-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathpackage-dist.ini
407 lines (407 loc) · 17.1 KB
/
package-dist.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
[Ppfuzz]
depends=ppfuzz
command='echo "https://$target_domain/" | ppfuzz > "$logfile"'
description='A fast tool to scan client-side prototype pollution vulnerability'
[Dalfox]
post_install='go install github.com/hahwul/dalfox/v2@latest'
depends=dalfox
command='dalfox url https://$target_domain/ -F --waf-evasion -S --no-color --output-all > "$logdir/${dtreport}dalfox.log"'
description='Powerful XSS scan tool'
[Subjs]
post_install='go install -v github.com/lc/subjs@latest'
depends=subjs
command='subjs -i "$logdir/${dtreport}owasp.log" -t 20 -c 40 > "$logfile"'
description='Parsing javascript files can help you find undocumented endpoints, secrets etc.'
[Gauplus]
post_install='go install github.com/bp0lr/gauplus@latest'
depends=gauplus
command='cat "$logdir/${dtreport}mrx.log" | gauplus --random-agent -subs -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 25 | uro | anew > "$logfile"'
description='Modified version of (gau) for personal use. Support workers, proxies and some extra stuff.'
[Naabu]
post_install='go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest'
depends=naabu
command='naabu -host "$target_domain" -r "$resolvers" -scan-all-ips -nc -tp 1000 -silent | anew > "$logfile"'
description='Quick SYN/CONNECT scans on host/host list'
[RustScan]
post_install='wget -qO /tmp/rustscan_2.0.1_amd64.deb https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb; dpkg -i /tmp/rustscan_2.0.1_amd64.deb'
depends=rustscan
command='rustscan -a "$target_ip" -- -sS -sCV -Pn > "$logfile"'
description='Modern Port Scanner. Fast, smart, effective.'
[Gospider]
post_install='go install github.com/jaeles-project/gospider@latest'
depends=gospider
command='gospider -s "https://$target_domain/" -d 10 -c 20 -t 50 -K 3 --js -a -w --blacklist ".(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|svg|txt)" --include-subs -q | anew > "$logdir/${dtreport}gospider.log"'
description='Fast web spider'
[Gobuster]
post_install='go install github.com/OJ/gobuster/v3@latest'
depends=gobuster
command='gobuster dir --url "https://$target_domain/" --no-error --wildcard -z -q -t 80 -w "$directoryM" | anew > "$logfile"'
description='Gobuster is a tool used to brute-force'
[Crlfuzz]
post_install='go install github.com/dwisiswant0/crlfuzz/cmd/crlfuzz@latest'
depends=crlfuzz
command='crlfuzz -l "$logdir/${dtreport}owasp.log" -c 50 -s -o "$logfile"'
description='Fast tool to scan CRLF vulnerability written in Go'
[Ffuf]
post_install='go install github.com/ffuf/ffuf@latest'
depends=ffuf
command='ffuf -u http://FUZZ.$target_domain/ -t 150 -p '1.0-2.0' -s -w "$deepmagic" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" -mc 200 -r -o "$logfile"'
description='Fast web fuzzer'
[Nuclei]
post_install='go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest'
url=https://github.com/projectdiscovery/nuclei-templates
depends=nuclei
command='nuclei -update-templates; nuclei -l "$logdir/${dtreport}mrx.log" -silent -nc -t /usr/local/projectdiscovery/nuclei-templates -o "$logfile"'
description='Fast and customizable DSL-based vulnerability scanner'
[ParamSpider]
url=https://github.com/DonatoReis/ParamSpider
script=paramspider.py
