Enumeration Tools:
Web Enumeration
Ferrisfind
Link: https://git.pyro.monster/pyro/ferrisfind
ferrisfind is a file download and metadata parsing tool. It currently supports PDF files, but I do plan to add support for other file types such as docx and xlsx in the future. It does require you to have a valid serpapi key, so you'll need to make an account. You do get a decent amount of searches for free.
Installation:
Make sure you have rust and cargo installed and have a default toolchain for rust installed. Then clone the repository and run the installer script.
git clone https://git.pyro.monster/pyro/ferrisfind.git
cd ferrisfind
./install.sh
This install script will compile the binary, copy the needed library file to the right location, and copy the binary to a location on your path so its globally available.
Usage:
ferrisfind [OPTIONS] --name <NAME> --key <KEY>
-n, --name <NAME>
company name
-k, --key <KEY>
serpapi key
-p, --pages <PAGES>
number of pages of results to get (note each page is a credit on your sperapi key, defaults to 10)
-t, --threads <THREADS>
the number of threads to use, will default to the rayon default
-d, --download-path <DOWNLOAD_PATH>
folder to download found files into defaults to ./found_files
-c, --csv <CSV>
save metadata as csv
-m, --markdown <MARKDOWN>
save metadata as csv
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
rustwitness
link: https://git.pyro.monster/pyro/rustwitness
This tool takes a list of urls and grabs screenshots for all of them. I primarily use it on interal pentests to view all web servers in a network and see which ones are worth looking at more deeply.
Install: download this binary: https://git.pyro.monster/pyro/rustwitness/releases/download/1.1.1/rustwitness
Usage:
Usage: rustwitness [OPTIONS] --input <INPUT> --output <OUTPUT>
Options:
-i, --input <INPUT>
-o, --output <OUTPUT>
-p, --proxy <PROXY>
-w, --workers <WORKERS> [default: 4]
-h, --help Print help
-V, --version Print version
rustbuster
link: https://git.pyro.monster/pyro/rustbuster
This tool is a subdomain and subdirectory bruteforcer. It takes a list of urls and domain names and wordlists for directories and subdomains then does nslookups and web requests to the potential targets and reports what was found.
Installation: donwload the bianary at https://git.pyro.monster/pyro/rustbuster/releases/download/2.1.2/rustbuster
usage:
-h --help will display usage,
-t to specify targets, this can be a single target or comma separated targets, just don't use any spaces
--threads to set the number of threads to use
-d for directory wordlist
-s for subdomain wordlist
Active Directory related tooling
mkcache
link: https://git.pyro.monster/pyro/mkccache
This tool takes the base64 encoded ticket information out of rubeus and converts it to a ccache file to use with ad attack tooling.
Install:
clone the repo and compile it, then copy it to a folder on your path. You will need rust, cargo, and a default rust tolkit installed.
git clone git@git.pyro.monster:pyro/mkccache.git
cd mkccache
cargo build --release
sudo cp ./target/release/mkccache /usr/bin/mkccache
own-users
link: https://git.pyro.monster/pyro/own-users
This tool takes a list of usernames and marks them as owned in bloodhound.
install: download the binary from https://git.pyro.monster/pyro/own-users/releases/tag/1.0
usage:
The username list should be formatted as user@domain.com
own-users -i /path/to/user/list -u neo4j username (defaults to neo4j) -p neo4j password (defaults to neo4j) -a bolt://neo4j.address:port (defaults to bolt://localhost:7687)
tetanus_shares
link: https://git.pyro.monster/pyro/tetanus_shares
This tool looks for shares in AD networks and prints them to the console and or saves them to a file.
install: clone the repo and build it for windows, you will need a windows rust toolchain installed.
git clone https://github.com/Pyro57000/tetanus_shares.git
cd tetanus_shares
cargo build --target x86_64-pc-windows-gnu --release
Usage:
copy the binary to a computer on the target network and run it.
tetanus shares -o C:\path\to\save -t threadcount
snafferrous
link: https://git.pyro.monster/pyro/snaferrous
This tool is kinda like a really shitty version of Snaffler. It is not as good as snaffler. It is far too noisy, but if you just want a list of files and potential keyword matches it totally works.
install: clone it and build it for windows.
git clone https://git.pyro.monster/pyro/snaferrous.git
cd snaferrous
cargo build --target x86_64-pc-windows-gnu --release
usage:
-o, --outfile path to save output file Defaults to not saving output.
--threads number of threads to use, default to 10.
-t, --targets specific targets. should be comma separated.
-f, --filter_targets specific targets that should be ingored. Comma separated.
-l, --local scan the current hot's file system (defaults to false)
-d --disable_network disable network file discovery
-v, --verbose echo all found files to the console, regardless of keyword matching. (all files will still be saved to the log file)
-h, --help Print help (see more with '--help')
-V, --version Print version
other tools
rusty-rover
link: https://git.pyro.monster/pyro/Rusty-Rover
This is a simple host discovery tool. It just finds live hosts on networks.
usage:
-r target a single range given with commandline arguments.
-f read a text file with ranges, one range per line, and scan them all.
-o save the output to a file.
-t thread cound (default 5).
rrover -r $ip_range to scan a single range
rrover -f $path_to_range_file to scan a file of ranges
NOTE: ranges should be in cidr notation.
newline_fixer
link: https://git.pyro.monster/pyro/newline_fixer
This tool fixes the newlines of files generated on windows systems for Linux systems. This is particularly good for snaferrous.
install: clone the repo and build it.
git clone https://git.pyro.monster/pyro/newline_fixer.git
cd newline_fixer
cargo build --release
netexec_kerberoast_parser
link: https://git.pyro.monster/pyro/netexec_kerberoast_parser
This tool parses the output of a netexec kerberoast in order to separate the hash types into different files for hashcat processing.
Usage:
netexec_kerberoast_parser -i {netexec output file} -o {output directory to save hash files to}