├── README.md ├── list.sh ├── modules ├── android │ └── Readme.md ├── exploitationTools │ ├── Readme.md │ ├── clustered │ ├── dnsteal │ ├── jexboss │ └── weevely ├── forensic │ ├── Readme.md │ ├── exe2image │ └── usbtracker ├── informationGathering │ ├── Readme.md │ ├── cangibrina │ ├── cloudflare_enum │ ├── dnstwist │ ├── gin │ ├── gobuster │ ├── ircsnapshot │ ├── knock │ ├── masscan │ ├── metagoofil │ ├── shocker │ ├── whatportis │ └── whois ├── passwordAttacks │ ├── CeWL │ ├── Readme.md │ ├── hashID │ ├── oclhashcat-amd-2.01 │ └── oclhashcat-nvidia-2.01 ├── privacy │ ├── Readme.md │ └── spoofmac ├── reverseEngineering │ ├── Readme.md │ └── binwalk ├── sniffing │ ├── Readme.md │ ├── evilfoca │ ├── evilgrade │ ├── intercepter-ng │ ├── mitmproxy │ ├── netcat │ └── nighthawk ├── stressTesting │ ├── Readme.md │ └── loic ├── vulnerabilityAnalysis │ ├── Readme.md │ ├── dbpwaudit │ ├── dnsteal │ └── routerhunter └── webApplications │ ├── BSQLinjector │ ├── LFiFreak │ ├── NoSQLMap │ ├── Readme.md │ ├── arachni │ ├── arachni_web │ ├── cansina │ ├── hqlmap │ ├── hsecscan │ ├── imagejs │ ├── joomlascan │ ├── joomlavs │ ├── wafw00f │ ├── whatweb │ ├── xssless │ ├── xsssniper │ └── xxeinjector ├── toolsmanager.py └── update.py /README.md: -------------------------------------------------------------------------------- 1 | This Repository contains three utility: 2 | * ToolsManager - Using this a user can install/update/uninstall tools which are not present in PentestBox by default. 3 | * Update - This is a new version of update utility. Basically can update all tools category wise or all at one time. Also this is responsible for updating config files. 4 | * list - This list out alias of tools installed in PentestBox. 5 | 6 | Modules folder contains modules through which tools can be installed which are not present in PentestBox by default. 7 | 8 | Every module need to have five inputs 9 | 10 | * DESCRIPTION 11 | * INSTALLATION_CATEGORY 12 | * COMMANDS 13 | * PATH_FOR_ALIAS 14 | * TERMINAL_ALIAS 15 | 16 | Order is not necessary. Value to these parameters should be on different lines. 17 | 18 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 19 | * INSTALLATION_DIRECTORY should contain category name. In case for **webApplications** it should be **/webApplications**. 20 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 21 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 22 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 23 | * PATH_FOR_ALIAS should contain path as well it's requirement. 24 | * TERMINAL_ALIAS should contain alias for calling that tool. 25 | 26 | ####Example of a Module 27 | 28 | Let us consider an example of [/modules/passwordAttacks/oclHashcat-amd-2.01](https://github.com/PentestBox/scripts/blob/master/modules/passwordAttacks/oclhashcat-amd-2.01) 29 | 30 | DESCRIPTION="Worlds fastest password cracker and only GPGPU based rule engine. FOR AMD" 31 | 32 | INSTALLATION_CATEGORY="/passwordAttacks" 33 | 34 | COMMANDS="wget --no-check-certificate https://hashcat.net/files/oclHashcat-2.01.7z,7za x oclHashcat-2.01.7z,rm oclHashcat-2.01.7z" 35 | 36 | PATH_FOR_ALIAS="%pentestbox_ROOT%/bin/tools/oclHashcat-2.01/oclHashcat64.exe" $* 37 | 38 | TERMINAL_ALIAS=oclhashcat64 39 | 40 | COMMANDS should all commands needs to be passed to terminal. 41 | PATH_FOR_ALIAS should contain path to the file for which alias need to be created. 42 | TERMINAL_ALIAS should contain actual alias need to be set. 43 | 44 | You can create a pull request with your module after testing that on PentestBox. 45 | 46 | Module Structure inspired from [ptf](https://github.com/trustedsec/ptf). 47 | -------------------------------------------------------------------------------- /list.sh: -------------------------------------------------------------------------------- 1 | if [ $# -eq 0 ] 2 | then 3 | echo -e "\e[36mHi there! Below is the list of tools which comes installed by default in PentestBox. You can check the alias by entering the commands given below." 4 | echo -e "\e[36mFor more information about tools usage, please visit tools.pentestbox.com" 5 | echo -e "\e[36m" 6 | echo -e "\e[32mlist android Display aliases of Android Security Tools" 7 | echo -e "\e[34mlist forensic Display aliases of Forensic Tools" 8 | echo -e "\e[37mlist informationgathering Display aliases of Information Gathering Tools" 9 | echo -e "\e[35mlist passwordattacks Display aliases of Password Attacks Tools" 10 | echo -e "\e[32mlist reverseengineering Display aliases of Reverse Engineering Tools" 11 | echo -e "\e[34mlist stresstesting Display aliases of Stress Testing Tools" 12 | echo -e "\e[37mlist sniffing Display aliases of Sniffing Tools" 13 | echo -e "\e[31mlist webapplication Display aliases of Web Application Tools" 14 | echo -en "\e[0m" 15 | exit 16 | fi 17 | 18 | if [ $1 = "webapplication" ] 19 | then 20 | echo -e "\e[36malias Tool/Product Name" 21 | echo -e "\e[36m" 22 | echo -e "\e[31mburpsuite Burp Suite" 23 | echo -e "\e[32mcommix Commix" 24 | echo -e "\e[36mcmsmap CMSmap" 25 | echo -e "\e[37mdotdotpwn dotdotpwn" 26 | echo -e "\e[34mdirsearch dirs3arch" 27 | echo -e "\e[36mdirbuster DirBuster" 28 | echo -e "\e[32mdroopescan Droopescan" 29 | echo -e "\e[37mfimap fimap" 30 | echo -e "\e[35mgolismero Golismero Project" 31 | echo -e "\e[31mjSQL jSQL" 32 | echo -e "\e[32mjoomscan OWASP Joomla Vulnerability Scanner" 33 | echo -e "\e[36mnikto Nikto" 34 | echo -e "\e[31mpadbuster Padbuster" 35 | echo -e "\e[32msqlmap SQLmap" 36 | echo -e "\e[34mvega Vega" 37 | echo -e "\e[32mvbscan VbScan" 38 | echo -e "\e[37mwpscan WpScan" 39 | echo -e "\e[36myasuo Yasuo" 40 | echo -e "\e[31mzapd Zaproxy" 41 | echo -en "\e[0m" 42 | exit 43 | fi 44 | if [ $1 = "informationgathering" ] 45 | then 46 | echo -e "\e[36malias Tool/Product Name" 47 | echo -e "\e[36m" 48 | echo -e "\e[31mipscan Angry IP Scanner" 49 | echo -e "\e[36mautomater Automater" 50 | echo -e "\e[32mdnsrecon DNSrecon" 51 | echo -e "\e[34mgolismero Golismero Project" 52 | echo -e "\e[37minstarecon Instarecon" 53 | echo -e "\e[35mknockpy KnockPy" 54 | echo -e "\e[36mnmap Nmap" 55 | echo -e "\e[36mncat Netcat" 56 | echo -e "\e[36mndiff A utility for comparing Nmap scan results" 57 | echo -e "\e[36mnping Network packet generation tool / ping utiliy-Nmap" 58 | echo -e "\e[31mresponder Responder" 59 | echo -e "\e[32msnmpwalk SnmpWalk" 60 | echo -e "\e[33mspiderfoot SpiderFoot" 61 | echo -e "\e[37msslstrip SSLStrip" 62 | echo -e "\e[35msslyze SSLyze" 63 | echo -e "\e[36msslscan SSLScan" 64 | echo -e "\e[31msubbrute SubBrute" 65 | echo -e "\e[37msublist3r Sublist3r" 66 | echo -e "\e[32mtestsslserver TestSSLServer" 67 | echo -e "\e[36murlcrazy UrlCrazy" 68 | echo -e "\e[31mtheHarveser The Harvester" 69 | echo -e "\e[32mwireshark Wireshark" 70 | echo -en "\e[0m" 71 | exit 72 | fi 73 | if [ $1 = "passwordattacks" ] 74 | then 75 | echo -e "\e[36malias Tool/Product Name" 76 | echo -e "\e[36m" 77 | echo -e "\e[32mburpsuite Burp Suite" 78 | echo -e "\e[37mfindmyhash Find My Hash" 79 | echo -e "\e[34mhashidentifier Hash Identifier" 80 | echo -e "\e[37mhashcat-cli32 Hashcat" 81 | echo -e "\e[35mhashcat-cli64 Hashcat" 82 | echo -e "\e[36mhashcat-cliXOP Hashcat" 83 | echo -e "\e[31mlazagne LaZagne" 84 | echo -e "\e[36mjohntheripper John The Ripper" 85 | echo -e "\e[31mpatator Patator" 86 | echo -e "\e[32mrcrack RainbowCrack" 87 | echo -e "\e[32mrt2rtc RainbowCrack" 88 | echo -e "\e[32mrtc2rt RainbowCrack" 89 | echo -e "\e[32mrtgen RainbowCrack" 90 | echo -e "\e[32mrtsort RainbowCrack" 91 | echo -e "\e[34mhydra Thc Hydra" 92 | echo -e "\e[37mzap Zaproxy" 93 | echo -en "\e[0m" 94 | exit 95 | fi 96 | if [ $1 = "android" ] 97 | then 98 | echo -e "\e[36malias Tool/Product Name" 99 | echo -e "\e[36m" 100 | echo -e "\e[37mandroapkinfo Androguard" 101 | echo -e "\e[37mandroarsc Androguard" 102 | echo -e "\e[37mandroauto Androguard" 103 | echo -e "\e[37mandroxml Androguard" 104 | echo -e "\e[37mandrocsign Androguard" 105 | echo -e "\e[37mandrodd Androguard" 106 | echo -e "\e[37mandrodiff Androguard" 107 | echo -e "\e[37mandrodis Androguard" 108 | echo -e "\e[37mandrogui Androguard" 109 | echo -e "\e[36mandrowarn Androwarn" 110 | echo -e "\e[32mandrobugs AndroBugs Framework" 111 | echo -e "\e[31mapktool Apktool" 112 | echo -e "\e[36mbytecodeviewer ByteCodeViewer" 113 | echo -e "\e[32md2j-dex2jar dexjar" 114 | echo -e "\e[34mdrozer Drozer" 115 | echo -e "\e[37mintrospy Introspy-Analyzer" 116 | echo -e "\e[35mjdgui JD-GUI" 117 | echo -e "\e[36mpidcat Pidcat" 118 | echo -e "\e[31m" 119 | echo -en "\e[0m" 120 | exit 121 | fi 122 | if [ $1 = "reverseengineering" ] 123 | then 124 | echo -e "\e[36malias Tool/Product Name" 125 | echo -e "\e[36m" 126 | echo -e "\e[37mapktool ApkTool" 127 | echo -e "\e[35mdex2jar dex2jar" 128 | echo -e "\e[35mjad Jad" 129 | echo -e "\e[36mjdgui JD-GUI" 130 | echo -e "\e[31mjavasnoop JavaSnoop" 131 | echo -e "\e[36mollydbg OLLY Debugger" 132 | echo -e "\e[31mradare2 Radare2. Please check tools.pentestbox.com for more info." 133 | echo -en "\e[0m" 134 | exit 135 | fi 136 | 137 | if [ $1 = "stresstesting" ] 138 | then 139 | echo -e "\e[36malias Tool/Product Name" 140 | echo -e "\e[36m" 141 | echo -e "\e[31mthc-ssl-dos THC-SSL-DOS" 142 | echo -en "\e[0m" 143 | exit 144 | fi 145 | if [ $1 = "sniffing" ] 146 | then 147 | echo -e "\e[36malias Tool/Product Name" 148 | echo -e "\e[36m" 149 | echo -e "\e[31mburpsuite Burp Suite" 150 | echo -e "\e[32mdnschef DNSchef" 151 | echo -e "\e[34mettercap EtterCap" 152 | echo -e "\e[32mngrep Ngrep" 153 | echo -e "\e[36mnetworkminer NetworkMiner" 154 | echo -e "\e[37mresponder Responder" 155 | echo -e "\e[35msslstrip SSLStrip" 156 | echo -e "\e[32mwindump Windump" 157 | echo -e "\e[36mwireshark Wireshark" 158 | echo -e "\e[31mzap Zaproxy" 159 | echo -en "\e[0m" 160 | exit 161 | fi 162 | 163 | if [ $1 = "forensic" ] 164 | then 165 | echo -e "\e[36malias Tool/Product Name" 166 | echo -e "\e[36m" 167 | echo -e "\e[32mbulkextractor Bulk Extractor" 168 | echo -e "\e[34mcaptipper CapTipper" 169 | echo -e "\e[37mdumpzilla DumpZilla" 170 | echo -e "\e[35mloki Loki" 171 | echo -e "\e[36mmake-pdf-embeddded Make PDF Tools" 172 | echo -e "\e[31mmake-pdf-javascript Make PDF Tools" 173 | echo -e "\e[36mpdfsh Origami" 174 | echo -e "\e[32mpedump pedump" 175 | echo -e "\e[34mpdf-parser PDF Parser" 176 | echo -e "\e[37mpdfid PDF ID" 177 | echo -e "\e[35mpeepdf PeePDF" 178 | echo -e "\e[36mrekall Rekall" 179 | echo -e "\e[31mvolatility Volatility" 180 | echo -en "\e[0m" 181 | exit 182 | fi 183 | -------------------------------------------------------------------------------- /modules/android/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **android** it should be **/android**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/exploitationTools/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **exploitationTools** it should be **/exploitationTools**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/exploitationTools/clustered: -------------------------------------------------------------------------------- 1 | DESCRIPTION="clusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. " 2 | INSTALLATION_CATEGORY="/exploitationTools" 3 | COMMANDS="git clone https://github.com/hatRiot/clusterd.git" 4 | TERMINAL_ALIAS=clusterd 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\exploitationTools\clusterd\clusterd.py" $* 6 | -------------------------------------------------------------------------------- /modules/exploitationTools/dnsteal: -------------------------------------------------------------------------------- 1 | DESCRIPTION="This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests." 2 | INSTALLATION_CATEGORY="/exploitationTools" 3 | COMMANDS="git clone https://github.com/m57/dnsteal.git" 4 | TERMINAL_ALIAS=dnsteal 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\exploitationTools\dnsteal\dnsteal.py" $* 6 | -------------------------------------------------------------------------------- /modules/exploitationTools/jexboss: -------------------------------------------------------------------------------- 1 | DESCRIPTION="JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server." 2 | INSTALLATION_CATEGORY="/exploitationTools" 3 | COMMANDS="git clone https://github.com/joaomatosf/jexboss.git,python -m pip install urllib3,python -m pip install ipaddress" 4 | TERMINAL_ALIAS=jexboss 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\exploitationTools\jexboss\jexboss.py" $* 6 | -------------------------------------------------------------------------------- /modules/exploitationTools/weevely: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A command line web shell dynamically extended over the network at runtime, designed for remote administration and penetration testing." 2 | INSTALLATION_CATEGORY="/exploitationTools" 3 | COMMANDS="python -m pip install prettytable Mako PyYAML python-dateutil pyreadline PySocks,git clone https://github.com/epinna/weevely3.git weevely" 4 | TERMINAL_ALIAS=weevely 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\exploitationTools\weevely\weevely.py" $* 6 | -------------------------------------------------------------------------------- /modules/forensic/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **forensic** it should be **/forensic**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/forensic/exe2image: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A simple utility to convert EXE files to JPEG images and vice versa." 2 | INSTALLATION_CATEGORY="/forensic" 3 | COMMANDS="mkdir Exe2Image,curl -O -L https://github.com/OsandaMalith/Exe2Image/releases/download/1/Exe2Image.7z,7za x Exe2Image.7z,rm Exe2Image.7z" 4 | TERMINAL_ALIAS=exe2image 5 | PATH_FOR_ALIAS=java -jar "%pentestbox_ROOT%\bin\customtools\forensic\Exe2Image\Exe2Image.jar" $* 6 | -------------------------------------------------------------------------------- /modules/forensic/usbtracker: -------------------------------------------------------------------------------- 1 | DESCRIPTION="USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS (vista and later)." 2 | INSTALLATION_CATEGORY="/forensic" 3 | COMMANDS="git clone https://github.com/sysinsider/usbtracker.git" 4 | TERMINAL_ALIAS=usbtracker 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\forensic\usbtracker\usbtracker.exe" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **informationGathering** it should be **/informationGathering**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/informationGathering/cangibrina: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt" 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/fnk0c/cangibrina.git,python -m pip install bs4,python -m pip install mechanize,python -m pip install html5lib,python -m pip install PySocks" 4 | TERMINAL_ALIAS=cangibrina 5 | PATH_FOR_ALIAS=cd /d "%pentestbox_ROOT%\bin\customtools\informationGathering\cangibrina" $T python "%pentestbox_ROOT%\bin\customtools\informationGathering\cangibrina\cangibrina.py" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/cloudflare_enum: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A simple tool to allow easy querying of Cloudflare's DNS data written in Python." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/mandatoryprogrammer/cloudflare_enum.git" 4 | TERMINAL_ALIAS=cloudflare_enum 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\informationGathering\cloudflare_enum\cloudflare_enum.py" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/dnstwist: -------------------------------------------------------------------------------- 1 | DESCRIPTION=" dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/elceef/dnstwist.git" 4 | TERMINAL_ALIAS=dnstwist 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\informationGathering\dnstwist\dnstwist.py" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/gin: -------------------------------------------------------------------------------- 1 | DESCRIPTION="a Git index file parser." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/PentestBox/gin.git,cd gin,git checkout python2,python setup.py install" 4 | TERMINAL_ALIAS=gin 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\base\python\Scripts\gin" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/gobuster: -------------------------------------------------------------------------------- 1 | INSTALLATION_CATEGORY="/informationGathering" 2 | DESCRIPTION="Alternative directory and file busting tool written in Go." 3 | COMMANDS="git clone https://github.com/PentestBox/gobuster.git" 4 | TERMINAL_ALIAS=gobuster 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\informationGathering\gobuster\gobuster.exe" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/ircsnapshot: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Tool to gather information from IRC servers." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/bwall/ircsnapshot.git" 4 | TERMINAL_ALIAS=ircsnapshot 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\informationGathering\ircsnapshot\ircsnapshot\ircsnapshot.py" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/knock: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="python -m pip uninstall knockpy,git clone https://github.com/guelfoweb/knock.git,cd knock,python setup.py install" 4 | TERMINAL_ALIAS=knockpy 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\informationGathering\knock\knockpy\knockpy.py" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/masscan: -------------------------------------------------------------------------------- 1 | DESCRIPTION="This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/PentestBox/masscan.git" 4 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\informationGathering\masscan\masscan.exe" $* 5 | TERMINAL_ALIAS=masscan 6 | -------------------------------------------------------------------------------- /modules/informationGathering/metagoofil: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/laramies/metagoofil.git" 4 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\informationGathering\metagoofil\metagoofil.py" $* 5 | TERMINAL_ALIAS=metagoofil 6 | -------------------------------------------------------------------------------- /modules/informationGathering/shocker: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A tool to find and exploit servers vulnerable to Shellshock." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="git clone https://github.com/nccgroup/shocker.git" 4 | TERMINAL_ALIAS=shocker 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\informationGathering\shocker\shocker.py" $* 6 | -------------------------------------------------------------------------------- /modules/informationGathering/whatportis: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A command to search port names and numbers." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="python -m pip install whatportis" 4 | TERMINAL_ALIAS=whatportis 5 | PATH_FOR_ALIAS= 6 | -------------------------------------------------------------------------------- /modules/informationGathering/whois: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Whois performs the registration record for the domain name or IP address that you specify." 2 | INSTALLATION_CATEGORY="/informationGathering" 3 | COMMANDS="curl -O https://download.sysinternals.com/files/WhoIs.zip,unzip WhoIs.zip -d whois,rm WhoIs.zip" 4 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\informationGathering\whois\whois.exe" $* 5 | TERMINAL_ALIAS=whois 6 | -------------------------------------------------------------------------------- /modules/passwordAttacks/CeWL: -------------------------------------------------------------------------------- 1 | DESCRIPTION="CeWL is a Custom Word List Generator." 2 | INSTALLATION_CATEGORY="/passwordAttacks" 3 | COMMANDS="git clone https://github.com/PentestBox/CeWL.git cewl,cd cewl,bundle install" 4 | PATH_FOR_ALIAS=cd /d "%pentestbox_ROOT%\bin\customtools\passwordAttacks\cewl" $T ruby "%pentestbox_ROOT%\bin\customtools\passwordAttacks\cewl\cewl.rb" $* 5 | TERMINAL_ALIAS=cewl 6 | -------------------------------------------------------------------------------- /modules/passwordAttacks/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **passwordAttacks** it should be **/passwordAttacks**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/passwordAttacks/hashID: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Identify the different types of hashes used to encrypt data and especially passwords." 2 | INSTALLATION_CATEGORY="/passwordAttacks" 3 | COMMANDS="git clone https://github.com/psypanda/hashID.git" 4 | TERMINAL_ALIAS=hashid 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\passwordAttacks\hashID\hashid.py" $* 6 | -------------------------------------------------------------------------------- /modules/passwordAttacks/oclhashcat-amd-2.01: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Worlds fastest password cracker and only GPGPU based rule engine. FOR AMD" 2 | INSTALLATION_CATEGORY="/passwordAttacks" 3 | COMMANDS="curl -O https://hashcat.net/files/oclHashcat-2.01.7z,7za x oclHashcat-2.01.7z,rm oclHashcat-2.01.7z" 4 | PATH_FOR_ALIAS="%pentestbox_ROOT%/bin/tools/oclHashcat-2.01/oclHashcat64.exe" $* 5 | TERMINAL_ALIAS=oclhashcat64 6 | -------------------------------------------------------------------------------- /modules/passwordAttacks/oclhashcat-nvidia-2.01: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Worlds fastest password cracker and only GPGPU based rule engine. FOR Nvidia" 2 | INSTALLATION_CATEGORY="/passwordAttacks" 3 | COMMANDS="curl -O https://hashcat.net/files/cudaHashcat-2.01.7z,7za x cudaHashcat-2.01.7z,rm oclHashcat-2.01.7z" 4 | PATH_FOR_ALIAS="%pentestbox_ROOT%/bin/tools/cudaHashcat-2.01/cudaHashcat64.exe" $* 5 | TERMINAL_ALIAS=cudahashcat64 6 | -------------------------------------------------------------------------------- /modules/privacy/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **privacy** it should be **/privacy**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/privacy/spoofmac: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Spoof your MAC address." 2 | INSTALLATION_CATEGORY="/privacy" 3 | COMMANDS="python -m pip install SpoofMAC" 4 | TERMINAL_ALIAS=spoof-mac 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\base\python\Scripts\spoof-mac.py" $* 6 | -------------------------------------------------------------------------------- /modules/reverseEngineering/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **reverseEngineering** it should be **/reverseEngineering**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/reverseEngineering/binwalk: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images." 2 | INSTALLATION_CATEGORY="/reverseEngineering" 3 | COMMANDS="git clone https://github.com/devttys0/binwalk.git,cd binwalk,python setup.py install" 4 | TERMINAL_ALIAS=binwalk 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\base\python\Scripts\binwalk" $* 6 | -------------------------------------------------------------------------------- /modules/sniffing/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **sniffing** it should be **/sniffing**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/sniffing/evilfoca: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks. " 2 | INSTALLATION_CATEGORY="/sniffing" 3 | COMMANDS="git clone https://github.com/PentestBox/evilfoca.git" 4 | TERMINAL_ALIAS=evilfoca 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\sniffing\evilfoca\EvilFoca.exe" $* 6 | -------------------------------------------------------------------------------- /modules/sniffing/evilgrade: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates." 2 | INSTALLATION_CATEGORY="/sniffing" 3 | COMMANDS="git clone https://github.com/infobyte/evilgrade.git,cpan -i RPC::XML" 4 | TERMINAL_ALIAS=evilgrade 5 | PATH_FOR_ALIAS=cd /d "%pentestbox_ROOT%\bin\customtools\sniffing\evilgrade" $T portableshell "%pentestbox_ROOT%\bin\customtools\sniffing\evilgrade\evilgrade" $* 6 | -------------------------------------------------------------------------------- /modules/sniffing/intercepter-ng: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Interceptor-NG is a multifunctional network toolkit for various types of IT specialists.The main purpose is to recover *interesting* data from the network stream and perform different kinds of MiTM attacks." 2 | INSTALLATION_CATEGORY="/sniffing" 3 | COMMANDS="curl -O http://sniff.su/Intercepter-NG.v1.0.zip,unzip Intercepter-NG.v1.0.zip -d Intercepter-NG,rm Intercepter-NG.v1.0.zip" 4 | TERMINAL_ALIAS=intercepter-ng 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\sniffing\Intercepter-NG\Intercepter-NG.exe" $* 6 | -------------------------------------------------------------------------------- /modules/sniffing/mitmproxy: -------------------------------------------------------------------------------- 1 | DESCRIPTION="An interactive program that allows traffic flows to be intercepted, inspected, modified and replayed." 2 | INSTALLATION_CATEGORY="/sniffing" 3 | COMMANDS="curl -O -L https://github.com/mitmproxy/mitmproxy/releases/download/v1.0/mitmproxy-1.0.0-windows.zip,unzip mitmproxy-1.0.0-windows.zip -d mitmproxy,rm mitmproxy-1.0.0-windows.zip" 4 | TERMINAL_ALIAS=mitmweb 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\sniffing\mitmproxy\mitmweb.exe" $* 6 | -------------------------------------------------------------------------------- /modules/sniffing/netcat: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP." 2 | INSTALLATION_CATEGORY="/sniffing" 3 | COMMANDS="git clone https://github.com/PentestBox/netcat.git" 4 | TERMINAL_ALIAS=nc 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\sniffing\netcat\nc.exe" $* 6 | -------------------------------------------------------------------------------- /modules/sniffing/nighthawk: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Nighthawk is an experimental implementation of ARP/ND spoofing, password sniffing and simple SSL stripping for Windows." 2 | INSTALLATION_CATEGORY="/sniffing" 3 | COMMANDS="git clone https://github.com/PentestBox/nighthawk.git" 4 | TERMINAL_ALIAS=nighthawk 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\sniffing\nighthawk\Nighthawk.exe" $* 6 | -------------------------------------------------------------------------------- /modules/stressTesting/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **stressTesting** it should be **/stressTesting**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/stressTesting/loic: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Low Orbit Ion Cannon - An open source network stress tool, written in C# Based on Praetox's loic project." 2 | INSTALLATION_CATEGORY="/stressTesting" 3 | COMMANDS="curl -O -L https://github.com/NewEraCracker/LOIC/releases/download/2.0.0.4/LOIC_2.0.0.4.zip,unzip LOIC_2.0.0.4.zip -d loic,rm LOIC_2.0.0.4.zip" 4 | TERMINAL_ALIAS=loic 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\stressTesting\loic\LOIC.exe" $* 6 | -------------------------------------------------------------------------------- /modules/vulnerabilityAnalysis/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **vulnerabilityAnalysis** it should be **/vulnerabilityAnalysis**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/vulnerabilityAnalysis/dbpwaudit: -------------------------------------------------------------------------------- 1 | DESCRIPTION="DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. " 2 | INSTALLATION_CATEGORY="/vulnerabilityAnalysis" 3 | COMMANDS="curl -O http://www.cqure.net/tools/dbpwaudit_0_8.zip,unzip dbpwaudit_0_8.zip,rm dbpwaudit_0_8.zip" 4 | TERMINAL_ALIAS=dbpwaudit 5 | PATH_FOR_ALIAS=cd /d "%pentestbox_ROOT%\bin\customtools\vulnerabilityAnalysis\DBPwAudit\" $T "%pentestbox_ROOT%\bin\customtools\vulnerabilityAnalysis\DBPwAudit\dbpwaudit.cmd" $* 6 | -------------------------------------------------------------------------------- /modules/vulnerabilityAnalysis/dnsteal: -------------------------------------------------------------------------------- 1 | DESCRIPTION="This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests." 2 | INSTALLATION_CATEGORY="/exploitationTools" 3 | COMMANDS="git clone https://github.com/m57/dnsteal.git" 4 | TERMINAL_ALIAS=dnsteal 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\exploitationTools\dnsteal\dnsteal.py" $* 6 | -------------------------------------------------------------------------------- /modules/vulnerabilityAnalysis/routerhunter: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Tool used to find vulnerable routers and devices on the Internet and perform tests." 2 | INSTALLATION_CATEGORY="/vulnerabilityAnalysis" 3 | COMMANDS="git clone https://github.com/jh00nbr/Routerhunter-2.0.git routerhunter" 4 | TERMINAL_ALIAS=routerhunter 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\vulnerabilityAnalysis\routerhunter\routerhunter.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/BSQLinjector: -------------------------------------------------------------------------------- 1 | DESCRIPTION="BSQLinjector uses blind method to retrieve data from SQL databases." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/enjoiz/BSQLinjector.git" 4 | TERMINAL_ALIAS=bsqlinjector 5 | PATH_FOR_ALIAS=ruby "%pentestbox_ROOT%\bin\customtools\webApplications\BSQLinjector\BSQLinjector.rb" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/LFiFreak: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A unique automated LFi Exploiter with Bind/Reverse Shells." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/OsandaMalith/LFiFreak.git lfifreak,python -m pip install beautifulsoup4" 4 | TERMINAL_ALIAS=lfifreak 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\webApplications\lfifreak\lfi.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/NoSQLMap: -------------------------------------------------------------------------------- 1 | DESCRIPTION="NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/tcstool/NoSQLMap.git,cd NoSQLMap,python setup.py install" 4 | TERMINAL_ALIAS=nosqlmap 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\webApplications\NoSQLMap\nosqlmap.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/Readme.md: -------------------------------------------------------------------------------- 1 | Every module need to have five inputs 2 | 3 | * DESCRIPTION 4 | * INSTALLATION_CATEGORY 5 | * COMMANDS 6 | * PATH_FOR_ALIAS 7 | * TERMINAL_ALIAS 8 | 9 | Order is not necessary. Value to these parameters should be on different lines. 10 | 11 | * DESCRIPTION should contain description of the tool. You can also include website link in the value. 12 | * INSTALLATION_CATEGORY should contain category name. In case for **webApplications** it should be **/webApplications**. 13 | * COMMANDS should contain all the commands which should be passed to the terminal to install that tool. 14 | * If any tool require python module, it can installed through **pip**. In that case add **python -m pip install module_name** to the COMMANDS. 15 | * If any tool require ruby gem, it can be installed. In that case add **gem install gem_name** to the COMMANDS. 16 | * PATH_FOR_ALIAS should contain path as well it's requirement. 17 | * TERMINAL_ALIAS should contain alias for calling that tool. 18 | -------------------------------------------------------------------------------- /modules/webApplications/arachni: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="gem install arachni" 4 | PATH_FOR_ALIAS="%pentestbox_ROOT%\base\ruby\bin\arachni.bat" $* 5 | TERMINAL_ALIAS=arachni 6 | -------------------------------------------------------------------------------- /modules/webApplications/arachni_web: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Web Interface for Arachni" 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="curl -O -L https://github.com/PentestBox/arachni-web/releases/download/v1.4.0/arachni-web.zip, unzip arachni-web.zip,rm arachni-web.zip" 4 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\webApplications\arachni-web\bin\arachni_web.bat" $* 5 | TERMINAL_ALIAS=arachni_web 6 | -------------------------------------------------------------------------------- /modules/webApplications/cansina: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Cansina is a Web Content Discovery Application." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/deibit/cansina.git" 4 | TERMINAL_ALIAS=cansina 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\webApplications\cansina\cansina.