![[Image: sifter.png]](https://raw.githubusercontent.com/s1l3nt78/sifter/master/docs/sifter.PNG)
Sifter
s1l3nt78
Because enumeration is key
Version 10.2 G Release
Code:
@Codename: Gemin1Additions:
- HoneyTel - TelNet-IoT-HoneyPot used to analyze collected botnet payloads.
- ACLight2 - Used to discover Shadow Admin accounts on an exploited system
- SMBGhost - Now has a scanner, as well as an exploitative option.
- Web Games to kill time during long scans such as nMap (all ports), RapidScan
Overview
Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.
Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.
Setup Video
Demo Video - Its long, but you can skip through to get the general idea.
Most modules are explained along with demos of a lot of the tools
Releases
The latest release can be downloaded here
Older Releases can be found here
NOTE!!!
If a scan does not work correctly at first, remove web-protocol from target.
eg. target.com - instead of http://target.com
Installation:
Code:
[!] For oneliner install (Deb Package), copy and paste the following code into a terminal:
*
$ wget https://github.com/s1l3nt78/sifter/releases/download/v10.2g/sifter_10.2_G.deb && sudo dpkg -i sifter_10.2_G.deb && sifter
---------------------------------------------------------------------------------------------------------------------------------------
[!] For oneliner install (source), copy and paste the following into a terminal:
*
$ git clone https://github.com/s1l3nt78/sifter.git && cd sifter && bash install.sh
----------------------------------------------------------------------------------------------------------------------------------------
[!] To install the g extention, copy and paste the following into a terminal:
*
$ git clone --branch g-ex https://github.com/Sifter-Ext/g && cd g && bash install-ex.sh && gSifter[/font]Menu:
![[Image: anon.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fraw.githubusercontent.com%2Fs1l3nt78%2Fsifter%2Fmaster%2Fdocs%2Fanon.png)
![[Image: menu.png]](https://raw.githubusercontent.com/s1l3nt78/sifter/master/docs/menu.PNG)
Modules:
# Information Modules
= Enterprise Information Gatherers
-theHarvester - https://github.com/laramies/theHarvester
-Osmedeus - https://github.com/j3ssie/Osmedeus
-ReconSpider - https://github.com/bhavsec/reconspider
-CredNinja - -CredNinja - https://github.com/Raikia/CredNinja
= Targeted Information Gatherers
-Maryam - https://github.com/saeeddhqan/Maryam
-Seeker - https://github.com/thewhiteh4t/seeker
-Sherlock - https://github.com/sherlock-project/sherlock
-xRay - https://github.com/evilsocket/xray
# Domain Recon Gathering
-DnsTwist - https://github.com/elceef/dnstwist
-Armory - https://github.com/depthsecurity/armory
-SayDog - https://github.com/saydog/saydog-framework
# Exploitation Tools
= MS Exploiters
-ActiveReign - https://github.com/m8r0wn/ActiveReign
-iSpy - https://github.com/Cyb0r9/ispy
-SMBGhost
--SMBGhost Scanner - https://github.com/ioncube/SMBGhost
--SMBGhost Exploit - https://github.com/chompie1337/SMBGhost_RCE_PoC
= Website Exploiters
-DDoS
--Dark Star - https://github.com/s1l3nt78/Dark-Star
--Impulse - https://github.com/LimerBoy/Impulse
-NekoBot - https://github.com/tegal1337/NekoBotV1
-xShock - https://github.com/capture0x/XSHOCK
-VulnX - https://github.com/anouarbensaad/vulnx
= Exploit Searching
-FindSploit - https://github.com/1N3/Findsploit
-ShodanSploit - https://github.com/shodansploit/shodansploit
-TigerShark (Phishing) - https://github.com/s1l3nt78/TigerShark
= Post-Exploitation
-EoP Exploit (Elevation of Priviledge Exploit) - https://github.com/padovah4ck/CVE-2020-0683
-Omega - https://github.com/entynetproject/omega
-WinPwn - https://github.com/S3cur3Th1sSh1t/WinPwn
-CredHarvester - https://github.com/Technowlogy-Pushpende..._harvester
-PowerSharp - https://github.com/S3cur3Th1sSh1t/PowerSharpPack
-ACLight2 - https://github.com/cyberark/ACLight
=FuzzyDander - Equation Group, Courtesy of the Shadow Brokers
-FuzzBunch
-Danderspritz
FuzzBunch Module Download below
(Download fuzzbunch.txt from
Then just change the '.txt' extention to '.sh' and put the script in '/opt/sifter/mods/exmods' - upon running the module for the first time FuzzBunch will automatically install)
=BruteDUM (Bruteforcer) - https://github.com/GitHackTools/BruteDum
# Password Tools
-Mentalist - https://github.com/sc0tfree/mentalist
-DCipher - https://github.com/k4m4/dcipher
# Network Scanners
-Nmap - https://nmap.org
-AttackSurfaceMapper - https://github.com/superhedgy/AttackSurfaceMapper
-aSnip - https://github.com/harleo/asnip
-wafw00f - https://github.com/EnableSecurity/wafw00f
-Arp-Scan
# HoneyPot Detection Systems
-HoneyCaught - https://github.com/aswinmguptha/HoneyCaught
-SniffingBear - https://github.com/MrSuicideParrot/SniffingBear
-HoneyTel (telnet-iot-honeypot) - https://github.com/Phype/telnet-iot-honeypot
# Vulnerability Scanners
-Flan - https://github.com/cloudflare/flan
-Rapidscan - https://github.com/skavngr/rapidscan
-Yuki-Chan - https://github.com/Yukinoshita47/Yuki-Ch...to-Pentest
# WebApplication Scanners
-Sitadel - https://github.com/shenril/Sitadel
-OneFind - https://github.com/nyxgeek/onedrive_user_enum
-AapFinder - https://github.com/Technowlogy-Pushpender/aapfinder
-BFAC - https://github.com/mazen160/bfac
# Website Scanners & Enumerators
-Nikto - https://github.com/sullo/nikto
-Blackwidow - https://github.com/1N3/blackwidow
-Wordpress
---WPScan - https://github.com/wpscanteam/wpscan
---WPForce/Yertle - https://github.com/n00py/WPForce
-Zeus-Scanner - https://github.com/Ekultek/Zeus-Scanner
-Dirb
-DorksEye - https://github.com/BullsEye0/dorks-eye
# Web Mini-Games
-This was added in order to have a fun way to pass time
during the more time intensive modules.
Such as nMap Full Port scan or a RapidScan run.
Sifter Help Menu
![[Image: help.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fraw.githubusercontent.com%2Fs1l3nt78%2Fsifter%2Fmaster%2Fdocs%2Fhelp.png)
Other Projects
All information on projects in development can be found here.
For any requests or ideas on current projects please submit an issue request to the corresponding tool.
For ideas or collaboration requests on future projects., contact details can be found on the page.
GitHub Pages can be found here.
-MkCheck = MikroTik Router Exploitation Tool
-TigerShark = Multi-Tooled Phishing Framework
Code:
<!--#################___________ VGhlIERlYWQgQnVubnkgQ29sbGVjdGl2ZQ== ___________#################--!>
