SecJack大规模杀伤性武器(Weapon of Mass Destruction)
这是一款用 Python 写的安全工具集。软件封装于“模块”中。模块主要由纯 Python 代码和第三方程序组成。
主要功能
1) 要使用模块,运行命令 "use [module_call]",例如使用 "use apsniff" 激活模块。
2) 可以使用 "set [parameter] [value]" 更改模块选项。
3) 在模块内,可以用命令 "so" 查看选项。
4) 环境设置位于 core/config.ini 中。请在运行程序之前进行调整。
截屏:
Web 界面
控制台运行命令“www”,激活 Flask 服务,即可在浏览器中展示模块。通过 127.0.0.1:5000 访问。
模块会直接加载到 xterm 中。
DEV: 可以试一下 SniffHTTP 和 APsniff 模块 - 可在浏览器中定义参数。
Screenshot:
模块列表
| CAT: | TYPE: | CALL: | NAME: | DESCRIPTION: |
|---|---|---|---|---|
| bruteforce | creds | changeme | Default creds scan | Scan IP's for services and try logging in with default credentials (Arthur: ztgrace) |
| bruteforce | loginpath | adminfinder | Admin Finder | A Simple script to find admin-paths for webpages. (Arthur: Spaddex) |
| bruteforce | rar | bfrar | BF RAR | Bruteforce a RAR file |
| bruteforce | ssh | bfssh | Bruteforce SSH | Bruteforce SSH login |
| bruteforce | web | bfweb | Bruteforce weblogin form | Bruteforce a weblogin form with word- and passlist |
| bruteforce | zip | bfzip | BF ZIP | Bruteforce a ZIP file |
| cracking | aut | john | John the Ripper | As you know - kill the hash |
| cracking | hash | hashid | Identify hash | Identify a hash |
| cracking | wpa | crackwpa | Crack WPA 4-way handshake | Gather WPA 4-way handshake from accesspoint and crack it |
| exploit | browser | browserpwn | Browser Autopwn2 | This module will automatically serve browser exploits (Arthur: sinn3r[at]metasploit.com) |
| exploit | search | exploitdb | Exploitdb | Shell-style script to search exploit-db.com exploits. (Arthur: mattoufoutu) |
| sin | mspoofcheck | Spoofcheck email domain | Check if a domain can be spoofed for e.g. emailing | |
| monitor | arp | arpmon | ARP monitor alert | Monitor ARP table and alert for changes |
| monitor | ip | ipmon | IP monitor alert | Monitor IP's and alert for changes |
| other | settings | settings | Change settings | Change your environment settings, e.g. interface |
| pentesting | niptt | sparta | SPARTA | SPARTA is a python GUI application which simplifies network infrastructure penetration testing. |
| phishing | ap | etphis | Ewil Twin phishing | Create a Evil Twin and redirect user to fake password page. |
| phishing | webpage | webphis | Webpage phishing | Run a local flask server with phishing pages. |
| recon | dns | dig | Domain info groper | Using dig command you can query DNS name servers for your DNS lookup related tasks |
| recon | dns | dnsmap | dnsmap | DNS Network Mapper. Enumeration and bruteforcing. |
| recon | dns | dnsrecon | dnsrecon | Multiple DNS recon abilities. |
| router | framework | rsploit | Routersploit | Framework for routers with exploits and getting creds. (Arthur: Reverse Shell Security) |
| scan | sin | lanscan | Lan scan | Scan local net - recon |
| sniff | aut | apsniff | AP sniff | Create AP and sniff HTTPS and avoid HSTS + Beef |
| sniff | http | sniffhttp | Sniff HTTP | Sniff HTTP packages. Extract username and passwords from traffic. |
| sniff | sin | bettercap | Bettercap | Bettercap integration for sniffing packets and bypass HSTS and HTTPS |
| socialeng | instabot | Instagram bot | Instagram bot for performing various activities (Arthur: LevPasha) | |
| spoof | arp | arpspoof | ARP spoof | Spoofing ARP |
| sql | sqli | gdsqli | Gdork SQLi | Scrape net for urls and check if they are prone to SQL injection |
| sql | sqli | sqlmap | SQLmap | Just an activation of SQLmap. |
| system | mac | macc | Macchanger | Change your MAC address |
| tools | search | searchht | Search hacktools | Searchengine for hackingtools |
| wifi | accesspoint | createap | Create an Accesspoint | Create an Accesspoint |
| wifi | wifi | wifiutils | WiFi utils | Utilities for WiFi, e.g. deauth, WiFi's, clients, probes, etc. |
运行
运行前:
1. 调整core/config.ini.default 中的环境选项。
2. 将 core/config.ini.default 重命名为 core/config.ini。
开启终端:
|
1 |
python3 wmd.py |
使用单独的模块:
|
1 |
python3 wmd.py -m [CALL] |
开启 web 服务:
|
1 |
python3 wmd.py -w |
不检查依赖运行:
|
1 |
python3 wmd.py -nc |
环境要求:
- Linux 系统
- Python3
- Python 库的要求位于 requirements.txt
可选项 tools/software/GIT:
这些模块需要时会通知你,并不会直接运行
- GIT: Admin-Finder
- Aircrack-ng
- Airomon-ng
- Airodump-ng
- Airolib-ng
- Arp
- Arpspoof
- Beef
- Bettercap
- GIT: changeme
- CrackMapExec
- Create_ap
- Dig
- Dnsmap
- GIT: Dnsrecon
- GIT: Exploitdb
- GIT: Hashid
- Hostapd
- GIT: Instabot
- John the Ripper
- Nmap
- GIT: Routersploit
- SPARTA
- GIT: Spoofcheck
- GIT: XSSER
部署
项目结构
- core --> 核心文件中使用了所有的代码。
- files --> 静态文件,密码列表等。
- logs --> 用于保存日志的标准文件夹。
- modules --> 包括各种模块。
- tmp --> 你猜呢
- tools --> GIT 工具。
- www --> webserver 的文件。
新模块
可以在 modules/module_template.py 中检查模板。
添加模块
Run
|
1 |
python3 wmd.py -a modulePathName.py |
