helich0pper / Karkinos
Licence: other
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Stars: ✭ 115
Projects that are alternatives of or similar to Karkinos
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (+13.04%)
Mutual labels: pentesting, ctf, ctf-tools
Basecrack
Decode All Bases - Base Scheme Decoder
Stars: ✭ 196 (+70.43%)
Mutual labels: encoder-decoder, ctf, ctf-tools
Print My Shell
Python script wrote to automate the process of generating various reverse shells.
Stars: ✭ 140 (+21.74%)
Mutual labels: ctf, ctf-tools, reverse-shell
Spellbook
Micro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-53.91%)
Mutual labels: pentesting, ctf, ctf-tools
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+342.61%)
Mutual labels: pentesting, ctf, ctf-tools
Stegseek
⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️
Stars: ✭ 187 (+62.61%)
Mutual labels: pentesting, ctf, ctf-tools
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+7826.96%)
Mutual labels: pentesting, ctf, ctf-tools
Stegcracker
Steganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (+244.35%)
Mutual labels: pentesting, ctf, ctf-tools
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-69.57%)
Mutual labels: reverse-shell, pentesting, ctf-tools
Platypus
🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (+386.09%)
Mutual labels: pentesting, ctf, reverse-shell
Flask Unsign
Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-21.74%)
Mutual labels: pentesting, ctf, ctf-tools
Ctfcli
ctfcli is a tool to manage Capture The Flag events and challenges
Stars: ✭ 43 (-62.61%)
Mutual labels: ctf, ctf-tools
Ctfsubmitter
A flag submitter service with distributed attackers for attack/defense CTF games.
Stars: ✭ 56 (-51.3%)
Mutual labels: ctf, ctf-tools
Fwdsh3ll
Forward shell generation framework
Stars: ✭ 62 (-46.09%)
Mutual labels: ctf-tools, reverse-shell
Crypton
Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs
Stars: ✭ 995 (+765.22%)
Mutual labels: ctf, ctf-tools
Oscp Ctf
oscp-ctf is a small collection of basic Bash scripts that make life easier and save time whether you are in the OSCP labs, HackThebox or playing around with CTFs.
Stars: ✭ 62 (-46.09%)
Mutual labels: ctf, ctf-tools
Ctfcracktools
China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
Stars: ✭ 1,118 (+872.17%)
Mutual labels: ctf, ctf-tools
Gtfonow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries
Stars: ✭ 68 (-40.87%)
Mutual labels: pentesting, ctf
Nullctf
A Discord bot that provides ctf tools for collaboration in Discord servers!
Stars: ✭ 78 (-32.17%)
Mutual labels: ctf, ctf-tools
Disclaimer
Use this tool to make penetration tests or any hacking CTF's more efficient. This tool should be used on applications that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.
Please check the known bugs and issues at the bottom before installation.
A Wiki page for troubleshooting is coming very soon...
What is Karkinos?
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following:
- Encoding/Decoding characters
- Encrypting/Decrypting text or files
- Reverse shell handling
- Cracking and generating hashes
Dependencies
- Any server capable of hosting PHP; tested with Apache Server
- Tested with PHP 7.4.9
- Python3
Make sure it is in your path as:
Windows:python
Linux:python3
If it is not, please change the commands inincludes/pid.php - pip3
- Raspberry Pi Zero friendly :) (crack hashes at your own risk)
Newest Feature
Introducing Modules
Modules are now in one place for better organisation and accessibility.
New Module
Directory and File Busting demo:
Installing
This installation guide assumes you have all the dependencies.
Linux/BSD
git clone https://github.com/helich0pper/Karkinos.gitcd Karkinospip3 install -r requirements.txt-
cd wordlists && tar -xf passlist.zipYou can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory. - Add
extension=php_sqlite3.dllto your php.ini file.
If you don't know where to find this, refer to the PHP docs. - Thats it! Now just host it using your preferred web server or run:
php -S 127.0.0.1:8888in the Karkinos directory.
Important: using port 5555 will conflict with the reverse shell handler server
If you insist on using port 5555, change the reverse shell handler serverPORTvalue in/bin/Server/app.py Line 88
Important: using port 5556 will conflict with the directory and file busting server
If you insist on using port 5556, change the directory and file busting serverPORTvalue in/bin/Busting/app.py Line 111
Windows
git clone https://github.com/helich0pper/Karkinos.gitcd Karkinospip3 install -r requirements.txt-
cd wordlists && tar -xf passlist.zip
You can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory. - Add
extension=php_sqlite3.dllto your php.ini file.
If you don't know where to find this, refer to the PHP docs. - Thats it! Now just host it using your preferred web server or run:
php -S 127.0.0.1:8888in the Karkinos directory.
Important: using port 5555 will conflict with the reverse shell handler server
If you insist on using port 5555, change the reverse shell handler serverPORTvalue in/bin/Server/app.py Line 88
Important: using port 5556 will conflict with the directory and file busting server
If you insist on using port 5556, change the directory and file busting serverPORTvalue in/bin/Busting/app.py Line 111
Demo
Open screenshots in full screen for a better view
Home Menu
Landing page and quick access menu.
User stats are displayed here. Currently, the stats recorded are only the total hashes and hash types cracked successfully.
Encoding/Decoding
This page allows you to encode/decode in common formats (more may be added soon)
Encrypt/Decrypt
Encrypting and decrypting text or files is made easy and is fully trusted since it is done locally.
Modules
More modules will be added.
Reverse Shell Handling
Reverse shells can be captured and interacted with on this page.
Create a listener instance
Configure the listener
Start the listener and capture a shell
Full reverse shell handling demo:
Directory and File Busting
Create an instance
Configure it
Start scanning
Full Directory and File Busting demo:
Generating Hashes
Karkinos can generate commonly used hashes such as:
- MD5
- SHA1
- SHA256
- SHA512
Cracking Hashes
Karkinos offers the option to simultaneously crack hashes using a built-in wordlist consisting of over 15 million common and breached passwords. This list can easily be modified and/or completely replaced.
Future Work
Pull requests and bug reports are always appreciated.
Below are features to be added/fixed:
- Creating a Wiki page to help customize Karkinos or troubleshoot common issues
Find me on
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].