About Lockdoor-Framework Author: SofianeHamlaoui Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)
LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.
Lockdoor-Framework installation: For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.
Open your Terminal and enter these commands:
You can watch detail here:
Lockdoor Tools contents 🛠️: * Information Gathering 🔎:- dirsearch: A Web path scanner
- brut3k1t: security-oriented bruteforce framework
- gobuster: DNS and VHost busting tool written in Go
- Enyx: an SNMP IPv6 Enumeration Tool
- Goohak: Launchs Google Hacking Queries Against A Target Domain
- Nasnum: The NAS Enumerator
- Sublist3r: Fast subdomains enumeration tool for penetration testers
- wafw00f: identify and fingerprint Web Application Firewall
- Photon: ncredibly fast crawler designed for OSINT.
- Raccoon: offensive security tool for reconnaissance and vulnerability scanning
- DnsRecon: DNS Enumeration Script
- Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
- sherlock: Find usernames across social networks
- snmpwn: An SNMPv3 User Enumerator and Attack tool
- Striker: an offensive information and vulnerability scanner.
- theHarvester: E-mails, subdomains and names Harvester
- URLextractor: Information gathering & website reconnaissance
- denumerator.py: Enumerates list of subdomains
- other: other Information gathering,recon and Enumeration scripts I collected somewhere.
- ReconDog: Reconnaissance Swiss Army Knife
- RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
- Dracnmap: Info Gathering Framework
* Web Hacking 🌐:
- Spaghetti: Spaghetti - Web Application Security Scanner
- CMSmap: CMS scanner
- BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
- J-dorker: Website List grabber from Bing
- droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
- Optiva: Web Application Scanner
- V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
- AtScan: Advanced dork Search & Mass Exploit Scanner
- WPSeku: Wordpress Security Scanner
- WPScan: A simple Wordpress scanner written in python
- XSStrike: Most advanced XSS scanner.
- SQLMap: automatic SQL injection and database takeover tool
- WhatWeb: the Next generation web scanner
- joomscan: Joomla Vulnerability Scanner Project
- Dzjecter: Server checking Tool
* Privilege Escalation ⚠️:
- Linux 🐧:linux_checksec.sh
linux_enum.sh
linux_gather_files.sh
linux_kernel_exploiter.pl
linux_privesc.py
linux_privesc.sh
linux_security_test
Linux_exploits folder - Windows : windows-privesc-check.py
windows-privesc-check.exe - MySql:raptor_udf.c
raptor_udf2.c
* Reverse Engineering ⚡:
- Radare2: unix-like reverse engineering framework
- VirtusTotal: VirusTotal tools
- Miasm: Reverse engineering framework
- Mirror: reverses the bytes of a file
- DnSpy: .NET debugger and assembly
- AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
- DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
- Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
- yara: a tool aimed at helping malware researchers toidentify and classify malware samples
- Spike: a protocol fuzzer creation kit + audits
- other: other scripts collected somewhere
* Exploitation ❗:
- Findsploit: Find exploits in local and online databases instantly
- Pompem: Exploit and Vulnerability Finder
- rfix: Python tool that helps RFI exploitation.
- InUrlBr: Advanced search in search engines
- Burpsuite: Burp Suite for security testing & scanning.
- linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
- other: other scripts I collected somewhere.
* Shells 🐚:
- WebShells: BlackArch's Webshells Collection
- ShellSum: A defense tool - detect web shells in local directories
- Weevely: Weaponized web shell
- python-pty-shells: Python PTY backdoors
- crunch : a wordlist generator
- CeWL : a Custom Word List Generator
- patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
* Encryption - Decryption 🛡️:- Codetective: a tool to determine the crypto/encoding algorithm used
- findmyhash: Python script to crack hashes using online services
* Social Engineering 🎭:
- scythe: an accounts enumerator
Contributing:
- Fork Lockdoor-Framework:
git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
- Create your feature branch
- Commit your changes
- Push to the branch
- Create a new Pull Request
Features 📙:- Pentesting Tools Selection 📙:
Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value). what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value). Easy customization: Easily add/remove tools. (Added value) Installation: You can install the tool automatically using the install.sh
. Manually or on Docker [COMING SOON]- Resources and cheatsheets 📙 (Added value):
Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more. Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.
Check the Wiki Pages to know more about the tool 📙: Lockdoor-Framework's screenshots: |
First Step |
|
Lockdoor update |
|
ROOT Menu |
|
Information Gathering |
|
Web Hacking |
|
Exploitation |
|
Reverse Engineering |
|
Enc/Dec |
|
Password Attacks |
|
Shells |
|
PrivEsc |
|
Social Engineering |
|
PSAFRT |
|
Walkthroughs |
|
About |
Support the author: BTC Address: Related word
Tidak ada komentar:
Posting Komentar