CodeFactor






Sifter

s1l3nt78
The Dead Bunny Club
Because enumeration is key


# Release

   @Codename: AdamantiuM
   @Version : 8.6

# Additions:

- OSINT-Framework -Web-based OSINT-Framework
- InveighZero - Post-Exploitation tool to be used on an exploited session with low privileges
- CardPwn - OSINT Tool to find Breached Credit Cards Information
- Spiderfoot - Integrates mulpitple tool & data snslysis sources, making that data easy to navigate    from an HTTP panel.
- Intrigue-Core - Automation & orchestration framework geared towards data collection & Attack    Surface Mapping
- WBruter - Bruteforce Android Lock pin (USB Debugging must be enable but root is not needed)
- ODIN - Key feature is the data management and reporting.
'-->  Database can be converted into an HTML report or a Neo4j graph database for visualizing      the data.
- UFONet - P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks
- OWASP-Nettacker - vulnerability scanning and eventually generating a report for networks,
  including services, bugs, vulnerabilities, misconfigurations, and other information.

Anonsurf - Added to Anonymise your system while running recon or OSINT tasks

# Overview

Sifter is a osint, recon & vulnerability scanner. It combines a plethara
of tools within different module sets in order to quickly perform recon tasks,
check network firewalling, enumerate remote and local hosts, and scan for the 'blue'
vulnerabilities within microsft and if unpatched, exploit them. It uses tools like
blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.
Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark
in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.

Setup Video
Demo Video - Its long, but you can skip through to get the general idea.
Most modules are explained along with demos of a lot of the tools

# Releases

The latest release can be downloaded here
Older Releases can be found here


# Tested OS

Working on: - Kali
     - Parrot
     - Ubuntu
     - Linux (any distro)

Works on windows with linux-subsystem but please ensure docker is properly installed and configured,
following the instructions from docker website
Untested on mac, though theoretically the same should apply to mac as windows - regarding docker install & tools

# NOTE!!

If a scan does not work correctly at first, remove web-protocol from target.
eg. target.com - instead of http://target.com

# Installation:

      * This will download and install all required tools
      *
      $ git clone https://github.com/s1l3nt78/sifter.git
      $ cd sifter
      $ chmod +x install.sh
      $ ./install.sh
      *
      * For oneliner install, copy and paste the following code into a terminal
      *
      $ git clone https://github.com/s1l3nt78/sifter.git && cd sifter && bash install.sh


Menu:


Modules

- theHarvester
- Osmedeus
- ReconSpider
- CredNinja
- OSINT-Framework

- Maryam
- Seeker
- Sherlock
- xRay
- E2P (Email2Phone)
- ODIN
- CardPwn

- DnsTwist
- Armory
- SayDog
- SpiderFoot

- ActiveReign
- iSpy
- SMBGhost
  -- SMBGhost Scanner
  -- SMBGhost Exploit

- DDoS
  -- Dark-Star
  -- Impulse
  -- UFONet
- NekoBot
- xShock
- VulnX

- FindSploit
- ShodanSploit

- EoP Exploit (Privilege Escalation Exploit)
- Omega
- WinPwn
- CredHarvester
- PowerSharp
- ACLight2
- PowerHub
- InveighZero

+ FuzzyDander - Equation Group, Courtesy of the Shadow Brokers
(Obtained through issue request.)
  - FuzzBunch
  - Danderspritz

+ NevrrMore - Private Exploitation framework I've been developing that will
  not be released opensource. Due to certain 0days and other exploits/tools
  it would cause too much unintentional/illintentioned damage.

+ TigerShark

+ BruteDUM
+ WBruter

- Mentalist
- DCipher

- Nmap
- AttackSurfaceMapper
- aSnip
- wafw00f
- Arp-Scan
- Espionage
- Intrigue-Core

- HoneyCaught
- SniffingBear
- HoneyTel (telnet-iot-honeypot)

- Flan
- Rapidscan
- Yuki-Chan
- KatanaFramework
- OWASP-Nettacker

- Sitadel
- OneFind
- AapFinder
- BFAC
- XSStrike
- finDOM-XSS
- XSS-Freak

- Nikto
- Blackwidow
- Wordpress
  --- WPScan
  --- WPForce/Yertle
- Zeus-Scanner
- Dirb
- DorksEye

- This was added in order to have a fun way to pass time
 during the more time intensive modules.
 Such as nMap Full Port scan or a RapidScan run.




Sifter Help Menu

    $ sifter   runs the programs bringing up the menu in a cli environment
    $ sifter   -c will check the existing hosts in the hostlist
    $ sifter   -a 'target-ip' appends the hostname/IP to host file
    $ sifter   -m Opens the Main Module menu
    $ sifter   -e Opens the Exploitation Modules
    $ sifter   -i Opens the Info-based Module menu
    $ sifter   -d Opens the Domain Focused Modules
    $ sifter   -n Opens the Network Mapping Modules menu
    $ sifter   -w Opens the Website Focused Modules
    $ sifter   -b Opens the Web-App Focused Module menu
    $ sifter   -p opens the password tools for quick passlist generation or hash decryption
    $ sifter   -v Opens the Vulnerability Scanning Module Menu
    $ sifter   -r Opens the results folder for easy viewing of all saved results
    $ sifter   -u Checks for/and installs updates
    $ sifter   -h This Help Menu



# Other Projects

All information on projects in development can be found here.
For any requests or ideas on current projects please submit an issue request to the corresponding tool.
For ideas or collaboration requests on future projects., contact details can be found on the page.

GitHub Pages can be found here.
- MkCheck = MikroTik Router Exploitation Tool
- TigerShark = Multi-Tooled Phishing Framework


#############      VGhlIERlYWQgQnVubnkgQ2x1Yg==      #############