Welcome to the Prometheus repo!
Prometheus is a collection of two recon scripts for Red Team and Web blackbox auditing:
- asset_discovery: a small script that allows to perform DNS asset discovery, Nuclei scans, determine used technologies, find known URLs, take screenshots of found web assets by combining the output of several tools.
- blackbox_audit: script that does a lot of blackbox tests (Ping, Nmap, DNS+DNSSec tests, sslscan + testssl) on a set of hosts you provide to the script.
To start, check the Installation page and the Recommended User Guide that describes the usage of the tool with a Docker container and a simple wrapper script.
Alternatively you can check the Not Recommended User Guide that describes the usage of the recon scripts without Docker container.
This tool is intended for educational purposes only. Performing hacking attempts on computers that you do not own (without permission) is illegal! Do not attempt to gain access to devices that you do not own.
Subdomain Discovery:
- subfinder (https://github.com/projectdiscovery/subfinder)
- findomain (https://github.com/Findomain/Findomain)
- aiodnsbrute (https://github.com/blark/aiodnsbrute)
- SANextract (https://github.com/hvs-consulting/SANextract)
Additionnal Tools:
- httpx (https://github.com/projectdiscovery/httpx)
- nuclei (https://github.com/projectdiscovery/nuclei)
- gau (https://github.com/lc/gau)
- webanalyze (https://github.com/rverton/webanalyze)
- eyewitness (https://github.com/RedSiege/EyeWitness)
- wafw00f (https://github.com/EnableSecurity/wafw00f)
- nslookup
- dig
- ping
- nmap
- testssl.sh (https://github.com/drwetter/testssl.sh)
- ssh-audit (https://github.com/jtesta/ssh-audit)
- httpmethods (https://github.com/ShutdownRepo/httpmethods)
- gau (https://github.com/lc/gau)
- webanalyze (https://github.com/rverton/webanalyze)
- wafw00f (https://github.com/EnableSecurity/wafw00f)
- gowitness (https://github.com/sensepost/gowitness)