FavFreak: Weaponizing favicon.ico for BugBounties , OSINT and what not.

$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py
Result - hashes
Pwning with Shodan
Result - hashes
$ cat urls.txt | python3 favfreak.py -o output
Pwning with Shodan

http.favicon.hash:[Favicon hash here]

$ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'

Reference: https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139

Goohak: Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

./goohak domain.com

urlhunter: urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go.

//grep.app: Search across a half million git repos.

domain-check-2: Domain Expiration Check Shell Script Forked and Maintained by nixCraft.

dns-domain-expiration-checker: Send notifications when DNS domains are about to expire.

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine.