search

koutto / jok3r

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
https://www.jok3r-framework.com
Other
1.02k stars 250 forks source link

Created a script to find, update, rate tools used in jok3r #71

Closed webmaster-exit-1 closed 1 month ago

webmaster-exit-1 commented 1 month ago

It works by parsing toolbox.conf. It needs the variable GIT_API_TOKEN="your token here" to be set.

#!/bin/bash

  # ANSI color codes
  GREEN='\033[0;32m'
  LIGHT_BLUE='\033[1;34m'
  YELLOW='\033[1;33m'
  RED='\033[0;31m'
  CYAN='\033[0;36m'
  NC='\033[0m' # No Color

  # Function to check if a command exists
  command_exists() {
      command -v "$1" >/dev/null 2>&1
  }

  # Check if jq is installed
  if ! command_exists jq; then
      echo -e "${RED}Error: jq is not installed. Please install jq to parse JSON responses.${NC}"
      exit 1
  fi

  # Parse command line arguments
  debug=false
  while getopts ":d" opt; do
    case ${opt} in
      d ) debug=true ;;
      \? ) echo "Usage: $0 [-d]" >&2; exit 1 ;;
    esac
  done

  # Temporary files to store repository information
  temp_file=$(mktemp)
  moved_repos_file=$(mktemp)

  # Check if GIT_API_TOKEN is set
  if [ -z "$GIT_API_TOKEN" ]; then
      echo -e "${RED}Error: GIT_API_TOKEN environment variable is not set.${NC}"
      exit 1
  fi

  # Extract URLs from toolbox.conf and filter for .git URLs
  grep -Eo 'https?://[^ ]+\.git' toolbox.conf > tool_urls.txt && cat tool_urls.txt | \
  # Use xargs to pass each URL to our checking script
  xargs -I {} bash -c "$(cat << 'EOF'
      url="$1"
      temp_file="$2"
      moved_repos_file="$3"
      debug="$4"
      token="$5"
      GREEN='\033[0;32m'
      LIGHT_BLUE='\033[1;34m'
      YELLOW='\033[1;33m'
      RED='\033[0;31m'
      CYAN='\033[0;36m'
      NC='\033[0m'
      # Check if the URL is a GitHub repository
      case "$url" in
          https://github.com/*)
              # Use curl to check if the URL is valid and follow redirects
              response=$(curl -sLI -o /dev/null -w '%{url_effective}' "$url")
              if [ "$response" != "$url" ]; then
                  echo -e "${YELLOW}Moved:${NC} ${LIGHT_BLUE}$url${NC} -> ${LIGHT_BLUE}$response${NC}"
                  echo "$url|$response" >> "$moved_repos_file"
                  url=$response
              else
                  echo -e "${GREEN}Valid:${NC} ${LIGHT_BLUE}$url${NC}"
              fi

              # Extract owner and repo name from URL
              owner=$(echo "$url" | cut -d"/" -f4)
              repo=$(echo "$url" | cut -d"/" -f5 | sed "s/.git$//")

              # Fetch repository information using GitHub API
              api_url="https://api.github.com/repos/$owner/$repo"
              repo_info=$(curl -sL -H "Authorization: token $token" -H "Accept: application/vnd.github.v3+json" "$api_url")

              # Check if API call was successful
              if [ "$(echo "$repo_info" | jq -r '.message // empty')" != "" ]; then
                  error_message=$(echo "$repo_info" | jq -r .message)
                  echo -e "${RED}Error fetching repo info:${NC} $error_message"
                  if [ "$debug" = true ]; then
                      echo -e "${YELLOW}Debug: API URL: $api_url${NC}"
                      echo -e "${YELLOW}Debug: Full API response: $repo_info${NC}"
                  fi
              else
                  # Extract relevant information
                  stars=$(echo "$repo_info" | jq -r .stargazers_count)
                  is_archived=$(echo "$repo_info" | jq -r .archived)
                  last_update=$(echo "$repo_info" | jq -r .updated_at)

                  # Save information to temporary file
                  echo "$owner/$repo|$stars|$is_archived|$last_update|$url" >> "$temp_file"

                  if [ "$debug" = true ]; then
                      echo -e "${YELLOW}Debug: Stars=$stars, Archived=$is_archived, Last Update=$last_update${NC}"
                  fi
              fi
              ;;
          *)
              echo -e "${RED}Not a GitHub repo:${NC} $url"
              ;;
      esac
  EOF
  )" bash {} "$temp_file" "$moved_repos_file" "$debug" "$GIT_API_TOKEN"

  # Process the collected information
  echo -e "\n${CYAN}Repository Analysis:${NC}"
  echo -e "${CYAN}====================${NC}"
  cat "$temp_file" | sort -t'|' -k2 -nr | while IFS='|' read -r repo stars archived last_update url; do
      echo -e "${LIGHT_BLUE}Repository: $repo${NC}"
      echo -e "  URL: $url"
      echo -e "  ${YELLOW}Stars: $stars${NC}"
      if [ "$archived" = "true" ]; then
          echo -e "  Archived: ${RED}$archived${NC}"
      else
          echo -e "  Archived: $archived"
      fi
      echo -e "  ${CYAN}Last updated: $last_update${NC}"
      echo -e "${CYAN}-------------------${NC}"
  done