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/hqlmap: -------------------------------------------------------------------------------- 1 | DESCRIPTION="HQLmap, Automatic tool to exploit HQL injections." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/PaulSec/HQLmap.git hqlmap" 4 | TERMINAL_ALIAS=hqlmap 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\webApplications\hqlmap\HQLmap.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/hsecscan: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A security scanner for HTTP response headers." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/riramar/hsecscan.git" 4 | TERMINAL_ALIAS=hsecscan 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\webApplications\hsecscan\hsecscan.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/imagejs: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Small tool to package javascript into a valid image file." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/PentestBox/imagejs.git" 4 | TERMINAL_ALIAS=imagejs 5 | PATH_FOR_ALIAS="%pentestbox_ROOT%\bin\customtools\webApplications\imagejs\imagejs.exe" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/joomlascan: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A free and open source software to find the components installed in Joomla CMS." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/PentestBox/joomlascan,python -m pip install beautifulsoup4" 4 | TERMINAL_ALIAS=joomlascan 5 | PATH_FOR_ALIAS=cd /d "%pentestbox_ROOT%\bin\customtools\webApplications\joomlascan" $T python "%pentestbox_ROOT%\bin\customtools\webApplications\joomlascan\joomlascan.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/joomlavs: -------------------------------------------------------------------------------- 1 | DESCRIPTION="A black box, Ruby powered, Joomla vulnerability scanner" 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/rastating/joomlavs.git,cd joomlavs,bundle install" 4 | TERMINAL_ALIAS=joomlavs 5 | PATH_FOR_ALIAS=ruby "%pentestbox_ROOT%\bin\customtools\webApplications\joomlavs\joomlavs.rb" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/wafw00f: -------------------------------------------------------------------------------- 1 | DESCRIPTION="wafw00f identifies and fingerprints Web Application Firewall (WAF) products." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/sandrogauci/wafw00f.git,cd wafw00f,python setup.py install" 4 | TERMINAL_ALIAS=wafw00f 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\base\python\Scripts\wafw00f" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/whatweb: -------------------------------------------------------------------------------- 1 | DESCRIPTION="WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/urbanadventurer/WhatWeb.git whatweb" 4 | PATH_FOR_ALIAS=ruby "%pentestbox_ROOT%\bin\customtools\webApplications\whatweb\whatweb" $* 5 | TERMINAL_ALIAS=whatweb 6 | -------------------------------------------------------------------------------- /modules/webApplications/xssless: -------------------------------------------------------------------------------- 1 | DESCRIPTION="An automated XSS payload generator written in python." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/mandatoryprogrammer/xssless.git" 4 | TERMINAL_ALIAS=xssless 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\webApplications\xssless\xssless.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/xsssniper: -------------------------------------------------------------------------------- 1 | DESCRIPTION="xsssniper is an handy xss discovery tool with mass scanning functionalities." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/gbrindisi/xsssniper.git" 4 | TERMINAL_ALIAS=xsssniper 5 | PATH_FOR_ALIAS=python "%pentestbox_ROOT%\bin\customtools\webApplications\xsssniper\xsssniper.py" $* 6 | -------------------------------------------------------------------------------- /modules/webApplications/xxeinjector: -------------------------------------------------------------------------------- 1 | DESCRIPTION="Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods." 2 | INSTALLATION_CATEGORY="/webApplications" 3 | COMMANDS="git clone https://github.com/enjoiz/XXEinjector.git xxeinjector" 4 | TERMINAL_ALIAS=xxeinjector 5 | PATH_FOR_ALIAS=ruby "%pentestbox_ROOT%\bin\customtools\webApplications\xxeinjector\XXEinjector.rb" $* 6 | -------------------------------------------------------------------------------- /toolsmanager.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | from subprocess import call, STDOUT 4 | from colors import * 5 | import time 6 | from textwrap import * 7 | from terminaltables import * 8 | #Getting location of PentestBox 9 | pentestbox_ROOT_DIRECTORY=os.environ['pentestbox_ROOT'] 10 | #Setting location 11 | scripts_location=pentestbox_ROOT_DIRECTORY+"/bin/scripts/" 12 | bin_location=pentestbox_ROOT_DIRECTORY+"/bin" 13 | custom_tool_location=bin_location+"/customtools" 14 | #Updating Function for updating all files in scripts folder 15 | def updating_scripts(): 16 | print green("Updating Required Files") 17 | os.chdir(scripts_location) 18 | os.system('git fetch --all') 19 | os.system('git reset --hard origin/master') 20 | time.sleep(1) 21 | os.system('clear') 22 | #First go to customaliases path and then append alias to that file. 23 | def add_alias(filename): 24 | customaliasespath=pentestbox_ROOT_DIRECTORY+"/bin/customtools" 25 | os.chdir(customaliasespath) 26 | customaliasesfile=open('customaliases','a') 27 | terminal_alias=file_parser(filename, "TERMINAL_ALIAS") 28 | path_for_alias=file_parser(filename, "PATH_FOR_ALIAS") 29 | customaliasesfile.write(terminal_alias+"="+path_for_alias+"\n") 30 | customaliasesfile.close() 31 | #welcome menu 32 | def welcome(): 33 | print cyan("Welcome to PentestBox tools installation Utility.") 34 | print ("You can install any of the tool from the categories given below. Choose the corresponding number.") 