├── README.MD ├── codeBuild.py ├── imgs └── README │ ├── image-20220520173616217.png │ ├── image-20220520173823059.png │ ├── image-20220520173840685.png │ ├── image-20220520174745080.png │ ├── image-20220520200321193.png │ ├── image-20220521114812929.png │ ├── image-20220521114846146.png │ └── image-20220521114911931.png ├── penkit.py ├── penkitgui.bat ├── penkitgui.py ├── penkitgui.vbs ├── requirements.txt └── setting.py /README.MD: -------------------------------------------------------------------------------- 1 | ## 前言 2 | 3 | 作为一个脚本小子,自然是有很多渗透工具,如果有一个工具箱能把这些工具集成到一个 UI 上,无疑能够提高我们的工作效率。 4 | 5 | 也看过几个类似于本项目的工具,都是把工具集成到 UI 界面上,使用的是 Python 的 Wxpy 模块做的,在使用了一段时间后,发现如果自己要添加工具,更新迭代或者移除工具的话,不太方便,需要修改多个地方,不利于自己拓展。 6 | 7 | 所以就有了本项目,PenKitGui,一个渗透测试工具箱,你可以用它来 DIY 你自己的渗透工具武器库😎。 8 | 9 | 这个工具有几个优点:拓展性好,方便修改,适合命令行工具。 10 | 11 | 工具箱里面附带的工具,为作者在网络上收集而来,不保证安全性。 12 | 13 | 分享链接: 14 | 15 | Tools:https://www.123pan.com/s/gHUDVv-AusG3 提取码: YPp1 16 | 17 | Java_path: 奶牛快传 https://cowtransfer.com/s/71cf22ee780c40 解压密码 java 18 | 19 | ## 如何使用 20 | 21 | 克隆本项目到本地: 22 | 23 | ``` 24 | git clone git@github.com:ccc-f/PenKitGui.git 25 | ``` 26 | 27 | 修改`penkitgui.bat`里面的 python 环境为你自己的(也可以选择虚拟环境),比如: 28 | 29 | ``` 30 | python3 penkitgui.py 31 | ``` 32 | 33 | ![image-20220520174745080](imgs/README/image-20220520174745080.png) 34 | 35 | 安装依赖包: 36 | 37 | ``` 38 | pip install -r requirements.txt 39 | ``` 40 | 41 | 下载网盘文件到本地,解压缩到项目根目录。 42 | 43 | 项目目录结构如下: 44 | 45 | ``` 46 | ├── gui_pentest 47 | ├── gui_scan 48 | ├── gui_shouji 49 | ├── imgs 50 | ├── Java_path 51 | ├── codedBuild.py 52 | ├── penkit.py 53 | ├── penkitgui.bat 54 | ├── penkitgui.py 55 | ├── penkitgui.vbs 56 | ├── README.MD 57 | ├── requirements.txt 58 | └── setting.py 59 | ``` 60 | 61 | **非Debug模式运行** 62 | 63 | 直接双击 `penkitgui.vbs` 64 | 65 | **Debug模式运行** 66 | 67 | 直接双击 `penkitgui.bat 68 | 69 | ## 原理 70 | 71 | `codeBuild.py` 通过读取 `settings.py` 里的数据,自动生成 `penkitgui.py` 和 `penkit.py` 。 72 | 如果修改了 `settings.py` ,运行一下 `codeBuild.py` 即可自动更新。 73 | 74 | ## Detail 75 | 76 | 使用 `ttkibootstrap` 构建 77 | 78 | ![image-20220520173616217](imgs/README/image-20220520173616217.png) 79 | 80 | ![image-20220520173823059](imgs/README/image-20220520173823059.png) 81 | 82 | ![image-20220520173840685](imgs/README/image-20220520173840685.png) 83 | 84 | 85 | 86 | ![image-20220520200321193](imgs/README/image-20220520200321193.png) 87 | 88 | ` 89 | 90 | ## 如何DIY 91 | 92 | > diy工具之后,别忘了运行一下 93 | > 94 | > python codeBuild.py 95 | 96 | `setting.py` 文件: 97 | 98 | 参数如下: 99 | 100 | ``` 101 | # 设置 Python 路径 102 | # python = 'D:\pythonProject\fsafe-venv\python3.7\Scripts\python.exe' 103 | python = 'python3' 104 | # 主题选择 105 | themes = 'superhero' 106 | # 每行工具按钮数量 107 | line_count = 4 108 | # UI 宽度 109 | width = 1400 110 | # UI 高度 111 | height = 700 112 | # 按钮宽度 113 | button_width = 25 114 | # 工具添加 115 | tools = { 116 | 'f1名称':{ 117 | '工具名称': 118 | "需要执行的命令", 119 | '2': 120 | "2", 121 | }, 122 | '选项卡2名称':{ 123 | '工具名称': 124 | "需要执行的命令", 125 | '': 126 | "cmd", 127 | }, 128 | } 129 | ``` 130 | 131 | 如果添加的是 java 工具,命令格式如下: 132 | 133 | ``` 134 | 'cd gui_pentest/工具目录 && ' + java8_path + ' -jar ' + '工具名称.jar' 135 | ``` 136 | 137 | ![image-20220521114812929](imgs/README/image-20220521114812929.png) 138 | 139 | 如果添加的是 python 工具,格式如下: 140 | 141 | ``` 142 | " '{python} {base_dir}/gui_scan/Gr33k/Gr33k.py ' ".format(python=python,base_dir=base_dir), 143 | ``` 144 | 145 | ![image-20220521114846146](imgs/README/image-20220521114846146.png) 146 | 147 | 如果需要打开 cmd 命令行,格式如下: 148 | 149 | ``` 150 | 'start cmd /k \"cd gui_shouji/sqlmap\" ' 151 | ``` 152 | 153 | ![image-20220521114911931](imgs/README/image-20220521114911931.png) 154 | 155 | 一点关于让cmd更美好的tips: 156 | 157 | ``` 158 | start . 