Skip to content

Lockdoor Tools contents

Sofiane Hamlaoui edited this page Sep 10, 2019 · 5 revisions

Lockdoor Tools contents:

Information Gathering:

  • Tools:
    • dirsearch : A Web path scanner
    • brut3k1t : security-oriented bruteforce framework
    • gobuster : DNS and VHost busting tool written in Go
    • Enyx : an SNMP IPv6 Enumeration Tool
    • Goohak : Launchs Google Hacking Queries Against A Target Domain
    • Nasnum : The NAS Enumerator
    • Sublist3r : Fast subdomains enumeration tool for penetration testers
    • wafw00f : identify and fingerprint Web Application Firewall
    • Photon : ncredibly fast crawler designed for OSINT.
    • Raccoon : offensive security tool for reconnaissance and vulnerability scanning
    • DnsRecon : DNS Enumeration Script
    • Reconnoitre : multithreaded information gathering and service enumeratio tool
    • sherlock : Find usernames across social networks
    • snmpwn : An SNMPv3 User Enumerator and Attack tool
    • Striker : an offensive information and vulnerability scanner.
    • theHarvester : E-mails, subdomains and names Harvester
    • URLextractor : Information gathering & website reconnaissance
    • denumerator.py : Enumerates list of subdomains
    • other : other Information gathering,recon and Enumeration scripts I collected somewhere.
  • Frameworks:
    • ReconDog : Reconnaissance Swiss Army Knife
    • RED_HAWK : All in one tool for Information Gathering, Vulnerability Scanning and Crawling
    • TIDoS : Offensive Manual Web Application Penetration Testing Framework.
    • Dracnmap : Info Gathering Framework

Web Hacking:

  • Tools:
    • Spaghetti : Spaghetti - Web Application Security Scanner
    • HTTPoxyScan : HTTPoxy Exploit Scanner by 1N3
    • CMSmap : CMS scanner
    • BruteXSS : BruteXSS is a tool to find XSS vulnerabilities in web application
    • J-dorker : Website List grabber from Bing
    • droopescan : scanner , identify , CMSs , Drupal , Silverstripe.
    • ptiva : Web Application Scanne
    • V3n0M : Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
    • Priv8SqliTool : Find Sqli Targets v
    • SqliV : massive SQL injection vulnerability scanner
    • AtScan : Advanced dork Search & Mass Exploit Scanner
    • WPSeku : Wordpress Security Scanner
    • WpBrute : Wordpress BruteForce Tools
    • Wpscan : A simple Wordpress scanner written in python
    • B7S-ToolB0x : Wordpress vulnerability scanner
    • XSStrike : Most advanced XSS scanner.
    • joomscan : Joomla Vulnerability Scanner Project
  • Frameworks:
    • Dzjecter : Server checking Tool
    • W3af : web application attack and audit framework

Privilege Escalation:

  • Tools:
    • Linux :
      • Scripts :
        • linux_checksec.sh
        • linux_enum.sh
        • linux_gather_files.sh
        • linux_kernel_exploiter.pl
        • linux_privesc.py
        • linux_privesc.sh
        • linux_security_test
      • Linux_exploits folder
    • Windows :
      • windows-privesc-check.py
      • windows-privesc-check.exe
    • MySql :
      • raptor_udf.c
      • raptor_udf2.c

Reverse Engineering:

  • Radare2 : unix-like reverse engineering framework
  • VirtusTotal : VirusTotal tools
  • Miasm : Reverse engineering framework
  • Mirror : reverses the bytes of a file
  • DnSpy : .NET debugger and assembly
  • DLLRunner : a smart DLL execution script for malware analysis in sandbox systems.
  • Fuzzy Server : a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
  • yara : a tool aimed at helping malware researchers toidentify and classify malware samples
  • Spike : a protocol fuzzer creation kit + audits
  • other : other scripts collected somewhere

Exploitation:

  • Findsploit : Find exploits in local and online databases instantly
  • MassExpConsole : concurrent exploiting
  • Pompem : Exploit and Vulnerability Finder
  • rfix : Python tool that helps RFI exploitation.
  • InUrlBr : Advanced search in search engines
  • linux-exploit-suggester2 : Next-Generation Linux Kernel Exploit Suggester
  • other : other scripts I collected somewhere.

Shells:

  • WebShells : Webshells Collection
  • ShellSum : A defense tool - detect web shells in local directories
  • Weevely : Weaponized web shell
  • python-pty-shells : Python PTY backdoors

Password Attacks:

  • crunch : a wordlist generator
  • CeWL : a Custom Word List Generator
  • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

Encryption - Decryption:

  • Codetective : a tool to determine the crypto/encoding algorithm used
  • findmyhash : Python script to crack hashes using online services
  • hashID : Software to identify the different types of hashes

Post Exploitation::

-Tools :
  • TheFatRat : massive exploiting tool

Reverse Engineering:

  • scythe : an accounts enumerator