Home · Blog · Projects

Michael Henriksen Michael Henriksen


Gitrob Reconnaissance tool for GitHub organizations

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information. Read the blog post for more information.

AQUATONE A tool for domain flyovers

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.

Birdwatcher Data analysis and OSINT framework for Twitter

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be envoked to further enrich collected data or work with it, e.g. Retrieving user's Klout score, generating social graphs between users and weighted word clouds based on their Tweets.

Searchpass Quickly find default credentials for network equipment and web applications

Searchpass is a simple tool for offline searching of default credentials for network devices, web applications and more.

HIBP Check e-mail addresses against the haveibeenpwned.com API

HaveIBeenPwned.com is a fantastic and free web service to check if an e-mail address is included in a collection of high profile data breaches. HIBP is a simple command line tool to check a bunch of addresses against the HaveIBeenPwned.com API.

Dolus Spread disinformation when you browse with fake proxy server information

Dolus is a simple Add-on for the Firefox browser that will add a X-Forwarded-For header with a fake IP address to all the browser's requests. The X-Forwarded-For header is used by transparent proxies to tell servers which IP address they are forwarding requests for and because of that, many servers will log that IP instead of the actual requesting IP address. The Add-on can give some potential extra anonymity, but it is not a replacement for a VPN or anonymity software like Tor!

Diceware Passphrase Generator Secure Diceware passphrase generator

Diceware is a method for creating secure passphrases. The normal procedure requires several rolls with a die which can be pretty time consuming, but the Diceware Passphrase Generator simulates this procedure in code to make it much faster. The passphrase generation is done with client-side Javascript, so no passphrase is ever transfered over the wires, and the Javascript code is delivered over TLS/SSL which provides reasonable protection against tampering.

HackPad Useful tools and functions for web application security assessments

HackPad is a web application hacker's toolbox. It is meant as a central place to access all the common encoding and decoding functions that are often used when doing a security assessment on a web application. All functions are implemented in client-side Javascript, so there is no risk of leaking sensitive data.