35 | print ("Enter ")+ cyan("exit")+ (" to exit.") 36 | print(" 0. Android") 37 | print(" 1. Exploitation Tools") 38 | print(" 2. Forensics") 39 | print(" 3. Information Gathering") 40 | print(" 4. Password Attacks") 41 | print(" 5. Privacy") 42 | print(" 6. Reverse Engineering") 43 | print(" 7. Sniffing") 44 | print(" 8. Stress Testing") 45 | print(" 9. Vulnerability Analysis") 46 | print(" 10. Web Applications") 47 | print(" 11. Update all installed Modules") 48 | 49 | choice = raw_input("Enter Your Choice: ") 50 | if choice=="0": 51 | os.system("clear") 52 | print ("\n") 53 | print "Android Security Tools" 54 | header() 55 | parse_tools("/modules/android") 56 | elif choice=="1": 57 | os.system("clear") 58 | print ("\n") 59 | print ("Exploitation Tools" ) 60 | header() 61 | parse_tools("/modules/exploitationTools") 62 | elif choice=="2": 63 | os.system("clear") 64 | print ("\n") 65 | print ("Forensics Tools" ) 66 | header() 67 | parse_tools("/modules/forensic") 68 | elif choice=="3": 69 | os.system("clear") 70 | print("\n") 71 | print "Information Gathering Tools" 72 | header() 73 | parse_tools("/modules/informationGathering") 74 | elif choice=="4": 75 | os.system("clear") 76 | print("\n") 77 | print "Password Attacks Tools" 78 | header() 79 | parse_tools("/modules/passwordAttacks") 80 | elif choice=="5": 81 | os.system("clear") 82 | print("\n") 83 | print "Privacy Tools" 84 | header() 85 | parse_tools("/modules/privacy") 86 | elif choice=="6": 87 | os.system("clear") 88 | print("\n") 89 | print "Reverse Engineering Tools" 90 | header() 91 | parse_tools("/modules/reverseEngineering") 92 | elif choice=="7": 93 | os.system("clear") 94 | print("\n") 95 | print "Sniffing Tools" 96 | header() 97 | parse_tools("/modules/sniffing") 98 | elif choice=="8": 99 | os.system("clear") 100 | print("\n") 101 | print "Stress Testing Tools" 102 | header() 103 | parse_tools("/modules/stressTesting") 104 | elif choice=="9": 105 | os.system("clear") 106 | print("\n") 107 | print "Vulnerability Analysis" 108 | header() 109 | parse_tools("/modules/vulnerabilityAnalysis") 110 | elif choice=="10": 111 | os.system("clear") 112 | print("\n") 113 | print "Web Applications Analysis Tools" 114 | header() 115 | parse_tools("/modules/webApplications") 116 | elif choice=="11": 117 | tools_updater("/android") 118 | tools_updater("/exploitationTools") 119 | tools_updater("/forensic") 120 | tools_updater("/informationGathering") 121 | tools_updater("/passwordAttacks") 122 | tools_updater("/privacy") 123 | tools_updater("/reverseEngineering") 124 | tools_updater("/sniffing") 125 | tools_updater("/stressTesting") 126 | tools_updater("/vulnerabilityAnalysis") 127 | tools_updater("/webApplications") 128 | elif choice=="exit": 129 | os.system("clear") 130 | sys.exit 131 | else: 132 | print("\n") 133 | print " Invalid Option!" 134 | #List out all tools of a category and then present options 135 | def parse_tools(categoryPath): 136 | modules_path = scripts_location + categoryPath 137 | table_data_short=[] 138 | for path, subdirs, files in os.walk(modules_path): 139 | for name in files: 140 | if ".md" not in name: 141 | filename = os.path.join(path, name) 142 | description=file_parser(filename, "DESCRIPTION") 143 | long_string=(str(description)) 144 | if len(long_string) > 120: 145 | table=DoubleTable([[name,'']]) 146 | max_width = table.column_max_width(1) 147 | wrapped_string = '\n'.join(wrap(long_string, max_width)) 148 | table.table_data[0][1] = wrapped_string 149 | print(table.table) 150 | else: 151 | table_data_short.append([name,long_string]) 152 | table_short=DoubleTable(table_data_short) 153 | table_short.inner_heading_row_border = False 154 | table_short.inner_row_border = False 155 | print (table_short.table) 156 | 157 | print "\n" 158 | print ("Install/Update/Uninstall any of the above tool.\nFor example:")+yellow("install xyz") +" will install xyz, "+yellow("update xyz")+" will update xyz and "+yellow("uninstall xyz")+" will Uninstall xyz \nEnter "+ cyan("back")+ (" for main menu and ")+green("exit")+(" to exit\n") 159 | value=raw_input("") 160 | if value=="exit": 161 | os.system("clear") 162 | sys.exit 163 | elif value=="back": 164 | os.system("clear") 165 | welcome() 166 | elif "install"==value[0:7]: 167 | for path, subdirs, files in os.walk(modules_path): 168 | for name in files: 169 | filename = os.path.join(path, name) 170 | if name.lower() == value[8:] or name.lower() == value[8:]: 171 | install_module(filename) 172 | add_alias(filename) 173 | print yellow(name) + (" Successfully Installed") 174 | print ("Restart or open a new tab to run ")+yellow(name) 175 | terminal_alias=file_parser(filename,"TERMINAL_ALIAS") 176 | print ("Alias for ")+yellow(name)+(": ")+blue(terminal_alias) 177 | elif "update"==value[0:6]: 178 | for path, subdirs, files in os.walk(modules_path): 179 | for name in files: 180 | filename = os.path.join(path, name) 181 | if name.lower() == value[7:] or name == value[7:]: 182 | update_module(filename,name) 183 | os.system("clear") 184 | welcome() 185 | elif "uninstall"==value[0:9]: 186 | for path, subdirs, files in os.walk(modules_path): 187 | for name in files: 188 | filename = os.path.join(path, name) 189 | if name.lower() == value[10:] or name == value[10:]: 190 | remove_module(filename,name) 191 | print ("Succesfully removed: ")+yellow(name) 192 | welcome() 193 | 194 | else: 195 | os.system('clear') 196 | print red(" Invalid Command!") 197 | welcome() 198 | #For Updating single module 199 | def update_module(filename,name): 200 | update_location = file_parser(filename, "INSTALLATION_CATEGORY") 201 | update_location=custom_tool_location+update_location 202 | update_location = update_location +"/"+ name + "/" 203 | os.chdir(update_location) 204 | if is_git_directory(): 205 | os.system("git pull origin master") 206 | else: 207 | print cyan("Not a git repository.Only git repository can be updated.") 208 | #Check all the folder in a directory and then update them if there are git directory 209 | def tools_updater(tools_category): 210 | folder_path=custom_tool_location+tools_category 211 | for f in os.listdir(folder_path): 212 | tools_folder=os.path.join(folder_path,f) 213 | os.chdir(tools_folder) 214 | if is_git_directory(): 215 | print cyan("Updating: ")+yellow(f) 216 | os.system("git pull origin master") 217 | #Determines if directory is a git directory or not 218 | def is_git_directory(): 219 | if call(["git", "log"], stderr=STDOUT, stdout=open(os.devnull, 'w')) != 0: 220 | return 0 221 | else: 222 | return 1 223 | #Install module by passing commands in the tool directory 224 | def install_module(filename): 225 | install_location = file_parser(filename, "INSTALLATION_CATEGORY") 226 | install_location=custom_tool_location+ str(install_location) 227 | command = file_parser(filename, "COMMANDS") 228 | if os.path.isdir(install_location): 229 | os.chdir(install_location) 230 | else: 231 | os.mkdir(install_location) 232 | os.chdir(install_location) 233 | if "," in command: 234 | original_command = command 235 | command = command.split(",") 236 | for commands in command: 237 | if "cd" in commands: 238 | commands=commands.replace("cd ","") 239 | os.chdir(commands) 240 | else: 241 | os.system("pwd") 242 | os.system(commands) 243 | else: 244 | os.system(command) 245 | #This function remove module, first removing folder then removing alias. 