Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked Jok3r v3 [ Network & Web Pentest Automation Framework ]

dEEpEst

By ADMINdEEpEst
in Pentesting

 Share

Recommended Posts

dEEpEst Hacker

ADMINdEEpEst

Posted
Posted

Jok3r v3

Network & Web Pentest Automation Framework

This is the hidden content, please

About

Overview

  

Jok3r is a framework that aids penetration testers for network infrastructure and web security assessments. Its goal is to automate as much stuff as possible in order to quickly identify and exploit "low-hanging fruits" and "quick win" vulnerabilities on most common TCP/UDP services and most common web technologies (servers, CMS, languages...).

 
Combine Pentest Tools

Do not re-invent the wheel. Combine the most useful hacking tools/scripts available out there from various sources, in an automatic way.

 
Automate Attacks

Automatically run security checks adapted to the targeted services. Reconnaissance, CVE lookup, vulnerability scanning, exploitation, bruteforce...

 
Centralize Mission Data

Store data related to targets in a local database. Keep track of all the results from security checks and continuously update the database.

Features

Key Features

  

Pentest Toolbox Management

 
 

Selection of Tools

Compilation of 50+ open-source tools & scripts, from various sources.

 

Docker-based

Application packaged in a Docker image running Kali OS, available on Docker Hub.

 

Ready-to-use

All tools and dependencies installed, just pull the Docker image and run a fresh container.

 

Updates made easy

Easily keep the whole toolbox up-to-date by running only one command.

 

Easy Customization

Easily add/remove tools from a simple configuration file.

This is the hidden content, please
This is the hidden content, please

 

This is the hidden content, please

Network Infrastructure Security Assessment

 
 

Many supported Services

Target most common TCP/UDP services (HTTP, FTP, SSH, SMB, Oracle, MS-SQL, MySQL, PostgreSQL, VNC, etc.).

 

Combine Power of Tools

Each security check is performed by a tool from the toolbox. Attacks are performed by chaining security checks.

 

Context Awareness

Security checks to run are selected and adapted according to the context of the target (i.e. detected technologies, credentials, vulnerabilities, etc.).

 

Reconnaissance

Automatic fingerprinting (product detection) of targeted services is performed.

 

CVE Lookup

When product names and their versions are detected, a vulnerability lookup is performed on online CVE databases (using Vulners & CVE Details).

 

Vulnerability Scanning

Automatically check for common vulnerabilities and attempt to perform some exploitations (auto-pwn).

 

Brute-force Attack

Automatically check for default/common credentials on the service and perform dictionnary attack if necessary. Wordlists are optimized according to the targeted services.

 

Post-authentication Testing

Automatically perform some post-exploitation checks when valid credentials have been found.

Web Security Assessment

 
 

Large Focus on HTTP

More than 60 different security checks targeting HTTP supported for now.

 

Web Technologies Detection

Fingerprinting engine based on Wappalyzer is run prior to security checks, allowing to detect: Programming language, Framework, JS library, CMS, Web & Application Server.

 

Server Exploitation

Automatically scan and/or exploit most critical vulnerabilities (e.g. RCE) on web and application servers (e.g. JBoss, Tomcat, Weblogic, Websphere, Jenkins, etc.).

 

CMS Vulnerability Scanning

Automatically run vulnerability scanners on most common CMS (Wordpress, Drupal, Joomla, etc.).

This is the hidden content, please
This is the hidden content, please

 

This is the hidden content, please

Local Database & Reporting

 
 

Local Database

Data related to targets is organized by missions (workspaces) into a local Sqlite database that is kept updated during security testings.

 

Metasploit-like Interactive Shell

Access the database through an interactive shell with several built-in commands.

 

Import Targets from Nmap

Add targets to a mission either manually or by loading Nmap results.

 

Access all Results

All outputs from security checks, detected credentials and vulnerabilities are stored into the database and can be accessed easily.

 

Reporting

Generate full HTML reports with targets summary, web screenshots and all results from security testing.

Architecture

Framework Architecture

  

General Architecture graph

This is the hidden content, please

Flowchart

This is the hidden content, please

Demo

Demonstration Videos

  


 

 

Download

Get Jok3r

  

Jok3r is open-source. Contributions, ideas and bug reports are welcome !
 

This is the hidden content, please
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.