Sifter - recon & vulnerability scanner

Sifter is a OSINT, recon & vulnerability scanner. It incorporates a plethara of tools within different module sets that tries to cover every attack vector. Allowing you to quickly perform recon tasks and organize the results in one place. From OSINT to Recon, Exploitation, Post-Exploitation, OpSec, Threat Analysis, XSS, SQLinjection, Network Scanner and manymore


@Codename: Gemin1
@Version : 10.5
@Revision: F

[Gemin1's] latest release's zip package can be downloaded from here
[Gemin1's] latest .deb package is also available for download from here
Older Releases can be found here

Sifter Plugins

# Released Extentions - G - Sifter's g extention gives a GUI overlay
'--> Built on top of eDEX-UI
- F - Sifter's f extention provides the DanderFuzz Exploitational Plugin for Sifter
'--> Framework created by the EquationGroup courtesy of The Shadow Brokers


__ Version: 10.5F _|_ Gemin1 __ - XSS-Loader - XSS Payloader generator
- DeadTrapv2 - An OSINT tool to track down footprints of a phone number
- GHunt - GHunt is an OSINT tool to extract information from any Google Account using an email.
- TruffleSnout - Interactive AD discovery toolkit for offensive operators, focused on Situational awareness.
  '--> Preference for OpSec.
- BetterSafetyKatz - Modified fork of SafetyKatz dynamically patching runtime, based on detected signatures using SharpSploit DInvoke to get it into memory - CVE-2018-8120 - Added for extra Privilege Escalation options on a targte session - Typing info into any menu will bring up the Module Information Screen.

# Removed
  • Omega’s repo has been removed, therefore unavailable for new clones.

    If you already had omegas repo, you will still be able to use this module though.

  • SayDog has been removed due to being a program meant mainly for termux.




Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the ‘blue’ vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.

Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test.

Setup Video

Demo Video (of Version 6-7. Newer tools and modules arent covered) - Its long, but you can skip

through to get the general idea. Most modules are explained along with demos of a lot of the tools.

Tested OS

Working on: - Kali
	    - Parrot
	    - Ubuntu
	    - Linux (any distro)
	    - Windows (Linux Subsystem with Docker and VcXsrc installed correctly - for xterm use)

Works on windows with linux-subsystem but please ensure docker is properly installed and configured,

following the instructions from docker website

nMap doesn’t work on windows, due to port issues

but Zenmap (nMap GUI) can be used instead. A few other issues may arise too.

Untested on mac, though theoretically the same should apply to mac as windows - regarding docker install & tools


If a scan does not work correctly at first, remove web-protocol from target. eg:


[!] For oneliner install (Deb Package), copy and paste the following code into a terminal:
$ wget && sudo dpkg -i sifter_10.5_F.deb && sifter

[!] For oneliner install (source), copy and paste the following into a terminal:
$ git clone && cd sifter && bash

[!] Sifter Plugins can be found at


  • Click to Expand
#Enterprise Information Gatherers - theHarvester
- Osmedeus
- ReconSpider
- CredNinja
- OSINT-Framework
#Targeted Information Gatherers - Maryam
- Seeker
- Sherlock
- xRay
- E2P (Email2Phone)
- CardPwn
- iKy
- GHunt
#Domain Recon Gathering - DnsTwist
- Armory
- SpiderFoot
- Pulsar
- SubFinder
- SubDover
#MicroSoft Exploitation - ActiveReign
- iSpy
- SMBGhost
  -- SMBGhost Scanner
  -- SMBGhost Exploit
#Website Exploiters - DDoS
  -- Dark-Star
  -- Impulse
  -- UFONet
- NekoBot
- xShock
- VulnX
#Exploit Searching - FindSploit
- ShodanSploit
#Post-Exploitation - EoP Exploit (Privilege Escalation Exploit)
- Potatoes
  -- BadPotato
  -- SweetPotato
  -- winPEAS
  -- linPEAS
- WinPwn
- CredHarvester
- PowerSharp
- ACLight2
- PowerHub
- InveighZero
#Exploitation Frameworks + DanderFuzz - Equation Group, Courtesy of the Shadow Brokers
  - FuzzBunch
  - Danderspritz
 (Provided by the F plugin.)

+ NevrrMore - Private Exploitation framework I've been developing that will
  not be released opensource. Due to certain 0days and other exploits/tools
  it would cause too much unintentional/illintentioned damage.

+ Thoron
+ Metasploit
#Phishing + TigerShark
#BruteForcing + BruteDUM
+ WBruter
#Password Tools - Mentalist
- DCipher
- Ciphey
#Network Scanners - Nmap
- AttackSurfaceMapper
- aSnip
- wafw00f
- Arp-Scan
- Espionage
- Intrigue-Core
#HoneyPot Detection Systems - HoneyCaught
- SniffingBear
- HoneyTel (telnet-iot-honeypot)
- HFish
#Vulnerability Scanners - Flan
- Rapidscan
- Yuki-Chan
- Katana-VF (Vulnerability Framework)
- OWASP-Nettacker
- Big IP Remote Execution Scanner
#Router Tools - RouterSploit
- MkCheck
- Airgeddon
#WebApplication Scanners - Sitadel
- OneFind
- AapFinder
- reNgine
#Website Scanners & Enumerators - Nikto
- Blackwidow
- Wordpress
  --- WPScan
  --- WPForce/Yertle
- Zeus-Scanner
- Dirb
- DorksEye
- Katana-DS (Dork Scanner)
#Operational Security & Threat Analysis - EventCleaner
- Threat Dragon
- TruffleSNout
#Cross-Site Scripting & SQL Injection - SQLinjection
  --- WhiteWidow
  --- V3n0M-Scanner
- Cross-Site Scripting
  --- XSStrike
  --- finDOM-XSS
  --- XSS-Freak
#Web Mini-Games - This was added in order to have a fun way to pass time
 during the more time intensive modules.
 Such as nMap Full Port scan or a RapidScan run.

Other Projects

All information on projects in development can be found here.
For any requests or ideas on current projects please submit an issue request to the corresponding tool.
For ideas or collaboration requests on future projects., contact details can be found on the page.

GitHub Pages can be found here.
- MkCheck = MikroTik Router Exploitation Tool
- TigerShark = Multi-Tooled Phishing Framework