khast3x / Offensive Dockerfiles
Offensive tools as Dockerfiles. Lightweight & Ready to go
Stars: ✭ 150
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Offensive Dockerfiles
Dorknet
Selenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (+70.67%)
Mutual labels: osint, pentest, infosec
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+1199.33%)
Mutual labels: pentest, infosec, offensive-security
Vault
swiss army knife for hackers
Stars: ✭ 346 (+130.67%)
Mutual labels: osint, hacking, offensive-security
PyParser-CVE
Multi source CVE/exploit parser.
Stars: ✭ 25 (-83.33%)
Mutual labels: osint, infosec, pentest
Snoop
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (+490.67%)
Mutual labels: osint, pentest, infosec
Goohak
Automatically Launch Google Hacking Queries Against A Target Domain
Stars: ✭ 432 (+188%)
Mutual labels: osint, hacking, pentest
Payloads
Git All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+1808%)
Mutual labels: hacking, pentest, sqli
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+416.67%)
Mutual labels: hacking, pentest, infosec
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+4488%)
Mutual labels: osint, infosec, pentest
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+657.33%)
Mutual labels: hacking, pentest, infosec
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+1441.33%)
Mutual labels: osint, hacking, offensive-security
Urlcrazy
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Stars: ✭ 150 (+0%)
Mutual labels: osint, hacking, infosec
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (+8.67%)
Mutual labels: hacking, pentest, infosec
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+21.33%)
Mutual labels: hacking, infosec, offensive-security
Reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (+314%)
Mutual labels: osint, hacking, pentest
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+549.33%)
Mutual labels: hacking, pentest, sqli
Offensive Dockerfiles
This repository contains a collection of security-oriented tools as Dockerfiles.
This makes it easy to deploy various mission dependent tools using common cloud providers (AWS, Azure, Linode..).
The containers are built using Docker. Each container is made to suit required dependencies for each tool.
⭐️ Features
- Cross-platform deploy helper script included
- Manage cloud-based scans and attacks from your terminal
- Datacenter fiber internet connection, but still from your terminal!
- Keep your local environment clean from all those attack toolz
- ☁️ Become a real nomad ninja ☁️
- Mix and match with the Red Team Infractructure Guide and Red Baron!
Efforts have been made to keep Dockerfiles minimal.
🔍 Example with sqlmap:
git clone https://github.com/khast3x/Offensive-Dockerfiles.git
cd Offensive-Dockerfiles/sqlmap
docker build -t sqlmap .
docker run -it sqlmap:latest --wizard
🔍 deployHelper binary demo:
🚀 Working:
Name | Description |
---|---|
tulpar | Web Vulnerability Scanner |
nmap + Vulscan + Vulners scripts | Latest Nmap Scripting Engine (NSE) modules, as well as the Vulscan NSE script and the vulners API to NSE script. |
sqlmap | Automatic SQL injection and database takeover tool |
dcrawl | Simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. |
V3n0m Scanner | Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns |
golismero | The Web Knife |
sqliv | massive SQL injection vulnerability scanner |
datasploit | Performs OSINT on a domain / email / username / phone |
gitminer | Tool for advanced mining for content on Github |
Cr3d0v3r | Know the dangers of credential reuse attacks |
UFONet | UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. |
Striker | Striker is an offensive information and vulnerability scanner |
emailHarvester | Email addresses harvester |
BruteX | Automatically brute force all services running on a target |
BlackWidow | A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website |
Shiva | Improved DOS exploit for wordpress websites (CVE-2018-6389) |
Memcrashed | This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io |
ctfr | Domain enumeration, it just abuses of Certificate Transparency logs |
twa | A tiny web auditor with strong opinions |
Photon | Incredibly fast crawler designed for OSINT |
CMSeek | CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs |
HashBuster | Crack hashes in seconds |
To push to repo (currently are sitting as forks)
- CloudScraper
- hershell
- Merlin
Notes:
- Adding them as I go. Don't expect production-ready images
- Uses either python-slim or python-alpine
- Tools will show help dialog if no arguments are passed
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].