutual labels:  scanner, penetration-testing, pentest, exploitation
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-33.25%)
Mutual labels:  osint, pentesting, scanner, recon
avain
A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-86.1%)
Mutual labels:  pentesting, pentest, vulnerability-scanner
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-91.32%)
Mutual labels:  penetration-testing, pentesting, pentest
Vault
swiss army knife for hackers
Stars: ✭ 346 (-14.14%)
Mutual labels:  osint, pentesting, scanner
Docker Onion Nmap
Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.
Stars: ✭ 345 (-14.39%)
Mutual labels:  pentesting, scanner, recon
View All Similar Projects ➔

CodeFactor





		                 ██████  ██▓  █████▒▄▄▄█████▓▓█████  ██▀███                 
		               ▒██    ▒ ▓██▒▓██   ▒ ▓  ██▒ ▓▒▓█   ▀ ▓██ ▒ ██▒               
		               ░ ▓██▄   ▒██▒▒████ ░ ▒ ▓██░ ▒░▒███   ▓██ ░▄█ ▒               
		                 ▒   ██▒░██░░▓█▒  ░ ░ ▓██▓ ░ ▒▓█  ▄ ▒██▀▀█▄                 
		 ██▓  ██▓  ██▓ ▒██████▒▒░██░░▒█░      ▒██▒ ░ ░▒████▒░██▓ ▒██▒ ██▓  ██▓  ██▓
		 ▒▓▒  ▒▓▒  ▒▓▒ ▒ ▒▓▒ ▒ ░░▓   ▒ ░      ▒ ░░   ░░ ▒░ ░░ ▒▓ ░▒▓░ ▒▓▒  ▒▓▒  ▒▓▒
		 ░▒   ░▒   ░▒  ░ ░▒  ░ ░ ▒ ░ ░          ░     ░ ░  ░  ░▒ ░ ▒░ ░▒   ░▒   ░▒  
		 ░    ░    ░   ░  ░  ░   ▒ ░ ░ ░      ░         ░     ░░   ░  ░    ░    ░   
		  ░    ░    ░        ░   ░                      ░  ░   ░       ░    ░    ░  
		  ░    ░    ░                                                  ░    ░    ░

                                 s1l3nt78
                               The Dead Bunny Collective
                               Because enumeration is key

              Recon Development Currently on hold

            Offensive Development Currently in Progress

Notice

[!] If you are the developer of any of the tools within Sifter and don't think your tool is
    being utilized to its full potential please let me know and i will take another look
    or optionally you can make an edit to the execution script of your specific tool and
    submit a pull request and I will review it within 12hrs

[!] Or if you are a developer and would like your program added just submit an issue with the link
    and ill check it out and if it fits, I'll make the addition with 24-48hrs

Release

@Codename: Violet
@Version : 11.5

[Violet's] latest release's zip package can be downloaded from here
[Violet's] latest .deb package is also available for download from here
Older Releases can be found here

Sifter Plugins

# Released Extensions - G - Sifter's g extension gives a GUI overlay
  '--> Built on top of eDEX-UI
- F - Sifter's f extension provides the DanderFuzz Exploitational Plugin for Sifter
  '--> Framework created by the EquationGroup courtesy of The Shadow Brokers
- M - Sifter's m extension provided malware analysis tools.
- C - Sifter's c extension is just a small script allowing CobaltStrike to be added to exploitation frameworks.
   (A copy of CobaltStrike will NOT be provided, You must provide your own)

Updates:

Additions:

#__ Version: 11.5 _|_ Violet __#
- GitSearch - Tool to search git from CLI and clone (if required)
- Mosint - MOSINT is an OSINT Tool for emails. It helps you gather information about the target email.

- Snaffler - Gather targets from Active Directories, searches out file shares, and whether they're readable.
- WeblogicScanner - Weblogic Vulnerability Scanning Tool
- Responder - LLMNR, NBT-NS and MDNS poisoner.
- Vailyn - Multi-phased vulnerability analysis and LFI exploitation tool
- Mitre-Attack Website - Provides basic navigation and annotation of ATT&CK matrices
- DroneSploit (Optional)- Hacking techniques and exploits especially focused on drone hacking.

- Typing info into any menu will bring up the Module Information Screen.
- Typing session into any menu will start a new Sifter session to run concurrently.
- All Results can now be exported to Desktop and a backup zip package is created and time stamped.

Removed

# Depreciated tools: - BFAC
- Maryam
- ODIN
- xRay
- Removing redundant tools to make Sifter less bulky

Menu:

Overview

Sifter is a fully stocked Op Centre for Pentesters. It combines a plethara of OSINT, recon and vulnerability analysis tools within catagorized modsets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsoft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.
Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.

Instructional Videos:

Click the images to goto the videos

Official Version 11.5 [Violet] setup video.

