Skip to content

Home

Jump to bottom
Sofiane Hamlaoui edited this page Sep 7, 2019 · 13 revisions

image


Lockdoor Penetsting Framework

Overview

LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one.

Features

Added value : (what makes it different from other frameworks).

Pentesting Tools Selection: -------------------------- - Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).

  • what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali,Parrot Os and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
  • Easy Customization: Easily add/remove tools. (Added value)

Resources and cheatsheets: (Added value) -------------------------- - Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools ! Pentesing and Security Assessment Findings Reports templates (Added value) , Pentesting walkthrough examples and tempales (Added value) and more.

  • Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role ! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.
Lockdoor Tools contents:
Information Gathering:
--------------------------
  • Tools:
  • dirsearch : A Web path scanner
  • brut3k1t : security-oriented bruteforce framework
  • gobuster : DNS and VHost busting tool written in Go
  • Enyx : an SNMP IPv6 Enumeration Tool
  • Goohak : Launchs Google Hacking Queries Against A Target Domain
  • Nasnum : The NAS Enumerator
  • Sublist3r : Fast subdomains enumeration tool for penetration testers
  • wafw00f : identify and fingerprint Web Application Firewall
  • Photon : ncredibly fast crawler designed for OSINT.
  • Raccoon : offensive security tool for reconnaissance and vulnerability scanning
  • DnsRecon : DNS Enumeration Script
  • Reconnoitre : multithreaded information gathering and service enumeratio tool
  • sherlock : Find usernames across social networks
  • snmpwn : An SNMPv3 User Enumerator and Attack tool
  • Striker : an offensive information and vulnerability scanner.
  • theHarvester : E-mails, subdomains and names Harvester
  • URLextractor : Information gathering & website reconnaissance
  • denumerator.py : Enumerates list of subdomains
  • other : other Information gathering,recon and Enumeration scripts I collected somewhere.
  • Frameworks:
  • ReconDog : Reconnaissance Swiss Army Knife
  • RED_HAWK : All in one tool for Information Gathering, Vulnerability Scanning and Crawling
  • TIDoS : Offensive Manual Web Application Penetration Testing Framework.
  • Dracnmap : Info Gathering Framework
Web Hacking:
--------------------------
  • Tools:
  • Spaghetti : Spaghetti - Web Application Security Scanner
  • HTTPoxyScan : HTTPoxy Exploit Scanner by 1N3
  • CMSmap : CMS scanner
  • BruteXSS : BruteXSS is a tool to find XSS vulnerabilities in web application
  • PyFiScan : web-application vulnerability and version scanner
  • J-dorker : Website List grabber from Bing
  • droopescan : scanner , identify , CMSs , Drupal , Silverstripe.
  • ptiva : Web Application Scanne
  • V3n0M : Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • Priv8SqliTool : Find Sqli Targets v
  • SqliV : massive SQL injection vulnerability scanner
  • AtScan : Advanced dork Search & Mass Exploit Scanner
  • ToolB0x : penetration testing and information gathering!
  • WPSeku : Wordpress Security Scanner
  • WpBrute : Wordpress BruteForce Tools
  • Wpscan : A simple Wordpress scanner written in python
  • B7S-ToolB0x : Wordpress vulnerability scanner
  • XSStrike : Most advanced XSS scanner.
  • joomscan : Joomla Vulnerability Scanner Project
  • Frameworks:
  • Dzjecter : Server checking Tool
  • W3af : web application attack and audit framework
Privilege Escalation:
--------------------------
  • Tools:
  • Linux :
  • Scripts :
  • linux_checksec.sh
  • linux_enum.sh
  • linux_gather_files.sh
  • linux_kernel_exploiter.pl
  • linux_privesc.py
  • linux_privesc.sh
  • linux_security_test
  • Linux_exploits folder
  • Windows :
  • windows-privesc-check.py
  • windows-privesc-check.exe
  • MySql :
  • raptor_udf.c
  • raptor_udf2.c
Reverse Engineering:
--------------------------
  • Radare2 : unix-like reverse engineering framework
  • VirtusTotal : VirusTotal tools
  • Miasm : Reverse engineering framework
  • Mirror : reverses the bytes of a file
  • DnSpy : .NET debugger and assembly
  • DLLRunner : a smart DLL execution script for malware analysis in sandbox systems.
  • Fuzzy Server : a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
  • yara : a tool aimed at helping malware researchers toidentify and classify malware samples
  • Spike : a protocol fuzzer creation kit + audits
  • other : other scripts collected somewhere
Exploitation:
--------------------------
  • Findsploit : Find exploits in local and online databases instantly
  • MassExpConsole : concurrent exploiting
  • Pompem : Exploit and Vulnerability Finder
  • rfix : Python tool that helps RFI exploitation.
  • InUrlBr : Advanced search in search engines
  • linux-exploit-suggester2 : Next-Generation Linux Kernel Exploit Suggester
  • other : other scripts I collected somewhere.
Shells:
--------------------------
  • WebShells : Webshells Collection
  • ShellSum : A defense tool - detect web shells in local directories
  • Weevely : Weaponized web shell
  • python-pty-shells : Python PTY backdoors
Password Attacks:
--------------------------
  • crunch : a wordlist generator
  • CeWL : a Custom Word List Generator
  • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
Encryption - Decryption:
--------------------------
  • Codetective : a tool to determine the crypto/encoding algorithm used
  • findmyhash : Python script to crack hashes using online services
  • hashID : Software to identify the different types of hashes
Post Exploitation::
--------------------------

-Tools :
  • TheFatRat : massive exploiting tool
Reverse Engineering:
--------------------------
  • scythe : an accounts enumerator
=============
Lockdoor Resources contents:

Information Gathering:

Crypto:

Exploitation:

Networking:

Password Attacks:

Post Exploitation:

Privilege Escalation:

Pentesting & Security Assessment Findings Report Templates: -------------------------- - Demo Company - Security Assessment Findings Report.docx - linux-template.md - PWKv1-REPORT.doc - pwkv1_report.doc - template-penetration-testing-report-v03.pdf - windows-template.md

Reverse Engineering:

Social Engineering:

Walk Throughs:

Web Hacking:

Other:

Clone this wiki locally