PenBox

PenBox - A Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo

465
193
Python

PenBox – A Penetration Testing Framework

A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs
#Information Gathering :

  • nmap
  • Setoolkit
  • Port Scanning
  • Host To IP
  • wordpress user enumeration
  • CMS scanner
  • XSStracer - checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection
  • Doork - Google Dorks Passive Vulnerability Auditor
  • Scan A server’s Users

Password Attacks :

  • Cupp
  • Ncrack
  • AutoBrowser Screenshot

Wireless Testing :

  • reaver
  • pixiewps
  • Bluetooth Honeypot GUI Framework

Exploitation Tools :

  • Venom
  • sqlmap
  • Shellnoob
  • commix
  • FTP Auto Bypass
  • jboss-autopwn
  • Blind SQL Automatic Injection And Exploit
  • Bruteforce the Android Passcode given the hash and salt
  • Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection Scanner
  • cms Few
  • BLACKBOx
  • Liffy

Sniffing & Spoofing :

  • Setoolkit
  • SSLtrip
  • pyPISHER
  • SMTP Mailer

Web Hacking :

  • Drupal Hacking
  • Inurlbr
  • Wordpress & Joomla Scanner
  • Gravity Form Scanner
  • File Upload Checker
  • Wordpress Exploit Scanner
  • Wordpress Plugins Scanner
  • Shell and Directory Finder
  • Joomla! 1.5 - 3.4.5 remote code execution
  • Vbulletin 5.X remote code execution
  • BruteX - Automatically brute force all services running on a target
  • Arachni - Web Application Security Scanner Framework
  • Sub-domain Scanning
  • Wordpress Scanning
  • Wordpress Username Enumeration
  • Wordpress Backup Grabbing
  • Sensitive File Detection
  • Same-Site Scripting Scanning
  • Click Jacking Detection
  • Powerful XSS vulnerability scanning
  • SQL Injection vulnerability scanning

#Private Tools

  • Get all websites
  • Get joomla websites
  • Get wordpress websites
  • Find control panel
  • Find zip files
  • Find upload files
  • Get server users
  • Scan from SQL injection
  • Scan ports (range of ports)
  • Scan ports (common ports)
  • Get server banner
  • Bypass Cloudflare

#Post Exploitation

  • Shell Checker
  • POET
  • Weeman - Phishing Framework
  • Insecure Web Interface
  • Insufficient Authentication/Authorization
  • Insecure Network Services
  • Lack of Transport Encryption
  • Privacy Concerns
  • Insecure Cloud Interface
  • Insecure Mobile Interface
  • Insufficient Security Configurability
  • Insecure Software/Firmware
  • Poor Physical Security
  • Radium-Keylogger - Python keylogger with multiple features

#Recon

  • Sniper

#Smartphones Penetration

  • Attach Framework to a Deployed Agent/Create Agent
  • Send Commands to an Agent
  • View Information Gathered
  • Attach Framework to a Mobile Modem
  • Run a remote attack
  • Run a social engineering or client side attack
  • Compile code to run on mobile devices
  • Install Stuff
  • Use Drozer
  • Setup API
  • Bruteforce the Android Passcode given the hash and salt

#Others