About Lockdoor-Framework Author: SofianeHamlaoui Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)
LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.
Lockdoor-Framework installation: For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.
Open your Terminal and enter these commands:
You can watch detail here:
Lockdoor Tools contents 🛠️: * Information Gathering 🔎:- dirsearch: A Web path scanner
- brut3k1t: security-oriented bruteforce framework
- gobuster: DNS and VHost busting tool written in Go
- Enyx: an SNMP IPv6 Enumeration Tool
- Goohak: Launchs Google Hacking Queries Against A Target Domain
- Nasnum: The NAS Enumerator
- Sublist3r: Fast subdomains enumeration tool for penetration testers
- wafw00f: identify and fingerprint Web Application Firewall
- Photon: ncredibly fast crawler designed for OSINT.
- Raccoon: offensive security tool for reconnaissance and vulnerability scanning
- DnsRecon: DNS Enumeration Script
- Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
- sherlock: Find usernames across social networks
- snmpwn: An SNMPv3 User Enumerator and Attack tool
- Striker: an offensive information and vulnerability scanner.
- theHarvester: E-mails, subdomains and names Harvester
- URLextractor: Information gathering & website reconnaissance
- denumerator.py: Enumerates list of subdomains
- other: other Information gathering,recon and Enumeration scripts I collected somewhere.
- ReconDog: Reconnaissance Swiss Army Knife
- RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
- Dracnmap: Info Gathering Framework
* Web Hacking 🌐:
- Spaghetti: Spaghetti - Web Application Security Scanner
- CMSmap: CMS scanner
- BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
- J-dorker: Website List grabber from Bing
- droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
- Optiva: Web Application Scanner
- V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
- AtScan: Advanced dork Search & Mass Exploit Scanner
- WPSeku: Wordpress Security Scanner
- WPScan: A simple Wordpress scanner written in python
- XSStrike: Most advanced XSS scanner.
- SQLMap: automatic SQL injection and database takeover tool
- WhatWeb: the Next generation web scanner
- joomscan: Joomla Vulnerability Scanner Project
- Dzjecter: Server checking Tool
* Privilege Escalation ⚠️:
- Linux 🐧:linux_checksec.sh
linux_enum.sh
linux_gather_files.sh
linux_kernel_exploiter.pl
linux_privesc.py
linux_privesc.sh
linux_security_test
Linux_exploits folder - Windows
: windows-privesc-check.py
windows-privesc-check.exe - MySql:raptor_udf.c
raptor_udf2.c
* Reverse Engineering ⚡:
- Radare2: unix-like reverse engineering framework
- VirtusTotal: VirusTotal tools
- Miasm: Reverse engineering framework
- Mirror: reverses the bytes of a file
- DnSpy: .NET debugger and assembly
- AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
- DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
- Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
- yara: a tool aimed at helping malware researchers toidentify and classify malware samples
- Spike: a protocol fuzzer creation kit + audits
- other: other scripts collected somewhere
* Exploitation ❗:
- Findsploit: Find exploits in local and online databases instantly
- Pompem: Exploit and Vulnerability Finder
- rfix: Python tool that helps RFI exploitation.
- InUrlBr: Advanced search in search engines
- Burpsuite: Burp Suite for security testing & scanning.
- linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
- other: other scripts I collected somewhere.
* Shells 🐚:
- WebShells: BlackArch's Webshells Collection
- ShellSum: A defense tool - detect web shells in local directories
- Weevely: Weaponized web shell
- python-pty-shells: Python PTY backdoors
- crunch : a wordlist generator
- CeWL : a Custom Word List Generator
- patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
* Encryption - Decryption 🛡️:- Codetective: a tool to determine the crypto/encoding algorithm used
- findmyhash: Python script to crack hashes using online services
* Social Engineering 🎭:
- scythe: an accounts enumerator
Contributing:
- Fork Lockdoor-Framework:
git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git - Create your feature branch
- Commit your changes
- Push to the branch
- Create a new Pull Request
Features 📙:- Pentesting Tools Selection 📙:
Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value). what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value). Easy customization: Easily add/remove tools. (Added value) Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]- Resources and cheatsheets 📙 (Added value):
Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more. Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.
Check the Wiki Pages to know more about the tool 📙: Lockdoor-Framework's screenshots: |
| First Step |
 |
| Lockdoor update |
 |
| ROOT Menu |
 |
| Information Gathering |
 |
| Web Hacking |
 |
| Exploitation |
 |
| Reverse Engineering |
 |
| Enc/Dec |
 |
| Password Attacks |
 |
| Shells |
 |
| PrivEsc |
 |
| Social Engineering |
 |
| PSAFRT |
 |
| Walkthroughs |
 |
| About |
Support the author: BTC Address: 
Related news
Disclaimer
This Document is subject to changes without prior notice and is intended only for the person or entity to which it is addressed to and may contain confidential and/or privileged material and is not for any type of circulation. Any review, retransmission, or any other use is prohibited. Kindly note that this document does not constitute an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.
The information contained herein is from publicly available data or other sources believed to be reliable. While I would endeavour to update the information herein on reasonable basis, I am under no obligation to update or keep the information current. Also, there may be regulatory, compliance, or other reasons that may prevent me from doing so. I do not represent that information contained herein is accurate or complete and it should not be relied upon as such. This document is prepared for assistance only and is not intended to be and must not alone betaken as the basis for an investment decision. The user assumes the entire risk of any use made of this information. Each recipient of this document should make such investigations as it deems necessary to arrive at an independent evaluation of an investment in the securities of companies referred to in this document (including the merits and risks involved), and should consult its own advisors to determine the merits and risks of such an investment. The investment discussed or views expressed may not be suitable for all investors. I do not undertake to advise you as to any change of my views. I may have issued other reports that are inconsistent with and reach different conclusion from the information presented in this report. This report is not directed or intended for distribution to, or use by, any person or entity who is a citizen or resident of or located in any locality, state, country or other jurisdiction, where such distribution, publication, availability or use would be contrary to law, regulation or which would subject me to any registration or licensing requirement within such jurisdiction. The securities described herein may or may not be eligible for sale in all jurisdictions or to certain category of investors. Persons in whose possession this document may come are required to inform themselves of and to observe such restriction. I may have used the information set forth herein before publication and may have positions in, may from time to time purchase or sell or may be materially interested in any of the securities mentioned or related securities. I may from time to time solicit from, or perform investment banking, or other services for, any company mentioned herein. Without limiting any of the foregoing, in no event shall I or any third party involved in, or related to, computing or compiling the information have any liability for any damages of any kind.
No comments:
Post a Comment