A Penetration Testing Framework
______ ______ (_____ \ (____ \ _____) ) ____ ____ ____) ) ___ _ _ | ____/ / _ )| _ \ | __ ( / _ \ ( \ / ) | | ( (/ / | | | || |__) )| |_| | ) X ( |_| \____)|_| |_||______/ \___/ (_/ \_) V2.3 A Penetration Testing Framework [+] Coded BY Mohamed Nour & Fedy Wesleti [+] [+] FB/mohamed.zeus.0 ~~ FB/CEH.tN [+] [+] Greetz To All Pentesters [+] Select from the menu: 1 : Information Gathering 2 : Password Attacks 3 : Wireless Testing 4 : Exploitation Tools 5 : Sniffing & Spoofing 6 : Web Hacking 7 : Private Tools 8 : Post Exploitation 9 : Recon 99: Exit
Information Gathering :
- nmap
- Setoolkit
- Port Scanning
- Host To IP
- wordpress user enumeration
- CMS scanner
- XSStracer – checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection
- Doork – Google Dorks Passive Vulnerability Auditor
- Scan A server’s Users
Password Attacks :
- Cupp
- Ncrack
Wireless Testing :
- reaver
- pixiewps
- Bluetooth Honeypot GUI Framework
Exploitation Tools :
- Venom
- sqlmap
- Shellnoob
- commix
- FTP Auto Bypass
- jboss-autopwn
- Blind SQL Automatic Injection And Exploit
- Bruteforce the Android Passcode given the hash and salt
- Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection Scanner
Sniffing & Spoofing :
- Setoolkit
- SSLtrip
- pyPISHER
- SMTP Mailer
Web Hacking :
- Drupal Hacking
- Inurlbr
- WordPress & Joomla Scanner
- Gravity Form Scanner
- File Upload Checker
- WordPress Exploit Scanner
- WordPress Plugins Scanner
- Shell and Directory Finder
- Joomla! 1.5 – 3.4.5 remote code execution
- Vbulletin 5.X remote code execution
- BruteX – Automatically brute force all services running on a target
- Arachni – Web Application Security Scanner Framework
- Sub-domain Scanning
- WordPress Scanning
- WordPress Username Enumeration
- WordPress Backup Grabbing
- Sensitive File Detection
- Same-Site Scripting Scanning
- Click Jacking Detection
- Powerful XSS vulnerability scanning
- SQL Injection vulnerability scanning
Private Tools
- Get all websites
- Get joomla websites
- Get wordpress websites
- Find control panel
- Find zip files
- Find upload files
- Get server users
- Scan from SQL injection
- Scan ports (range of ports)
- Scan ports (common ports)
- Get server banner
- Bypass Cloudflare
Post Exploitation
- Shell Checker
- POET
- Weeman – Phishing Framework
Recon
- Sniper
Installation
git clone https://github.com/x3omdax/PenBox.git