hahwul / Mad Metasploit
Licence: mit
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200
Programming Languages
ruby
36898 projects - #4 most used programming language
Projects that are alternatives of or similar to Mad Metasploit
Redcloud
Automated Red Team Infrastructure deployement using Docker
Stars: ✭ 551 (+175.5%)
Mutual labels: hacking, metasploit, bugbounty
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+818.5%)
Mutual labels: resources, hacking, bugbounty
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+4390.5%)
Mutual labels: resources, hacking, bugbounty
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-69%)
Mutual labels: resources, hacking, bugbounty
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-19%)
Mutual labels: hacking, bugbounty
Di.we.h
Repositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-22%)
Mutual labels: hacking, bugbounty
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-18.5%)
Mutual labels: hacking, bugbounty
Hrshell
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-3.5%)
Mutual labels: hacking, metasploit
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-15.5%)
Mutual labels: hacking, bugbounty
Jwt Hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Stars: ✭ 172 (-14%)
Mutual labels: hacking, bugbounty
Hack Tools
The all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+1275%)
Mutual labels: hacking, metasploit
Proton
Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (-29%)
Mutual labels: hacking, metasploit
Quiver
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-30%)
Mutual labels: hacking, bugbounty
Redteam Hardware Toolkit
🔺 Red Team Hardware Toolkit 🔺
Stars: ✭ 163 (-18.5%)
Mutual labels: hacking, bugbounty
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+864%)
Mutual labels: hacking, bugbounty
Mobilehackersweapons
Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (-15%)
Mutual labels: hacking, bugbounty
Hackapk
An Advanced Tool For Complete Apk-Modding In Termux ...
Stars: ✭ 180 (-10%)
Mutual labels: hacking, metasploit
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-9%)
Mutual labels: hacking, bugbounty
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (-5%)
Mutual labels: hacking, bugbounty
Gofingerprint
GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Stars: ✭ 120 (-40%)
Mutual labels: hacking, bugbounty
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
https://www.hahwul.com/p/mad-metasploit.html
Awesome
open awesome.md
Add mad-metasploit to metasploit framework
- config your metasploit-framework directory
$ vim config/config.rb
$metasploit_path = '/opt/metasploit-framework/embedded/framework/'
# /usr/share/metasploit-framework
2-A. Interactive Mode
$ ./mad-metasploit
2-B. Commandline Mode(preset all)
$ ./mad-metasploit [-a/-y/--all/--yes]
Use custom modules
search auxiliary/exploits, other..
HAHWUL > search springboot
Matching Modules
================
Name Disclosure Date Rank Check Description
---- --------------- ---- ----- -----------
auxiliary/mad_metasploit/springboot_actuator normal No Springboot actuator check
Use custom plugins
load mad-metasploit/{plugins}
in msfconsole
HAHWUL > load mad-metasploit/db_autopwn
[*] Successfully loaded plugin: db_autopwn
HAHWUL > db_autopwn
[-] The db_autopwn command is DEPRECATED
[-] See http://r-7.co/xY65Zr instead
[*] Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse connect shell
-b Use a bind shell on a random port (default)
-q Disable exploit module output
-R [rank] Only run modules with a minimal rank
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex
-T [secs] Maximum runtime for any exploit in seconds
etc...
List of
mad-metasploit/db_autopwn
mad-metasploit/arachni
mad-metasploit/meta_ssh
mad-metasploit/db_exploit
Use Resource-scripts
#> msfconsole
MSF> load alias
MSF> alias ahosts 'resource /mad-metasploit/resource-script/ahosts.rc'
MSF> ahosts
[Custom command!]
List of rs
ahosts.rc
cache_bomb.rb
feed.rc
getdomains.rb
getsessions.rb
ie_hashgrab.rb
listdrives.rb
loggedon.rb
runon_netview.rb
search_hash_creds.rc
virusscan_bypass8_8.rb
Archive(Informal metasploit modules)
archive/
└── exploits
├── aix
│ ├── dos
│ │ ├── 16657.rb
│ │ └── 16929.rb
│ ├── local
│ │ └── 16659.rb
│ └── remote
│ └── 16930.rb
├── android
│ ├── local
│ │ ├── 40504.rb
│ │ ├── 40975.rb
│ │ └── 41675.rb
│ └── remote
│ ├── 35282.rb
│ ├── 39328.rb
│ ├── 40436.rb
│ └── 43376.rb
.....
Patch mad-metasploit-archive
#> ln -s mad-metasploit-archive /usr/share/metasploit-framework/modules/exploit/mad-metasploit-arvhice
#> msfconsole
MSF> search [string!]
..
exploit/multi/~~~
exploit/mad-metasploit-arvhice/[custom-script!!]
..
How to update?
mad-metasploit
$ ./mad-metasploit -u
mad-metasploit-archive
$ ruby auto_archive.rb
or
$ ./mad-metasploit
[+] Sync Mad-Metasploit Modules/Plugins/Resource-Script to Metasploit-framework
[+] Metasploit-framewrk directory: /opt/metasploit-framework/embedded/framework/
(set ./conf/config.rb)
[*] Update archive(Those that are not added as msf)? [y/N] y
[-] Download index data..
How to remove mad-metasploit?
$ ./mad-metasploit -r
or
$ ./mad-metasploit --remove
Development
Hello world..!
$ git clone https://githhub.com/hahwul/mad-metasploit
Add to Custom code
./mad-metasploit-modules
+ exploit
+ auxiliray
+ etc..
./mad-metasploit-plugins
./mad-metasploit-resource-script
New Idea issue > idea tag
Contributing
Bug reports and pull requests are welcome on GitHub. (This project is intended to be a safe)
Donate
I like coffee! I'm a coffee addict.
Videos
How to Install and Usage
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].