159 | start reports 160 | ``` 161 | 162 | 强烈推荐使用microsoft Store下载 Windows Terminal 替换 cmd 命令行。 163 | 164 | 它可以设置默认以管理员身份运行,方便运行一些需要以管理员身份运行的工具,界面大气美观,可以自定义终端壁纸👍👍👍。 165 | 166 | 167 | 168 | ---------------------------- 169 | ## 2022/10/23 170 | 171 | 这个项目所集成的工具应该不会再更新了,希望大家自行diy,丰富自己的工具库。 172 | 173 | 使用了那么久,谈谈这个工具的使用感受吧。 174 | 175 | 首先,打开各种工具是非常方便的,只需要付出一点时间,将其写到setting.py文件里面,一键更新ui,一键运行程序,不需要切换路径,不需要输入命令,可以使用python的虚拟环境运行,随着集成的工具越多,它的优势也越明显。 176 | 177 | 但让我不太满意的地方是,把它写到setting.py的过程中并不是那么优雅。 178 | 后续有空的话,可能会在工具的菜单栏添加一个傻瓜式的增加、删除工具的功能。 179 | 如果谁有更好的想法的话,欢迎提出。 180 | 181 | ## 免责声明 182 | 183 | ``` 184 | 本工具仅面向合法授权的企业安全建设行为,在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。 185 | 186 | 如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。 187 | 188 | 在使用本工具前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要使用本工具。 189 | 190 | 您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。 191 | ``` 192 | 193 | ## 参考 194 | 195 | https://github.com/ghealer/GUI_Tools 196 | 197 | https://mp.weixin.qq.com/s/rNqSfMNTYzJciNEjyY5_Rg 198 | 199 | 200 | 201 | -------------------------------------------------------------------------------- /codeBuild.py: -------------------------------------------------------------------------------- 1 | from setting import tools,line_count,themes,width,button_width,height 2 | 3 | def gen_click(): 4 | no = 1 5 | with open('penkit.py','w',encoding='utf-8')as f: 6 | f.write(""" 7 | import subprocess 8 | from setting import java8_path 9 | from setting import java9_path 10 | class PenKit(): 11 | """ 12 | ) 13 | for t in tools.values(): 14 | for cmd in t.values(): 15 | f.write(""" 16 | def btn_{no}(): 17 | subprocess.Popen( {cmd} , shell=True) 18 | """.format(no=no,cmd=cmd)) 19 | no += 1 20 | 21 | def gen_body(): 22 | i = 0 23 | with open('penkitgui.py','w',encoding='utf-8')as f: 24 | f.write(""" 25 | import ttkbootstrap as ttk 26 | from ttkbootstrap.constants import * 27 | from penkit import PenKit 28 | 29 | root = ttk.Window( 30 | title="【综合化图形化渗透工具】by Scb0y", 31 | themename="{themes}", 32 | size=({width}, {height}), 33 | resizable=(True, True), 34 | ) 35 | f = ttk.Frame(root) 36 | f.pack(pady=5, fill=X, side=TOP) 37 | pk = ttk.Notebook(f) 38 | pk.pack( 39 | side=LEFT, 40 | padx=(10, 0), 41 | expand=YES, 42 | fill=BOTH 43 | ) 44 | """.format(themes=themes,width=width,height=height)) 45 | no = 0 46 | for title,tool in tools.items(): 47 | f.write(""" 48 | #################### {title} #################### 49 | f_{number} = ttk.Frame(pk) 50 | """.format(title=title,number=i)) 51 | col = 0 52 | row = 1 53 | for tool_name,tool_info in tool.items(): 54 | col += 1 55 | no += 1 56 | if col % (line_count+1) == 0: 57 | col = 1 58 | row += 1 59 | f.write(""" 60 | ttk.Button(f_{number},text="{tool}", bootstyle=(PRIMARY, "success-outline-toolbutton"), 61 | width={button_width}, command=PenKit.btn_{no}).grid(row={row},column={col},padx=20,pady=10) 62 | """.format(number=i,tool=tool_name,button_width=button_width,no=no,row=row,col=col)) 63 | f.write(""" 64 | pk.add(f_{number}, text=' {title} ') 65 | """.format(number=i,title=title)) 66 | 67 | i += 1 68 | f.write(""" 69 | root.mainloop() 70 | """) 71 | if __name__ == "__main__": 72 | gen_click() 73 | gen_body() -------------------------------------------------------------------------------- /imgs/README/image-20220520173616217.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220520173616217.png -------------------------------------------------------------------------------- /imgs/README/image-20220520173823059.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220520173823059.png -------------------------------------------------------------------------------- /imgs/README/image-20220520173840685.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220520173840685.png -------------------------------------------------------------------------------- /imgs/README/image-20220520174745080.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220520174745080.png -------------------------------------------------------------------------------- /imgs/README/image-20220520200321193.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220520200321193.png -------------------------------------------------------------------------------- /imgs/README/image-20220521114812929.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220521114812929.png -------------------------------------------------------------------------------- /imgs/README/image-20220521114846146.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220521114846146.png -------------------------------------------------------------------------------- /imgs/README/image-20220521114911931.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ccc-f/PenKitGui/12d3cdbe2173ed009caf5ecdcfa8ce388a7af13e/imgs/README/image-20220521114911931.png -------------------------------------------------------------------------------- /penkit.py: -------------------------------------------------------------------------------- 1 | 2 | import subprocess 3 | from setting import java8_path 4 | from setting import java9_path 5 | class PenKit(): 6 | 7 | def btn_1(): 8 | subprocess.Popen( 'start D:\pythonProject\PenKitGui\gui_pentest' , shell=True) 9 | 10 | def btn_2(): 11 | subprocess.Popen( "start powershell -NoExit cd D:\pythonProject\PenKitGui\gui_pentest\ " , shell=True) 12 | 13 | def btn_3(): 14 | subprocess.Popen( 'cd gui_pentest/Godzilla && ' + java8_path + ' -jar ' + 'Godzilla.jar' , shell=True) 15 | 16 | def btn_4(): 17 | subprocess.Popen( 'cd gui_pentest/Behinder T00l专版 && ' + java8_path + ' -jar ' + 'Behinder.jar' , shell=True) 18 | 19 | def btn_5(): 20 | subprocess.Popen( 'cd gui_pentest/Behinder-Mode && ' + java8_path + ' -jar ' + 'Behinder-Mode.jar' , shell=True) 21 | 22 | def btn_6(): 23 | subprocess.Popen( 'cd gui_pentest/TianXie && ' + java8_path + ' -jar ' + '天蝎权限管理工具.jar' , shell=True) 24 | 25 | def btn_7(): 26 | subprocess.Popen( 'cd gui_pentest/BurpSuite_Pro && ' + java9_path + ' -javaagent:BurpSuiteLoader_v2022.3.jar -noverify -jar burpsuite_pro_v2022.3.jar' , shell=True) 27 | 28 | def btn_8(): 29 | subprocess.Popen( 'cd gui_pentest/CobaltStrike/Cobalt_Strike_4.4 && ' + java8_path + ' -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -Xms512M -Xmx1024M -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -jar cobaltstrike.jar $*' , shell=True) 30 | 31 | def btn_9(): 32 | subprocess.Popen( 'start D:\pythonProject\PenKitGui\gui_shouji' , shell=True) 33 | 34 | def btn_10(): 35 | subprocess.Popen( "start powershell -NoExit cd D:\pythonProject\PenKitGui\gui_shouji\ " , shell=True) 36 | 37 | def btn_11(): 38 | subprocess.Popen( 'cd gui_shouji/yjdirscanv1.1 && 御剑目录扫描专业版v1.1.exe' , shell=True) 39 | 40 | def btn_12(): 41 | subprocess.Popen( 'cd gui_shouji/dirscan_3.0 && ' + java9_path + ' -jar ' + 'scandir-3.0.jar' , shell=True) 42 | 43 | def btn_13(): 44 | subprocess.Popen( 'cd gui_shouji && ' + java8_path + ' -jar ' + 'webfinder-3.2.jar' , shell=True) 45 | 46 | def btn_14(): 47 | subprocess.Popen( 'cd gui_shouji/fofaviewer && ' + java8_path + ' -jar ' + 'fofaviewer.jar' , shell=True) 48 | 49 | def btn_15(): 50 | subprocess.Popen( 'start cmd /k "cd gui_shouji/sqlmap" ' , shell=True) 51 | 52 | def btn_16(): 53 | subprocess.Popen( 'start cmd /k "cd gui_shouji/jsfinder" ' , shell=True) 54 | 55 | def btn_17(): 56 | subprocess.Popen( ' start cmd /k "cd gui_shouji/Packer-Fuzzer-1.3" ' , shell=True) 57 | 58 | def btn_18(): 59 | subprocess.Popen( 'start D:\pythonProject\PenKitGui\gui_scan' , shell=True) 60 | 61 | def btn_19(): 62 | subprocess.Popen( ' start powershell -NoExit cd D:\pythonProject\PenKitGui\gui_scan\ ' , shell=True) 63 | 64 | def btn_20(): 65 | subprocess.Popen( 'start cmd /k " cd gui_scan/403bypasser " ' , shell=True) 66 | 67 | def btn_21(): 68 | subprocess.Popen( 'cd gui_scan && ' + java8_path + ' -jar ' + 'TODA.jar' , shell=True) 69 | 70 | def btn_22(): 71 | subprocess.Popen( ' cd gui_scan && ' + java8_path + ' -jar ' + 'CAS_cc2_Exploit-1.0-SNAPSHOTv1.1-all.jar' , shell=True) 72 | 73 | def btn_23(): 74 | subprocess.Popen( ' cd gui_scan && ' + java8_path + ' -jar ' + 'SJ-V1.9.jar' , shell=True) 75 | 76 | def btn_24(): 77 | subprocess.Popen( ' cd gui_scan/thinkphp && ' + java8_path + ' -jar ' + 'ThinkPHP.V2.3.by.jar' , shell=True) 78 | 79 | def btn_25(): 80 | subprocess.Popen( ' cd gui_scan/thinkphp && ' + java8_path + ' -jar ' + 'ThinkphpGUI-1.2-SNAPSHOT.jar' , shell=True) 81 | 82 | def btn_26(): 83 | subprocess.Popen( 'cd gui_scan/thinkphp && ' + java8_path + ' -jar ' + 'thinkphp命令执行检测工具.jar' , shell=True) 84 | 85 | def btn_27(): 86 | subprocess.Popen( ' cd gui_scan/weblogic/weblogic-framework-0.2.3 && ' + java8_path + ' -jar ' + 'weblogic-framework-0.2.3-all-jar-with-dependencies.jar' , shell=True) 87 | 88 | def btn_28(): 89 | subprocess.Popen( ' cd gui_scan/weblogic && ' + java8_path + ' -jar ' + 'weblogic_exploit-1.0-SNAPSHOT-all.jar' , shell=True) 90 | 91 | def btn_29(): 92 | subprocess.Popen( ' cd gui_scan && ' + java8_path + ' -jar ' + '深X服edr任意用户登陆检测工具.jar' , shell=True) 93 | 94 | def btn_30(): 95 | subprocess.Popen( ' cd gui_scan/shiro/ShiroExploit.V2.51 && ' + java8_path + ' -jar ' + 'ShiroExploit.jar' , shell=True) 96 | 97 | def btn_31(): 98 | subprocess.Popen( ' cd gui_scan/shiro && ' + java8_path + ' -jar ' + 'ShiroScan-1.1.jar' , shell=True) 99 | 100 | def btn_32(): 101 | subprocess.Popen( 'cd gui_scan/shiro/shiro_attack_2.2 && ' + java8_path + ' -jar ' + 'shiro_attack-2.2.jar' , shell=True) 102 | 103 | def btn_33(): 104 | subprocess.Popen( 'cd gui_scan/Spring/SpringBootExploit-1.3-SNAPSHOT-all && ' + java8_path + ' -jar ' + 'SpringBootExploit-1.3-SNAPSHOT-all.jar' , shell=True) 105 | 106 | def btn_34(): 107 | subprocess.Popen( 'cd gui_scan/Log4j/ && ' + java8_path + ' -jar ' + 'woodpecker-framework.1.3.3.jar' , shell=True) 108 | 109 | def btn_35(): 110 | subprocess.Popen( ' cd gui_scan && ' + java8_path + ' -jar ' + 'oracleShell.jar' , shell=True) 111 | 112 | def btn_36(): 113 | subprocess.Popen( ' cd gui_scan/tomcat && ' + java8_path + ' -jar ' + 'tomcat.jar' , shell=True) 114 | 115 | def btn_37(): 116 | subprocess.Popen( ' cd gui_scan/json && json反序列化检查工具.exe ' , shell=True) 117 | 118 | def btn_38(): 119 | subprocess.Popen( 'cd gui_scan/AliyunAkTools && AliyunAkTools.exe' , shell=True) 120 | 121 | def btn_39(): 122 | subprocess.Popen( ' cd gui_scan/Multiple.Database.Utilization.Tools.-.v2.0.6 && ' + java8_path + ' -jar ' + 'MDUT.jar' , shell=True) 123 | -------------------------------------------------------------------------------- /penkitgui.bat: -------------------------------------------------------------------------------- 1 | D:\pythonProject\fsafe-venv\python3.7\Scripts\python.exe penkitgui.py 2 | @REM d:/pythonProject/fsafe-venv/python3.7/Scripts/activate.bat 3 | @REM 上面是注释,可以选择你的主python环境,也可以选择你的python虚拟环境 -------------------------------------------------------------------------------- /penkitgui.py: -------------------------------------------------------------------------------- 1 | 2 | import ttkbootstrap as ttk 3 | from ttkbootstrap.constants import * 4 | from penkit import PenKit 5 | 6 | root = ttk.Window( 7 | title="【综合化图形化渗透工具】by Scb0y", 8 | themename="superhero", 9 | size=(1400, 700), 10 | resizable=(True, True), 11 | ) 12 | f = ttk.Frame(root) 13 | f.pack(pady=5, fill=X, side=TOP) 14 | pk = ttk.Notebook(f) 15 | pk.pack( 16 | side=LEFT, 17 | padx=(10, 0), 18 | expand=YES, 19 | fill=BOTH 20 | ) 21 | 22 | #################### 渗透测试 #################### 23 | f_0 = ttk.Frame(pk) 24 | 25 | ttk.Button(f_0,text="打开渗透测试目录", bootstyle=(PRIMARY, "success-outline-toolbutton"), 26 | width=25, command=PenKit.btn_1).grid(row=1,column=1,padx=20,pady=10) 27 | 28 | ttk.Button(f_0,text="打开Powershell", bootstyle=(PRIMARY, "success-outline-toolbutton"), 29 | width=25, command=PenKit.btn_2).grid(row=1,column=2,padx=20,pady=10) 30 | 31 | ttk.Button(f_0,text="Godzilla v4.0", bootstyle=(PRIMARY, "success-outline-toolbutton"), 32 | width=25, command=PenKit.btn_3).grid(row=1,column=3,padx=20,pady=10) 33 | 34 | ttk.Button(f_0,text="冰蝎 T00ls 专版v3.0 Beta 11", bootstyle=(PRIMARY, "success-outline-toolbutton"), 35 | width=25, command=PenKit.btn_4).grid(row=1,column=4,padx=20,pady=10) 36 | 37 | ttk.Button(f_0,text="冰蝎魔改版 v3.3.2", bootstyle=(PRIMARY, "success-outline-toolbutton"), 38 | width=25, command=PenKit.btn_5).grid(row=2,column=1,padx=20,pady=10) 39 | 40 | ttk.Button(f_0,text="天蝎权限管理工具", bootstyle=(PRIMARY, "success-outline-toolbutton"), 41 | width=25, command=PenKit.btn_6).grid(row=2,column=2,padx=20,pady=10) 42 | 43 | ttk.Button(f_0,text="BurpSuite_pro v2022.3 ", bootstyle=(PRIMARY, "success-outline-toolbutton"), 44 | width=25, command=PenKit.btn_7).grid(row=2,column=3,padx=20,pady=10) 45 | 46 | ttk.Button(f_0,text="CobaltStrike 去特征版 v4.4", bootstyle=(PRIMARY, "success-outline-toolbutton"), 47 | width=25, command=PenKit.btn_8).grid(row=2,column=4,padx=20,pady=10) 48 | 49 | pk.add(f_0, text=' 渗透测试 ') 50 | 51 | #################### 信息收集 #################### 52 | f_1 = ttk.Frame(pk) 53 | 54 | ttk.Button(f_1,text="打开信息收集目录", bootstyle=(PRIMARY, "success-outline-toolbutton"), 55 | width=25, command=PenKit.btn_9).grid(row=1,column=1,padx=20,pady=10) 56 | 57 | ttk.Button(f_1,text="打开Powershell", bootstyle=(PRIMARY, "success-outline-toolbutton"), 58 | width=25, command=PenKit.btn_10).grid(row=1,column=2,padx=20,pady=10) 59 | 60 | ttk.Button(f_1,text="御剑扫描珍藏版 v1.1", bootstyle=(PRIMARY, "success-outline-toolbutton"), 61 | width=25, command=PenKit.btn_11).grid(row=1,column=3,padx=20,pady=10) 62 | 63 | ttk.Button(f_1,text="Dirscan v3.0", bootstyle=(PRIMARY, "success-outline-toolbutton"), 64 | width=25, command=PenKit.btn_12).grid(row=1,column=4,padx=20,pady=10) 65 | 66 | ttk.Button(f_1,text="WebFinder v3.2", bootstyle=(PRIMARY, "success-outline-toolbutton"), 67 | width=25, command=PenKit.btn_13).grid(row=2,column=1,padx=20,pady=10) 68 | 69 | ttk.Button(f_1,text="Fofa_viewer v1.8", bootstyle=(PRIMARY, "success-outline-toolbutton"), 70 | width=25, command=PenKit.btn_14).grid(row=2,column=2,padx=20,pady=10) 71 | 72 | ttk.Button(f_1,text="Sqlmap", bootstyle=(PRIMARY, "success-outline-toolbutton"), 73 | width=25, command=PenKit.btn_15).grid(row=2,column=3,padx=20,pady=10) 74 | 75 | ttk.Button(f_1,text="JsFinder", bootstyle=(PRIMARY, "success-outline-toolbutton"), 76 | width=25, command=PenKit.btn_16).grid(row=2,column=4,padx=20,pady=10) 77 | 78 | ttk.Button(f_1,text="PackerFuzzer v1.3", bootstyle=(PRIMARY, "success-outline-toolbutton"), 79 | width=25, command=PenKit.btn_17).grid(row=3,column=1,padx=20,pady=10) 80 | 81 | pk.add(f_1, text=' 信息收集 ') 82 | 83 | #################### 漏洞利用 #################### 84 | f_2 = ttk.Frame(pk) 85 | 86 | ttk.Button(f_2,text="打开漏洞利用目录", bootstyle=(PRIMARY, "success-outline-toolbutton"), 87 | width=25, command=PenKit.btn_18).grid(row=1,column=1,padx=20,pady=10) 88 | 89 | ttk.Button(f_2,text="打开Powershell", bootstyle=(PRIMARY, "success-outline-toolbutton"), 90 | width=25, command=PenKit.btn_19).grid(row=1,column=2,padx=20,pady=10) 91 | 92 | ttk.Button(f_2,text="403bypasser", bootstyle=(PRIMARY, "success-outline-toolbutton"), 93 | width=25, command=PenKit.btn_20).grid(row=1,column=3,padx=20,pady=10) 94 | 95 | ttk.Button(f_2,text="通达OA综合利用工具 v1.0", bootstyle=(PRIMARY, "success-outline-toolbutton"), 96 | width=25, command=PenKit.btn_21).grid(row=1,column=4,padx=20,pady=10) 97 | 98 | ttk.Button(f_2,text="Cas反序列化利用工具v1.1", bootstyle=(PRIMARY, "success-outline-toolbutton"), 99 | width=25, command=PenKit.btn_22).grid(row=2,column=1,padx=20,pady=10) 100 | 101 | ttk.Button(f_2,text="神机 v1.9", bootstyle=(PRIMARY, "success-outline-toolbutton"), 102 | width=25, command=PenKit.btn_23).grid(row=2,column=2,padx=20,pady=10) 103 | 104 | ttk.Button(f_2,text="ThinkPHP综合利用工具 v2.3", bootstyle=(PRIMARY, "success-outline-toolbutton"), 105 | width=25, command=PenKit.btn_24).grid(row=2,column=3,padx=20,pady=10) 106 | 107 | ttk.Button(f_2,text="ThinkPhp漏洞利用工具 v1.2", bootstyle=(PRIMARY, "success-outline-toolbutton"), 108 | width=25, command=PenKit.btn_25).grid(row=2,column=4,padx=20,pady=10) 109 | 110 | ttk.Button(f_2,text="ThinkPhp命令执行检测工具", bootstyle=(PRIMARY, "success-outline-toolbutton"), 111 | width=25, command=PenKit.btn_26).grid(row=3,column=1,padx=20,pady=10) 112 | 113 | ttk.Button(f_2,text="Weblogic-framework v0.2.3", bootstyle=(PRIMARY, "success-outline-toolbutton"), 114 | width=25, command=PenKit.btn_27).grid(row=3,column=2,padx=20,pady=10) 115 | 116 | ttk.Button(f_2,text="Weblogic-Exp-Snapshot-all v1.0", bootstyle=(PRIMARY, "success-outline-toolbutton"), 117 | width=25, command=PenKit.btn_28).grid(row=3,column=3,padx=20,pady=10) 118 | 119 | ttk.Button(f_2,text="深X服edr任意用户登陆检测工具", bootstyle=(PRIMARY, "success-outline-toolbutton"), 120 | width=25, command=PenKit.btn_29).grid(row=3,column=4,padx=20,pady=10) 121 | 122 | ttk.Button(f_2,text="Shiro-exp_v2.51_by飞鸿", bootstyle=(PRIMARY, "success-outline-toolbutton"), 123 | width=25, command=PenKit.btn_30).grid(row=4,column=1,padx=20,pady=10) 124 | 125 | ttk.Button(f_2,text="ShiroScan反序列化回显工具v1.1_fupinglee", bootstyle=(PRIMARY, "success-outline-toolbutton"), 126 | width=25, command=PenKit.btn_31).grid(row=4,column=2,padx=20,pady=10) 127 | 128 | ttk.Button(f_2,text="Shiro attack v2.2_j1anFen", bootstyle=(PRIMARY, "success-outline-toolbutton"), 129 | width=25, command=PenKit.btn_32).grid(row=4,column=3,padx=20,pady=10) 130 | 131 | ttk.Button(f_2,text="Spring 漏洞利用工具v1.3", bootstyle=(PRIMARY, "success-outline-toolbutton"), 132 | width=25, command=PenKit.btn_33).grid(row=4,column=4,padx=20,pady=10) 133 | 134 | ttk.Button(f_2,text="Log4j", bootstyle=(PRIMARY, "success-outline-toolbutton"), 135 | width=25, command=PenKit.btn_34).grid(row=5,column=1,padx=20,pady=10) 136 | 137 | ttk.Button(f_2,text="OracleShellv1.0", bootstyle=(PRIMARY, "success-outline-toolbutton"), 138 | width=25, command=PenKit.btn_35).grid(row=5,column=2,padx=20,pady=10) 139 | 140 | ttk.Button(f_2,text="Tomcat弱密码检查", bootstyle=(PRIMARY, "success-outline-toolbutton"), 141 | width=25, command=PenKit.btn_36).grid(row=5,column=3,padx=20,pady=10) 142 | 143 | ttk.Button(f_2,text="FastJson反序列化检查工具", bootstyle=(PRIMARY, "success-outline-toolbutton"), 144 | width=25, command=PenKit.btn_37).grid(row=5,column=4,padx=20,pady=10) 145 | 146 | ttk.Button(f_2,text="Aliyun_AKTools_by_T00ls", bootstyle=(PRIMARY, "success-outline-toolbutton"), 147 | width=25, command=PenKit.btn_38).grid(row=6,column=1,padx=20,pady=10) 148 | 149 | ttk.Button(f_2,text="MDUT数据库利用工具", bootstyle=(PRIMARY, "success-outline-toolbutton"), 150 | width=25, command=PenKit.btn_39).grid(row=6,column=2,padx=20,pady=10) 151 | 152 | pk.add(f_2, text=' 漏洞利用 ') 153 | 154 | root.mainloop() 155 | -------------------------------------------------------------------------------- /penkitgui.vbs: -------------------------------------------------------------------------------- 1 | set ws=WScript.CreateObject("WScript.Shell") 2 | currentpath = createobject("Scripting.FileSystemObject").GetFolder(".").Path 3 | GUI_Tools = currentpath & "\penkitgui.bat" 4 | ws.Run GUI_Tools,0 -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | -i https://pypi.tuna.tsinghua.edu.cn/simple 2 | Pillow==9.1.1 3 | ttkbootstrap==1.7.4 4 | -------------------------------------------------------------------------------- /setting.py: -------------------------------------------------------------------------------- 1 | import os 2 | import platform 3 | 4 | base_dir = os.getcwd() 5 | # 设置 工具的 Python 解释器位置 6 | # python = 'D:\pythonProject\\fsafe-venv\python3.7\Scripts\python.exe' 7 | python = 'python3' 8 | # themes_list = ['superhero','purse','yeti','lumen','journal' 9 | # 主题选择 10 | themes = 'superhero' 11 | # 每行工具按钮数量 12 | line_count = 4 13 | # UI 宽度 14 | width = 1400 15 | # UI 高度 16 | height = 700 17 | # 按钮宽度 18 | button_width = 25 19 | # 渗透工具 20 | tools = { 21 | '渗透测试':{ 22 | '打开渗透测试目录': 23 | " 'start {}\gui_pentest\' ".format(base_dir), 24 | 25 | '打开Powershell': 26 | " \"start powershell -NoExit cd {}\gui_pentest\ \" ".format(base_dir), 27 | 28 | 'Godzilla v4.0': 29 | "'cd gui_pentest/Godzilla && ' + java8_path + ' -jar ' + 'Godzilla.jar'", 30 | 31 | '冰蝎 T00ls 专版v3.0 Beta 11': 32 | " 'cd gui_pentest/Behinder T00l专版 && ' + java8_path + ' -jar ' + 'Behinder.jar' ", 33 | 34 | '冰蝎魔改版 v3.3.2': 35 | " 'cd gui_pentest/Behinder-Mode && ' + java8_path + ' -jar ' + 'Behinder-Mode.jar' ", 36 | 37 | '天蝎权限管理工具': 38 | " 'cd gui_pentest/TianXie && ' + java8_path + ' -jar ' + '天蝎权限管理工具.jar' ", 39 | 40 | 'BurpSuite_pro v2022.3 ': 41 | "'cd gui_pentest/BurpSuite_Pro && ' + java9_path + ' -javaagent:BurpSuiteLoader_v2022.3.jar -noverify -jar burpsuite_pro_v2022.3.jar'", 42 | 43 | 'CobaltStrike 去特征版 v4.4': 44 | "'cd gui_pentest/CobaltStrike/Cobalt_Strike_4.4 && ' + java8_path + ' -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -Xms512M -Xmx1024M -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -jar cobaltstrike.jar $*'" 45 | }, 46 | '信息收集':{ 47 | '打开信息收集目录': 48 | " 'start {}\gui_shouji\' ".format(base_dir), 49 | 50 | '打开Powershell': 51 | " \"start powershell -NoExit cd {}\gui_shouji\ \" ".format(base_dir), 52 | 53 | '御剑扫描珍藏版 v1.1': 54 | "'cd gui_shouji/yjdirscanv1.1 && 御剑目录扫描专业版v1.1.exe'", 55 | 56 | 'Dirscan v3.0': 57 | "'cd gui_shouji/dirscan_3.0 && ' + java9_path + ' -jar ' + 'scandir-3.0.jar'", 58 | 59 | 'WebFinder v3.2': 60 | "'cd gui_shouji && ' + java8_path + ' -jar ' + 'webfinder-3.2.jar'", 61 | 62 | 'Fofa_viewer v1.8': 63 | "'cd gui_shouji/fofaviewer && ' + java8_path + ' -jar ' + 'fofaviewer.jar'", 64 | 65 | 'Sqlmap': 66 | " 'start cmd /k \"cd gui_shouji/sqlmap\" ' ", 67 | 68 | # 'Oneforall': 69 | # "'start cmd /k \"cd gui_shouji/oneforall\" '", 70 | 71 | 'JsFinder': 72 | "'start cmd /k \"cd gui_shouji/jsfinder\" '", 73 | 74 | 'PackerFuzzer v1.3': 75 | "' start cmd /k \"cd gui_shouji/Packer-Fuzzer-1.3\" '", 76 | 77 | 78 | }, 79 | '漏洞利用':{ 80 | '打开漏洞利用目录': 81 | " 'start {}\gui_scan\' ".format(base_dir), 82 | 83 | '打开Powershell': 84 | " ' start powershell -NoExit cd {}\gui_scan\ ' ".format(base_dir), 85 | 86 | '403bypasser': 87 | " 'start cmd /k \" cd gui_scan/403bypasser \" ' ", 88 | 89 | '通达OA综合利用工具 v1.0': 90 | "'cd gui_scan && ' + java8_path + ' -jar ' + 'TODA.jar'", 91 | 92 | # 'Gr33k漏洞利用工具集': 93 | # " '{python} {base_dir}/gui_scan/Gr33k/Gr33k.py ' ".format(python=python,base_dir=base_dir), 94 | 95 | 'Cas反序列化利用工具v1.1': 96 | " ' cd gui_scan && ' + java8_path + ' -jar ' + 'CAS_cc2_Exploit-1.0-SNAPSHOTv1.1-all.jar' ", 97 | 98 | '神机 v1.9': 99 | " ' cd gui_scan && ' + java8_path + ' -jar ' + 'SJ-V1.9.jar' ", 100 | 101 | 'ThinkPHP综合利用工具 v2.3': 102 | " ' cd gui_scan/thinkphp && ' + java8_path + ' -jar ' + 'ThinkPHP.V2.3.by.jar' ", 103 | 104 | 'ThinkPhp漏洞利用工具 v1.2': 105 | " ' cd gui_scan/thinkphp && ' + java8_path + ' -jar ' + 'ThinkphpGUI-1.2-SNAPSHOT.jar' ", 106 | 107 | 'ThinkPhp命令执行检测工具': 108 | " 'cd gui_scan/thinkphp && ' + java8_path + ' -jar ' + 'thinkphp命令执行检测工具.jar' ", 109 | 110 | 'Weblogic-framework v0.2.3': 111 | " ' cd gui_scan/weblogic/weblogic-framework-0.2.3 && ' + java8_path + ' -jar ' + 'weblogic-framework-0.2.3-all-jar-with-dependencies.jar' ", 112 | 113 | 'Weblogic-Exp-Snapshot-all v1.0': 114 | " ' cd gui_scan/weblogic && ' + java8_path + ' -jar ' + 'weblogic_exploit-1.0-SNAPSHOT-all.jar' ", 115 | 116 | '深X服edr任意用户登陆检测工具': 117 | " ' cd gui_scan && ' + java8_path + ' -jar ' + '深X服edr任意用户登陆检测工具.jar' ", 118 | 119 | 'Shiro-exp_v2.51_by飞鸿': 120 | " ' cd gui_scan/shiro/ShiroExploit.V2.51 && ' + java8_path + ' -jar ' + 'ShiroExploit.jar' ", 121 | 122 | 'ShiroScan反序列化回显工具v1.1_fupinglee': 123 | " ' cd gui_scan/shiro && ' + java8_path + ' -jar ' + 'ShiroScan-1.1.jar' ", 124 | 125 | 'Shiro attack v2.2_j1anFen': 126 | " 'cd gui_scan/shiro/shiro_attack_2.2 && ' + java8_path + ' -jar ' + 'shiro_attack-2.2.jar' ", 127 | 128 | 'Spring 漏洞利用工具v1.3': 129 | " 'cd gui_scan/Spring/SpringBootExploit-1.3-SNAPSHOT-all && ' + java8_path + ' -jar ' + 'SpringBootExploit-1.3-SNAPSHOT-all.jar' ", 130 | 131 | 'Log4j': 132 | " 'cd gui_scan/Log4j/ && ' + java8_path + ' -jar ' + 'woodpecker-framework.1.3.3.jar' ", 133 | 134 | 'OracleShellv1.0': 135 | " ' cd gui_scan && ' + java8_path + ' -jar ' + 'oracleShell.jar' ", 136 | 137 | 'Tomcat弱密码检查': 138 | " ' cd gui_scan/tomcat && ' + java8_path + ' -jar ' + 'tomcat.jar' ", 139 | 140 | 'FastJson反序列化检查工具': 141 | " ' cd gui_scan/json && json反序列化检查工具.exe ' ", 142 | 143 | 'Aliyun_AKTools_by_T00ls': 144 | " 'cd gui_scan/AliyunAkTools && AliyunAkTools.exe' ", 145 | 146 | 'MDUT数据库利用工具': 147 | " ' cd gui_scan/Multiple.Database.Utilization.Tools.-.v2.0.6 && ' + java8_path + ' -jar ' + 'MDUT.jar' ", 148 | 149 | }, 150 | } 151 | 152 | #路径设置 153 | tools_path = os.getcwd() 154 | if platform.system() == 'Windows' : 155 | java8_path = (tools_path + "\Java_path\jre_1.8_win\\bin\java").replace('\\','\\\\') 156 | java9_path = (tools_path + "\Java_path\java9_win\\bin\java").replace('\\','\\\\') 157 | else: 158 | #MacOS和Linux的java绝对路径 159 | java8_path = tools_path + "/Java_path/java_1.8/bin/java" 160 | java9_path = tools_path + "/Java_path/java9/bin/java" --------------------------------------------------------------------------------