• Stars
    star
    176
  • Rank 216,987 (Top 5 %)
  • Language
    Shell
  • License
    MIT License
  • Created almost 4 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.

Last updated on 2020/12/29

Introduction

Lilly Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.

Usage

root@me_dheeraj:$ bash lilly.sh
[-] Argument: -d/--domain target.com -a/--api Required

       Usage: ./lilly.sh -d/--domain target.com -a/--api premium_api

Output will be saved in output/target.com-YYYY-MM-DD directory
Prerequisites
  • python3
  • jq
  • pip3 install shodan
  • pip3 install mmh3
  • Shodan Member Account & API
  • httpx @pdiscoveryio
  • Multi-Threading interlace - @codingo

Tool of the week

https://blog.intigriti.com/2021/01/06/bug-bytes-104-cache-poisoning-dos-burp-themes-a-couple-of-facebook-account-takeovers/

More Repositories

1

4-ZERO-3

403/401 Bypass Methods + Bash Automation + Your Support ;)
Shell
1,100
star
2

karma_v2

โกทโ ‚๐š”๐šŠ๐š›๐š–๐šŠ ๐šŸ๐Ÿธโ โขพ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
Shell
776
star
3

back-me-up

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
Shell
140
star
4

karma_v1

KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Ports.
Shell
58
star
5

notes

Bug Bounty & Other Stuff
51
star
6

subzzZ

SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.
Shell
37
star
7

Prototype-Pollution-Lab_me_dheeraj

Prototype-Pollution-Lab to chain the vulnerabilities between multiple accounts.
JavaScript
13
star
8

Dheerajmadhukar

Director | Trainer at CDAC Under The Ministry of Electronics and Information | Corporate Trainer at Indian Air Force Under the Ministry of Defense ... Jai Hind
10
star
9

BB-Hunt-A-Day

A simple mind map with some automation/bash commands/tools execution. I hope it may help you all :)
7
star
10

GitApp

GITAPP : Tool will display all data URLs from GitHub including XML, JSON, Java, Text, Kotlin, Ruby, Markdown, CSV, Python, PHP, GO, YAML, Elixir, C++, JavaScript, HTML & many more . . .
Shell
7
star
11

Insecure-Comparison-Lab_me_dheeraj

Insecure Comparison in JavaScript. CTF written in nodejs Express module.
HTML
5
star
12

oh-my-dorks

HTML
4
star
13

community

For US
3
star
14

fdns

To resolve IP/Domain to check the correct resolver.
Shell
2
star