Skip to content
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
HTML CSS Python Other
Branch: master
Clone or download
M4cs Merge pull request #31 from Tendel10/master
Added a simple windows powershell reverse shell
Latest commit ac9a579 Aug 14, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
babysploit got ready for pull request Aug 14, 2019
.gitignore Fix Nov 25, 2018 Create Nov 19, 2018
Dockerfile Update Dockerfile Nov 25, 2018 Update Nov 18, 2018 Config Jan 12, 2019 Update Feb 14, 2019 Config Jan 12, 2019

Forks Issues License Python 3.6+ Twitter

Made For Kali Linux. No Support For Other Distros If There Are Problems.
Developed by @maxbridgland


BabySploit is a penetration testing toolkit aimed at making it easy to learn how to use bigger,
more complicated frameworks like Metasploit. With a very easy to use UI and toolkit, anybody
from any experience level will find use out of BabySploit. Below are some screenshots of the framework.

Installation Instructions:

Using Pip

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install exploitdb netcat nmap perl php7.0 
pip3 install babysploit

In order to use search command you must follow steps here to install the searchsploit binary!

Building From Source

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install exploitdb netcat nmap perl php7.0
git clone
cd BabySploit/
python3 install

Docker Run Command

docker run --rm -idt --name babysploit xshuden/babysploit    # container is deleted when you're done
docker run -idt --name babysploit xshuden/babysploit

Getting Started:

Setting Configuration Values:

BabySploit uses ConfigParser in order to write and read configuration. Your config file is automatically generated and located at ./babysploit/config/config.cfg. You can manually change configuration settings by opening up the file and editing with a text editor or you can use the set command to set a new value for a key. Use the set command like so:

set rhost
>> Enter Value For rhost: 10
>> Config Key Saved!

If before running this command the rhost key had a value of 80, the rhost key after running this command has a value of 10. You can also add configuration variables to the config by using the set command with a new key after it like so:

set newkey
>> Enter Value For newkey: hello
>> Config Key Saved!

Before running this there was no key named "newkey". After running this you will have a key named "newkey" in your config until you use the reset command which resets the saved configuration.

Running A Tool

In order to run a tool all you have to do is enter the name of the tool into BabySploit. You can use the tools command to display a menu with all the currently availble tools. If we run tools we get the depiction:


*this depiction may be outdated*

This menu will display the tools available and the description of each tool. To run a tool simply enter the tool name into BabySploit. Ex: ftpbruteforce - runs the ftpbruteforce tool.

Features (Current, In The Works, Planned):

Visit project board for tools.

  • Information Gathering
  • Exploitation
  • Post Exploitation
  • Bruteforcing
  • Phishing
  • Cryptography/Stenography

Information Gathering:

  • Nmap
  • IP Info
  • Tcpdump (In The Works)
  • Datasploit (In The Works)
  • Censys Lookup
  • DNS Lookup
  • Raccoon
  • Cloudflare Bypasser


  • Searchsploit
  • ReverseShell Wizard
  • FTP Buffer Overflow Scan
  • WPSeku WordPress Vuln Scanner

Post Exploitation:

  • In The Works


  • FTP Bruteforcer
  • WPSeku WordPress Login Bruteforce


  • BlackEye Python


  • MetaKiller
  • PDFMeta


Feel free to contribute by making plugins or fixing bugs with a Pull Request. All contributions are helpful and will help make this a great tool.

Licensed Under MIT.

Copyright (c) 2018 Syndicated Intelligence


@linux_choice for BlackEye sites and base.

@M4ll0k for WPSeku.

@exploitdb for Searchsploit.

You can’t perform that action at this time.