Saker v1.0.8 releases: Penetrate Testing Auxiliary Suite

Saker – Penetrate Testing Auxiliary Suite

Saker is a penetrate testing auxiliary suite. It can be used to gather subdomain info, penetrate/scan the website, fuzz some vulnerabilities, brute password, and dirs.

This project is for research and study only, do not use Saker for unauthorized penetration testing.

Changelog v1.0.8

add some api
update command-line tools
add unit tests for some modules
fix known bugs

Install

git clone https://github.com/LyleMi/Saker.git
pip install -r requirements.txt
python setup.py install

or

pip install Saker

Features

Scan Website

>>> from saker.core.scaner import Saker
>>> s = Saker("http://127.0.0.1")
>>> s.scan(filename="index.php", ext="php")

or by shell

python -m saker

usage: main.py [options]
Tool For Fuzz Web Applications

optional arguments:
  -h, --help            show this help message and exit
  -s, --scan            run with list model
  -f file, --file file  scan specific file
  -e ext, --ext ext     scan specific ext
  -i, --interactive     run with interactive model
  -u URL, --url URL     define specific url
  -p PROXY, --proxy PROXY
                        proxy url
  -t INTERVAL, --timeinterval INTERVAL
                        scan time interval, random sleep by default

Generate fuzz payload

>>> from saker.fuzzer.code import Code
>>> payload = Code.fuzzErrorUnicode(payload)

>>> from saker.fuzzers.ssi import SSI
>>> payloads = SSI.test()

Brute password or others

>>> from saker.brute.dir import DirBrute
>>> dirBrute = DirBrute("php", "index.php")
>>> paths = dirBrute.weakfiles()

now support brute http basic auth, ftp, mysql, ssh, telnet, zipfile…

Call Third Party API

Crt.sh

>>> from saker.api.crtsh import crtsh
>>> crtsh("github.com")

DNSDumper

>>> from saker.api.dnsdumper import DNSdumpster
>>> DNSdumpster("github.com")

Github API

>>> from saker.api.githubapi import GithubAPI
>>> g = GithubAPI()
>>> g.gatherByEmail("@github.com")

SQLMap API

>>> from saker.api.sqlmap import SQLMap
>>> options = {"url": "https://github.com"}
>>> SQLMap().scan(options)

Handle HTML

>>> from saker.handler.htmlhandler import HTMLHandler
>>> h = HTMLHandler("<html><head><title>title</title></head><body></body></html>")
>>> print(h.title)

Port Scanner

>>> from saker.port.nmap import Nmap
>>> n = Nmap(domain)
>>> ret = n.run()
>>> print(n.ret)

Special Server

from saker.servers.socket.dnsrebinding import RebindingServer
values = {
    'result': ['8.8.8.8', '127.0.0.1'],
    'index': 0
}
dnsServer = RebindingServer(values)
dnsServer.serve_forever()

Source: https://github.com/LyleMi/

Share on Facebook

Post on X

Save

Tags: Saker