Search the Community

Showing results for tags 'framework'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Premium Accounts
  • Modders Section
  • PRIV8-Section
  • Cracking Zone PRIV8
  • Carding Zone PRIV8

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 59 results

  1. OWASP Nettacker project is created to automate information gathering, vulnerability scanning, and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests. Future IoT Scanner Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… ) Asset Discovery & Network Service Analysis Services Brute Force Testing Services Vulnerability Testing HTTP/HTTPS Crawling, Fuzzing, Information Gathering and … HTML, JSON and Text Outputs API & WebUI This project is at the moment in research and development phase and most of the results/codes are not published yet. Changelog v0.0.1 First Release – drawing a line before adding new features and modules. This release is still contains known bugs and is compatible with both Python 2.7 and python 3.6 [hide][Hidden Content]]
  2. Begin creating beatiful desktop apps UIs fast 50+ components and counting... Guna Framework is the ultimate suite for creating groundbreaking desktop app UI and UX. It is for developers targeting the Windows Forms platform. Using Guna Framework guarantees faster development and improved productivity. You save much development effort and build, test and deploy faster than expected. It integrates with the Visual Studio (IDE) and helps you Design, Build, Test, Deploy and Update faster than expected, with great confidence! We are here to empower you! Supported Platforms Microsoft Visual Studio, .NET, Windows Forms, C# and VB.NET C# Winforms Controls & Components VB.NET Winforms Controls & Components Visual Studio Supported IDE Feature-rich UI Components and controls for all your desktop Winforms apps in C# and VB.NET On demand free support to help you design & build advanced desktop apps with our platform Extensively developed UI components to help you build the best & most engaging themes Unlimited .exe(s) deployments without any restrictions and/or limitations to you whatsoever Performance guaranteed with real life tried & tested components and libraries for your needs Best, unlimited and free support for you from the engineers who developed the platfrom Continuous improvement and innovation to meets all your dynamic and unique requirements Royalty free and no attribution required whatsoever, resulting in greater peace of mind Meet the most complex and challenging UI needs and demands with superior confidence [Hidden Content] [hide][Hidden Content]]
  3. ehtools framework Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it’s easy to install, set up, and utilize. Attacking frameworks Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program. An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself. An example of this we’ve covered is the Airgeddonframework, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what’s happening “under the hood” of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network. [hide][Hidden Content]]
  4. KILLSHOT A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner Why KillShot? You Can use this tool to Spider your website and get important information and gather information automatically using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automatically multiple types of the scan with nmap and unicorn. And With this tool, You can Generate PHP Simple Backdoors upload it manually and connect to the target using killshot This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find parameters of the site and scan xss and sql. Menu Site {0} Spider {1} Web technologie {2} WebApp Vul Scanner {3} Port Scanner {4} CMS Scanner {5} Fuzzers {6} Cms Exploit Scanner {7} Backdoor Generation {8} Linux Log Clear WebApp Vul Scanner {1} Xss scanner {2} Sql Scanner {3} Tomcat RCE Port Scanner [0] Nmap Scan [1] Unicorn Scan Nmap Scan [2] Nmap Os Scan [3] Nmap TCP Scan [4] Nmap UDB Scan [5] Nmap All scan [6] Nmap Http Option Scan [7] Nmap Live target In Network Unicorn Scan [8] Services OS [9] TCP SYN Scan on a whole network [01] UDP scan on the whole network Backdoor Generation {1} Generate Shell {2} Connect Shell LAST_Update v 1.5 [+] Fix setup error [+] Fix sql injection detect error [+] Add Typo3 Scanner (+brute force) [+] Detect Of the MX and NS [HIDE][Hidden Content]]
  5. Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. [HIDE][Hidden Content]]
  6. FrameDomain Framework - Find Subdomains Mode Of Execution: apt-get install python3 apt-get install git git clone [HIDE][Hidden Content]] cd FrameDomain pip3 install -r requierements.txt python3 FrameDomain.py
  7. REVOLTSHING v.2 - FRAMEWORK . IS A COMPLETE PHISHING SYSTEM. IT ALLOWS YOU TO CREATE WEBSITES WITH THE OBJECTIVE OF OBTAINING CREDENTIALS Mode Of Execution: apt-get install python3 apt-get install git git clone [HIDE][Hidden Content]] cd RevoltShing bash install.sh python3 Server.py python3 revoltshing.py TERMUX pkg install git git clone [HIDE] [Hidden Content]] cd RevoltShing pkg install python pkg install wget pip3 install wget pip3 install bs4 pip install bs4 python3 Server.py python3 revoltshing.py
  8. itsMe

