Oh365 User Finder
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid.
https://github.com/dievus/Oh365UserFinder
#office365 #user #enumeration
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid.
https://github.com/dievus/Oh365UserFinder
#office365 #user #enumeration
ADenum
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit (Vortex)
A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).
Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks
https://github.com/klezVirus/vortex
#osint #vpn #enumeration #spraying #tools
A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).
Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks
https://github.com/klezVirus/vortex
#osint #vpn #enumeration #spraying #tools
❤1
Recon — Horizontal Enumeration
https://aaryanapex.medium.com/bug-bounty-methodology-horizontal-enumeration-89f7cd172e6e
#osint #recon #enumeration
https://aaryanapex.medium.com/bug-bounty-methodology-horizontal-enumeration-89f7cd172e6e
#osint #recon #enumeration
Medium
Bug Bounty Methodology — Horizontal Enumeration
While performing a security assessment our main goal is to map out all the domains owned by a single entity. This means knowing all the…
🌀 Unique Subdomain Enumeration
Great research regarding subdomain enumeration through permutations, unique approach that can provide good results with a smaller initial bruteforce data set in comparison to altdns
Research:
https://cramppet.github.io/regulator/index.html
Tools:
https://github.com/cramppet/regulator
#subdomain #enumeration #permutation #tools
Great research regarding subdomain enumeration through permutations, unique approach that can provide good results with a smaller initial bruteforce data set in comparison to altdns
Research:
https://cramppet.github.io/regulator/index.html
Tools:
https://github.com/cramppet/regulator
#subdomain #enumeration #permutation #tools
👍9🔥3
✉️ Finding Email Addresses without Paywalls
Every Pentester or Red Teamer has likely encountered situations where they need to perform User Enumeration or Password Spraying, but where can you find a list of valid users? Snov.io, Hunter.io, and Phonebook.cz no longer provide easy access to email lists and instead hit you with a paywall.
Here’s the solution — Prospeo! Just log in with Google SSO, enter the target domain, and get a list of email addresses with no strings attached.
Source:
https://app.prospeo.io/domain-search
#user #email #enumeration #wordlist
Every Pentester or Red Teamer has likely encountered situations where they need to perform User Enumeration or Password Spraying, but where can you find a list of valid users? Snov.io, Hunter.io, and Phonebook.cz no longer provide easy access to email lists and instead hit you with a paywall.
Here’s the solution — Prospeo! Just log in with Google SSO, enter the target domain, and get a list of email addresses with no strings attached.
Source:
https://app.prospeo.io/domain-search
#user #email #enumeration #wordlist
🔥17👍5❤3