246 | def remove_module(filename,name): 247 | install_location = file_parser(filename, "INSTALLATION_CATEGORY") 248 | install_location=custom_tool_location+ str(install_location)+"/" 249 | os.chdir(install_location) 250 | remove_command="rm -rf "+str(name) 251 | os.system(remove_command) 252 | terminal_alias=file_parser(filename, "TERMINAL_ALIAS") 253 | path_for_alias=file_parser(filename, "PATH_FOR_ALIAS") 254 | complete_alias=str(terminal_alias)+"="+str(path_for_alias) 255 | complete_alias_n=complete_alias+"\n" 256 | os.chdir(custom_tool_location) 257 | print complete_alias_n 258 | f=open("customaliases","r") 259 | lines=f.readline() 260 | f.close() 261 | f=open("customaliases","w") 262 | for line in lines: 263 | if line!=complete_alias or line!=complete_alias_n: 264 | f.write(line) 265 | f.close() 266 | #This Function add Name and Description in tabular form for modules listing 267 | def header(): 268 | print ("""================================= 269 | 270 | """) + ("""Name Description """) 271 | #Check for string a file 272 | def file_parser(filename, term): 273 | if os.path.isfile(filename): 274 | counter = 0 275 | fileopen = file(filename) 276 | for line in fileopen: 277 | line = line.rstrip() 278 | if line.startswith(term): 279 | line = line.replace(term + "=", "") 280 | line = line.replace('"', "", 2) 281 | counter = 1 282 | return line 283 | if not os.path.isfile(filename): 284 | return None 285 | updating_scripts() 286 | welcome() 287 | -------------------------------------------------------------------------------- /update.py: -------------------------------------------------------------------------------- 1 | from subprocess import call, STDOUT 2 | import os 3 | import sys 4 | from colors import * 5 | import time 6 | from terminaltables import AsciiTable 7 | #Getting location of PentestBox 8 | pentestbox_ROOT_DIRECTORY=os.environ['pentestbox_ROOT'] 9 | bin_location=pentestbox_ROOT_DIRECTORY+"/bin" 10 | base_location=pentestbox_ROOT_DIRECTORY+"/base/" 11 | config_location=pentestbox_ROOT_DIRECTORY+"/config/" 12 | scripts_location=bin_location+"/scripts" 13 | def updating_scripts(): 14 | print green("Updating Required Files") 15 | os.chdir(scripts_location) 16 | os.system('git fetch --all') 17 | os.system('git reset --hard origin/master') 18 | time.sleep(1) 19 | os.system('clear') 20 | def is_git_directory(): 21 | if call(["git", "log"], stderr=STDOUT, stdout=open(os.devnull, 'w')) != 0: 22 | return 0 23 | else: 24 | return 1 25 | def tools_updater(tools_category): 26 | folder_path=bin_location+tools_category 27 | for f in os.listdir(folder_path): 28 | if f=="metasploit-framework": 29 | tools_folder=os.path.join(folder_path,f) 30 | os.chdir(tools_folder) 31 | print cyan("Updating: ")+yellow("Metasploit") 32 | os.system("git fetch --all") 33 | os.system('git reset --hard origin/master') 34 | os.system("bundle install") 35 | else: 36 | tools_folder=os.path.join(folder_path,f) 37 | os.chdir(tools_folder) 38 | if is_git_directory(): 39 | print cyan("Updating: ")+yellow(f) 40 | os.system("git pull origin master") 41 | 42 | def config_updater(): 43 | os.chdir(config_location) 44 | print cyan("Updating: ")+yellow('config') 45 | os.system('git fetch --all') 46 | os.system('git reset --hard origin/master') 47 | def clink_updater(): 48 | folder_path=base_location 49 | for f in os.listdir(base_location): 50 | tools_folder=os.path.join(folder_path,f) 51 | os.chdir(tools_folder) 52 | if is_git_directory(): 53 | print cyan("Updating: ")+yellow(f) 54 | os.system("git pull origin master") 55 | def welcome(): 56 | print cyan("Welcome to PentestBox tools update Utility.") 57 | table_data=[["Commands"," "],["update all","Updates Everything in PentestBox"],["update android","Updates Android Security Tools"], 58 | ["update exploitation","Updates Exploitation Tools"],["update forensics","Updates Forensics Tools"], 59 | ["update informationgathering","Updates InformationGathering Tools"],["update passwordattacks","Updates Password Attacks Tools"], 60 | ["update reverseengineering","Updates Reverse Engineering Tools"],["update sniffing","Updates Sniffing Tools"], 61 | ["update stresstesting","Updates Stress Testing Tools"],["update webapplication","Updates WebApplication Tools"], 62 | ["update config","Updates PentestBox Config Files"]] 63 | table=AsciiTable(table_data) 64 | print table.table 65 | def main(): 66 | if sys.argv[1]=="all": 67 | tools_updater("") 68 | tools_updater("/androidsecurity") 69 | tools_updater("/ExploitationTools") 70 | tools_updater("/ForensicTools") 71 | tools_updater("/InformationGathering") 72 | tools_updater("/password_attacks") 73 | tools_updater("/ReverseEngineering") 74 | tools_updater("/Sniffing") 75 | tools_updater("/StressTesting") 76 | tools_updater("/WebApplications") 77 | config_updater() 78 | clink_updater() 79 | elif sys.argv[1]=="android": 80 | os.system("clear") 81 | tools_updater("/androidsecurity") 82 | elif sys.argv[1]=="exploitation": 83 | os.system("clear") 84 | tools_updater("/ExploitationTools") 85 | elif sys.argv[1]=="forensic": 86 | os.system("clear") 87 | tools_updater("/ForensicTools") 88 | elif sys.argv[1]=="informationgathering": 89 | os.system("clear") 90 | tools_updater("/InformationGathering") 91 | os.chdir(bin_location+"/nmap") 92 | os.system("git pull origin master") 93 | print cyan("Updating: ")+yellow("Nmap") 94 | elif sys.argv[1]=="passwordattacks": 95 | os.system("clear") 96 | tools_updater("/password_attacks") 97 | elif sys.argv[1]=="revereengineering": 98 | os.system("clear") 99 | tools_updater("/ReverseEngineering") 100 | elif sys.argv[1]=="sniffing": 101 | os.system("clear") 102 | tools_updater("/Sniffing") 103 | os.chdir(bin_location+"/Wireshark") 104 | os.system("git pull origin master") 105 | print cyan("Updating: ")+yellow("Nmap") 106 | elif sys.argv[1]=="stresstesting": 107 | os.system("clear") 108 | tools_updater("/StressTesting") 109 | elif sys.argv[1]=="webapplication": 110 | os.system("clear") 111 | tools_updater("/WebApplications") 112 | elif sys.argv[1]=="config": 113 | config_updater() 114 | def main2(): 115 | if len(sys.argv) > 1: 116 | main() 117 | else: 118 | welcome() 119 | updating_scripts() 120 | main2() 121 | --------------------------------------------------------------------------------