Closed webmaster-exit-1 closed 1 month ago
Hopefully this helps people modify and update this framework as they see fit. Also here's a handy list of all tools. tool_urls.txt
https://github.com/ztgrace/changeme
https://github.com/offensive-security/exploitdb
https://github.com/SecureAuthCorp/impacket
https://github.com/joaomatosf/jexboss
https://github.com/koutto/jok3r-scripts
https://github.com/koutto/jok3r-pocs
https://github.com/lanjelot/patator
https://github.com/drwetter/testssl.sh
https://github.com/WestpointLtd/tls_prober
https://github.com/vulnersCom/nmap-vulners
https://github.com/scipag/vulscan
https://github.com/offensive-security/exploit-database
https://github.com/koutto/vulners-lookup
https://github.com/koutto/cvedetails-lookup
https://github.com/hypn0s/AJPy
https://github.com/ovpn-to/ftpmap
https://github.com/jmbr/halberd
https://github.com/MrH0wl/Cloudmare
https://github.com/EnableSecurity/wafw00f
https://github.com/stamparm/identYwaf
https://github.com/urbanadventurer/WhatWeb
https://github.com/hannob/optionsbleed
https://github.com/koutto/clusterd
https://github.com/jekyc/wig
https://github.com/erwanlr/Fingerprinter
https://github.com/sullo/nikto
https://github.com/gildasio/h2t
https://github.com/irsdl/IIS-ShortName-Scanner
https://github.com/Graph-X/davscan
https://github.com/nccgroup/shocker
https://github.com/quentinhardy/jndiat
https://github.com/quentinhardy/scriptsAndExploits
https://github.com/mazen160/struts-pwn_CVE-2017-9805
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/gunnerstahl/JQShell
https://github.com/coldfusion39/domi-owned
https://github.com/Dionach/CMSmap
https://github.com/Tuhinshubhra/CMSeeK
https://github.com/immunIT/drupwn
https://github.com/Nekmo/dirhunt
https://github.com/s0md3v/Photon
https://github.com/koutto/web-brutator
https://github.com/tijme/angularjs-csti-scanner
https://github.com/n00py/WPForce
https://github.com/wpscanteam/wpscan
https://github.com/m4ll0k/WPSeku
https://github.com/rezasp/joomscan
https://github.com/drego85/JoomlaScan
https://github.com/rastating/joomlavs
https://github.com/droope/droopescan
https://github.com/steverobbins/magescan
https://github.com/rezasp/vbscan
https://github.com/bcoles/LiferayScan
https://github.com/anouarbensaad/vulnx
https://github.com/Moham3dRiahi/XBruteForcer
https://github.com/maurosoria/dirsearch
https://github.com/xmendez/wfuzz
https://github.com/NickstaDB/BaRMIe
https://github.com/nccgroup/jmxbf
https://github.com/jmxploit/jmxploit
https://github.com/siberas/sjet
https://github.com/swesource/twiddle-standalone
https://github.com/IOActive/jdwp-shellifier
https://github.com/quentinhardy/msdat
https://github.com/quentinhardy/odat
https://github.com/robertdavidgraham/rdpscan
https://github.com/portcullislabs/enum4linux
https://github.com/m8r0wn/nullinux
https://github.com/ShawnDEvans/smbmap
https://github.com/pentestmonkey/smtp-user-enum
https://github.com/hatlord/snmpwn
https://github.com/epi052/cve-2018-15473
https://github.com/leapsecurity/libssh-scanner
https://github.com/c0r3dump3d/osueta
https://github.com/arthepsy/ssh-audit
https://github.com/sububack/grabtelnet
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/java-rmi/run-jexboss-jmxtomcat.sh
# http://www.nothink.org/codes/snmpcheck/snmpcheck-1.9.rb
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/oracle/odat-dependencies/install-odat.sh
# http://mirrors.standaloneinstaller.com/apache/commons/cli/binaries/commons-cli-1.4-bin.zip
# http://www.computec.ch/projekte/vulscan/download/scipvuldb.csv
# https://raw.githubusercontent.com/offensive-security/exploitdb/master/files_exploits.csv
# https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/multi/run-ysoserial.sh
# https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar
# https://raw.githubusercontent.com/koutto/jok3r-scripts/master/multi/run-ysoserial.sh
It works by parsing toolbox.conf. It needs the variable GIT_API_TOKEN="your token here" to be set.
It checks for moved or archived repo's
It then rates the repo's
And finally reports; repo with most stars, any non-repo's, archived repo's, and moved repo's with the new repo url.
I made this because even after all the years using it, I still like this framework. Cheers.