Photon is an open-source Python-based crawler designed for high-speed information gathering. It is categorized as an Open-Source Intelligence (OSINT) tool used to extract data from websites. Unlike traditional web crawlers that focus primarily on indexing content for search, Photon is optimized to identify and extract specific data points relevant to security researchers and penetration testers, Read More …
Tag: security tool
Tool Overview: h8mail
h8mail is an open-source intelligence (OSINT) and password breach hunting tool written in Python. It is designed to help security professionals identify if specific email addresses have been compromised in data breaches. By aggregating data from multiple leak-checking services and local databases, h8mail provides a centralized way to audit credential exposure for individuals or entire Read More …
Tool Overview: theHarvester
theHarvester is an open-source tool designed for the reconnaissance phase of a penetration test or security audit. Developed by Christian Martorella, it is written in Python and serves as a framework for gathering open-source intelligence (OSINT). Its primary function is to collect emails, subdomains, hosts, employee names, open ports, and banners from various public data Read More …
Tool Overview: Maigret
Maigret is an open-source intelligence (OSINT) tool designed to automate the process of username reconnaissance. Developed as a fork of Sherlock, Maigret expands upon the concept of searching for a specific identifier across a vast array of websites to build a profile of an individual’s digital footprint. Core Functionality Maigret operates by taking a single Read More …
A Powerful OSINT Tool for Username Discovery
The ability to gather intelligence efficiently is a foundational skill. One effective tool for early stages is Sherlock. Named after the legendary detective, Sherlock is an open-source, Python-based tool designed to help security professionals and researchers locate a specific username across hundreds of different websites and social media platforms simultaneously. How Sherlock Works Sherlock operates Read More …
Checking for PrintNightmare vulnerability
In the world of Active Directory security, running the Print Spooler service on a Domain Controller is an unforced error. We saw exactly why with ‘PrintNightmare’—a vulnerability that turned a mundane background service into a highway for ransomware and domain-wide compromise. The reality is simple: if your DC is managing print jobs, it’s also managing Read More …
Enhancing Detection and Response with Intel Owl
Intel Owl is an open-source threat intelligence framework hosted on GitHub. Its primary function is to streamline the process of integrating, sharing, and analyzing threat intelligence data. Key Features Intel Owl has an ability to aggregate data from multiple sources, including public intelligence feeds and local files. It can help organizations perform automated analysis and Read More …
Tools :: customer-detections
The GitHub repository “customer-detections” by Okta provides a tool designed to enhance customer detection capabilities for security and identity management. It offers a set of pre-built detection rules and templates that can be customized to identify suspicious activities and potential threats within user accounts. This tool aims to improve the overall security posture by enabling Read More …
YES3 Scanner: Bolstering Amazon S3 Security
Fog Security has released YES3 Scanner, an open-source tool designed to address critical Amazon S3 security misconfigurations and enhance ransomware prevention. This tool emerges amidst a heightened focus on supply-chain attacks, cloud ransomware, and cryptocurrency attacks exploiting compromised S3 static website hosting, aiming to overcome limitations found in existing security solutions. YES3 Scanner meticulously evaluates Read More …
Tools – BEAR: Simulating Advanced Persistent Threats for Cybersecurity Education
For aspiring and new information security professionals, gaining practical insight into real-world attack methodologies is paramount. One tool that offers a unique perspective into advanced threat simulation is “BEAR,” a project found on GitHub. Unlike typical vulnerability scanners or compliance tools, BEAR is a compilation of Command and Control (C2) scripts, payloads, and stagers explicitly Read More …