Sifter:一个osint(开源网络情报)侦察和漏洞扫描程序
- 发表于
- 安全工具
Sifter介绍
一个osint(开源网络情报)侦察和漏洞扫描程序。枚举非常重要,它在不同的模块集中结合了一系列工具,以便快速执行侦察任务,检查网络防火墙,枚举远程和本地主机以及扫描microsft中的“蓝色”漏洞,如果未修补,请加以利用。它使用blackwidow和konan之类的工具进行Webdir枚举,并使用ASM快速进行攻击面映射。
收集的信息将保存到结果文件夹,这些输出文件可以轻松解析到TigerShark,以便在您的广告系列中使用。或编制最终报告以完成渗透测试。

Sifter安装与使用
最新版本可在这里下载
或使用推荐的git方式
| 1 2 3 4 5 6 | * This will download and install all required tools * $ git clone https://github.com/s1l3nt78/sifter.git $ cd sifter $ chmod +x install.sh $ ./install.sh | 
Sifter使用的一些Modules
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | # Information Modules   = Enterprise Information Gatherers    -theHarvester  - https://github.com/laramies/theHarvester    -Osmedeus - https://github.com/j3ssie/Osmedeus    -ReconSpider - https://github.com/bhavsec/reconspider    -CredNinja - -CredNinja - https://github.com/Raikia/CredNinja = Targeted Information Gatherers    -Maryam - https://github.com/saeeddhqan/Maryam    -Seeker - https://github.com/thewhiteh4t/seeker    -Sherlock - https://github.com/sherlock-project/sherlock    -xRay - https://github.com/evilsocket/xray # Domain Recon Gathering  -DnsTwist - https://github.com/elceef/dnstwist  -Armory - https://github.com/depthsecurity/armory  -SayDog - https://github.com/saydog/saydog-framework # Router Tools  -MkCheck - https://github.com/s1l3nt78/MkCheck  -RouterSploit - https://github.com/threat9/routersploit # Exploitation Tools    = MS Exploiters    -ActiveReign - https://github.com/m8r0wn/ActiveReign    -iSpy - https://github.com/Cyb0r9/ispy    -SMBGhost     --SMBGhost Scanner - https://github.com/ioncube/SMBGhost     --SMBGhost Exploit - https://github.com/chompie1337/SMBGhost_RCE_PoC    = Website Exploiters    -DDoS  --Dark Star - https://github.com/s1l3nt78/Dark-Star  --Impulse - https://github.com/LimerBoy/Impulse    -NekoBot - https://github.com/tegal1337/NekoBotV1    -xShock - https://github.com/capture0x/XSHOCK    -VulnX - https://github.com/anouarbensaad/vulnx  = Exploit Searching    -FindSploit - https://github.com/1N3/Findsploit    -ShodanSploit - https://github.com/shodansploit/shodansploit    -TigerShark (Phishing) - https://github.com/s1l3nt78/TigerShark  = Post-Exploitation      -EoP Exploit (Elevation of Priviledge Exploit) - https://github.com/padovah4ck/CVE-2020-0683      -Omega - https://github.com/entynetproject/omega      -WinPwn - https://github.com/S3cur3Th1sSh1t/WinPwn    -CredHarvester - https://github.com/Technowlogy-Pushpender/creds_harvester    -PowerSharp - https://github.com/S3cur3Th1sSh1t/PowerSharpPack    -ACLight2 - https://github.com/cyberark/ACLight     =FuzzyDander - Equation Group, Courtesy of the Shadow Brokers     (Obtained through issue request.)      -FuzzBunch    -Danderspritz     =BruteDUM (Bruteforcer) - https://github.com/GitHackTools/BruteDum # Password Tools  -Mentalist - https://github.com/sc0tfree/mentalist  -DCipher - https://github.com/k4m4/dcipher # Network Scanners  -Nmap - https://nmap.org  -AttackSurfaceMapper - https://github.com/superhedgy/AttackSurfaceMapper  -aSnip - https://github.com/harleo/asnip  -wafw00f - https://github.com/EnableSecurity/wafw00f  -Arp-Scan # HoneyPot Detection Systems  -HoneyCaught - https://github.com/aswinmguptha/HoneyCaught  -SniffingBear - https://github.com/MrSuicideParrot/SniffingBear  -HoneyTel (telnet-iot-honeypot) - https://github.com/Phype/telnet-iot-honeypot # Vulnerability Scanners  -Flan - https://github.com/cloudflare/flan    -Rapidscan - https://github.com/skavngr/rapidscan  -Yuki-Chan - https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest # WebApplication Scanners    -Sitadel - https://github.com/shenril/Sitadel    -OneFind - https://github.com/nyxgeek/onedrive_user_enum    -AapFinder - https://github.com/Technowlogy-Pushpender/aapfinder    -BFAC - https://github.com/mazen160/bfac    -XSStrike - https://github.com/s0md3v/XSStrike # Website Scanners & Enumerators    -Nikto - https://github.com/sullo/nikto    -Blackwidow - https://github.com/1N3/blackwidow    -Wordpress     ---WPScan - https://github.com/wpscanteam/wpscan     ---WPForce/Yertle - https://github.com/n00py/WPForce    -Zeus-Scanner - https://github.com/Ekultek/Zeus-Scanner    -Dirb    -DorksEye - https://github.com/BullsEye0/dorks-eye # Web Mini-Games    -This was added in order to have a fun way to pass time     during the more time intensive modules.     Such as nMap Full Port scan or a RapidScan run. | 
Sifter帮助菜单
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | $ sifter runs the programs bringing up the menu in a cli environment $ sifter -c will check the existing hosts in the hostlist $ sifter -a 'target-ip' appends the hostname/IP to host file $ sifter -m Opens the Main Module menu $ sifter -e Opens the Exploitation Modules $ sifter -i Opens the Info-based Module menu $ sifter -d Opens the Domain Focused Modules $ sifter -n Opens the Network Mapping Modules menu $ sifter -w Opens the Website Focused Modules $ sifter -wa Opens the Web-App Focused Module menu $ sifter -p opens the password tools for quick passlist generation or hash decryption $ sifter -v Opens the Vulnerability Scanning Module Menu $ sifter -r Opens the results folder for easy viewing of all saved results $ sifter -u Checks for/and installs updates $ sifter -h This Help Menu | 
   原文连接:Sifter:一个osint(开源网络情报)侦察和漏洞扫描程序  所有媒体,可在保留署名、
  原文连接
的情况下转载,若非则不得使用我方内容。  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 