jonathandata1/cyfon jonathandata1/cyfon

  • Stars
    star
    127
  • Rank 282,790 (Top 6 %)
  • Language
    Shell
  • Created over 3 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
jonathandata1/cyfon
github

jonathandata1

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

bug bounty pull all subdomain data, hacker tools

CyFon Tools

Description: Hacking Tools - Bug Bounty, Mobile, Web, IOT, Cloud, Network, Hardware, ReCon Tools

Author: Jonathan Scott Villarreal @jonathandata1

Distribution - Unlimited, you can use these tools anyway and anyhow you want to

CURRENT VERSION 2.0

NEW: Method 7

Subdomain Status Code, Get the status code for all subdomains and top level domain

Update: Method 6

web based visual output

VIDEO EXAMPLES

CyFon 1.4 - Hacking Tools, Bug Bounty Tools, Android, Web Recon Tools

CyFon 1.2 - Hacking Tools, Bug Bounty Tools, Android, Web Recon Tools

CyFon Main - Hacking Tools, Bug Bounty Tools

CWGET Master 1 - Hacking Tools, Bug Bounty Tools

Dependencies

If you are on on a MacOS you will need to install brew package manager

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Pup

MacOS & Linux

brew install pup

For a nice selection tool for the single apk download you will need to install peco

MacOS

brew install peco

Linux

sudo apt install peco

To unpack the android apks you will need to install apk tool

MacOS

brew install apktool

Linux

sudo apt install apktool

ADB (Android Debug Bridge) must be installed is installed

MacOS

brew install android-platform-tools

Linux

sudo apt-get install android-tools-adb

CSV to Table

pip3 install csvtotable

You also need to know how enable ADB for the device you are testing on.You also need to know how enable ADB for the device you are testing on.

Tools Included So Far

Sub Domain Scrape - The program will pull down all subdomain data This is useful in bugbounty hunting because a lot of companies leave dev code on their servers, zip files, txt passwords and more

Wget Master 1 - This line of code will pull all absolute URLS from whatever site you throw at it, it is a very clean 1 liner, you can add subdomains as well

Pull All System APKs - This program will pull all system apks from your android device and unpack them

Pull Single APK - This program will allow you to select and pull any apk on your device instead of downloading all. The apk will then be unpacked so you can start to search for vulnerabilities

WADL PARSE - This program will find the base of the .wadl path, and combine it with the resource paths to form full API endpoints for recon

Dump All Android Secret Codes - This will dump all android secret codes and show the system package associated to the secret code.

Using the codes depends on your device

Here are the 3 ways

More Repositories

1

pegasus_spyware

decompiled pegasus_spyware
Smali
1,997
star
2

ios_15_rce

Remote Code Execution V1 For iOS 15 sent through airdrop after the device was connected to a trusted host
JavaScript
314
star
3

2022_beijing

Decompiled 2022 Beijing iOS & Android Apps
HTML
236
star
4

Goliad

OpenVPN Project Dynamically Pulling .ovpn configuration files for instant connections without the hassle of searching for a source
Shell
140
star
5

pegasus_spyware_detection_utils_ios_aos

After extensive research and understanding of how Pegasus Spyware is operating inside of iOS and AndroidOS systems I have created tools that will be able to identify & validate the presence of the spyware on your mobile devices, and tablets. Initial detection points were derived from the mvt-project.
Roff
72
star
6

tyr

Android Recon & Research Tools
Shell
71
star
7

mobile_forensics

Methods & Tools for Mobile Malware Spyware & Forensics
Roff
60
star
8

atsend

Send AT Commands To Samsung & LG Devices Better Easier Than You Ever Imagined
Shell
36
star
9

departmentofdefense

A list of Department of Defense Endpoints to check for DoD VDP (Vulnerability Disclosure Program)
33
star
10

microsoft_azure_personally_identifiable_info_leak

Microsoft Azure Told Me This Was No Big Deal, and by default users data from an organization you are part of is leaking in aad.portal.azure.com, the access in my report is not disabled by default and gives a general user the ability to create tenants, assign users to a tenant, assign roles, and invite external users. Most organizations do not even know these permissions exist. When I first found this data leak there were 100,000+ exposed PII points, and the organization immediately fixed it. When I reported this to Microsoft they said this is how it is supposed to work. Enjoy - Jonathan Scott
32
star
11

ios_15.0.2_RCE_V2.1

iOS 15.0.2 RCE v2.1 Airdrop Delivered Data Wipe
JavaScript
30
star
12

mass_data_parse

Parse Through Gigs of Data with 1 line of code!
Shell
29
star
13

phone_hacking_6

Phone Hacking Series 6 - iPhone Backdoor - binaries
Perl
25
star
14

ios_logging

Mobileconfigurations that you will need to get extensive iOS logs
22
star
15

ios_15.0.1_entitlements_dump

Full Dump of iOS 15.0.1 Entitlements
20
star
16

io

Monitor Live USB Plug In & Plug Out Events
Python
18
star
17

bash_deploy

Create BASH Script Binaries, Historical Versions of Your Scripts & Binaries, Never create an alias again, never use sh or ./ to execute a shell script anywhere in your terminal
Shell
18
star
18

ios_15.0.2_data_leak

ISO.org Data Leak Due to Apple's failure to validate link references from a 2015 code comment
18
star
19

iOS-15-Siri-Database-Persistance-When-Not-Enabled

Part of my iOS 15 experiment shows shows all the data that Siri is collecting even though I have NEVER enabled siri on my iPhone 11 Pro
14
star
20

android_wipe

Bypass Auth Android Data Wipe
14
star
21

Pegasus-CatalanGate-False-Positives

Using Citizen Lab and Amnesty's mvt-tool I detected false positive results of spyware infection due to manual manipulation of "known" malicious domains
13
star
22

verizon_data_leak

Verizon Media Data Leak - PII & PHI - Verizon Claims No Server Issue
10
star
23

Vendor-ID-Product-ID-Search

Easily Input Vendor ID's & Product ID's of USB Devices
Shell
10
star
24

Forging-Pegasus

Showing how MVT-Tool can create false positive Pegasus spyware results
8
star
25

cleanc0de

JavaScript
7
star
26

ghidra_dump

NSA ghidra tools strings dump
6
star
27

Car-Vin-Lookup

Easily Lookup Car Vin Data
5
star
28

verizon_samsung_auto_enable_adb

Verizon Spyware Tech
Shell
5
star
29

qhash

easily identify a hash or encoding by pasting the hash into your terminal
4
star
30

bad_keyboard_arduino

Turn your arduino into a bad keyboard that will execute keyboard strokes on plugin
3
star
31

MMS_Exploit_Endpoints

2
star
32

Amnesty-Investigations-Fact-Check

1
star