PenBox: A Penetration Testing Framework
PenBox – A Penetration Testing Framework
A Penetration Testing Framework, The Hacker’s Repo our hope is in the last version we will have the very script that a hacker needs
#Information Gathering :
- nmap
- Setoolkit
- Port Scanning
- Host To IP
- WordPress user enumeration
- CMS scanner
- XSStracer – checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection
- Doork – Google Dorks Passive Vulnerability Auditor
- Scan A server’s Users
Password Attacks :
- Cupp
- Ncrack
- AutoBrowser Screenshot
Wireless Testing :
- reaver
- pixiewps
- Bluetooth Honeypot GUI Framework
Exploitation Tools :
- Venom
- sqlmap
- Shellnoob
- commix
- FTP Auto Bypass
- jboss-autopwn
- Blind SQL Automatic Injection And Exploit
- Bruteforce the Android Passcode given the hash and salt
- Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL Injection Scanner
- cms Few
- BlackBox
- Liffy
Sniffing & Spoofing :
- Setoolkit
- SSLtrip
- pyPISHER
- SMTP Mailer
Web Hacking :
- Drupal Hacking
- Inurlbr
- WordPress & Joomla Scanner
- Gravity Form Scanner
- File Upload Checker
- WordPress Exploit Scanner
- WordPress Plugins Scanner
- Shell and Directory Finder
- Joomla! 1.5 – 3.4.5 remote code execution
- Vbulletin 5.X remote code execution
- BruteX – Automatically brute force all services running on a target
- Arachni – Web Application Security Scanner Framework
- Sub-domain Scanning
- WordPress Scanning
- WordPress Username Enumeration
- WordPress Backup Grabbing
- Sensitive File Detection
- Same-Site Scripting Scanning
- ClickJacking Detection
- Powerful XSS vulnerability scanning
- SQL Injection vulnerability scanning
#Private Tools
- Get all websites
- Get joomla websites
- Get wordpress websites
- Find control panel
- Find zip files
- Find upload files
- Get server users
- Scan from SQL injection
- Scan ports (range of ports)
- Scan ports (common ports)
- Get server banner
- Bypass Cloudflare
#Post Exploitation
- Shell Checker
- POET
- Weeman – Phishing Framework
- Insecure Web Interface
- Insufficient Authentication/Authorization
- Insecure Network Services
- Lack of Transport Encryption
- Privacy Concerns
- Insecure Cloud Interface
- Insecure Mobile Interface
- Insufficient Security Configurability
- Insecure Software/Firmware
- Poor Physical Security
- Radium-Keylogger – Python keylogger with multiple features
#Recon
- Sniper
#Smartphones Penetration
- Attach Framework to a Deployed Agent/Create Agent
- Send Commands to an Agent
- View Information Gathered
- Attach Framework to a Mobile Modem
- Run a remote attack
- Run a social engineering or client side attack
- Compile code to run on mobile devices
- Install Stuff
- Use Drozer
- Setup API
- Bruteforce the Android Passcode given the hash and salt
#Others
- QrlJacking-Framework
- Sniffles – Packet Capture Generator for IDS and Regular Expression Evaluation
Download
git clone https://github.com/x3omdax/PenBox.git
Copyright (c) 2016 Fedy Wesleti
Source: https://github.com/x3omdax/
