π Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Lockdoor v2.3
β οΈ This project is not maintained anymore. β οΈ
Table of contents
- Table of contents
- Changelog π :
- Badges π :
- Support me π° :
- Contributors β :
- Versions
- Blogs & Articles π° :
- Overview π :
- Features π :
- Screenshots π» :
- Demos π» :
- Installation π οΈ :
- Lockdoor Tools contents π οΈ :
- Lockdoor Resources contents π :
- Information Gathering π :
- Crypto π‘οΈ:
- Exploitation β:
- Networking π§ :
- Password Attacks β³οΈ:
- Post Exploitation ββ:
- Privilege Escalation β οΈ:
- Pentesting & Security Assessment Findings Report Templates π :
- Reverse Engineering β‘ :
- Social Engineering π:
- Walk Throughs πΆ :
- Web Hacking π :
- Other π :
- Contributing :
Changelog π :
Version v2.3 IS OUT !!
- Fixing some CI
- making a more stable version
- new docker iaage build
- adding packages for each supported distros
Badges π :
Support me π° :
- BTC Addresse : 1NR2oqsuevvWJwzCyhBXmqEA5eYAaSoJFk
Contributors β :
Versions
06/2021 : 2.3
-
Config file checking.
-
Updating the tools.
-
Showing the current version of Lockdoor by -v arg.
-
checking the version and asking for possible update.
-
Making it easier to customize.
-
No added tools for the moment.
-
Fixing the docker misconfiguration, the docker version now works perfectly.
- Information Gathring Tools (21)
- Web Hacking Tools(15)
- Reverse Engineering Tools (15)
- Exploitation Tools (6)
- Pentesting & Security Assessment Findings Report Templates (6)
- Password Attack Tools (4)
- Shell Tools + Blackarchβs Webshells Collection (4)
- Walk Throughs & Pentest Processing Helpers (3)
- Encryption/Decryption Tools (2)
- Social Engineering tools (1)
- All you need as Privilege Escalation scripts and exploits
03/2020 : 2.2.3
- Information Gathring Tools (21)
- Web Hacking Tools(15)
- Reverse Engineering Tools (15)
- Exploitation Tools (6)
- Pentesting & Security Assessment Findings Report Templates (6)
- Password Attack Tools (4)
- Shell Tools + Blackarchβs Webshells Collection (4)
- Walk Throughs & Pentest Processing Helpers (3)
- Encryption/Decryption Tools (2)
- Social Engineering tools (1)
- All you need as Privilege Escalation scripts and exploits
- Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin)
Youtube Video : Link
Blogs & Articles π° :
* Reddit : https://www.reddit.com/r/cybersecurity/comments/d4hthh/lockdoor_a_penetration_testing_framework_with/
* Medium.com : https://medium.com/@SofianeHamlaoui/lockdoor-framework-a-penetration-testing-framework-with-cyber-security-resources-sofiane-22fbb7942378
* Xploit Lab : https://xploitlab.com/lockdoor-framework-penetration-testing-framework-with-cyber-security-resources/
* Station X : https://www.stationx.net/threat-intelligence-17th-september/
* Kelvin Security : https://blog.kelvinsecurity.com/2019/09/12/lookdoor-framework-a-penetration-testing-framework-with-cyber-security-resources/
* All About hacking : https://www.allabouthack.com/2019/09/lookdoor-framework-penetration-testing.html
* Wired Intel : http://wiredintel.bravehost.com/wired/2019/09/15/%F0%9F%94%90-lockdoor-a-penetration-testing-framework-with-cyber-security-resources
* Social networks :
* LinkedIn :
* By Nermin S. : https://www.linkedin.com/posts/nsmajic_sofianehamlaouilockdoor-framework-activity-6578952540564529152-B-0P
* Twitter :
* By Me :D : https://twitter.com/S0fianeHamlaoui/status/1173079963567820801
* National Cyber Security Services : https://twitter.com/NationalCyberS1/status/1173917454151475202
* Xploit Lab : https://twitter.com/xploit_lab/status/1173990273644261376
* More : https://twitter.com/search?q=Lockdoor%20Framework
* More : https://twitter.com/search?q=Lookdoor%20Framework
* Facebook :
* By ME :D : https://www.facebook.com/S0fianeHamlaoui/posts/678704759315090
* National Cyber Security Services : https://www.facebook.com/ncybersec/posts/1273735519463836
* Xploit Lab : https://www.facebook.com/XploitLab/posts/2098443780463126
* Root Developers : https://www.facebook.com/root.deve/posts/1181412315364265
* More : https://www.facebook.com/search/top/?q=Lockdoor%20Framework
* Youtube :
* My youtube video : https://www.youtube.com/watch?v=_agvb29FQrs
* The Shadow Brokers video : https://www.youtube.com/watch?v=6njKRrKQtow
Overview π :
LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers.