  # Find the repository with the most stars
  most_starred=$(cat "$temp_file" | sort -t'|' -k2 -nr | head -n1)
  echo -e "${YELLOW}Repository with the most stars:${NC}"
  echo "$most_starred" | awk -F'|' '{print "  " $1 " (" $2 " stars): " $5}'

  # List archived repositories
  echo -e "\n${RED}Archived repositories:${NC}"
  grep "|true|" "$temp_file" | while IFS='|' read -r repo stars archived last_update url; do
      echo -e "  ${RED}$repo: $url${NC}"
  done

  # List moved repositories
  echo -e "\n${YELLOW}Moved repositories:${NC}"
  if [ -s "$moved_repos_file" ]; then
      while IFS='|' read -r old_url new_url; do
          echo -e "  ${LIGHT_BLUE}$old_url${NC} -> ${LIGHT_BLUE}$new_url${NC}"
      done < "$moved_repos_file"
  else
      echo "  None"
  fi

It checks for moved or archived repo's IMG_20240719_061956.jpg

It then rates the repo's IMG_20240719_062200.jpg

And finally reports; repo with most stars, any non-repo's, archived repo's, and moved repo's with the new repo url. IMG_20240719_062234.jpg

I made this because even after all the years using it, I still like this framework. Cheers.

webmaster-exit-1 commented 1 month ago

Hopefully this helps people modify and update this framework as they see fit. Also here's a handy list of all tools. tool_urls.txt

https://github.com/ztgrace/changeme
https://github.com/offensive-security/exploitdb
https://github.com/SecureAuthCorp/impacket
https://github.com/joaomatosf/jexboss
https://github.com/koutto/jok3r-scripts
https://github.com/koutto/jok3r-pocs
https://github.com/lanjelot/patator
https://github.com/drwetter/testssl.sh
https://github.com/WestpointLtd/tls_prober
https://github.com/vulnersCom/nmap-vulners
https://github.com/scipag/vulscan
https://github.com/offensive-security/exploit-database
https://github.com/koutto/vulners-lookup
https://github.com/koutto/cvedetails-lookup
https://github.com/hypn0s/AJPy
https://github.com/ovpn-to/ftpmap
https://github.com/jmbr/halberd
https://github.com/MrH0wl/Cloudmare
https://github.com/EnableSecurity/wafw00f
https://github.com/stamparm/identYwaf
https://github.com/urbanadventurer/WhatWeb
https://github.com/hannob/optionsbleed
https://github.com/koutto/clusterd
https://github.com/jekyc/wig
https://github.com/erwanlr/Fingerprinter
https://github.com/sullo/nikto
https://github.com/gildasio/h2t
https://github.com/irsdl/IIS-ShortName-Scanner
https://github.com/Graph-X/davscan
https://github.com/nccgroup/shocker
https://github.com/quentinhardy/jndiat
https://github.com/quentinhardy/scriptsAndExploits
https://github.com/mazen160/struts-pwn_CVE-2017-9805
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/gunnerstahl/JQShell
https://github.com/coldfusion39/domi-owned
https://github.com/Dionach/CMSmap
https://github.com/Tuhinshubhra/CMSeeK
https://github.com/immunIT/drupwn
https://github.com/Nekmo/dirhunt
https://github.com/s0md3v/Photon
https://github.com/koutto/web-brutator
https://github.com/tijme/angularjs-csti-scanner
https://github.com/n00py/WPForce
https://github.com/wpscanteam/wpscan
https://github.com/m4ll0k/WPSeku
https://github.com/rezasp/joomscan
https://github.com/drego85/JoomlaScan
https://github.com/rastating/joomlavs
https://github.com/droope/droopescan
https://github.com/steverobbins/magescan
https://github.com/rezasp/vbscan
https://github.com/bcoles/LiferayScan
https://github.com/anouarbensaad/vulnx
https://github.com/Moham3dRiahi/XBruteForcer
https://github.com/maurosoria/dirsearch
https://github.com/xmendez/wfuzz
https://github.com/NickstaDB/BaRMIe
https://github.com/nccgroup/jmxbf
https://github.com/jmxploit/jmxploit
https://github.com/siberas/sjet
https://github.com/swesource/twiddle-standalone
https://github.com/IOActive/jdwp-shellifier
https://github.com/quentinhardy/msdat
https://github.com/quentinhardy/odat
https://github.com/robertdavidgraham/rdpscan
https://github.com/portcullislabs/enum4linux
https://github.com/m8r0wn/nullinux
https://github.com/ShawnDEvans/smbmap
https://github.com/pentestmonkey/smtp-user-enum
https://github.com/hatlord/snmpwn
https://github.com/epi052/cve-2018-15473
https://github.com/leapsecurity/libssh-scanner
https://github.com/c0r3dump3d/osueta
https://github.com/arthepsy/ssh-audit
https://github.com/sububack/grabtelnet
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/java-rmi/run-jexboss-jmxtomcat.sh
# http://www.nothink.org/codes/snmpcheck/snmpcheck-1.9.rb
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/oracle/odat-dependencies/install-odat.sh
# http://mirrors.standaloneinstaller.com/apache/commons/cli/binaries/commons-cli-1.4-bin.zip
# http://www.computec.ch/projekte/vulscan/download/scipvuldb.csv
# https://raw.githubusercontent.com/offensive-security/exploitdb/master/files_exploits.csv
# https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/multi/run-ysoserial.sh
# https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/multi/run-ysoserial.sh