All Projects → Leviathan36 → Kaboom

Leviathan36 / Kaboom

Licence: gpl-3.0
A tool to automate penetration tests

Programming Languages

shell
51189 projects

Projects that are alternatives of or similar to Kaboom

Justtryharder
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (+39.75%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool, pentest-scripts
Thc Hydra
hydra
Stars: ✭ 5,645 (+1653.11%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool, hydra
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-59.63%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+1420.81%)
Mutual labels:  pentest-tool, pentest-scripts, penetration-testing, pentesting
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-46.58%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool
Trigmap
A wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-59.01%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+47.2%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+110.25%)
Mutual labels:  pentesting, penetration-testing, pentest-tool, pentest-scripts
Hackerenv
Stars: ✭ 309 (-4.04%)
Mutual labels:  pentesting, pentest, pentest-tool, pentest-scripts
Habu
Hacking Toolkit
Stars: ✭ 635 (+97.2%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-89.13%)
Mutual labels:  penetration-testing, pentesting, pentest, pentest-tool
Pwncat
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+180.75%)
Mutual labels:  pentesting, penetration-testing, pentest, pentest-tool
Getaltname
Extract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-0.62%)
Mutual labels:  pentesting, pentest, pentest-tool, pentest-scripts
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-61.18%)
Mutual labels:  pentesting, penetration-testing, pentest
Ssrf Testing
SSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+433.54%)
Mutual labels:  pentesting, pentest, pentest-tool
Subscraper
Subdomain enumeration through various techniques
Stars: ✭ 265 (-17.7%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-63.98%)
Mutual labels:  pentesting, pentest, pentest-tool
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-48.45%)
Mutual labels:  pentesting, penetration-testing, pentest-tool
Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-68.01%)
Mutual labels:  pentesting, penetration-testing, pentest-tool
Capsulecorp Pentest
Vagrant VirtualBox environment for conducting an internal network penetration test
Stars: ✭ 214 (-33.54%)
Mutual labels:  pentesting, penetration-testing, pentest

Release Language License LastUpdate TestedOn

About

Kaboom is an automatism for penetration tests. It performs several tasks for the first two phases of the test: information gathering and vulnerability assessment. All informations collected are saved into a directory hierarchy very simple to browse (also in case of multiple targets).

Details

Kaboom performs several tasks:

  1. Information Gathering

    • Port scan (Nmap)
    • Web resources enumeration (Dirb)
  2. Vulnerability assessment

    • Web vulnerability assessment (Nikto - Dirb)

    • Vulnerability assessment (Nmap - Metasploit)

    • Automatic Vulnerabilities research (Searchsploit - Metasploit)

    • Dictionary Attacks (Hydra)

      • SSH
      • POP3
      • IMAP
      • RDP

Usage

Kaboom can be used in two ways:

  • Interactive mode:

kaboom [ENTER], and the script does the rest

  • NON-interactive mode:

kaboom -t <target_ip> -f <report_path> [-p one_or_more_phases]


If you want to see the help:

kaboom -h (or --help)


For more screenshots see the relative directory of the repository.

Dir Hierarchy

Customization

It's possible to customize the script by changing the value of variables at the beginning of the file. In particularly you can choose the wordlists used by Hydra and Dirb, specify another Metasploit scan script and change the output file names.

#KABOOM_PATH=''		# THE PATH COULD BE SET HERE INSTEAD OF IN BASHRC FILE

if [[ "$KABOOM_PATH" == '' ]]; then
	KABOOM_PATH='.'
fi

# USER WORDLISTS
USERLIST_HYDRA_SSH="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_POP3="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_IMAP="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_RDP="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_SMB="$KABOOM_PATH/user_wordlist_short.txt"

# PASSWORD WORDLISTS
PASSLIST_HYDRA="$KABOOM_PATH/fasttrack.txt"
PASSLIST_HYDRA_SSH="$PASSLIST_HYDRA"
PASSLIST_HYDRA_POP3="$PASSLIST_HYDRA"
PASSLIST_HYDRA_IMAP="$PASSLIST_HYDRA"
PASSLIST_HYDRA_RDP="$PASSLIST_HYDRA"
PASSLIST_HYDRA_SMB="$PASSLIST_HYDRA"

# DIRB WORDLISTS
HTTP_WORDLIST="$KABOOM_PATH/custom_url_wordlist.txt"
HTTP_EXTENSIONS_FILE="$KABOOM_PATH/custom_extensions_common.txt"

# METASPLOIT SCAN SCRIPT
METASPLOIT_SCAN_SCRIPT='./metasploit_scan_script'

# NMAP FILES
SCRIPT_SYN='script-syn'
UDP='udp'
SYN='syn'

New features

  • Customization (see above)
  • Multi-target specification
    • You can specify up to 254 hosts (C-class network)
  • New CLI interface
  • More powerfull Nmap scan
  • Better directory hierarchy
  • Automatic research of Metasploit module associated with CVE code found
  • Recognition of services exposed on not canonical ports (ex: http on 7000)
  • Print out and save credentials found

Twin Brother

During the development of Kaboom was born a parallel project called trigmap (trigger Nmap). This tool performs the same tasks of Kaboom, but with a different philosophy; infact, it uses only Nmap to execute his work. Generally Kaboom isn't better than Trigmap and vice versa, but simply it's a good thing to use both the scripts to gather more evidences.

For more informations about this tool take a look to this link.




Disclaimer:

Author assume no liability and are not responsible for any misuse or damage caused by this program.

Kaboom is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

License:

Kaboom is released under GPLv3 license. See LICENSE for more details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected]