Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      dEEpEst

      Jok3r v3 [ Network & Web Pentest Automation Framework ]

      Recommended Posts

      Jok3r v3

      Network & Web Pentest Automation Framework

      Hidden Content

        Give reaction to this post to see the hidden content.

      About

      Overview

        

      Jok3r is a framework that aids penetration testers for network infrastructure and web security assessments. Its goal is to automate as much stuff as possible in order to quickly identify and exploit "low-hanging fruits" and "quick win" vulnerabilities on most common TCP/UDP services and most common web technologies (servers, CMS, languages...).

       
      Combine Pentest Tools

      Do not re-invent the wheel. Combine the most useful hacking tools/scripts available out there from various sources, in an automatic way.

       
      Automate Attacks

      Automatically run security checks adapted to the targeted services. Reconnaissance, CVE lookup, vulnerability scanning, exploitation, bruteforce...

       
      Centralize Mission Data

      Store data related to targets in a local database. Keep track of all the results from security checks and continuously update the database.

      Features

      Key Features

        

      Pentest Toolbox Management

       
       

      Selection of Tools

      Compilation of 50+ open-source tools & scripts, from various sources.

       

      Docker-based

      Application packaged in a Docker image running Kali OS, available on Docker Hub.

       

      Ready-to-use

      All tools and dependencies installed, just pull the Docker image and run a fresh container.

       

      Updates made easy

      Easily keep the whole toolbox up-to-date by running only one command.

       

      Easy Customization

      Easily add/remove tools from a simple configuration file.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Network Infrastructure Security Assessment

       
       

      Many supported Services

      Target most common TCP/UDP services (HTTP, FTP, SSH, SMB, Oracle, MS-SQL, MySQL, PostgreSQL, VNC, etc.).

       

      Combine Power of Tools

      Each security check is performed by a tool from the toolbox. Attacks are performed by chaining security checks.

       

      Context Awareness

      Security checks to run are selected and adapted according to the context of the target (i.e. detected technologies, credentials, vulnerabilities, etc.).

       

      Reconnaissance

      Automatic fingerprinting (product detection) of targeted services is performed.

       

      CVE Lookup

      When product names and their versions are detected, a vulnerability lookup is performed on online CVE databases (using Vulners & CVE Details).

       

      Vulnerability Scanning

      Automatically check for common vulnerabilities and attempt to perform some exploitations (auto-pwn).

       

      Brute-force Attack

      Automatically check for default/common credentials on the service and perform dictionnary attack if necessary. Wordlists are optimized according to the targeted services.

       

      Post-authentication Testing

      Automatically perform some post-exploitation checks when valid credentials have been found.

      Web Security Assessment

       
       

      Large Focus on HTTP

      More than 60 different security checks targeting HTTP supported for now.

       

      Web Technologies Detection

      Fingerprinting engine based on Wappalyzer is run prior to security checks, allowing to detect: Programming language, Framework, JS library, CMS, Web & Application Server.

       

      Server Exploitation

      Automatically scan and/or exploit most critical vulnerabilities (e.g. RCE) on web and application servers (e.g. JBoss, Tomcat, Weblogic, Websphere, Jenkins, etc.).

       

      CMS Vulnerability Scanning

      Automatically run vulnerability scanners on most common CMS (Wordpress, Drupal, Joomla, etc.).

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Local Database & Reporting

       
       

      Local Database

      Data related to targets is organized by missions (workspaces) into a local Sqlite database that is kept updated during security testings.

       

      Metasploit-like Interactive Shell

      Access the database through an interactive shell with several built-in commands.

       

      Import Targets from Nmap

      Add targets to a mission either manually or by loading Nmap results.

       

      Access all Results

      All outputs from security checks, detected credentials and vulnerabilities are stored into the database and can be accessed easily.

       

      Reporting

      Generate full HTML reports with targets summary, web screenshots and all results from security testing.

      Architecture

      Framework Architecture

        

      General Architecture graph

      Hidden Content

        Give reaction to this post to see the hidden content.

      Flowchart

      Hidden Content

        Give reaction to this post to see the hidden content.

      Demo

      Demonstration Videos

        


       

       

      Download

      Get Jok3r

        

      Jok3r is open-source. Contributions, ideas and bug reports are welcome !
       

      Hidden Content

        Give reaction to this post to see the hidden content.
      • Like 2
      • Thanks 1

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes
          FEATURES:
              Automatically collects basic recon (ie. whois, ping, DNS, etc.)
              Automatically launches Google hacking queries against a target domain
              Automatically enumerates open ports via Nmap port scanning
              Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
              Automatically checks for sub-domain hijacking
              Automatically runs targeted Nmap scripts against open ports
              Automatically runs targeted Metasploit scan and exploit modules
              Automatically scans all web applications for common vulnerabilities
              Automatically brute forces ALL open services
              Automatically test for anonymous FTP access
              Automatically runs WPScan, Arachni and Nikto for all web services
              Automatically enumerates NFS shares
              Automatically test for anonymous LDAP access
              Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
              Automatically enumerate SNMP community strings, services and users
              Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
              Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
              Automatically tests for open X11 servers
              Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
              Performs high-level enumeration of multiple hosts and subnets
              Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
              Automatically gathers screenshots of all websites
              Create individual workspaces to store all scan output
          Changelog
              v8.1 – Added Citrix Gateway Arbitary Code Execution CVE-2019-19781 vulnerability detection
              v8.1 – Added Pulse Secure VPN Arbitrary File Disclosure CVE-2019-11510 exploit
              v8.1 – Added –data-length=50 for NMap IPS evasion
              v8.1 – Removed NMap vulscan script due to F+ results
              v8.1 – Fixed issue with CRT.SH sub-domain retrieval
              v8.1 – Updated Kali Linux keyring package
              v8.1 – Fixed “[: ==: unary operator expected” in all code
              v8.1 – Updated Sn1per Professional autoload settings
              v8.1 – Updated web brute force wordlists
              v8.1 – Removed null and debug errors from passive spider API output
              v8.1 – Updated Commoncrawl index repo
              v8.1 – Updated DockerFile repository
              v8.1 – Fixed issue with -dh flag to delete host with Sn1per Pro v8.0
              v8.1 – Fixed issue with subfinder missing
              v8.1 – Fixed issue with 7zip missing
              v8.1 – Added check for Ubuntu to install.sh automatically

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. WYSIWYG Web Builder
          THE ULTIMATE TOOLBOX FOR CREATING AMAZING WEBSITES
          Desktop publishing for the web, build web sites as easy as Drag & Drop!
          Visually design your website (What-You-See-Is-What-You-Get).
          Just drag & drop objects your web pages
          Navigation bars, Menu bar and many other navigation options.
          "One Click Publishing" No FTP program needed. No special hosting required, use with any Hosting Service!
          Easily create forms using the built-in Form Wizard plus Form validation tools and built-in CAPTCHA.
          Advanced graphics tools like shapes, textart, rotation, shadows and many other image effects.
          Fully integrated jQuery UI (Accordion, Tabs etc), animations, effects and built-in ThemeRoller theme editor.
          Google compatible sitemap generator / PayPal eCommerce Tools
          Many navigation tools available: Navigation bars, tab menus, dropdown menus, sitetree, slidemenus.
          Built-in Slide Shows, Photo Galleries, Rollover images, Banners etc.
          Support for YouTube, Flash Video, Windows Media Player and many other video formats.
          Unique extension (add-on) system with already more than 250 extensions available!
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By JAH1

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
          The Web Application Firewall Fingerprinting Tool.
          — From Enable Security
          How does it work?
          To do its magic, WAFW00F does the following:
              Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.
              If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.
              If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.
          For further details, check out the source code on our main repository.

          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.