Jok3r – Network and Web Pentest Framework
Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests.
Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challenging stuff.
To achieve that, it combines open-source Hacking tools to run various security checks against all common network services.
- Install automatically all the hacking tools used by Jok3r,
- Keep the toolbox up-to-date,
- Easily add new tools.
- Target most common network services (including web),
- Run security checks by chaining hacking tools, following the standard process (Reconnaissance, Vulnerability scanning, Exploitation, Account bruteforce, (Basic) Post-exploitation).
- Let Jok3r automatically choose the checks to run according to the context and knowledge about the target,
Mission management / Local database:
- Organize targets by missions in the local database,
- Fully manage missions and targets (hosts/services) via interactive shell (like msfconsole db),
- Access results from security checks.
v2.0 – New Major version
- Everything rebuilt from scratch
git clone https://github.com/koutto/jok3r.git cd jok3r/ pip install -r requirements.txt
sudo docker pull koutto/jok3rsudo docker run -i -t --name jok3r-container -w /root/jok3r koutto/jok3r
Supported Services & Security Checks (Updated on 20/10/2018)
Lots of checks remain to be implemented and services must be added !! Work in progress …
- AJP (default 8009/tcp)
- FTP (default 21/tcp)
- HTTP (default 80/tcp)
- Java-RMI (default 1099/tcp)
- JDWP (default 9000/tcp)
- MSSQL (default 1433/tcp)
- MySQL (default 3306/tcp)
- Oracle (default 1521/tcp)
- PostgreSQL (default 5432/tcp)
- RDP (default 3389/tcp)
- SMTP (default 25/tcp)
- SNMP (default 161/udp)
- SSH (default 22/tcp)
- Telnet (default 21/tcp)
- VNC (default 5900/tcp)
python jok3r.py -h