Red Teaming and Malware Analysis
Red Teaming and Malware Analysis
@sirpedrotavares
seguranca-informatica.pt
0xSI_f33d
About
Red Teaming
Cheat Sheet
Active Directory 101
Fuzzing and Web
Initial Foothold
Privilege Escalation (Privesc)
Lateral Movement (Pivoting)
Persistence
Command and Control (C&C)
Data Exfiltration
CVE & Exploits / CTF
Tools
OSINT
DNS
WEB
Infrastructure and Network
Privilege Escalation
Exfiltration
Persistence
Password & Cracking
Static Code Analysis
Reporting
Resources
Malware Analysis
Unpacking
Tools
Resources
Mobile
Tools
Android Dynamic Analysis
IoT / ARM
Reverse IoT devices
Tools
Resources
Powered by GitBook

OSINT

​FavFreak: Weaponizing favicon.ico for BugBounties , OSINT and what not.

$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py
Result - hashes
Pwning with Shodan
Result - hashes
$ cat urls.txt | python3 favfreak.py -o output
Pwning with Shodan

http.favicon.hash:[Favicon hash here]

$ shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'

Reference: https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139​

Goohak: Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.

./goohak domain.com

urlhunter: urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go.

​//grep.app: Search across a half million git repos.

​domain-check-2: Domain Expiration Check Shell Script Forked and Maintained by nixCraft.

​dns-domain-expiration-checker: Send notifications when DNS domains are about to expire.

​

Previous
Tools
Next
DNS
Last updated 2 months ago