kaboom v1.0 releases: automates the penetration test

Kaboom is a bash script that automates the first two phases of a penetration test. All information collected is saved into a directory hierarchy very simple to the browser (also in the case of multiple targets).

Kaboom performs several tasks:

  1. Information Gathering
    • Port scan (Nmap)
    • Web resources enumeration (Dirb)
  2. Vulnerability assessment
    • Web vulnerability assessment (Nikto – Dirb)
    • Vulnerability assessment (Nmap – Metasploit)
    • Automatic Vulnerabilities research (Searchsploit – Metasploit)
    • Dictionary Attacks (Hydra)
      • SSH
      • POP3
      • IMAP
      • RDP


  • Customization (see above)
  • Multi-target specification
    • You can specify up to 254 hosts (C-class network)
  • New CLI interface
  • More powerful Nmap scan
  • Better directory hierarchy
  • Automatic research of Metasploit module associated with CVE code found
  • Recognition of services exposed on not canonical ports (ex: http on 7000)
  • Print out and save credentials found

Directory Hierarchy

It saves the results of commands in this way:

Changelog v1.0

  • Most bugs have been fixed. Now, it’s stable and versatile.


git clone https://github.com/Leviathan36/kaboom.git


Kaboom can be used in two ways:

  • Interactive mode:

kaboom [ENTER], and the script does the rest

  • NON-interactive mode:

kaboom -t <target_ip> -f <report_path> [-p one_or_more_phases]

If you want to see the help:

kaboom -h (or –help)

Copyright (C) 2018 Leviathan36

Source: https://github.com/Leviathan36/