PenBox – A Penetration Testing Framework
A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs
Information Gathering :
- nmap
- Setoolkit
- Port Scanning
- Host To IP
- wordpress user enumeration
- CMS scanner
- XSStracer - checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection
- Doork - Google Dorks Passive Vulnerability Auditor
- Scan A server's Users
Password Attacks :
- Cupp
- Ncrack
- AutoBrowser Screenshot
Wireless Testing :
- reaver
- pixiewps
- Bluetooth Honeypot GUI Framework
Exploitation Tools :
- Venom
- sqlmap
- Shellnoob
- commix
- FTP Auto Bypass
- jboss-autopwn
- Blind SQL Automatic Injection And Exploit
- Bruteforce the Android Passcode given the hash and salt
- Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection Scanner
- cms Few
- BLACKBOx
- Liffy
Sniffing & Spoofing :
- Setoolkit
- SSLtrip
- pyPISHER
- SMTP Mailer
Web Hacking :
- Drupal Hacking
- Inurlbr
- Wordpress & Joomla Scanner
- Gravity Form Scanner
- File Upload Checker
- Wordpress Exploit Scanner
- Wordpress Plugins Scanner
- Shell and Directory Finder
- Joomla! 1.5 - 3.4.5 remote code execution
- Vbulletin 5.X remote code execution
- BruteX - Automatically brute force all services running on a target
- Arachni - Web Application Security Scanner Framework
- Sub-domain Scanning
- Wordpress Scanning
- Wordpress Username Enumeration
- Wordpress Backup Grabbing
- Sensitive File Detection
- Same-Site Scripting Scanning
- Click Jacking Detection
- Powerful XSS vulnerability scanning
- SQL Injection vulnerability scanning
Private Tools
- Get all websites
- Get joomla websites
- Get wordpress websites
- Find control panel
- Find zip files
- Find upload files
- Get server users
- Scan from SQL injection
- Scan ports (range of ports)
- Scan ports (common ports)
- Get server banner
- Bypass Cloudflare
Post Exploitation
- Shell Checker
- POET
- Weeman - Phishing Framework
- Insecure Web Interface
- Insufficient Authentication/Authorization
- Insecure Network Services
- Lack of Transport Encryption
- Privacy Concerns
- Insecure Cloud Interface
- Insecure Mobile Interface
- Insufficient Security Configurability
- Insecure Software/Firmware
- Poor Physical Security
- Radium-Keylogger - Python keylogger with multiple features
Recon
Smartphones Penetration
- Attach Framework to a Deployed Agent/Create Agent
- Send Commands to an Agent
- View Information Gathered
- Attach Framework to a Mobile Modem
- Run a remote attack
- Run a social engineering or client side attack
- Compile code to run on mobile devices
- Install Stuff
- Use Drozer
- Setup API
- Bruteforce the Android Passcode given the hash and salt
Others