Sifter Fully Loaded Operations Center for Pentesters
Sifter Fully Loaded Operations Center for Pentesters
Security
·4 min read

Sifter: Fully Loaded Operations Center for Pentesters

Sifter is a fully stocked Op Centre for Pentesters. Made up of over 80 different tools. It combines a plethara of OSINT, recon and vulnerability analysis tools within catagorized modsets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the ‘blue’ vulnerabilities within microsoft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.

Gathered info is saved to the results folder, these output files can be easily parsed over toΒ TigerSharkΒ in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.

Notice

If you are the developer of any of the tools within Sifter and don’t think your tool is being utilized to its full potential please let me know and i will take another look or optionally you can make an edit to the execution script of your specific tool and submit a pull request and I will review it within 12hrs

Sifter Plugins

  • – G – Sifter’s g extension gives a GUI overlay
  •   ‘–> Built on top of eDEX-UI
  • – F – Sifter’s f extension provides the DanderFuzz Exploitational Plugin for Sifter
  •   ‘–> Framework created by the EquationGroup courtesy of The Shadow Brokers
  • – M – Sifter’s m extension provided malware analysis tools.
  • – C – Sifter’s c extension is just a small script allowing CobaltStrike to be added to exploitation frameworks.
  •    (A copy of CobaltStrike will NOT be provided, You must provide your own)
Sifter main menu
Sifter main menu

Menu

Tested OS

Working on:

  • Kali
  • Parrot
  • Ubuntu
  • Linux (any distro)
  • Windows (Linux Subsystem with Docker and VcXsrc or KeX)

Works on windows with linux-subsystem but please ensure docker is properly installed and configured,
following the instructions from docker website

Untested on mac, though theoretically the same should apply to mac as windows – regarding docker install & tools

Important

Please do not run sifter or the install as ROOT user. Use a regular user and give permissions only when needed.

Note

If a scan does not work correctly at first, remove web-protocol from target. eg:

  • use target.com
  • instead of https;//target.com

Installation

For oneliner install (Deb Package), copy and paste the following code into a terminal:

wget https://github.com/s1l3nt78/sifter/releases/download/12/sifter_12.deb; sudo dpkg -i sifter_12.deb; sifter

For oneliner install (source), copy and paste the following into a terminal:

git clone https://github.com/s1l3nt78/sifter.git && cd sifter && bash install.sh

To install Sifter with plugins run: (Sifter Plugins can be found at https://github.com/Sifter-Ex)

git clone --recursive https://github.com/s1l3nt78/sifter; cd sifter; bash install.sh

Modules

  • Enterprise Information Gatherers
  1. theHarvester
  2. Osmedeus
  3. ReconSpider
  4. Emagnet
  5. CredNinja
  6. OSINT-Framework
  • Targeted Information Gatherers
  1. Maryam
  2. Seeker
  3. Sherlock
  4. E2P (Email2Phone)
  5. CardPwn
  6. iKy
  7. GHunt
  • Domain Recon Gathering
  1. DnsTwist
  2. Armory
  3. SpiderFoot
  4. Pulsar
  5. SubFinder
  6. SubDover
  • Microsoft Exploitation
  1. ActiveReign
  2. iSpy
  3. SMBGhost
      – SMBGhost Scanner
      – SMBGhost Exploit
  • Website Exploiters
  1. DDoS
      – Dark-Star
      – Impulse
      – UFONet
  2. NekoBot
  3. xShock
  4. VulnX
  • Exploit Searching
  1. FindSploit
  2. ShodanSploit
  3. GitSearcher
  • Post-Exploitation
  1. EoP Exploit (Privilege Escalation Exploit)
  2. Potatoes
      – BadPotato
      – SweetPotato
  3. PEAS
      – winPEAS
      – linPEAS
  4. WinPwn
  5. CredHarvester
  6. PowerSharp
  7. ACLight2
  8. PowerHub
  9. InveighZero
  • Exploitation Frameworks
  1. DanderFuzz – Equation Group, Courtesy of the Shadow Brokers
      - FuzzBunch
      - Danderspritz
     (Provided by the F plugin.)
  2. CobaltStrike
      (Provided by the C plugin.)
  3. PHPSploit
  4. Thoron
  5. Metasploit
  • Phishing
  1. TigerShark
  • BruteForcing
  1. BruteDUM
  2. WBruter
  • Password Tools
  1. Mentalist
  2. DCipher
  3. Ciphey
  • Network Scanners
  1. nMap
  2. WebMap
  3. AttackSurfaceMapper
  4. aSnip
  5. wafw00f
  6. Arp-Scan
  7. Espionage
  8. Intrigue-Core
  9. Responder
See also
  • HoneyPot Detection Systems
  1. HoneyCaught
  2. SniffingBear
  3. HoneyTel (telnet-iot-honeypot)
  4. HFish
  • Vulnerability Scanners
  1. Flan
  2. Rapidscan
  3. Yuki-Chan
  4. Katana-VF (Vulnerability Framework)
  5. OWASP-Nettacker
  6. Big IP Remote Execution Scanner
  7. WeblogicScanner
  8. Vailyn
  • Router Tools
  1. RouterSploit
  2. MkCheck
  3. Airgeddon
  • WebApplication Scanners
  1. Sitadel
  2. OneFind
  3. AapFinder
  4. reNgine
  • Website Scanners & Enumerators
  1. Nikto
  2. Blackwidow
  3. WordPress
      — WPScan
      — WPForce/Yertle
  4. Zeus-Scanner
  5. Dirb
  6. DorksEye
  7. Katana-DS (Dork Scanner)
  • Operational Security & Threat Analysis
  1. EventCleaner
  2. Threat Dragon
  3. TruffleSNout
  4. Snaffler
  5. Mitre-Attack Website
  • Cross-Site Scripting & SQL Injection
  1. SQLinjection
      — WhiteWidow
      — V3n0M-Scanner
  2. Cross-Site Scripting
      — XSStrike
      — finDOM-XSS
      — XSS-Freak
  • Web Mini-Games

This was added in order to have a fun way to pass timeduring the more time intensive modules. Such as nMap Full Port scan or a RapidScan run.

Sifter Help menu
Sifter Help menu
Dark Mode

sifter (this link opens in a new window) by s1l3nt78 (this link opens in a new window)

Sifter aims to be a fully loaded Op Centre for Pentesters

32 Subscribers 517 Watchers 129 Forks Check out this repository on GitHub.com (this link opens in a new window)

Privacy settings

Decide which cookies you want to allow. You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function. Learn more about the cookies we use.

With the slider, you can enable or disable different types of cookies:

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected

This website won't

  • Remember your login details
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country

This website won't

  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions

This website won't

  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website won't

  • Remember your login details
Save & Close