depends=paramspider
command='paramspider -d "$target_domain" --quiet --subs True --level high -o "$logfile"'
description='Finds parameters of subdomains and web files'
[sqlmap]
url=https://github.com/sqlmapproject/sqlmap
script=sqlmap.py
command='sqlmap --update; sqlmap -u https://$target_domain/ -g --threads 10 --batch --level 3 --risk 2 -a --random-agent --output "$logfile"'
description='Open source tool that automates the SQL injection detection and exploitation process'
[massdns]
url=https://github.com/blechschmidt/massdns
post_install='cd "$installdir"; make'
script=bin/massdns
command='massdns -r "$resolvers" "$logdir/${dtreport}mrx.log" -o S --status-format json -w "$logfile"'
description='MassDNS is a simple high-performance DNS stub resolver'
[XSStrike]
url='https://github.com/s0md3v/XSStrike'
script=xsstrike.py
depends=xsstrike
command='xsstrike --update; xsstrike -u "https://$target_domain" --crawl -l 3 --skip -t 4 --blind --file-log-level INFO --log-file "$logfile"'
description='Explore xss on websites'
[Joomscan]
url=https://github.com/OWASP/joomscan
script=joomscan.pl
depends=joomscan
command='perl /usr/local/bin/joomscan.pl -u "https://$target_domain/" -ec -r > "$logdir/${dtreport}joomscan.log"'
description='Vulnerability Scanner'
[Corsy]
url=https://github.com/s0md3v/Corsy
script=corsy.py
depends=corsy
command='corsy -i "$logdir/${dtreport}httpx.log" -t 20 -d 2 > "$logfile"'
description='CORS Misconfiguration Scanner'
[CrackMapExec]
depends=crackmapexec
command='crackmapexec smb "$logdir/${dtreport}mrx.log" > "$logfile"'
description='Vulnerability SMB/MYSQL/HTTP'
[Sslyze]
url=https://github.com/nabla-c0d3/sslyze
post_install='pip3 install "$installdir"'
depends=sslyze
command='sslyze --update_trust_stores; sslyze $target_domain --slow_connection --compression > "$logfile"'
description='Fast and powerful SSL/TLS scan tool'
[Sslscan]
url=https://github.com/rbsec/sslscan
post_install='cd "$installdir"; make static'
depends=sslscan
command='sslscan --tlsall --show-certificate --no-colour --sleep=1000 $target_domain > "$logfile"'
description='Detailing SSL/TLS cipher suites'
[KiteRunner]
url=https://github.com/assetnote/kiterunner
post_install='cd "$installdir"; make build'
script='dist/kr'
depends=kr
command='kr scan "$target_domain" -A=apiroutes-210328:20000 -x 25 -j 150 -q -o "$logfile"'
description='API Discovery'
[PwnedOrNot]
url=https://github.com/thewhiteh4t/pwnedOrNot
post_install='cd "$installdir"; bash ./install.sh'
script=pwnedornot.py
depends=pwnedornot
[Ghunt]
url=https://github.com/mxrch/ghunt
depends=ghunt.py
[Email-search]
depends=EmailHarvester emailfinder holehe
command='EmailHarvester -d $target_domain -e all -s $logdir/${dtreport}emailharvester.log; emailfinder -d $target_domain > $logdir/${dtreport}emailfinder.log; while read mail; do holehe --no-clear --only-used --no-color "$mail"; done < <(cat $logdir/${dtreport}email{harvester,finder}.log) > "$logfile"'
description='Search for emails about the given domain and host'
[EmailHarvester]
url=https://github.com/maldevel/EmailHarvester
post_install='printf "#!/usr/bin/env bash\\ncd $installdir\\npython3 $installdir/EmailHarvester.py \\"\\$@\\"\\n" > "$bindir/EmailHarvester"; chmod +x "$bindir/EmailHarvester"'
[Emailfinder]
url=https://github.com/DonatoReis/EmailFinder