    Pentest Tools Framework

    Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing About Pentest Tools Framework INFO: Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities. [HIDE][Hidden Content]]
  9. Opal Stealth post-exploitation framework for WordPress CMS What is it and why was it made? We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we would like to pass it on to the public!. ProjectOpal or Opal. It is a stealth post exploit framework for wordpress sites that can hide its trace from logs and obfuscate it’s way through the system! Fun cool features it creates an admin user that is hidden from all users including admins! just note its stored in the database so don’t forget to delete your traces. Features: These are features that Shadowlabs Team prides themself on based on this program: Bypass WAF(Web application firewall) Hidden/Stealth Let’s you login to any user Dump entire user entries Create a persistent admin account that is hidden Obfuscated implant Multi-functionality [HIDE][Hidden Content]]
  10. A Penetration Testing Framework, you will have the very script that a hacker needs Fsociety Contains All Tools Used In Mr. Robot Series Menu Fsociety Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation Contributors Install & Update Information Gathering : Nmap Setoolkit Host To IP WPScan CMS Scanner XSStrike Dork – Google Dorks Passive Vulnerability Auditor Scan A server’s Users Crips Password Attacks : Cupp Ncrack Wireless Testing : reaver pixiewps Bluetooth Honeypot Exploitation Tools : ATSCAN sqlmap Shellnoob Commix FTP Auto Bypass JBoss Autopwn Sniffing & Spoofing : Setoolkit SSLtrip pyPISHER SMTP Mailer Web Hacking : Drupal Hacking Inurlbr WordPress & Joomla Scanner Gravity Form Scanner File Upload Checker WordPress Exploit Scanner WordPress Plugins Scanner Shell and Directory Finder Joomla! 1.5 – 3.4.5 remote code execution Vbulletin 5.X remote code execution BruteX – Automatically brute force all services running on a target Arachni – Web Application Security Scanner Framework Private Web Hacking Get all websites Get Joomla websites Get wordpress websites Control Panel Finder Zip Files Finder Upload File Finder Get server users SQli Scanner Ports Scan (range of ports) ports Scan (common ports) Get server Info Bypass Cloudflare Post Exploitation Shell Checker POET Weeman [HIDE][Hidden Content]]
  11. [Hidden Content]
  12. fsociety Hacking Tools Pack – A Penetration Testing Framework Fsociety Hacking Tools Pack A Penetration Testing Framework, you will have every script that a hacker needs Fsociety Contains All Tools Used in Mr. Robot Series Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation Contributors Install & Update Information Gathering: Nmap Setoolkit Host To IP WPScan CMS Scanner XSStrike Dork - Google Dorks Passive Vulnerability Auditor Scan A server's Users Crips Password Attacks: Cupp Ncrack Wireless Testing: Reaver Pixiewps Bluetooth Honeypot Exploitation Tools: ATSCAN sqlmap Shellnoob Commix FTP Auto Bypass JBoss Autopwn Sniffing & Spoofing: Setoolkit SSLtrip pyPISHER SMTP Mailer Web Hacking: Drupal Hacking Inurlbr Wordpress & Joomla Scanner Gravity Form Scanner File Upload Checker Wordpress Exploit Scanner Wordpress Plugins Scanner Shell and Directory Finder Joomla! 1.5 - 3.4.5 remote code execution Vbulletin 5.X remote code execution BruteX - Automatically brute force all services running on a target Arachni - Web Application Security Scanner Framework Private Web Hacking: Get all websites Get joomla websites Get wordpress websites Control Panel Finder Zip Files Finder Upload File Finder Get server users SQli Scanner Ports Scan (range of ports) Ports Scan (common ports) Get server Info Bypass Cloudflare Post Exploitation: Shell Checker POET Weeman Installation Installation Linux bash <(wget -qO- [Hidden Content]) Follow This Video: [Hidden Content] Installation Download Termux bash <(wget -qO- [Hidden Content]) Follow This Video Arif - Tech Installation Windows Download Linux Bash Like Cygwin Download Python Use Google Cloud Console Cloud Shell Or Use Free Ubuntu VPS c9.io Docker Usage Dependecies Docker Docker-compose docker-compose build docker-compose up -d docker-compose exec fsociety fsociety docker-compose down # destroys instance Screenshots Download: [HIDE][Hidden Content]]
