Friday, May 15, 2020

Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources


About Lockdoor-Framework
    Author: SofianeHamlaoui
   Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

   LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
   For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

   Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
 * Information Gathering 🔎:
  • dirsearch: A Web path scanner
  • brut3k1t: security-oriented bruteforce framework
  • gobuster: DNS and VHost busting tool written in Go
  • Enyx: an SNMP IPv6 Enumeration Tool
  • Goohak: Launchs Google Hacking Queries Against A Target Domain
  • Nasnum: The NAS Enumerator
  • Sublist3r: Fast subdomains enumeration tool for penetration testers
  • wafw00f: identify and fingerprint Web Application Firewall
  • Photon: ncredibly fast crawler designed for OSINT.
  • Raccoon: offensive security tool for reconnaissance and vulnerability scanning
  • DnsRecon: DNS Enumeration Script
  • Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
  • sherlock: Find usernames across social networks
  • snmpwn: An SNMPv3 User Enumerator and Attack tool
  • Striker: an offensive information and vulnerability scanner.
  • theHarvester: E-mails, subdomains and names Harvester
  • URLextractor: Information gathering & website reconnaissance
  • denumerator.py: Enumerates list of subdomains
  • other: other Information gathering,recon and Enumeration scripts I collected somewhere.
  • ReconDog: Reconnaissance Swiss Army Knife
  • RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
  • Dracnmap: Info Gathering Framework
 * Web Hacking 🌐:
  • Spaghetti: Spaghetti - Web Application Security Scanner
  • CMSmap: CMS scanner
  • BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
  • J-dorker: Website List grabber from Bing
  • droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
  • Optiva: Web Application Scanner
  • V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • AtScan: Advanced dork Search & Mass Exploit Scanner
  • WPSeku: Wordpress Security Scanner
  • WPScan: A simple Wordpress scanner written in python
  • XSStrike: Most advanced XSS scanner.
  • SQLMap: automatic SQL injection and database takeover tool
  • WhatWeb: the Next generation web scanner
  • joomscan: Joomla Vulnerability Scanner Project
  • Dzjecter: Server checking Tool
 * Privilege Escalation ⚠️:
  • Linux 🐧:linux_checksec.sh
       linux_enum.sh
       linux_gather_files.sh
       linux_kernel_exploiter.pl
       linux_privesc.py
       linux_privesc.sh
       linux_security_test
       Linux_exploits folder
  • Windows Windows:   windows-privesc-check.py
       windows-privesc-check.exe
  • MySql:raptor_udf.c
       raptor_udf2.c
 * Reverse Engineering ⚡:
  • Radare2: unix-like reverse engineering framework
  • VirtusTotal: VirusTotal tools
  • Miasm: Reverse engineering framework
  • Mirror: reverses the bytes of a file
  • DnSpy: .NET debugger and assembly
  • AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
  • DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
  • Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
  • yara: a tool aimed at helping malware researchers toidentify and classify malware samples
  • Spike: a protocol fuzzer creation kit + audits
  • other: other scripts collected somewhere
 * Exploitation ❗:
  • Findsploit: Find exploits in local and online databases instantly
  • Pompem: Exploit and Vulnerability Finder
  • rfix: Python tool that helps RFI exploitation.
  • InUrlBr: Advanced search in search engines
  • Burpsuite: Burp Suite for security testing & scanning.
  • linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
  • other: other scripts I collected somewhere.
 * Shells 🐚:
  • WebShells: BlackArch's Webshells Collection
  • ShellSum: A defense tool - detect web shells in local directories
  • Weevely: Weaponized web shell
  • python-pty-shells: Python PTY backdoors
 * Password Attacks ✳️:
  • crunch : a wordlist generator
  • CeWL : a Custom Word List Generator
  • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
 * Encryption - Decryption 🛡️:
  • Codetective: a tool to determine the crypto/encoding algorithm used
  • findmyhash: Python script to crack hashes using online services
 * Social Engineering 🎭:
  • scythe: an accounts enumerator

Contributing:
  1. Fork Lockdoor-Framework:
    git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a new Pull Request

Features 📙:
  • Pentesting Tools Selection 📙:
   Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
   what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
   Easy customization: Easily add/remove tools. (Added value)
   Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]
  • Resources and cheatsheets 📙 (Added value):
   Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
   Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:
Lockdoor-Framework's screenshots:
First Step
Lockdoor update
ROOT Menu
Information Gathering
Web Hacking
Exploitation
Reverse Engineering
Enc/Dec
Password Attacks
Shells
PrivEsc
Social Engineering
PSAFRT
Walkthroughs
About
Support the author:
   On Paypal: Sofiane Hamlaoui
   BTC Address: 

Read more


No comments: