Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PenBox – A Penetration Testing Framework
- A Penetration Testing Framework, The Hackers’s Repo our hope is in the last version we will have every Script that a Hackers need.
- Install and Run:
- git clone https://github.com/x3omdax/PenBox
- cd PenBox
- sudo python penbox.py
- List of tools:
- Information Gathering:
- * Nmap
- * Setoolit
- * Port Scanning
- * Host To IP
- * Wordpress Username Enumeration
- * CMS Scanner
- * XSStracer - Checks remote Web Servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection
- * Doork - Google Dorks Passive Vulnerability Auditor
- * Scan A Server's Users
- Password Attacks:
- * Cupp
- * Ncrack
- * AutoBrowser Screenshot
- * Wireless Testing :
- * Reaver
- * PixieWPS
- * Bluetooth Honeypot GUI Framework
- Exploitation Tools:
- * Venom
- * SQLMap
- * Shellnoob
- * Commix
- * FTP Auto Bypass
- * Jboss-AutoPWN
- * Blind SQL Automatic Injection And Exploit
- * Bruteforce the Android Passcode given the hash and salt
- * Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection Scanner
- * CMS Few
- * BLACKBOx
- * Liffy
- Sniffing & Spoofing :
- * Setoolkit
- * SSLtrip
- * pyPISHER
- * SMTP Mailer
- Web Hacking:
- * Drupal Hacking
- * Inurlbr
- * Wordpress & Joomla Scanner
- * Gravity Form Scanner
- * File Upload Checker
- * Wordpress Exploit Scanner
- * Wordpress Plugins Scanner
- * Shell and Directory Finder
- * Joomla! 1.5 - 3.4.5 remote code execution
- * Vbulletin 5.X remote code execution
- * BruteX - Automatically brute force all services running on a target
- * Arachni - Web Application Security Scanner Framework
- * Sub-domain Scanning
- * Wordpress Scanning
- * Wordpress Username Enumeration
- * Wordpress Backup Grabbing
- * Sensitive File Detection
- * Same-Site Scripting Scanning
- * Click Jacking Detection
- * Powerful XSS vulnerability scanning
- * SQL Injection vulnerability scanning
- Private Tools:
- * Get all websites
- * Get joomla websites
- * Get wordpress websites
- * Find control panel
- * Find zip files
- * Find upload files
- * Get server users
- * Scan from SQL injection
- * Scan ports (range of ports)
- * Scan ports (common ports)
- * Get server banner
- * Bypass CloudFlare
- Post Exploitation:
- * Shell Checker
- * POET
- * Weeman - Phishing Framework
- * Insecure Web Interface
- * Insufficient Authentication/Authorization
- * Insecure Network Services
- * Lack of Transport Encryption
- * Privacy Concerns
- * Insecure Cloud Interface
- * Insecure Mobile Interface
- * Insufficient Security Configurability
- * Insecure Software/Firmware
- * Poor Physical Security
- * Radium-Keylogger - Python keylogger with multiple features
- Recon: Sniper
- Smartphones Penetration:
- * Attach Framework to a Deployed Agent/Create Agent
- * Send Commands to an Agent
- * View Information Gathered
- * Attach Framework to a Mobile Modem
- * Run a remote attack
- * Run a social engineering or client side attack
- * Compile code to run on mobile devices
- * Install Stuff
- * Use Drozer
- * Setup API
- * Bruteforce the Android Passcode given the hash and salt
- Others:
- * QrlJacking-Framework
- * Sniffles - Packet Capture Generator for IDS and Regular Expression Evaluation
- Download PenBox: https://github.com/x3omdax/PenBox
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement