• 520@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    3
    ·
    9 months ago

    This is not a standard tool. This is an offensive security (aka hacking tool).

    The hacking community does not want people like the one in the post.

      • 520@kbin.social
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        9 months ago

        There is one core difference. In regular open source projects, lack of layman accessibility is considered a bug.

        For offensive security tools such as in OP’s post, it simply isn’t a consideration because the audience for these tools are not laymen, therefore they aren’t designed with laymen in mind.

        In fact there’s something of an incentive to keep laymen out because people just hitting random buttons without serious consideration of what they are doing can land people in jail.

        They’re designed with the offensive security community in mind, of which even the most rookie members think nothing of firing up terminal and entering some nifty commands.

          • 520@kbin.social
            link
            fedilink
            arrow-up
            4
            arrow-down
            2
            ·
            9 months ago

            Sherlock is an Open Source Intelligence (OSINT) tool. It is specifically made to gather information on a target, which is always step 1 of an attack.

            We can agree to disagree on whether it constitutes an attack tool, however it is clearly made with red teamers in mind.

            • mods_are_assholes@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              2
              ·
              9 months ago

              So I guess ping is a hacking tool now too huh?

              There isn’t a fuckdamn single drop of intellectual honesty in any of these comments.

              • 520@kbin.social
                link
                fedilink
                arrow-up
                4
                arrow-down
                1
                ·
                edit-2
                9 months ago

                So I guess ping is a hacking tool now too huh?

                Does ping have the potential to lead you almost directly to a potential attack path? Because Sherlock can.

                There isn’t a fuckdamn single drop of intellectual honesty in any of these comments.

                Well what the fuck would I know? I’ve only been a pentester/red teamer for 8 fucking years.

                Hey, wanna know what’s by far the most useful tool in a red teamer/attacker’s arsenal?

                A fucking notepad!

                Because the process isn’t about tapping a few fucking buttons and you’ve hacked into the mainframe. You gather information. You make links. You poke and prod at stuff. You try to keep a low profile while you also try to figure out where your objective is. Then, and only then, you make a final plan and go for the objective.