depends=emailfinder
[Gitdumper]
url=https://github.com/arthaud/git-dumper
script=git_dumper.py
depends=git-dumper
command='git-dumper "https://$target_domain/.git/" DIR > "$logfile"'
description='Tool to dump a git repository from a website'
[Wpscan]
depends=wpscan
command='wpscan --url "http://$target_domain/" -t 10 --rua --no-banner --api-token "$wpscan_api_token" --force -e vp -f cli-no-color -o "$logfile"; wpscan --url "http://$target_domain/" -t 10 --rua --no-banner --force -e vp -f cli-no-color -o "$logfile"'
description='WordPress Security Scanner'
[Droopescan]
depends=droopescan
command='droopescan scan joomla -t 8 -e a -U "$logdir/${dtreport}httpx.log" > "$logdir/${dtreport}droopejoomla.log"; droopescan scan drupal -t 8 -e a -U "$logdir/${dtreport}httpx.log" > "$logdir/${dtreport}droopedrupal.log"; droopescan scan silverstripe -t 8 -e a -U "$logdir/${dtreport}httpx.log" > "$logdir/${dtreport}droopesilverstripe.log"; droopescan scan moodle -t 8 -e a -U "$logdir/${dtreport}httpx.log" > "$logdir/${dtreport}droopemoodle.log"'
description='Scanner identifying CMS issues'
[Commix]
url=https://github.com/commixproject/commix
script=commix.py
command='commix --update; commix -u https://$target_domain/ --all --level 3 --crawl 2 --batch --random-agent --disable-coloring --output-dir="$logfile"'
description='Is an open source penetration testing tool'
[OpenRedireX]
url=https://github.com/devanshbatham/OpenRedireX
script=openredirex.py
depends=openredirex
command='openredirex -l "$logdir/${dtreport}paramspider.log" -p "$payloadredirect" --keyword FUZZ > "$logfile"'
description='Asynchronous Open redirect Fuzzer'
[Testssl]
url=https://github.com/drwetter/testssl.sh
script=testssl.sh
depends=testssl
command='testssl -U -9 --color 0 --quiet $target_domain > "$logfile"'
description='Support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws'
[Gxss]
post_install='go install github.com/KathanP19/Gxss@latest'
depends=Gxss dalfox
command='cat "$logdir/${dtreport}owasp.log" | Gxss -c 100 -p Xss | sort -u | dalfox pipe -S --no-color --output-all > "$logdir/${dtreport}gxss.log"'
description='A Light Weight Tool for checking reflecting Parameters in a URL.'
[GetJS]
post_install='go install github.com/003random/getJS@latest'
depends=getJS
command='getJS --input "$logdir/${dtreport}owasp.log" --complete --nocolors --resolve --output "$logfile"'
description='getJS is a tool to extract all the javascript files from a set of given urls.'
[Jaeles]
post_install='go install github.com/jaeles-project/jaeles@latest'
dependes=jaeles
command='jaeles scan -G --fi -c 50 -s "$HOME/signatures/*" -U "$logdir/${dtreport}httpx.log" > "$logfile"'
description='Jaeles is a powerful, flexible and easily extensible framework.'
[Cf-check]
post_install='go install github.com/dwisiswant0/cf-check@latest'
depends=cf-check anew findomain-linux naabu filter-resolved
command='cat "$logdir/${dtreport}mrx.log" | filter-resolved | cf-check -d | anew | naabu -silent -s -verify -nc > "$logfile"'
description='Check an Host is Owned by CloudFlare.'
[LinkFinder]
url=https://github.com/GerbenJavado/LinkFinder
script=linkfinder.py
depends=linkfinder
command='linkfinder -i https://$target_domain/ -d -o cli > "$logfile"'
description='Script written to discover endpoints and their parameters in JavaScript files.'
