Mythic
Osintgram
Mythic | Osintgram | |
---|---|---|
5 | 32 | |
2,898 | 8,830 | |
- | - | |
9.6 | 1.6 | |
7 days ago | 14 days ago | |
JavaScript | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Mythic
-
Install Mythic C2 server - Intro to C2 Infra for Red Teams
Learn the basic installation of Mythic Command and Control (C2) step by step. We'll configure Mythic C2 (open-source C2 framework https://github.com/its-a-feature/Mythic)
-
Mythic C2 Detections
title: Detect Mythic Agent Traffic Over Port 8443 status: experimental author: Rotten_Sec description: Detects traffic over port 8443 that matches the WebSocket handshake used by Mythic agents to communicate with the C2 server. references: - https://github.com/its-a-feature/Mythic tags: - attack.t1071.001 - attack.t1071.004 - attack.t1071.005 - attack.t1071.006 logsource: category: network keywords: [tcp, port, 8443] condition: tcp.port == 8443 and ( "GET /websocket HTTP/1.1\r\n" in to_string($data) or "HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\n" in to_string($data) )
-
Building a Red Team - Which C2 to pick?
In my opinion, Mythic is a great choice because it is free, extremely well developed, and provides a base capability that allows you to either extend it or to leverage the work of others. With Mythic, there are currently 16 public MythicAgents and 6 different MythicC2Profiles. You can use the public agents/C2profile and then switch to internal private versions if your team decides to go that way without the need to re-learn an entire framework. It has a web front end that provides a lot of (extendable) functionality I don't see in other tools. Additionally the lead developer is always extremely eager to provide help, add features, and fix bugs. Full disclosure: I'm the primary developer of Merlin.
- Some information and advice about DDoS, from someone who was there during #opPayback
- List of resources
Osintgram
-
facebook hack
If the tattoo studios aren't necessary to have been from facebook specifically, Osintgram is a pretty effective tool for scraping shit from Instagram really quickly that could theoretically be used to achieve this, if not perhaps in a roundabout sort of way like starting from one business you know and getting shit from their friends' info and so on. I could swear that I had known about a similar tool for facebook, but I'm drawing a blank right now...
-
Historical usernames on Instagram
Doing this manually has many advantages, but you can, of course, use Osintgram for speedy results.
- Phone numbers or emails behind social media accounts
-
I am teaching High School students about online privacy/security. What tools could I use to simulate a "this is what other people could find out about you" scenario.
Github: https://github.com/Datalux/Osintgram
-
Is there a way to bulk download photos and videos from an Instagram profile?
If I remember correctly Osintgram can achieve this
- Finding email of a guy
- Finding Social media accounts with a persons email
-
InstAgent
Since the original version is more or less inactive, I took the initiative to continue with the developments.
- Does someone have a solution Osintgram
- Noob question. On step number 6 how do I incorporate what is says onto terminal?
What are some alternatives?
sliver - Adversary Emulation Framework
osmedeus - A Workflow Engine for Offensive Security
CamPhish - Grab cam shots from target's phone front camera or PC webcam just sending a link.
instaloader - Download pictures (or videos) along with their captions and other metadata from Instagram.
ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
holehe - holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
ignorant - ignorant allows you to check if a phone number is used on different sites like snapchat, instagram.
awesome-bbht - A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
instagram-scraper - Scrapes an instagram user's photos and videos
urh - Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
social-analyzer - API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites