Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Locked badKarma


0x1

Recommended Posts

badKarma - advanced network reconnaissance toolkit

This is the hidden content, please

badKarma is a python3 GTK+ toolkit that aim to assist penetration testers during all the phases of a network infrastructure penetration testing activity. It allow testers to save time by having point-and-click access to their toolkits, launch them against single or multiple targets and interacte with them through semplified GUIs or Terminals.

Every task's output is logged under a session file in order to help during reporting phase or in a possible incident response scenario. It is also available a proxychains switch that let everything go through proxies, and last but not least, every command can be adjusted before the execution by disabling the "auto-execute" checkbox.

badKarma is licensed under GNU GPL version 3.

Spoiler

This is the hidden content, please

badKarma is modular, the extensions are full-interactive and they allow the penetration tester to tune tasks options, since output is logged under the session file, their output can be exported as a raw txt from the "Logs" tab.

Extensions can be found under the "extension" directory, they are sorted in two categories: importers and workspace. Importers extensions aim to identify tools output files, parse them and import the results into the session file.

Current available workspace's extensions are:

*Shell: this is the main module of the toolkit since it allow the tester to execute preconfigured shell tasks. Shell commands are located under the "conf" directory.

*Bruter: as the name says, bruter is the brute-force extension. It allow the tester to send a target directly to Hydra and configure the parameters through a GUI. Default hydra parameters can be modified from conf/bruter.conf.

*Screenshot: this extension allow the tester to take screenshots of possibile http,rdp,rtsp,vnc and x11 servers, screenshots will be stored in the session file as base64 and can be shown from badKarma.

*WebSession: a fast and ready to use webview in tailing with mitmproxy, it allow to browse a target's website and read, edit or resend HTTP requests. Some common payloads are available as well, just click on a payload to copy it on the clipboard. Since full dumps are too big to be imported inside the session file, only mitmdump's default ouput is imported.

Browser: just an "open in browser" for http menu item, take it as an example to build your own extensions.

Demo :

This is the hidden content, please

Setup :

This is the hidden content, please

Source & Download :

This is the hidden content, please

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.