[enum4linux]
depends=enum4linux
command='enum4linux $target_ip -A -d > "$logfile"'
description='Enumerating information from Windows and Samba systems'
[Infoga]
url=https://github.com/m4ll0k/Infoga
script=Infoga/infoga.py
depends=infoga
command='infoga -d $target_domain --breach --report "$logfile"'
description='Tool gathering email accounts informations'
[Sherlock]
url=https://github.com/sherlock-project/sherlock
script=sherlock/sherlock.py
depends=sherlock
[Dirsearch]
url=https://github.com/maurosoria/dirsearch
depends=dirsearch
post_install='printf "#!/usr/bin/env bash\\ncd $installdir\\n$installdir/dirsearch.py \\"\\$@\\"\\n" > "$bindir/dirsearch"; chmod +x "$bindir/dirsearch"'
[Takeover]
url=https://github.com/m4ll0k/takeover
[Knock]
url=https://github.com/guelfoweb/knock
[Dnspython]
url=https://github.com/rthalley/dnspython
[SocialFish]
url=https://github.com/UndeadSec/SocialFish
[SecLists]
url=https://github.com/danielmiessler/SecLists
[Feroxbuster]
post_install='cd "$bindir"; curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/master/install-nix.sh | bash'
depends=feroxbuster
[Urldedupe]
url=https://github.com/ameenmaali/urldedupe.git
post_install='cd "$installdir"; cmake CMakeLists.txt; make'
[Anonsurf]
url=https://github.com/Und3rf10w/kali-anonsurf
post_install='cd "$installdir"; sed -E -i "/-y/! s/apt-get (-f )?install/& -y/" installer.sh; ./installer.sh'
depends=anonsurf
[Gf-Patterns]
url=https://github.com/1ndianl33t/Gf-Patterns
post_install="sudo $SUDO_OPT sh -c 'mkdir -p \$HOME/.gf; cp $installdir/*.json ~/.gf' && rm -rf $installdir"
[Janmasarik]
url=https://github.com/janmasarik/resolvers
[pyrit]
url=https://github.com/hacker3983/pyrit-installer
post_install='cd "$installdir"; bash ./install.sh'
[pyosint]
url=https://github.com/d8rkmind/Pyosint
script=pyosint.py
[DockerRegistryGrabber]
url=https://github.com/Syzik/DockerRegistryGrabber
script=DockerGraber.py
[MHDDoS]
url=https://github.com/MatrixTM/MHDDoS
script=start.py
[Elpscrk]
url=https://github.com/D4Vinci/elpscrk
script=elpscrk.py
[fsociety]
url=https://github.com/Manisso/fsociety
script=fsociety.py
[Liffy]
url=http://github.com/mzfr/liffy
script=liffy.py
[The-endorser]
url=https://github.com/eth0izzle/the-endorser
script=the-endorser.py
[Saycheese]
url=https://github.com/hangetzzu/saycheese
script=saycheese.sh
[Seeker]
url=https://github.com/thewhiteh4t/seeker
script=seeker.py
[theHarvest]
url=https://github.com/laramies/theHarvester
script='bin/theHarvester'
[Sayhello]
url=https://github.com/d093w1z/sayhello
script=sayhello.sh
[HostHunter]
url=https://github.com/SpiderLabs/HostHunter
script=hosthunter.py
[Sublist3r]
url=https://github.com/aboul3la/Sublist3r
[Uro]
url=https://github.com/s0md3v/uro
depends=uro
[Findomain]
depends=findomain-linux
post_install='wget -O "$bindir/findomain-linux" https://github.com/findomain/findomain/releases/latest/download/findomain-linux; chmod +x "$bindir/findomain-linux"'
[Poetry]
post_install='curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python -'
script=poetry
[Ctfr]
url=https://github.com/UnaPibaGeek/ctfr
script=ctfr.py
[DNSCewl]
url=https://github.com/codingo/DNSCewl
script=DNSCewl
[Dnsrecon]
url=https://github.com/darkoperator/dnsrecon
script=dnsrecon.py
[Dnsvalidator]
url=https://github.com/vortexau/dnsvalidator
script=dnsvalidator
[Fff]
url=https://github.com/dylanaraps/fff
script=fff
[Gorgo]
url=https://github.com/pry0cc/gorgo
script=gorgo.py
[Interlace]
url=https://github.com/codingo/Interlace
script=interlace
[Masscan]
url=https://github.com/robertdavidgraham/masscan
script=masscan
[Ufw]
url=https://github.com/jbq/ufw
script=ufw
[Unimap]
url=https://github.com/Edu4rdSHL/unimap
