Inside of Danderspritz post-exploitation modules
Danderspritz, NSA post-exploitation tool, has some interesting reconnaissance scripts, which were used in covert operati
Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
ꓘamerka has new cool features, right now you can search for Flickr and Instagram photos, printers and cameras from Shoda
ꓘamerka — Build interactive map of cameras from Shodan
Script creates map with cameras based on your geolocation or exact address. It uses Shodan API to find cameras, Geopy to
OSINT tool for visualizing relationships between domains, IPs and email addresses.
I wrote a script, which takes domain, IP or email address as input and search it in various services like: Whois, Revers
OSINT investigation based on GAO report about firearm sales in Dark Web + Bitcoin tracking with Python
In November, last year, GAO (Government Accountability Office) and ATF (The Bureau of Alcohol, Tobacco, Firearms and Exp
Betabot still alive with multi-stage packing.
This analysis was done in cooperation with Thomas (@securityimpacts [https://twitter.com/securityimpacts]). Check out hi
Command and control server in social media (Twitter, Instagram, Youtube + Telegram)
As a proof of concept, I wrote script which abuses social media in order to send commands to infected machines, i.e bots
OSINT : Chasing Malware + C&C Servers
Looking for malware or command and control servers? I wrote a script named Daily dose of malware, which gather informati
Couple words about rsync protocol based on leak of 2k emails from Czech university.
I would like to show how misconfigured rsync protocol can lead to data breach or compromise company and how to secure yo
How I Discovered 50k Australian Bank & Government Records (Data Breach) Online
Originally published on October 29th, 2017 TL;DR With help of AWS3dump and my poor coding skills I found database backu
How To Scan Multiple Organizations With Shodan and Golang (OSINT)
I wrote a script in Go, which queries Shodan database based on given list of organizations. Next, I retrieve all bug bou
How to find internal subdomains? YQL, Yahoo! and bug bounty.
When I’m looking for new target on Hackerone I’m always paying attention to numbers of resolved reports and wonder if hi
Instagram OSINT | What A Nice Picture!
I have made scripts and tools related to OSINT, OPSEC and bug bounting for myself and thought it is not worth sharing, u

Page 5 of 5