This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

Last update: May 31, 2022

Related tags

Overview

EnumIT

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where this function first perform basic google dorking to find the targets public documents. These documents will then be downloaded to the attackers computer and can be used further to identify metadata about the client.

Installation

Create virtual enviroment: python3 -m venv enumit
Activate the virtual enviroment: source enumit/bin/activate
Install the required packages: pip install -r requirements.txt

Basic Usage

Google Dorking

Download the files found

python3 run.py --domain example.com --google --filetypes pdf --download-files

Create json list, no download

python3 run.py --domain example.com --google --filetypes pdf docx jpg

Certificates

This function will query https://crt.sh for the domain name, and create a de-duplicated list for further proccessing.

python3 run.py --domain example.com --cert

DNS

Perform dns lookup on the domain flag, can be used with the flag --cert to find DNS records of subdomains.

python3 run.py --domain example.com --dns --dns-records A AAAA MX NS

Shodan

In order to use the shodan function, you must have the shodan and api key flag enabled.

python3 run.py --domain example.com --shodan --shodan-api-key <KEY>

Portscan

This function will take all the ipv4 addresses previsuly found and perform a shodan lookup on them to find open ports. by default, it will only scan the IPv4 address resolved by the --domain flag. This flag is recomended if you've used the other functions with it.

python3 run.py --domain example.com --shodan --shodan-api-key <KEY> --portscan

Bananas

python3 run.py --domain example.com --cert --dns --dns-types A AAAA NS MX --shodan --shodan-api-key <KEY> --portscan --ssl

Notice!

When you perform a scan, the result will be saved under . \ in the folder.
You might be ratelimited by google if you use the function heavly.
Using the portscan function will not quaranty that all ports has been scanned on the host, but will rather give a indication on what to expect on the hosts.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

Related tags

Overview

EnumIT

Installation

Basic Usage

Google Dorking

Download the files found

Create json list, no download

Certificates

DNS

Shodan

Portscan

Bananas

Notice!

Owner

Tobias

DoSer.py - Simple DoSer in Python

Gitlab RCE - Remote Code Execution

The best Python Backdoor👌

A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

A tool combined with the advantages of masscan and nmap

MITMSDR for INDIAN ARMY cybersecurity hackthon

An Advanced Local Network IP Scanner, made in python of course!

Python program that generates secure passwords.

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Mad Spammer is a python webhook spammer which is very easy and safe to use.

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

DNSSEQ: PowerDNS with FALCON Signature Scheme

compact and speedy hash cracker for md5, sha1, and sha256 hashes

Steal Files on a Windows Machine

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

Proof of Concept Exploit for vCenter CVE-2021-21972

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

Password list generator for password spraying - prebaked with goodies