Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a ‘Swiss Army Knife’ for pen-testing and/or hacking CTF’s.
Karkinos Beginner Friendly Penetration Testing Tool Features
- Encoding/Decoding characters
- Encrypting/Decrypting text or files
- Reverse shell handling
- Cracking and generating hashes
How to Install Karkinos Beginner Friendly Penetration Testing Tool
- Any server capable of hosting PHP
- Tested with PHP 7.4.9
- Tested with Python 3.8
- Make sure it is in your path as:
- If it is not, please change the commands in
- Raspberry Pi Zero friendly :) (crack hashes at your own risk)
git clone https://github.com/helich0pper/Karkinos.git
- pip3 install -r requirements.txt
cd wordlists && unzip passlist.zipYou can also unzip it manually using file explorer. Just make sure
passlist.txtis in wordlists directory.
- Make sure you have write privilages for
- If you don’t know where to find this, refer to the PHP docs. Note: MySQLi is only used to store statistics.
- Thats it! Now just host it using your preferred web server or run:
php -S 127.0.0.1:8888in the Karkinos directory.
Important: using port 5555, 5556, or 5557 will conflict with the Modules
If you insist on using these ports, change the
PORT value in:
- /bin/Server/app.py Line 87
- /bin/Busting/app.py Line 155
- /bin/PortScan/app.py Line 128
You can download Karkinos here:
Or read more here.
Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths.
It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path.
Features of Aclpwn.Py Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.Py currently has the following features:
- Direct integration with BloodHound and the Neo4j graph database (fast pathfinding)
- Supports any reversible ACL based attack chain (no support for resetting user passwords right now)
- Advanced pathfinding (Dijkstra) to find the most efficient paths
- Support for exploitation with NTLM hashes (pass-the-hash)
- Saves restore state, easy rollback of changes
- Can be run via a SOCKS tunnel
- Written in Python (2.7 and 3.5+), so OS independent
Installation of Aclpwn.py ACL Based Privilege Escalation
Aclpwn.py is compatible with both Python 2.7 and 3.5+. It requires the
ldap3 libraries. You can install aclpwn.py via pip:
pip install aclpwn. For Python 3, you will need the
python36 branch of impacket since the master branch (and versions published on PyPI) are Python 2 only at this point.
This tool does not exploit any vulnerabilities, but relies on misconfigured (often because of delegated privileges) or insecure default ACLs. To solve these issues, it is important to identify potentially dangerous ACLs in your Active Directory environment with BloodHound. For detection, Windows Event Logs can be used.
You can download Aclpwn.py here:
Or read more here.
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.
Features of Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub contains many frameworks, databases, applications, programming languages and more such as:
And many, many more.
To use Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack
Install the docker/docker-compose on Ubuntu 20.04:
# Install pip
curl -s https://bootstrap.pypa.io/get-pip.py | python3
# Install the latest version docker
curl -s https://get.docker.com/ | sh
# Run docker service
systemctl start docker
# Install docker compose
pip install docker-compose
It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The
your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.
You can download Vulhub by:
# Download project
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
# Enter the directory of vulnerability/environment
# Compile environment
# Run environment
docker-compose up -d
Or read more here.
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront knowledge of what SQLi is, the algorithm has been trained on tens of thousands of real SQLi attacks and hundreds of millions of user inputs taken from a Top 50 website for high precision and accuracy.
In addition, the algorithm categorizes SQLi attacks and provides templates for new attacks or new fuzzing algorithms.
LibInjection currently supports:
- C and C++
- Java (external port)
LibInjection is available for integration into applications, web application firewalls, or porting to other programming languages.
You can download LibInjection here:
Or read more here.
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based operating systems. Features of Grype Vulnerability Scanner For Container Images & Filesystems Scan the contents of a container image or filesystem to find known vulnerabilities and find vulnerabilities for major […]
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. This will help you to decrease the time to uncover suspicious activity and the tool will make good use of the windows […]