Ghost In The Flame

Bu4$t Py40's blog!

Links to My tools and What They're Used for.

Table Of Contents:

Enumeration Tools:

Web Enumeration

Ferrisfind

Link: https://git.pyro.monster/pyro/ferrisfind

ferrisfind is a file download and metadata parsing tool. It currently supports PDF files, but I do plan to add support for other file types such as docx and xlsx in the future. It does require you to have a valid serpapi key, so you'll need to make an account. You do get a decent amount of searches for free.

Installation:

Make sure you have rust and cargo installed and have a default toolchain for rust installed. Then clone the repository and run the installer script.

git clone https://git.pyro.monster/pyro/ferrisfind.git

cd ferrisfind

./install.sh

This install script will compile the binary, copy the needed library file to the right location, and copy the binary to a location on your path so its globally available.

Usage:

ferrisfind [OPTIONS] --name <NAME> --key <KEY>
-n, --name <NAME>
        company name

-k, --key <KEY>
        serpapi key

-p, --pages <PAGES>
        number of pages of results to get (note each page is a credit on your sperapi key, defaults to 10)

-t, --threads <THREADS>
        the number of threads to use, will default to the rayon default

-d, --download-path <DOWNLOAD_PATH>
        folder to download found files into defaults to ./found_files

-c, --csv <CSV>
        save metadata as csv

-m, --markdown <MARKDOWN>
        save metadata as csv

-h, --help
        Print help (see a summary with '-h')

-V, --version
        Print version

rustwitness

link: https://git.pyro.monster/pyro/rustwitness

This tool takes a list of urls and grabs screenshots for all of them. I primarily use it on interal pentests to view all web servers in a network and see which ones are worth looking at more deeply.

Install: download this binary: https://git.pyro.monster/pyro/rustwitness/releases/download/1.1.1/rustwitness

Usage:

Usage: rustwitness [OPTIONS] --input <INPUT> --output <OUTPUT>

Options:
  -i, --input <INPUT>      
  -o, --output <OUTPUT>    
  -p, --proxy <PROXY>      
  -w, --workers <WORKERS>  [default: 4]
  -h, --help               Print help
  -V, --version            Print version

rustbuster

link: https://git.pyro.monster/pyro/rustbuster

This tool is a subdomain and subdirectory bruteforcer. It takes a list of urls and domain names and wordlists for directories and subdomains then does nslookups and web requests to the potential targets and reports what was found.

Installation: donwload the bianary at https://git.pyro.monster/pyro/rustbuster/releases/download/2.1.2/rustbuster

usage:

-h --help will display usage,

-t to specify targets, this can be a single target or comma separated targets, just don't use any spaces

--threads to set the number of threads to use

-d for directory wordlist

-s for subdomain wordlist

mkcache

link: https://git.pyro.monster/pyro/mkccache

This tool takes the base64 encoded ticket information out of rubeus and converts it to a ccache file to use with ad attack tooling.

Install:

clone the repo and compile it, then copy it to a folder on your path. You will need rust, cargo, and a default rust tolkit installed.

git clone git@git.pyro.monster:pyro/mkccache.git

cd mkccache

cargo build --release

sudo cp ./target/release/mkccache /usr/bin/mkccache

own-users

link: https://git.pyro.monster/pyro/own-users

This tool takes a list of usernames and marks them as owned in bloodhound.

install: download the binary from https://git.pyro.monster/pyro/own-users/releases/tag/1.0

usage:

The username list should be formatted as user@domain.com

own-users -i /path/to/user/list -u neo4j username (defaults to neo4j) -p neo4j password (defaults to neo4j) -a bolt://neo4j.address:port (defaults to bolt://localhost:7687)

tetanus_shares

link: https://git.pyro.monster/pyro/tetanus_shares

This tool looks for shares in AD networks and prints them to the console and or saves them to a file.

install: clone the repo and build it for windows, you will need a windows rust toolchain installed.

git clone https://github.com/Pyro57000/tetanus_shares.git

cd tetanus_shares

cargo build --target x86_64-pc-windows-gnu --release

Usage:

copy the binary to a computer on the target network and run it.

tetanus shares -o C:\path\to\save -t threadcount

snafferrous

link: https://git.pyro.monster/pyro/snaferrous

This tool is kinda like a really shitty version of Snaffler. It is not as good as snaffler. It is far too noisy, but if you just want a list of files and potential keyword matches it totally works.

install: clone it and build it for windows.

git clone https://git.pyro.monster/pyro/snaferrous.git

cd snaferrous

cargo build --target x86_64-pc-windows-gnu --release

usage:

-o, --outfile path to save output file Defaults to not saving output.

--threads number of threads to use, default to 10.

-t, --targets specific targets. should be comma separated.

-f, --filter_targets specific targets that should be ingored. Comma separated.

-l, --local scan the current hot's file system (defaults to false)

-d --disable_network disable network file discovery

-v, --verbose echo all found files to the console, regardless of keyword matching. (all files will still be saved to the log file)

-h, --help Print help (see more with '--help')

-V, --version Print version

other tools

rusty-rover

link: https://git.pyro.monster/pyro/Rusty-Rover

This is a simple host discovery tool. It just finds live hosts on networks.

usage:

-r target a single range given with commandline arguments.

-f read a text file with ranges, one range per line, and scan them all.

-o save the output to a file.

-t thread cound (default 5).

rrover -r $ip_range to scan a single range

rrover -f $path_to_range_file to scan a file of ranges

NOTE: ranges should be in cidr notation.

newline_fixer

link: https://git.pyro.monster/pyro/newline_fixer

This tool fixes the newlines of files generated on windows systems for Linux systems. This is particularly good for snaferrous.

install: clone the repo and build it.

git clone https://git.pyro.monster/pyro/newline_fixer.git
cd newline_fixer
cargo build --release

netexec_kerberoast_parser

link: https://git.pyro.monster/pyro/netexec_kerberoast_parser

This tool parses the output of a netexec kerberoast in order to separate the hash types into different files for hashcat processing.

Usage:

netexec_kerberoast_parser -i {netexec output file} -o {output directory to save hash files to}

Previous Post