PenBox - A Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo
Python
Latest commit 3b77c69 Nov 4, 2016 @x3omdax committed on GitHub Update README.md
Permalink
Failed to load latest commit information.
Versions Create penbox.py Nov 4, 2016
LICENSE.md Update LICENSE.md Jan 6, 2016
README.md Update README.md Nov 4, 2016
penbox.py Update penbox.py Nov 4, 2016

README.md

PenBox – A Penetration Testing Framework

A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs

Information Gathering :

  • nmap
  • Setoolkit
  • Port Scanning
  • Host To IP
  • wordpress user enumeration
  • CMS scanner
  • XSStracer - checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection
  • Doork - Google Dorks Passive Vulnerability Auditor
  • Scan A server's Users

Password Attacks :

  • Cupp
  • Ncrack
  • AutoBrowser Screenshot

Wireless Testing :

  • reaver
  • pixiewps
  • Bluetooth Honeypot GUI Framework

Exploitation Tools :

  • Venom
  • sqlmap
  • Shellnoob
  • commix
  • FTP Auto Bypass
  • jboss-autopwn
  • Blind SQL Automatic Injection And Exploit
  • Bruteforce the Android Passcode given the hash and salt
  • Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection Scanner
  • cms Few
  • BLACKBOx
  • Liffy # Sniffing & Spoofing :
  • Setoolkit
  • SSLtrip
  • pyPISHER
  • SMTP Mailer

Web Hacking :

  • Drupal Hacking
  • Inurlbr
  • Wordpress & Joomla Scanner
  • Gravity Form Scanner
  • File Upload Checker
  • Wordpress Exploit Scanner
  • Wordpress Plugins Scanner
  • Shell and Directory Finder
  • Joomla! 1.5 - 3.4.5 remote code execution
  • Vbulletin 5.X remote code execution
  • BruteX - Automatically brute force all services running on a target
  • Arachni - Web Application Security Scanner Framework
  • Sub-domain Scanning
  • Wordpress Scanning
  • Wordpress Username Enumeration
  • Wordpress Backup Grabbing
  • Sensitive File Detection
  • Same-Site Scripting Scanning
  • Click Jacking Detection
  • Powerful XSS vulnerability scanning
  • SQL Injection vulnerability scanning

Private Tools

  • Get all websites
  • Get joomla websites
  • Get wordpress websites
  • Find control panel
  • Find zip files
  • Find upload files
  • Get server users
  • Scan from SQL injection
  • Scan ports (range of ports)
  • Scan ports (common ports)
  • Get server banner
  • Bypass Cloudflare

Post Exploitation

  • Shell Checker
  • POET
  • Weeman - Phishing Framework
  • Insecure Web Interface
  • Insufficient Authentication/Authorization
  • Insecure Network Services
  • Lack of Transport Encryption
  • Privacy Concerns
  • Insecure Cloud Interface
  • Insecure Mobile Interface
  • Insufficient Security Configurability
  • Insecure Software/Firmware
  • Poor Physical Security
  • Radium-Keylogger - Python keylogger with multiple features

Recon

  • Sniper

Smartphones Penetration

  • Attach Framework to a Deployed Agent/Create Agent
  • Send Commands to an Agent
  • View Information Gathered
  • Attach Framework to a Mobile Modem
  • Run a remote attack
  • Run a social engineering or client side attack
  • Compile code to run on mobile devices
  • Install Stuff
  • Use Drozer
  • Setup API
  • Bruteforce the Android Passcode given the hash and salt

Others