favirecon
archer
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
favirecon
- Boost your recon with favirecon!
- Boost your recon with favirecon
- Just open sourced favirecon!
- Open sourced favirecon!
-
Boost your recon phase with favirecon
Just open sourced favirecon! 🥳 - Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services. https://github.com/edoardottt/favirecon Help me improving the database! #infosec #recon #security #hacking
archer
-
The Elasticsearch Rant
For the query string, you don’t have to implement your own DSL. Elasticsearch supports it out of the box. You could POST a JSON object to “/_search” but you can also do a GET with the “q” query parameter.
Documentation: https://www.elastic.co/guide/en/elasticsearch/reference/curr...
In the Golang library you can use the “Search.WithQuery” option. This means you don’t have to construct a JSON request body.
Here’s an example: https://github.com/taythebot/archer/blob/main/pkg/elasticsea...
The Elasticsearch Golang library is a real pain to use. It was meant as a low level library so they didn’t add any types. However they are currently working on a typed client! The documentation is a bit lacking but going through go.dev you can find all the methods you need. This still means you need to JSON decode the response, but it helps you build queries, which is a step up.
Typed Client: https://www.elastic.co/guide/en/elasticsearch/client/go-api/...
- Show HN: Archer – open-source distributed network and vulnerability scanner
What are some alternatives?
cfuzz - Command line fuzzer and bruteforcer 🌪 wfuzz for command
np - A tool to parse, deduplicate, and query multiple port scans.
notionterm - 🖥️📖 Embed reverse shell in Notion pages
rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Pentest-Notes - Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
jaeles - The Swiss Army knife for automated Web Application Testing
sqli-postgres-rce-privesc-hacking-playground - Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.
black-hat-rust - Applied offensive security with Rust - https://kerkour.com/black-hat-rust
IntegrityGuard - A very secure tool for monitoring integrity of important files
osmedeus - A Workflow Engine for Offensive Security
PassDetective - PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities