Breaking News



A multi-platform knowledge superhighway hacking toolkit Docker symbol with Graphical Particular person Interface (GUI) strengthen.

Organize

Docker

Pull the picture from Docker Hub:

docker pull signedsecurity/web-hacking-toolkit

Run a container and fix a shell:

docker run --rm -it --name web-hacking-toolkit signedsecurity/web-hacking-toolkit /usr/bin/zsh

Docker Compose

Docker-Compose can be used.

taste: "3.9"

services and products and merchandise:
web-hacking-toolkit:
symbol: signedsecurity/web-hacking-toolkit
container_name: web-hacking-toolkit
hostname: web-hacking-toolkit
stdin_open: true
ports:
- "22:22" # uncovered for GUI strengthen sing SSH with X11 forwarding
volumes:
- ./knowledge:/root/knowledge
restart: unless-stopped

Collect and run container:

Connect shell:

docker-compose exec web-hacking-toolkit /usr/bin/zsh

Collect from Supply

Clone this repository and compile the picture:

git clone https://github.com/signedsecurity/web-hacking-toolkit.git && 
cd web-hacking-toolkit &&
make compile

Run a container and fix a shell:

docker run --rm -it --name web-hacking-toolkit signedsecurity/web-hacking-toolkit /usr/bin/zsh

GUI Reinforce

By the use of default, no GUI equipment can be run in a Docker container as no X11 server is to be had. To run them, you will have to industry that. What’s sought after to take action is dependent upon your host tool. For individuals who:

  • run on Linux, in case you have X11
  • run on Mac OS, you want Xquartz (brew organize Xquartz)
  • run on Area house home windows, you have got an issue

The usage of SSH with X11 forwarding

Use X11 forwarding by means of SSH if you wish to switch this manner. Run start_ssh all through the container to begin out the server, remember to reveal port 22 when beginning the container: docker run -p 127.0.0.1:22:22 ..., then use ssh -X ... when connecting (the script prints the password).

Put in

Equipment

InterfaceDecideDescription
CLIAmassIn-depth Assault Floor Mapping and Asset Discovery
CLIanewA device for along side new traces to knowledge, skipping duplicates
GUIBurp Suite StaffThe BurpSuite Enterprise team of workers type
CLIcurlA command line instrument and library for shifting knowledge with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl provides a myriad of adverse possible choices
CLIdnsxdnsx is a handy guide a rough and multi-purpose DNS toolkit permit to run a couple of DNS queries of your selection with a listing of user-supplied resolvers.
CLIffufSpeedy knowledge superhighway fuzzer written in Switch
CLIfindomainThe quickest and cross-platform subdomain enumerator, don’t waste your time.
GUIfirefoxSecure and simple knowledge superhighway browser from Mozilla
CLIhtml-toolTake URLs or filenames for HTML bureaucracy on stdin and extract tag contents, function values, or feedback
CLIhttpxhttpx is a handy guide a rough and multi-purpose HTTP toolkit permit to run a couple of probers the usage of retryablehttp library, it’s designed to take care of the outcome reliability with higher threads.
CLInaabuA to hand information a coarse port scanner written in switch with center of attention on reliability and simplicity. Designed for use together with different equipment for assault ground discovery in computer virus bounties and pentests
CLInmapNmap – the Group Mapper. Github reflect of first rate SVN repository.
CLIsigsubfind3rA subdomain discovery instrument – it gathers a listing of subdomains passively the usage of more than a few on-line resources.
CLIsigurlfind3rA passive reconnaissance instrument for identified URLs discovery – it gathers a listing of URLs passively the usage of more than a few on-line resources.
CLIsigurlscann3rA knowledge superhighway tool assault ground mapping instrument. It takes in a listing of urls then plays a large number of probes
CLIsubdomains.shA wrapper round for subdomains amassing equipment (amass, subfinder, findomain & sigsubfind3r) to extend amassing potency and automating the workflow.
CLIsubfinderSubfinder is a subdomain discovery instrument that discovers professional subdomains for cyber internet web sites. Designed as a passive framework to be helpful for computer virus bounties and protected for penetration checking out.
CLItmuxtmux is a terminal multiplexer: it lets in somewhat a large number of terminals to be created, accessed, and regulated from a unmarried computer screen. tmux may be indifferent from a computer screen and proceed running all over the background, then later reattached
CLIvimAn overly configurable textual content editor constructed to make emerging and converting any longer or much less textual content very surroundings delightful.
CLIwappalyzerWappalyzer identifies applied sciences on cyber internet web sites, similar to CMS, knowledge superhighway frameworks, ecommerce platforms, JavaScript libraries, analytics equipment and additional.
CLIwuzzInteractive cli instrument for HTTP inspection

Wordlists

WordlistDescription
SecListsSecLists is the protection tester’s necessary other. It’s a collection of a couple of varieties of lists used all over coverage tests, gathered in a single position. File varieties come with usernames, passwords, URLs, delicate knowledge patterns, fuzzing payloads, knowledge superhighway shells, and a lot of additional.
jhaddix / content_discovery_all.txta masterlist of content material subject material matter subject material discovery URLs and information (used maximum regularly with gobuster)

Supply : KitPloit – PenTest Equipment!


Leave a Reply

Your email address will not be published.

Donate Us

X