Setup

-----------------------------------------------------------------------------------------------------------

[Old Walkthrough](Version 6-7)

Old Demo

-----------------------------------------------------------------------------------------------------------

[New Walkthrough](Version 11.5)

Mod Walkthrough

Tested OS

Working on: - Kali
	    - Parrot
	    - Ubuntu
	    - Linux (any distro)
	    - Windows (Linux Subsystem with Docker and VcXsrc or KeX)

Works on windows with linux-subsystem but please ensure docker is properly installed and configured,
following the instructions from docker website
Untested on mac, though theoretically the same should apply to mac as windows - regarding docker install & tools

Important

[ ! ] Please do not run sifter or the install as ROOT user.
use a regular user and give permissions only when needed.

NOTE!!

If a scan does not work correctly at first, remove web-protocol from target. eg:

  • use target.com
  • instead of https;//target.com

Installation:

[!] For oneliner install (Deb Package), copy and paste the following code into a terminal:
*
$ wget https://github.com/s1l3nt78/sifter/releases/download/11.5/sifter_11.5.deb; sudo dpkg -i sifter_11.5.deb; sifter


[!] For oneliner install (source), copy and paste the following into a terminal:
*
$ git clone https://github.com/s1l3nt78/sifter.git && cd sifter && bash install.sh


[!] Sifter Plugins can be found at https://github.com/Sifter-Ex
[!] To install Sifter with plugins run:
*
$ git clone --recursive https://github.com/s1l3nt78/sifter; cd sifter; bash install.sh

Modules:

  • Click to Expand
#Enterprise Information Gatherers - theHarvester
- Osmedeus
- ReconSpider
- CredNinja
- OSINT-Framework
#Targeted Information Gatherers - Maryam
- Seeker
- Sherlock
- E2P (Email2Phone)
- CardPwn
- iKy
- GHunt
#Domain Recon Gathering - DnsTwist
- Armory
- SpiderFoot
- Pulsar
- SubFinder
- SubDover
#Microsoft Exploitation - ActiveReign
- iSpy
- SMBGhost
  -- SMBGhost Scanner
  -- SMBGhost Exploit
#Website Exploiters - DDoS
  -- Dark-Star
  -- Impulse
  -- UFONet
- NekoBot
- xShock
- VulnX
#Exploit Searching - FindSploit
- ShodanSploit
- GitSearcher
#Post-Exploitation - EoP Exploit (Privilege Escalation Exploit)
- Potatoes
  -- BadPotato
  -- SweetPotato
- PEAS
  -- winPEAS
  -- linPEAS
- WinPwn
- CredHarvester
- PowerSharp
- ACLight2
- PowerHub
- InveighZero
#Exploitation Frameworks + DanderFuzz - Equation Group, Courtesy of the Shadow Brokers
  - FuzzBunch
  - Danderspritz
 (Provided by the F plugin.)

+ CobaltStrike
  (Provided by the C plugin.)
+ PHPSploit
+ Thoron
+ Metasploit
#Phishing + TigerShark
#BruteForcing + BruteDUM
+ WBruter
#Password Tools - Mentalist
- DCipher
- Ciphey
#Network Scanners - nMap
- WebMap
- AttackSurfaceMapper
- aSnip
- wafw00f
- Arp-Scan
- Espionage
- Intrigue-Core
- Responder
#HoneyPot Detection Systems - HoneyCaught
- SniffingBear
- HoneyTel (telnet-iot-honeypot)
- HFish
#Vulnerability Scanners - Flan
- Rapidscan
- Yuki-Chan
- Katana-VF (Vulnerability Framework)
- OWASP-Nettacker
- Big IP Remote Execution Scanner
- WeblogicScanner
- Vailyn
#Router Tools - RouterSploit
- MkCheck
- Airgeddon
#WebApplication Scanners - Sitadel
- OneFind
- AapFinder
- reNgine
#Website Scanners & Enumerators - Nikto
- Blackwidow
- Wordpress
  --- WPScan
  --- WPForce/Yertle
- Zeus-Scanner
- Dirb
- DorksEye
- Katana-DS (Dork Scanner)
#Operational Security & Threat Analysis - EventCleaner
- Threat Dragon
- TruffleSNout
- Snaffler
- Mitre-Attack Website
#Cross-Site Scripting & SQL Injection - SQLinjection
  --- WhiteWidow
  --- V3n0M-Scanner
- Cross-Site Scripting
  --- XSStrike
  --- finDOM-XSS
  --- XSS-Freak
#Web Mini-Games - This was added in order to have a fun way to pass time
 during the more time intensive modules.
 Such as nMap Full Port scan or a RapidScan run.
---------------------------------------------------------------------------------------------------------------------

Other Projects


All information on projects in development can be found here.
For any requests or ideas on current projects please submit an issue request to the corresponding tool.
For ideas or collaboration requests on future projects., contact details can be found on the page.

GitHub Pages can be found here.
- MkCheck = MikroTik Router Exploitation Tool
- TigerShark = Multi-Tooled Phishing Framework 

  <!--#############           VGhlIERlYWQgQnVubnkgQ29sbGVjdGl2ZQ==           #############--!>
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].