GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → htrgouvea → spellbook

htrgouvea / spellbook

Licence: other
Framework for rapid development and reusable of security tools

Programming Languages

perl
6916 projects
Raku
181 projects

Labels

securityframeworkexploitctfbugbountypentestsecurity-tools

Projects that are alternatives of or similar to spellbook

YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-47.76%)
Mutual labels:  exploit, bugbounty, pentest
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-64.18%)
Mutual labels:  exploit, bugbounty, pentest
CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (+1034.33%)
Mutual labels:  exploit, bugbounty, pentest
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+2808.96%)
Mutual labels:  exploit, bugbounty, pentest
MyJWT
A cli for cracking, testing vulnerabilities on Json Web Token(JWT)
Stars: ✭ 92 (+37.31%)
Mutual labels:  ctf, pentest
Ctf All In One
CTF竞赛权威指南
Stars: ✭ 2,807 (+4089.55%)
Mutual labels:  exploit, ctf
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+111.94%)
Mutual labels:  bugbounty, pentest
kernelpwn
kernel-pwn and writeup collection
Stars: ✭ 348 (+419.4%)
Mutual labels:  exploit, ctf
Stuff
Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest
Stars: ✭ 146 (+117.91%)
Mutual labels:  exploit, pentest
flydns
Related subdomains finder
Stars: ✭ 29 (-56.72%)
Mutual labels:  bugbounty, pentest
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-53.73%)
Mutual labels:  bugbounty, pentest
Hackers Tool Kit
Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
Stars: ✭ 211 (+214.93%)
Mutual labels:  exploit, pentest
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+4244.78%)
Mutual labels:  exploit, pentest
tryhackme-ctf
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (+108.96%)
Mutual labels:  exploit, pentest
Ctf
some experience in CTFs
Stars: ✭ 165 (+146.27%)
Mutual labels:  exploit, ctf
rejig
Turn your VPS into an attack box
Stars: ✭ 33 (-50.75%)
Mutual labels:  bugbounty, pentest
k8badusb
BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit
Stars: ✭ 32 (-52.24%)
Mutual labels:  exploit, pentest
project-black
Pentest/BugBounty progress control with scanning modules
Stars: ✭ 279 (+316.42%)
Mutual labels:  bugbounty, pentest
exploiting
Exploiting challenges in Linux and Windows
Stars: ✭ 122 (+82.09%)
Mutual labels:  exploit, ctf
haiti
🔑 Hash type identifier (CLI & lib)
Stars: ✭ 287 (+328.36%)
Mutual labels:  ctf, pentest
View All Similar Projects ➔

Spellbook

A micro-framework for rapid development of reusable security tools

Summary

Spellbook uses FBP: "In computer programming, flow-based programming (FBP) is a programming paradigm that defines applications as networks of "black box" processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented." [1]

The main focus of this “micro-framework” is turn in reality the rapid development of security tools using reusable patterns of FBP.

"Third clark law: any sufficiently advanced technology is indistinguishable from magic" - that's why this project is called spellbook.

Download and install

# Download
$ git clone https://github.com/htrgouvea/spellbook && cd spellbook

# Install libs and dependencies
$ cpan install Getopt::Long Mojo::File Mojo::JSON Find::Lib

How to use

Spellbook v0.2.5
Core Commands
==============
	Command          Description
	-------          -----------
	-s, --search     List modules, you can filter by category
	-m, --module     Set a module to use
	-h, --help       To see help menu of a module

Example

# Searching for exploits 
$ perl spellbook.pl --search exploit

Module: Exploit::CVE_2017_5487
Description: Read usernames leaked on WordPress API
=================================================

Module: Exploit::Shellshock
Description: Exploit for shellshock vuln
=================================================

Module: Exploit::Subdomain_Takeover_Check
Description: A checker for the possibility of subdomain takeover attack
=================================================
[...]

# Using an exploit
$ perl spellbook.pl -m Exploit::CVE_2006_3392 --help

Exploit::CVE_2006_3392
=======================
-h, --help     See this menu
-t, --target   Define a target
-f, --file     Define a file to read

$ perl spellbook.pl -m Exploit::CVE_2006_3392 -t http://172.30.0.15:10000/ -f /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
[...]

If you are interested in developing new modules, a good start point is to read the development guide.

Contribution

License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].