This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters.
As pentesters, most of us has his personal β /pentest/ β directory so this Framework is helping you to build a perfect one.
With all of that ! It automates the Pentesting process to help you do the job more quickly and
easily.
Features π :
Pentesting Tools Selection π :
-
Tools: Lockdoor doesnβt contain all pentesting tools , letβs be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite and the most used tools by Pentesters.
-
what Tools: the tools contains Lockdoor are a collection from the best tools on Kali,Parrot Os and BlackArch. Also some private tools from some other hacking teams like InurlBr, iran-cyber. Without forgetting some cool and amazing tools I found on Github made by some perfect human beings.
-
Easy customization: Easily add/remove tools.
-
Installation: You can install the tool automatically using the installer.sh , Manually or by running the Docker Image.
Resources and cheatsheets π :
-
Resources: Thatβs what makes Lockdoor, Lockdoor Doesnβt contain only tools ! Pentesing and Security Assessment Findings Reports templates, Pentesting walkthrough examples and templates and more.
-
Cheatsheets: Everyone can forget something on processing or a tool use, or even some tricks. Here comes the Cheatsheets role ! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.
Screenshots π» :
 |
 |
 |
 |
 |
 |
 |
|---|
Demos π» :
 |
 |
 |
 |
 |
 |
|---|
Installation π οΈ :
The recommended way to use Lockdoor is by pulling the Docker Image so you will not have
to worry about dependencies issues.
- A Docker image is available on Docker Hub and automatically re-built at each update:
https://hub.docker.com/r/sofianehamlaoui/lockdoor. It is initially based on the official debian docker image (debian).
-
Docker Installation
- Installing requirments
sudo apt install docker < Debian-based distributions sudo dnf install docker < RPM-based distributions sudo pacman -S docker < Arch-based distributions sudo zypper install docker < OS-based distributions sudo yum install docker < RH-based distributions - Running the container
1. *Pull lockdoor Docker Image:* sudo docker pull sofianehamlaoui/lockdoor2. *Run fresh Docker container:* sudo docker run -it --name lockdoor-container -w /Lockdoor-Framework --net=host sofianehamlaoui/lockdoor3. *Run Lockdoor Framework* sudo lockdoor4. *To re-run a stopped container:* sudo docker start -i sofianehamlaoui/lockdoor5. *To open multiple shells inside the container:* sudo docker exec -it lockdoor-container bash
- Installing requirments
-
Using LockAller - Lockdoor Installer
Installing it using the script may take some time depends on the packages already installed on your system.
here you can find a fresh installation on a new debian distro with no pre-installed packages : [11min]
git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git && cd Lockdoor-Framework && chmod +x ./install.sh && ./install.sh
Lockdoor Tools contents π οΈ :
Information Gathering π :
- Tools:
- dirsearch : A Web path scanner
- brut3k1t : security-oriented bruteforce framework
- gobuster : DNS and VHost busting tool written in Go
- Enyx : an SNMP IPv6 Enumeration Tool
- Goohak : Launchs Google Hacking Queries Against A Target Domain
- Nasnum : The NAS Enumerator
- Sublist3r : Fast subdomains enumeration tool for penetration testers
- wafw00f : identify and fingerprint Web Application Firewall
- Photon : ncredibly fast crawler designed for OSINT.
- Raccoon : offensive security tool for reconnaissance and vulnerability scanning
- DnsRecon : DNS Enumeration Script
- Nmap : The famous security Scanner, Port Scanner, & Network Exploration Tool
- sherlock : Find usernames across social networks
- snmpwn : An SNMPv3 User Enumerator and Attack tool
- Striker : an offensive information and vulnerability scanner.
- theHarvester : E-mails, subdomains and names Harvester
- URLextractor : Information gathering & website reconnaissance
- denumerator.py : Enumerates list of subdomains
- other : other Information gathering,recon and Enumeration scripts I collected somewhere.
- Frameworks:
- ReconDog : Reconnaissance Swiss Army Knife
- RED_HAWK : All in one tool for Information Gathering, Vulnerability Scanning and Crawling
- Dracnmap : Info Gathering Framework
Web Hacking π :
- Tools:
- Spaghetti : Spaghetti - Web Application Security Scanner
- CMSmap : CMS scanner
- BruteXSS : BruteXSS is a tool to find XSS vulnerabilities in web application
- J-dorker : Website List grabber from Bing
- droopescan : scanner , identify , CMSs , Drupal , Silverstripe.
- Optiva : Web Application Scanne
- V3n0M : Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
- AtScan : Advanced dork Search & Mass Exploit Scanner
- WPSeku : Wordpress Security Scanner
- Wpscan : A simple Wordpress scanner written in python
- XSStrike : Most advanced XSS scanner.
- Sqlmap : automatic SQL injection and database takeover tool
- WhatWeb : the Next generation web scanner
- joomscan : Joomla Vulnerability Scanner Project
- Frameworks:
- Dzjecter : Server checking Tool
Privilege Escalation β οΈ :
- Tools:
- Linux π§ :
- Scripts :
- linux_checksec.sh
- linux_enum.sh
- linux_gather_files.sh
- linux_kernel_exploiter.pl
- linux_privesc.py
- linux_privesc.sh
- linux_security_test
- Linux_exploits folder
- Scripts :
- Windows |Windows| :
- windows-privesc-check.py
- windows-privesc-check.exe
- MySql :
- raptor_udf.c
- raptor_udf2.c
- Linux π§ :
Reverse Engineering β‘:
- Radare2 : unix-like reverse engineering framework
- VirtusTotal : VirusTotal tools
- Miasm : Reverse engineering framework
- Mirror : reverses the bytes of a file
- DnSpy : .NET debugger and assembly
- AngrIo : A python framework for analyzing binaries ( Suggested by @Hamz-a )
- DLLRunner : a smart DLL execution script for malware analysis in sandbox systems.
- Fuzzy Server : a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
- yara : a tool aimed at helping malware researchers toidentify and classify malware samples
- Spike : a protocol fuzzer creation kit + audits
- other : other scripts collected somewhere
Exploitation β:
- Findsploit : Find exploits in local and online databases instantly
- Pompem : Exploit and Vulnerability Finder
- rfix : Python tool that helps RFI exploitation.
- InUrlBr : Advanced search in search engines
- Burpsuite : Burp Suite for security testing & scanning.
- linux-exploit-suggester2 : Next-Generation Linux Kernel Exploit Suggester
- other : other scripts I collected somewhere.
Shells π:
- WebShells : BlackArchβs Webshells Collection
- ShellSum : A defense tool - detect web shells in local directories
- Weevely : Weaponized web shell
- python-pty-shells : Python PTY backdoors
Password Attacks β³οΈ:
- crunch : a wordlist generator
- CeWL : a Custom Word List Generator
- patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
Encryption - Decryption π‘οΈ:
- Codetective : a tool to determine the crypto/encoding algorithm used
- findmyhash : Python script to crack hashes using online services
Social Engineering π:
- scythe : an accounts enumerator
Lockdoor Resources contents π :
Information Gathering π :
- Cheatsheet_SMBEnumeration
- configuration_management
- dns_enumeration
- file_enumeration
- http_enumeration
- information_gathering_owasp_guide
- miniserv_webmin_enumeration
- ms_sql_server_enumeration
- nfs_enumeration
- osint_recon_ng
- passive_information_gathering
- pop3_enumeration
- ports_emumeration
- rpc_enumeration
- scanning
- smb_enumeration
- smtp_enumeration
- snmb_enumeration
- vulnerability_scanning
Crypto π‘οΈ:
Exploitation β:
Networking π§ :
Password Attacks β³οΈ:
Post Exploitation ββ:
Privilege Escalation β οΈ:
Pentesting & Security Assessment Findings Report Templates π :
- Demo Company - Security Assessment Findings Report.docx
- linux-template.md
- PWKv1-REPORT.doc
- pwkv1_report.doc
- template-penetration-testing-report-v03.pdf
- windows-template.md
- OSCP-OS-XXXXX-Lab-Report_Template3.2.docx
- OSCP-OS-XXXXX-Exam-Report_Template3.2.docx
- CherryTree_template.ctb
- eventory-sample-pentest-report.pdf
Reverse Engineering β‘ :
Social Engineering π:
Walk Throughs πΆ :
Web Hacking π :
- auxiliary_info.md
- Cheatsheet_ApacheSSL
- Cheatsheet_AttackingMSSQL
- Cheatsheet_DomainAdminExploitation
- Cheatsheet_SQLInjection
- Cheatsheet_VulnVerify.txt
- code-execution-reverse-shell-commands
- file_upload.md
- html5_cheat_sheet
- jquery_cheat_sheet_1.3.2
- sqli
- sqli_cheatsheet
- sqli-quries
- sqli-tips
- web_app_security
- web_app_vulns_Arabic
- Xss_1
- Xss_2
- xss_actionscript
- xxe
Other π :
Contributing :
- Read Contributing, The Code of Conduct and The pull request template
- Fork it (https://github.com/SofianeHamlaoui/Lockdoor-Framework/fork)
- Create your feature branch
- Commit your changes
- Push to the branch
- Create a new Pull Request