Password sniffing tools
Password sniffing tools are typically used for password discovery and password sniffing.
Users for these tools include pentesters, security professionals.
Bucket Stream (AWS S3 bucket discovery using CT logs)
discovery of sensitive information, information leak detection, penetration testing, reconnaissance
Bucket Stream can be used to discover AWS S3 buckets. This tool may be helpful during reconnaissance and security assessments. As it does not include active scanning on the target itself, it is a passive way of finding information. This is a huge benefit, as you don't have to guess or brute-force the names.
LaZagne (password retrieval and recovery tool)
data extraction, information gathering, password discovery, password recovery
The LaZagne tool can be a good addition to the toolkit of pentesters or forensic specialists to recover sensitive details from systems. For a pentester, this typically means that limited access has been gained. By trying to find passwords from local applications, the step to other applications or privilege level might be possible. For example, a password that is shared among multiple services, or even finding an administrator password.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.