reconFTW – Yet another new recon tool

According to its GitHub page, reconFTW is desdribed as: ReconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. ReconFTW uses a lot of techniques (passive, bruteforce, permutations, certificate transparency, source code scraping, analytics, DNS records…) for subdomain enumeration which helps you to get the maximum and the most interesting subdomains so that

Katana: a new crawling and spidering tool

A new web crawler and spidering tool from has been released. Install katana requires Go 1.18 to install successfully. go install Usage Input Crawling Mode According to Katana’s documentation: Standard Mode Standard crawling modality uses the standard go HTTP library under the hood to handle HTTP requests/responses. This modality is much faster as it doesn’t have the browser overhead. Still, it analyzes HTTP responses body as is, without any javascript

What is my external ip?

This is a small script to know what is our external ip from the terminal.

Bat overview

Bat is a cat clone tool with many extra features: Syntax highlighting Git integration Show non-printable characters Automatic paging File concatenation Installation For a macOs sytem. (For other systems check the specific installation description in the documentation) ❯ brew install bat Usage Display a single file on the terminal ❯ bat file.txt Display multiple files at once ❯ bat *.txt Read from the stdin and detect the syntax automatically ❯

Parse Nmap results with Nmparse

Nmparse it’s a shell script that will help you if you need to parse long Nmap results. It can parse .gnmap, .xml, or .nmap port scan files and will generate a CSV list, lists of IPs per port, web URLs, and a summary table. Install $ git clone Usage $ nmap -v -p- -A –min-rate 5000 -oA results.txt$ ls results.txt.gnmap results.txt.nmap results.txt.xml –out-dir [path] can optionally be used to

Arjun introduction

Arjun is a tool that can find query parameters for URL endpoints. Install $ pip3 install arjun $vim .zshrc $ source .zshrc$ arjun Usage Single target $ arjun -u Specify HTTP method Arjun looks for GET method parameters by default. All available methods are: GET/POST/JSON/XML. $ arjun -u -m POST Import targets Arjun supports importing targets from BurpSuite, simple text file and raw request files. Arjun can automatically

reNgine: A brief overview

ReNgine is a very complete recon tool that can be very helpful to centralize all your recon in one site. Its main website defines it as: «The only web application recon tool you will ever need!« Currently is capable of performing: Subdomain Discovery Vulnerability Detection IPs and Open Ports Identification Directory and files fuzzing Screenshot Gathering Endpoints Gathering OSINT Although reNgine can be installed in a local machine, it is

Script to update go version

Although Go installation it’s a pretty straight-forward process, it can be done even easier if a script is used to install and update your golang installation. We are going to use update-golang script. $ go version $ git clone $ sudo ./ $ go version To finish the setup, the shell PATH should be updated. The path ‘/usr/local/go/bin’ is added to PATH using ‘/etc/profile.d/’. Only if needed, GOROOT is

FinalRecon (web reconnaissance tool)

As it is described in its website: FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping dependencies small and simple. Installation $ sudo apt install finalrecon Usage $ <arguments> url

Ngrok: External connectivity for your PoCs

Ngrok is an application that helps you to give a way to access your local service from the Internet. It can be a useful tool to test your PoCs. This app has a free tier for your projects with non-commercial use. Installation and configuration Signup into Ngrok and download the app. It is a portable app, so you just have to download the file and run it. No dependencies