s1l3nt78
The Dead Bunny Club
Because enumeration is key

@Codename: Pearl
@Version : 9.3

• Potatoes 'n PEAS - Used for Privilege elevation in a low level session on a target machine
  
• Potatoes
    - BadPotato
    - SweetPotato
  
• PEAS
    - winPEAS
    - linPEAS
  
• Thoron - Thoron Framework is a Linux post-exploitation framework
  
• CVE-2020-5902-Scanner - Big IP Remote Execution Scanner.
   '-->  Database can be converted into an HTML report or a Neo4j graph database for visualizing the data.
  
• SubFinder - Sub-Directory enumeration tool
  
• reNgine - Automated reconnaissance framework for gathering information web applications.
  
• Pulsar - Automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters.
  
• Airgeddon - WiFi Security ToolKit
  
• Anonsurf - Added to Anonymise your system while running recon or OSINT tasks

• Omega's repo has been removed, therefore unavailable for new clones. If you already had omega installed, you will still be able to use this module though.

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.
Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.

Setup Video
Demo Video - Its long, but you can skip through to get the general idea.
Most modules are explained along with demos of a lot of the tools

Working on: - Kali
	    - Parrot
	    - Ubuntu
	    - Linux (any distro)

Works on windows with linux-subsystem but please ensure docker is properly installed and configured,
following the instructions from docker website
nMap doesn't work on windows, due to port issues
but Zenmap (nMap GUI) can be used instead. A few other issues may arise too.
Untested on mac, though theoretically the same should apply to mac as windows - regarding docker install & tools

If a scan does not work correctly at first, remove web-protocol from target.
eg. target.com - instead of http://target.com

* This will download and install all required tools
*
$ git clone https://github.com/s1l3nt78/sifter.git
$ cd sifter
$ chmod +x install.sh
$ ./install.sh
*
* For oneliner install, copy and paste the following code into a terminal
*
$ git clone https://github.com/s1l3nt78/sifter.git && cd sifter && bash install.sh

#Enterprise Information Gatherers

• theHarvester
  
• Osmedeus
  
• ReconSpider
  
• CredNinja
  
• OSINT-Framework

#Targeted Information Gatherers

• Maryam
  
• Seeker
  
• Sherlock
  
• xRay
  
• E2P (Email2Phone)
  
• ODIN
  
• CardPwn
  

#Domain Recon Gathering

• DnsTwist
  
• Armory
  
• SayDog
  
• SpiderFoot
• Pulsar
  
• SubFinder
  

#MicroSoft Exploitation

• ActiveReign
  
• iSpy
  
• SMBGhost
    -- SMBGhost Scanner
    -- SMBGhost Exploit
  

#Website Exploiters

• DDoS
    -- Dark-Star
    -- Impulse
    -- UFONet
  
• NekoBot
  
• xShock
  
• VulnX
  

#Exploit Searching

• FindSploit
  
• ShodanSploit
  

#Post-Exploitation

• EoP Exploit (Privilege Escalation Exploit)
  
• Potatoes
    -- BadPotato
    -- SweetPotato
  
• PEAS
    -- winPEAS
    -- linPEAS
  
• WinPwn
  
• CredHarvester
  
• PowerSharp
  
• ACLight2
  
• PowerHub
  
• InveighZero

#Exploitation Frameworks

• FuzzyDander - Equation Group, Courtesy of the Shadow Brokers
  (Obtained through issue request.)
    - FuzzBunch
    - Danderspritz
  

• NevrrMore - Private Exploitation framework I've been developing that will
    not be released opensource. Due to certain 0days and other exploits/tools
    it would cause too much unintentional/illintentioned damage.
  

• Thoron
  

• Metasploit
  

#Phishing

• TigerShark
  

#BruteForcing

• BruteDUM
  
• WBruter
  

#Password Tools

• Mentalist
  
• DCipher
  

#Network Scanners

• Nmap
  
• AttackSurfaceMapper
  
• aSnip
  
• wafw00f
  
• Arp-Scan
  
• Espionage
  
• Intrigue-Core
  

#HoneyPot Detection Systems

• HoneyCaught
  
• SniffingBear
  
• HoneyTel (telnet-iot-honeypot)
  

#Vulnerability Scanners

• Flan
  
• Rapidscan
  
• Yuki-Chan
  
• KatanaFramework
  
• OWASP-Nettacker
  
• Big IP Remote Execution Scanner

#Router Tools

• RouterSploit
  
• MkCheck
  
• Airgeddon
  

#WebApplication Scanners

• Sitadel
  
• OneFind
  
• AapFinder
  
• BFAC
  
• XSStrike
  
• finDOM-XSS
  
• XSS-Freak

#Website Scanners & Enumerators

• Nikto
  
• Blackwidow
  
• Wordpress
    --- WPScan
    --- WPForce/Yertle
  
• Zeus-Scanner
  
• Dirb
  
• DorksEye
  

#Web Mini-Games

• This was added in order to have a fun way to pass time
   during the more time intensive modules.
   Such as nMap Full Port scan or a RapidScan run.

  <!--#############           VGhlIERlYWQgQnVubnkgQ2x1Yg==           #############--!>