[CountryTraceRoute] Fast Traceroute with IP country information

CountryTraceRoute is a Traceroute utility, similar to the tracert tool of Windows, but with graphical user interface, and it's also much faster than tracert of Windows. CountryTraceRoute also displays the country of the owner of every IP address found in the Traceroute. 

After the Traceroute is completed, you can select all items (Ctrl+A) and then save them into csv/tab-delimited/html/xml file with 'Save Selected Items' option (Ctrl+S) or copy them to the clipboard (Ctrl+C) and then paste the result into Excel or other spreadsheet application.

Download CountryTraceRoute

[Creepy] Geolocation information Gathering through Social Networking Platforms

Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.

What's new in v1.0.x ?

• Creepy now uses Qt 4, via it's PyQt4 bindings for the user interface.
• Analysis in based on projects, you can work with multiple targets simultaneously without having to re-analyze them.
• Creepy is extensible via plugins for online services that might hold geolocation information. See Creepy Plugins Repository
• Plugins for twitter, instagram and flickr are included in this release
• Easy plugin configuration with wizards, where applicable
• After analysis, the retrieved locations can be filtered based on the date that they were created or the proximity to a certain location
• Google maps is used as a maps provider ( Street view included within Creepy ! )

Quick Start Instructions

• Download creepy ( source code or the installers provided here for your platform )
• Configure twitter and instagram plugins. Edit -> Plugins Configuration -> Twitter / Instagram and run the wizards, following the instructions
• Create a new project : Creepy -> New Project -> Person Based Project . Search for the target selecting the available plugins.
• Right click on the project -> Analyze Current Project
• Wait :)
• The locations will be drawn on the map, once the analysis is complete.
• Filter locations, export locations, view them on the map.

Download Creepy

[TheHarvester v2.2] The Information Gathering Suite

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

This is a complete rewrite of the tool with new features like:

• Time delays between request
• All sources search
• Virtual host verifier
• Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
• Integration with SHODAN computer database, to get the open ports and banners
• Save to XML and HTML
• Basic graph with stats
• New sources

Passive discovery:

Google: google search engine - www.google.com

Google-profiles: google search engine, specific search for Google profiles

Bing: microsoft search engine - www.bing.com

Bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)

Pgp: pgp key server - pgp.rediris.es

Linkedin: google search engine, specific search for Linkedin users

Shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts 

Vhost: Bing virtual hosts search

Active discovery:

DNS brute force: this plugin will run a dictionary brute force enumeration

DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames

DNS TDL expansion: TLD dictionary brute force enumeration

Please read the README file for more information. 

Download TheHarvester

[LinEnum v0.2] Automating local information gathering tasks on Linux hosts

LinEnum is a shell script that automates local information gathering tasks on Linux hosts.Over 65 checks are performed, obtaining anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations etc.

Additionally, the script will also use a provided keyword to search through *.conf and *.log files. Any matches will be displayed along with the full file path and line number on which the keyword was identified (useful for finding ‘password’ and other sensitive data).

High-level summary of the checks/tasks performed by LinEnum:

• Kernel and distribution release details
• System Information:
  • Hostname
  • Networking details:
  • Current IP
  • Default route details
  • DNS server information
• User Information:
  • Current user details
  • Last logged on users
  • List all users including uid/gid information
  • List root accounts
  • Checks if password hashes are stored in /etc/passwd
  • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
  • Attempt to read restricted files i.e. /etc/shadow
  • List current users history files (i.e .bash_history, .nano_history etc.)
  • Basic SSH checks
• Privileged access:
  • Determine if /etc/sudoers is accessible
  • Determine if the current user has Sudo access without a password
  • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
  • Is root’s home directory accessible
  • List permissions for /home/
• Environmental:
  • Display current $PATH
• Jobs/Tasks:
  • List all cron jobs
  • Locate all world-writable cron jobs
  • Locate cron jobs owned by other users of the system
• Services:
  • List network connections (TCP & UDP)
  • List running processes
  • Lookup and list process binaries and associated permissions
  • List inetd.conf/xined.conf contents and associated binary file permissions
  • List init.d binary permissions
• Version Information (of the following):
  • Sudo
  • MYSQL
  • Postgres
  • Apache
  • Checks user config
• Default/Weak Credentials:
  • Checks for default/weak Postgres accounts
  • Checks for default/weak MYSQL accounts
• Searches:
  • Locate all SUID/GUID files
  • Locate all world-writable SUID/GUID files
  • Locate all SUID/GUID files owned by root
  • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
  • List all world-writable files
  • Find/list all accessible *.plan files and display contents
  • Find/list all accesible *.rhosts files and display contents
  • Show NFS server details
  • Locate *.conf and *.log files containing keyword supplied at script runtime
  • List all *.conf files located in /etc
  • Locate mail

Download LinEnum v0.2