  13. ReconCobra Reconcobra is Foot printing software for Ultimate Information Gathering Kali, Parrot OS, Black Arch, Termux, Android Led TV Interface Software have 82 Options with full automation with powerful information gathering capability Brief Introduction ReconCobra is useful in Banks, Private Organisations and Ethical hacker personnel for legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorised access and intrusion. With the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. ReconCobra software can audit, firewall behaviour, if it is leaking backend machines/server and replying pings, it can find internal and external networks where many software’s like erp, mail firewalls are installed, exposing servers so it do Footprinting, Scanning & Enumeration as much as possible of target, to discover and collect most possible informations like username, web technologies, files, endpoint, api and much more. It’s first step to stop cyber criminals by securing your Infrastructural Information Gathering leakage. ReconCobra is false positive free, when there is something it will show no matter what, if it is not, it will give blank results rather error. University Course ReconCobra is now a part of International Hacking Trainings for OSINT Cybersecurity365.com OSINT for Reconnaissance trainings for CEH, CISSP, Security+, ITPA [HIDE][Hidden Content]]
  14. _____ _______ _____ _____ _____ _ _ _ _ | __ \ |__ __/ ____| __ \ / ____| | | | | | | | |__) |_____ _____ _ __ ___ ___| | | | | |__) | | (___ | |__| | ___| | | | _ // _ \ \ / / _ \ '__/ __|/ _ \ | | | | ___/ \___ \| __ |/ _ \ | | | | \ \ __/\ V / __/ | \__ \ __/ | | |____| | ____) | | | | __/ | | |_| \_\___| \_/ \___|_| |___/\___|_| \_____|_| |_____/|_| |_|\___|_|_| - By: @ZHacker13 - | Modules | - Show C2-Server Modules. - | Info | - Show Remote-Host Info. - | Upload | - Upload File from Local-Host to Remote-Host. - | Download | - Download File from Remote-Host to Local-Host. - | Screenshot | - Save Screenshot from Remote-Host to Local-Host. Tutorial: [Hidden Content] Download: [HIDE][Hidden Content]]
  15. Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android, iOS and Windows Mobile Applications and supports both binaries (APK, IPA & APPX ) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting. Changelog v3.0 Features or Enhancements OWASP Mobile Top 10 2016 is supported Major UI Update for MobSF Major Schema changes to rest API iOS URLs Scheme iOS ATS Analysis improved New iOS Static Analysis Rules New iOS Static Analysis Rules New Android Manifest Analysis Rules Updated dependencies Optimized Windows Setup Updated Scoring mechanisms Improved Tracker detection Remove Global Proxy after dynamic analysis Android Permission database update Added Play with Docker support AppMonsta support Code QA Bug Fixes Fix Security issue #1197 (Directory Traversal) iOS Static Analyzer fixes Typo Fix Moved to oscrypto and distro Windows binscope bug fix Reduce False positives [HIDE][Hidden Content]]
  16. w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. Video: [Hidden Content] Download: [HIDE][Hidden Content]]
  17. BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. Video: [HIDE] Download: [HIDE][Hidden Content]]
  18. About arissploit framework INFO: Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools. Why arissploit framework? Arissploit is free software INFO: This is a good platform to start learning penetration testing tools development for free! Simple UX/UI interface INFO: Arissploit has simple UX/UI! It is easy to understand and it will be easier for you to master the Arissploit Framework. A lot of different modules INFO: Arissploit includes wireless modules, bluetooth modules, web modules, network modules, file modules and generator modules. [Hidden Content]
  19. ehtools framework Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it’s easy to install, set up, and utilize. Attacking frameworks Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program. An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself. An example of this we’ve covered is the Airgeddonframework, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what’s happening “under the hood” of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network. Changelog v3.0 EPP updated to v4.0 Added EPP Crypto v1.4 Added login and password encryption Added KDE konsole support! Added ehtools application and ehtapp utility Added a new utility named ehtkey (ehtools key) Updated ehtmod (ehtools modules) Updated Modules to v1.9 and renamed to ehtmod Updated ehtools (now you can stable login to ehtools) Fixed EHT-2019-02776 (nologin) vulnerability! Updated epasswd (now you can change login/password) Removed $EPATH firmware commander shell Removed ehtools update helper (euh) Added snapshots (more information in README.md/Utilities) On this version you can turn off ehtools password protection! Updated ehtools/install.sh and epasswd utility! Added arissploit option! Added ehtools simple shell option! Added reboot and shutdown options! Added update APT sources option! Added some new features to main menu! Updated ehtools PRO UX/UI Impruvements Updated ehtools LITE UX/UI Impruvements [HIDE][Hidden Content]]
  20. Mobile Security Framework (MobSF) Version: v2.0 beta Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots Static Analysis - Android APK Static Analysis - iOS IPA Dynamic Analysis - Android APK Web API Viewer Download: [HIDE][Hidden Content]]
  21. 0x1