script=unimap
[Leaky-paths]
url=https://github.com/ayoubfathi/leaky-paths
[holehe]
url=https://github.com/megadose/holehe
depends=holehe
[h8mail]
url=https://github.com/khast3x/h8mail
depends=h8mail
[Aquatone]
post_install='GO111MODULE=off go get github.com/shelld3v/aquatone'
depends=aquatone
[Ngrok]
post_install='wget -qO /etc/apt/trusted.gpg.d/ngrok.asc https://ngrok-agent.s3.amazonaws.com/ngrok.asc; echo "deb https://ngrok-agent.s3.amazonaws.com buster main" > /etc/apt/sources.list.d/ngrok.list; apt update; apt -y install ngrok'
depends=ngrok
[Brave]
post_install='curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg; echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main" > /etc/apt/sources.list.d/brave-browser-release.list; apt update; apt -y install brave-browser'
[Notify]
post_install='go install -v github.com/projectdiscovery/notify/cmd/notify@latest'
depends=notify
[Haktrails]
post_install='go install -v github.com/hakluke/haktrails@latest'
depends=haktrails
[Hakrawler]
post_install='go install github.com/hakluke/hakrawler@latest'
depends=hakrawler
[Subfinder]
depends=subfinder
post_install='go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest'
[Httpx]
post_install='go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest'
depends=httpx
[Chaos-client]
post_install='go install -v github.com/projectdiscovery/chaos-client/cmd/chaos@latest'
[Interactsh]
post_install='go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest'
[Shuffledns]
post_install='go install -v github.com/projectdiscovery/shuffledns/cmd/shuffledns@latest'
[Dnsx]
post_install='go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest'
[Crobat]
post_install='go install github.com/cgboal/sonarsearch/cmd/crobat@latest'
[Waybackurls]
post_install='go install github.com/tomnomnom/waybackurls@latest'
depends=waybackurls
[Kxss]
post_install='go install github.com/Emoe/kxss@latest'
[Qsreplace]
post_install='go install github.com/tomnomnom/qsreplace@latest'
depends=qsreplace
[filter-resolved]
post_install='go install github.com/tomnomnom/hacks/filter-resolved@latest'
depends=filter-resolved
[Puredns]
post_install='go install github.com/d3mondev/puredns/v2@latest'
[Gowitness]
post_install='go install github.com/sensepost/gowitness@latest'
[Gau]
post_install='go install github.com/lc/gau/v2/cmd/gau@latest'
[GF]
post_install='go install github.com/tomnomnom/gf@latest; cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf'
[Httprobe]
post_install='go install github.com/tomnomnom/httprobe@latest'
[unfurl]
post_install='go install github.com/tomnomnom/unfurl@latest'
[Assetfinder]
depends=assetfinder
post_install='go install github.com/tomnomnom/assetfinder@latest'
[Anew]
post_install='go install github.com/tomnomnom/anew@latest'
depends=anew
[Github-subdomains]
post_install='go install github.com/gwen001/github-subdomains@latest'
[Gron]
post_install='go install github.com/tomnomnom/gron@latest'
[Concurl]
post_install='go install github.com/tomnomnom/concurl@latest'
[Meg]
post_install='go install github.com/tomnomnom/meg@latest'
[Dirdar]
post_install='go install github.com/m4dm0e/dirdar@latest'
[Cngo]
post_install='go install github.com/yghonem14/cngo@latest'
[Soxy]
post_install='go install github.com/pry0cc/soxy@latest'
[Subjack]
post_install='go install github.com/haccer/subjack@latest'
[Http2smugl]
post_install='go install github.com/neex/http2smugl@latest'
[Burl]
post_install='go install github.com/tomnomnom/burl@latest'
[Cent]
post_install='go install github.com/xm1k3/cent@latest'
[page-fetch]
post_install='go install github.com/detectify/page-fetch@latest'
[jg]
post_install='https://github.com/gmmorris/jg'