Dheerajmadhukar/Lilly Dheerajmadhukar/Lilly

  • Stars
    star
    168
  • Rank 218,910 (Top 5 %)
  • Language
    Shell
  • License
    MIT License
  • Created over 3 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Dheerajmadhukar/Lilly
github

Dheerajmadhukar

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.

Last updated on 2020/12/29

Introduction

Lilly Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.

Usage

root@me_dheeraj:$ bash lilly.sh
[-] Argument: -d/--domain target.com -a/--api Required

       Usage: ./lilly.sh -d/--domain target.com -a/--api premium_api

Output will be saved in output/target.com-YYYY-MM-DD directory
Prerequisites
  • python3
  • jq
  • pip3 install shodan
  • pip3 install mmh3
  • Shodan Member Account & API
  • httpx @pdiscoveryio
  • Multi-Threading interlace - @codingo

Tool of the week

https://blog.intigriti.com/2021/01/06/bug-bytes-104-cache-poisoning-dos-burp-themes-a-couple-of-facebook-account-takeovers/

More Repositories

1

4-ZERO-3

403/401 Bypass Methods + Bash Automation + Your Support ;)
Shell
997
star
2

karma_v2

β‘·β ‚πš”πšŠπš›πš–πšŠ 𝚟𝟸⠐Ⓘ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
Shell
684
star
3

back-me-up

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
Shell
107
star
4

karma_v1

KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Ports.
Shell
58
star
5

notes

Bug Bounty & Other Stuff
49
star
6

subzzZ

SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.
Shell
37
star
7

Prototype-Pollution-Lab_me_dheeraj

Prototype-Pollution-Lab to chain the vulnerabilities between multiple accounts.
JavaScript
12
star
8

Dheerajmadhukar

Director | Trainer at CDAC Under The Ministry of Electronics and Information | Corporate Trainer at Indian Air Force Under the Ministry of Defense ... Jai Hind
10
star
9

BB-Hunt-A-Day

A simple mind map with some automation/bash commands/tools execution. I hope it may help you all :)
7
star
10

GitApp

GITAPP : Tool will display all data URLs from GitHub including XML, JSON, Java, Text, Kotlin, Ruby, Markdown, CSV, Python, PHP, GO, YAML, Elixir, C++, JavaScript, HTML & many more . . .
Shell
7
star
11

Insecure-Comparison-Lab_me_dheeraj

Insecure Comparison in JavaScript. CTF written in nodejs Express module.
HTML
5
star
12

oh-my-dorks

HTML
4
star
13

community

For US
3
star
14

fdns

To resolve IP/Domain to check the correct resolver.
Shell
2
star