    TIDoS Framework

    The TIDoS Framework The Offensive Web Application Penetration Testing Framework. Highlights :- Here is some light on what the framework is all about: - [x] A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. - [x] Has 5 main phases, subdivided into __14 sub-phases__ consisting a total of __108 modules__. - [x] Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules). - [x] Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc) - [x] Vulnerability Analysis Phase has 37 modules (including most common vulnerabilites in action). - [x] Exploits Castle has only 1 exploit. `(purely developmental)` - [x] And finally, Auxillaries have got 4 modules. `more under development` - [x] All four phases each have a `Auto-Awesome` module which automates every module for you. - [x] You just need the domain, and leave everything is to this tool. - [x] TIDoS has full verbose out support, so you'll know whats going on. - [x] Fully user friendly interaction environment. `(no shits)` TIDoS is built to be a comprehensive, flexible and versatile framework where you just have to select and use modules. So to get started, you need to set your own `API KEYS` for various OSINT & Scanning and Enumeration purposes. To do so, open up `API_KEYS.py` under `files/` directory and set your own keys and access tokens for `SHODAN`, `CENSYS`, `FULL CONTACT`, `GOOGLE` and `WHATCMS`. Finally, as the framework opens up, enter the website name `eg. [Hidden Content]` and let TIDoS lead you. Thats it! Its as easy as that. To update this tool, use `tidos_updater.py` module under `tools/` folder. Flawless Features :- TIDoS Framework presently supports the following: Other Tools: net_info.py - Displays information about your network. Located under `tools/`. tidos_updater.py - Updates the framework to the latest release via signature matching. Located under `tools/`. TIDoS In Action: Lets see some screenshots of TIDoS in real world pentesting action: Version: v1.7 [latest release] [#stable] Upcoming: These are some modules which I have thought of adding: Some more of Enumeraton & Information Disclosure modules. Lots more of OSINT & Stuff (let that be a suspense). More of Auxillary Modules. Some Exploits are too being worked on. More info & Download: [hide][Hidden Content]]
  22. 0x1

