Journey over unsecured IoT devices with Kamerka — RTSP and MQTT.
IntroductionIn previous versions of Kamerka you could visualize cameras, social media photos, printers or Industrial Con
State of Industrial Control Systems in Poland and Switzerland
New update for Kamerka allows to map Industrial Control Systems of whole country. As in previous version, interactive ma
LeakLooker v2 — Find more open servers and source code leaks
LeakLooker has more to offer, now you can hunt for Gitlab, Jenkins, SonarQube, Samba and Rsync. In addition, it supports
Advanced credential stuffing with PEPE
Script parses Pastebin email:password dumps and collects information about each email address. It supports Google, Truma
Firearms and nudity detection on Twitter and Instagram
With help of Tensorflow object detection and nudity package, tool detects firearms and nude pictures on Twitter and Inst
Tracking the trackers. Draw connections between scripts and domains on website.
Kupa3 allows you to draw connections between scripts on specific website. It search for javascript code or source attrib
LeakLooker: Find Open Databases in Seconds
With LeakLooker you can find publicly open MongoDB, CouchDB and Elasticsearch database, it also includes Kibana instance
Inside of Danderspritz post-exploitation modules
Danderspritz, NSA post-exploitation tool, has some interesting reconnaissance scripts, which were used in covert operati
Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
ꓘamerka has new cool features, right now you can search for Flickr and Instagram photos, printers and cameras from Shoda
ꓘamerka — Build interactive map of cameras from Shodan
Script creates map with cameras based on your geolocation or exact address. It uses Shodan API to find cameras, Geopy to
OSINT tool for visualizing relationships between domains, IPs and email addresses.
I wrote a script, which takes domain, IP or email address as input and search it in various services like: Whois, Revers
OSINT investigation based on GAO report about firearm sales in Dark Web + Bitcoin tracking with Python
In November, last year, GAO (Government Accountability Office) and ATF (The Bureau of Alcohol, Tobacco, Firearms and Exp
Betabot still alive with multi-stage packing.
This analysis was done in cooperation with Thomas (@securityimpacts). Check out his blog, he does awesome stuff there se
Command and control server in social media (Twitter, Instagram, Youtube + Telegram)
As a proof of concept, I wrote script which abuses social media in order to send commands to infected machines, i.e bots

Page 3 of 4