sslstrip
TWINT
sslstrip | TWINT | |
---|---|---|
7 | 77 | |
1,857 | 13,272 | |
- | - | |
0.0 | 0.0 | |
almost 3 years ago | almost 2 years ago | |
Python | Python | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sslstrip
- Some information and advice about DDoS, from someone who was there during #opPayback
- List of resources
-
Is there a tool to control bandwidth for debugging purposes?
Another option might be to try something like sslstrip to strip off the TLS layer so you can point your tools at the stripped-off/non-TLS endpoint. Probably non-trivial to get this old code working on any system though, let alone a Jetson: https://github.com/moxie0/sslstrip
-
Awesome Penetration Testing
sslstrip - Demonstration of the HTTPS stripping attacks.
-
Tracking One Year of Malicious Tor Exit Relay Activities (Part II)
Yeah. And for anyone unaware, this technique, SSL stripping, was made well-known (and arguably pioneered?) by Moxie Marlinspike of Signal with his tool sslstrip back in 2011: https://github.com/moxie0/sslstrip. I believe that's what he was most famous for before Signal.
-
MITM (Man-In-The-Middle) Attacks and Prevention
Once the connection has been intercepted, the attacker can use a tool such as sslstrip to disable all HTTPS redirects and change https:// links to unencrypted http://.
-
Qualcuno mi sa spiegare perché il sito del SENATO non utilizza il protocollo https? (rendendolo di fatto "insicuro")
E' possibile, per quanto molto meno facile. https://github.com/moxie0/sslstrip per esempio. Ci sono anche altre tecniche che si basano sulla manipolazione delle richieste di DNS e cose simili. Sicuramente molto piu' facile da notare e ordini di grandezza piu' complesso di HTTP, che è assolutamente triviale.
TWINT
-
Twitter will be purging accounts with no activity for several years soon. We need to archive as many as we can. Any ideas on Methods
twint is a project that can scrape twitter data via the webpages rather than the twitter API, which means that it can get more than the last 3200 tweets of an account. Unfortunately it seems that the repo was archived and is no longer in development, so I'm not sure if it even still works. It's also a bit heavy on dependencies and is written in Python, neither of which make it easier to install and use.
- How Do I Use Twint?
- NYC's transport authority will no longer post service alerts on Twitter
-
New OSINT tool
The tool doesn't work anymore since Twitter changed its APIs, but a good example is twint. Most people in OSINT are not highly technical and don't know their way around a CLI. On the other hand, a CLI tool is one of the quickest, lowest (dev) cost ways to release a tool to the public, and many developers who build tools for the OSINT community do so for free (open source).
- Show HN: Twitter API Reverse Engineered
-
What’s currently the best method to archive a twitter account?
You can try twint which is extensive and should be able to do that. Another is via this twitter downloader but might require multiple runs depending on what you want to archive.
-
Gbf.life will be gone at the end of April
They do have examples that don't specify a username such as number 3 on this page or this one on the main page: "twint -g="48.880048,2.385939,1km" -o file.csv --csv - Scrape Tweets from a radius of 1km around a place in Paris and export them to a csv file."
- Do I have to pay now for the Twitter API if I want to use it for data analysis?
-
Twitter’s $42,000-per-Month API Prices Out Nearly Everyone | Tiers will start at $500,000 a year for access to 0.3 percent of the company’s tweets. Researchers say that’s too much for too little data
This will motivate researchers to web scrape to circumvent these restrictions. Twint can scrape tweets and it supports proxies. It can also be multi threaded. A huge hassle and it's prone to breaking when the site changes.
-
Basically the current state of granblue
The comment I saw said they used this: https://github.com/twintproject/twint
What are some alternatives?
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
snscrape - A social networking service scraper in Python
toxiproxy - :alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
Scweet - A simple and unlimited twitter scraper : scrape tweets, likes, retweets, following, followers, user info, images...
EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
newspaper - newspaper3k is a news, full-text, and article metadata extraction in Python 3. Advanced docs:
SQLMap - Automatic SQL injection and database takeover tool
twitterscraper - Scrape Twitter for Tweets
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
gallery-dl - Command-line program to download image galleries and collections from several image hosting sites
RustScan - 🤖 The Modern Port Scanner 🤖
trafilatura - Python & command-line tool to gather text on the Web: web crawling/scraping, extraction of text, metadata, comments