    Ehtools framework

    EntynetHackerTools ™ (Ehtools Framework) Attacking frameworks Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program. An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself. An example of this we've covered is the Airgeddonframework, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what's happening "under the hood" of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network. UX/UI impruvements for beginners The Ehtools Framework starts by merely typing the letter ehtools or eht into a terminal window, then it asks for the name of your network interfaces after the first run. It uses the names you supply to connect to the tools needed to execute any attacks you select. Aside from that initial input, the majority of the possible attacks can be performed merely by choosing the option number from the menu. This means you can grab a network handshake or download a new hacking tool like Pupy by just selecting from one of the menu options. More info & Download [hide][Hidden Content]]
  23. Jok3r v3 Network & Web Pentest Automation Framework About Overview Jok3r is a framework that aids penetration testers for network infrastructure and web security assessments. Its goal is to automate as much stuff as possible in order to quickly identify and exploit "low-hanging fruits" and "quick win" vulnerabilities on most common TCP/UDP services and most common web technologies (servers, CMS, languages...). Combine Pentest Tools Do not re-invent the wheel. Combine the most useful hacking tools/scripts available out there from various sources, in an automatic way. Automate Attacks Automatically run security checks adapted to the targeted services. Reconnaissance, CVE lookup, vulnerability scanning, exploitation, bruteforce... Centralize Mission Data Store data related to targets in a local database. Keep track of all the results from security checks and continuously update the database. Features Key Features Pentest Toolbox Management Selection of Tools Compilation of 50+ open-source tools & scripts, from various sources. Docker-based Application packaged in a Docker image running Kali OS, available on Docker Hub. Ready-to-use All tools and dependencies installed, just pull the Docker image and run a fresh container. Updates made easy Easily keep the whole toolbox up-to-date by running only one command. Easy Customization Easily add/remove tools from a simple configuration file. Network Infrastructure Security Assessment Many supported Services Target most common TCP/UDP services (HTTP, FTP, SSH, SMB, Oracle, MS-SQL, MySQL, PostgreSQL, VNC, etc.). Combine Power of Tools Each security check is performed by a tool from the toolbox. Attacks are performed by chaining security checks. Context Awareness Security checks to run are selected and adapted according to the context of the target (i.e. detected technologies, credentials, vulnerabilities, etc.). Reconnaissance Automatic fingerprinting (product detection) of targeted services is performed. CVE Lookup When product names and their versions are detected, a vulnerability lookup is performed on online CVE databases (using Vulners & CVE Details). Vulnerability Scanning Automatically check for common vulnerabilities and attempt to perform some exploitations (auto-pwn). Brute-force Attack Automatically check for default/common credentials on the service and perform dictionnary attack if necessary. Wordlists are optimized according to the targeted services. Post-authentication Testing Automatically perform some post-exploitation checks when valid credentials have been found. Web Security Assessment Large Focus on HTTP More than 60 different security checks targeting HTTP supported for now. Web Technologies Detection Fingerprinting engine based on Wappalyzer is run prior to security checks, allowing to detect: Programming language, Framework, JS library, CMS, Web & Application Server. Server Exploitation Automatically scan and/or exploit most critical vulnerabilities (e.g. RCE) on web and application servers (e.g. JBoss, Tomcat, Weblogic, Websphere, Jenkins, etc.). CMS Vulnerability Scanning Automatically run vulnerability scanners on most common CMS (Wordpress, Drupal, Joomla, etc.). Local Database & Reporting Local Database Data related to targets is organized by missions (workspaces) into a local Sqlite database that is kept updated during security testings. Metasploit-like Interactive Shell Access the database through an interactive shell with several built-in commands. Import Targets from Nmap Add targets to a mission either manually or by loading Nmap results. Access all Results All outputs from security checks, detected credentials and vulnerabilities are stored into the database and can be accessed easily. Reporting Generate full HTML reports with targets summary, web screenshots and all results from security testing. Architecture Framework Architecture General Architecture graph Flowchart Demo Demonstration Videos Download Get Jok3r Jok3r is open-source. Contributions, ideas and bug reports are welcome ! [Hide] [Hidden Content]]