GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → zpettry → boxer

zpettry / boxer

Licence: MIT license
Boxer: A fast directory bruteforce tool written in Python with concurrency.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

directoryhackingbruteforcepenetration-testingpentestingbugbountyhacking-tool

Projects that are alternatives of or similar to boxer

Webmap
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (+1153.33%)
Mutual labels:  bruteforce, penetration-testing, hacking-tool
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+48206.67%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+22506.67%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+2746.67%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+980%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (+186.67%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+1860%)
Mutual labels:  bruteforce, penetration-testing, bugbounty
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (+200%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+12753.33%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+5013.33%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+4966.67%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+1166.67%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+1113.33%)
Mutual labels:  penetration-testing, bugbounty, hacking-tool
Webspoilt
This script will you help to find the information about the website and to help in penetrating testing
Stars: ✭ 34 (+126.67%)
Mutual labels:  bruteforce, penetration-testing, hacking-tool
Instagram Hacker
This is an advanced script for Instagram bruteforce attacks. WARNING THIS IS A REAL TOOL!
Stars: ✭ 156 (+940%)
Mutual labels:  bruteforce, hacking-tool
Dark Fantasy Hack Tool
DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.. Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.) Web Spider: For gathering web application hacking information. Email scraper: To get all emails related to a webpage IMDB Rating: Easy way to access the movie database. Both .exe(compressed as zip) and .py versions are available in files.
Stars: ✭ 131 (+773.33%)
Mutual labels:  bruteforce, hacking-tool
T14m4t
Automated brute-forcing attack tool.
Stars: ✭ 160 (+966.67%)
Mutual labels:  bruteforce, hacking-tool
Elpscrk
A Common User Passwords generator script that looks like the tool Eliot used it in Mr.Robot Series Episode 01 :D :v
Stars: ✭ 113 (+653.33%)
Mutual labels:  bruteforce, hacking-tool
Yotter
yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage
Stars: ✭ 118 (+686.67%)
Mutual labels:  directory, bruteforce
Content Bruteforcing Wordlist
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
Stars: ✭ 173 (+1053.33%)
Mutual labels:  directory, bruteforce
View All Similar Projects ➔

Boxer

Boxer is a directory bruteforcing tool. It was designed primarily for a red team and for a large network of systems to scan. Not only can it run a directory bruteforce, but it can save the results and allow you to query them locally or from a HTTPS server that Boxer provides.

(5/11/2019) Some testing has indicated results of finishing in roughly a fourth of the time as Gobuster on one URL with the same wordlist.

  • There is no recursion currently implemented. There is some code commented out to possibly allow this in the future.

Why another directory bruteforce tool?

  • I put this tool together to implement and work with OOP and polymorphism.
  • I also wanted to implement concurrency and coroutines.
  • This should aid in process improvements for my job.
  • As a security professional and hobbyist, I like putting helpful software together for this domain.

Requirements

This code was created with Python 3.7.3. Other versions of Python 3 might also work.

Make sure to install all requirements:

$ pip3 install -r requirements.txt

Quick start

Run a scan:

$ python3 boxer.py -u https://www.google.com -w common.txt

Run a scan and setup a database for persistent results:

$ python3 boxer.py -u https://www.google.com -w common.txt -d database

Run a scan with a 'urls.txt' file (with or without a database).

$ python3 boxer.py -u urls.txt -w common.txt -d database

Query the local database for available urls:

$ python3 boxer.py -urlsavailable -d database.json

Query the local database for the url's directories:

$ python3 boxer.py -u https://www.google.com -d database.json

Setup server to serve up the urls' database:

$ python3 boxer.py -server -d database.json

Query the server for available urls:

$ python3 boxer.py -urlsavailable -s 0.0.0.0

Query the server for the url's directories:

$ python3 boxer.py -u https://www.google.com -s 0.0.0.0

License

This code is licensed under the terms of the MIT License (see the file LICENSE).

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].