Overview
Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the ‘blue’ vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.
Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.
Setup Video
Demo Video (of Version 6-7. Newer tools and modules arent covered) – Its long, but you can skip
through to get the general idea. Most modules are explained along with demos of a lot of the tools.
Tested OS
Working on: - Kali
- Parrot
- Ubuntu
- Linux (any distro)
- Windows (Linux Subsystem with Docker and VcXsrc installed correctly - for xterm use)
Works on windows with linux-subsystem but please ensure docker is properly installed and configured,
following the instructions from docker website
Untested on mac, though theoretically the same should apply to mac as windows – regarding docker install & tools
NOTE!!
If a scan does not work correctly at first, remove web-protocol from target. eg:
- use target.com
- instead of https;//target.com
Installation:
[!] For oneliner install (Deb Package), copy and paste the following code into a terminal:
*
$ wget https://github.com/s1l3nt78/sifter/releases/download/v11/sifter_11.deb; sudo dpkg -i sifter_11.deb; sifter
[!] For oneliner install (source), copy and paste the following into a terminal:
*
$ git clone https://github.com/s1l3nt78/sifter.git && cd sifter && bash install.sh
[!] Sifter Plugins can be found at https://github.com/Sifter-Ex
[!] To install Sifter with plugins run:
*
$ git clone --recursive https://github.com/s1l3nt78/sifter; cd sifter; bash install.sh
Modules:
- Click to Expand
#Enterprise Information Gatherers – – – – – #Targeted Information Gatherers – – – – – – – – – #Domain Recon Gathering – – – – – – #MicroSoft Exploitation – – – – – #Website Exploiters – – – – – – – #Exploit Searching – – #Post-Exploitation – – Potatoes – – – PEAS – – – – – – – – #Exploitation Frameworks + – Equation Group, Courtesy of the Shadow Brokers - FuzzBunch - Danderspritz (Provided by the plugin.) + – Private Exploitation framework I’ve been developing that will be released opensource. Due to certain 0days and other exploits/tools it would cause too much unintentional/illintentioned damage. + + #Phishing + #BruteForcing + + #Password Tools – – – #Network Scanners – – – – – – – – #HoneyPot Detection Systems – – – – #Vulnerability Scanners – – – – – – #Router Tools – – – #WebApplication Scanners – – – – – #Website Scanners & Enumerators – – – — — – – – – #Operational Security & Threat Analysis – – – #Cross-Site Scripting & SQL Injection – — — – — — — #Web Mini-Games – This was added in order to have a fun way to pass time during the more time intensive modules. Such as nMap Full Port scan or a RapidScan run. ———————————————————————————————————————
Other Projects
All information on projects in development can be found here.
For any requests or ideas on current projects please submit an issue request to the corresponding tool.
For ideas or collaboration requests on future projects., contact details can be found on the page.
GitHub Pages can be found here.
– MkCheck = MikroTik Router Exploitation Tool
– TigerShark = Multi-Tooled Phishing Framework
<!--############# VGhlIERlYWQgQnVubnkgQ29sbGVjdGl2ZQ== #############--!>
Download: https://github.com/s1l3nt78/sifter
