Hacking

Lockdoor – All in One Penetration Testing Framework

LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ‘ /pentest/ ‘ directory so this Framework is helping you to build a perfect one.

Penetration Testing Tools

  • Lockdoor doesn’t contain all pentesting tools (Added value) , let’s be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
  • what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali,Parrot Os and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
  • Easy customization: Easily add/remove tools. (Added value)
  • Installation: You can install the tool automatically using the installer.sh , Manually or on Docker [COMING SOON]

Resources and cheatsheets

  • Resources: That’s what makes Lockdoor Added value, Lockdoor Doesn’t contain only tools ! Pentesing and Security Assessment Findings Reports templates (Added value) , Pentesting walkthrough examples and tempales (Added value) and more.
  • Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role ! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.
CQTools – Ultimate Hacking Toolkit
  • Automatically
    git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git && cd Lockdoor-Framework chmod +x ./install.sh ./install.sh
  • Manually
    • Installing requirments
      python python-pip python-requests python2 python2-pip gcc ruby php git wget bc curl netcat subversion jre-openjdk make automake gcc linux-headers gzip
    • Installing Go
      wget https://dl.google.com/go/go1.13.linux-amd64.tar.gz tar -xvf go1.13.linux-amd64.tar.gz mv go /usr/local export GOROOT=/usr/local/go export PATH=$GOPATH/bin:$GOROOT/bin:$PATH rm go1.13.linux-amd64.tar.gz
    • Installing Lockdoor
      # Clonnig git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git && cd Lockdoor-Framework # Create the config file # INSTALLDIR = where you want to install Lockdoor (Ex : /opt/sofiane/pentest) echo "Location:"$installdir > $HOME"/.config/lockdoor/lockdoor.conf" # Moving the resources folder mv ToolsResources/* INSTALLDIR # Installing Lockdoor from PyPi pip3 install lockdoor
  • Docker Installation
    COMING SOON

Screenshots

Demo

Lockdoor Tools contents ️ :

Information Gathering :

  • Tools:
    • dirsearch : A Web path scanner
    • brut3k1t : security-oriented bruteforce framework
    • gobuster : DNS and VHost busting tool written in Go
    • Enyx : an SNMP IPv6 Enumeration Tool
    • Goohak : Launchs Google Hacking Queries Against A Target Domain
    • Nasnum : The NAS Enumerator
    • Sublist3r : Fast subdomains enumeration tool for penetration testers
    • wafw00f : identify and fingerprint Web Application Firewall
    • Photon : ncredibly fast crawler designed for OSINT.
    • Raccoon : offensive security tool for reconnaissance and vulnerability scanning
    • DnsRecon : DNS Enumeration Script
    • Nmap : The famous security Scanner, Port Scanner, & Network Exploration Tool
    • sherlock : Find usernames across social networks
    • snmpwn : An SNMPv3 User Enumerator and Attack tool
    • Striker : an offensive information and vulnerability scanner.
    • theHarvester : E-mails, subdomains and names Harvester
    • URLextractor : Information gathering & website reconnaissance
    • denumerator.py : Enumerates list of subdomains
    • other : other Information gathering,recon and Enumeration scripts I collected somewhere.
  • Frameworks:
    • ReconDog : Reconnaissance Swiss Army Knife
    • RED_HAWK : All in one tool for Information Gathering, Vulnerability Scanning and Crawling
    • Dracnmap : Info Gathering Framework

Web Hacking :

  • Tools:
    • Spaghetti : Spaghetti – Web Application Security Scanner
    • CMSmap : CMS scanner
    • BruteXSS : BruteXSS is a tool to find XSS vulnerabilities in web application
    • J-dorker : Website List grabber from Bing
    • droopescan : scanner , identify , CMSs , Drupal , Silverstripe.
    • Optiva : Web Application Scanne
    • V3n0M : Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
    • AtScan : Advanced dork Search & Mass Exploit Scanner
    • WPSeku : WordPress Security Scanner
    • Wpscan : A simple WordPress scanner written in python
    • XSStrike : Most advanced XSS scanner.
    • Sqlmap : automatic SQL injection and database takeover tool
    • WhatWeb : the Next generation web scanner
    • joomscan : Joomla Vulnerability Scanner Project
  • Frameworks:
    • Dzjecter : Server checking Tool

Privilege Escalation ⚠️ :

  • Tools:
    • Linux :
      • Scripts :
        • linux_checksec.sh
        • linux_enum.sh
        • linux_gather_files.sh
        • linux_kernel_exploiter.pl
        • linux_privesc.py
        • linux_privesc.sh
        • linux_security_test
      • Linux_exploits folder
    • Windows Windows :
      • windows-privesc-check.py
      • windows-privesc-check.exe
    • MySql :
      • raptor_udf.c
      • raptor_udf2.c

Reverse Engineering ⚡:

  • Radare2 : unix-like reverse engineering framework
  • VirtusTotal : VirusTotal tools
  • Miasm : Reverse engineering framework
  • Mirror : reverses the bytes of a file
  • DnSpy : .NET debugger and assembly
  • AngrIo : A python framework for analyzing binaries ( Suggested by @Hamz-a )
  • DLLRunner : a smart DLL execution script for malware analysis in sandbox systems.
  • Fuzzy Server : a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
  • yara : a tool aimed at helping malware researchers toidentify and classify malware samples
  • Spike : a protocol fuzzer creation kit + audits
  • other : other scripts collected somewhere

Exploitation ❗:

  • Findsploit : Find exploits in local and online databases instantly
  • Pompem : Exploit and Vulnerability Finder
  • rfix : Python tool that helps RFI exploitation.
  • InUrlBr : Advanced search in search engines
  • Burpsuite : Burp Suite for security testing & scanning.
  • linux-exploit-suggester2 : Next-Generation Linux Kernel Exploit Suggester
  • other : other scripts I collected somewhere.

Shells :

  • WebShells : BlackArch’s Webshells Collection
  • ShellSum : A defense tool – detect web shells in local directories
  • Weevely : Weaponized web shell
  • python-pty-shells : Python PTY backdoors

Password Attacks ✳️:

  • crunch : a wordlist generator
  • CeWL : a Custom Word List Generator
  • patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

Encryption – Decryption ️:

  • Codetective : a tool to determine the crypto/encoding algorithm used
  • findmyhash : Python script to crack hashes using online services

Social Engineering :

  • scythe : an accounts enumerator

Lockdoor Resources List

Information Gathering :

  • Cheatsheet_SMBEnumeration
  • configuration_management
  • dns_enumeration
  • file_enumeration
  • http_enumeration
  • information_gathering_owasp_guide
  • miniserv_webmin_enumeration
  • ms_sql_server_enumeration
  • nfs_enumeration
  • osint_recon_ng
  • passive_information_gathering
  • pop3_enumeration
  • ports_emumeration
  • rpc_enumeration
  • scanning
  • smb_enumeration
  • smtp_enumeration
  • snmb_enumeration
  • vulnerability_scanning

Crypto ️:

  • Crypto101.pdf

Exploitation ❗:

  • computer_network_exploits
  • file_inclusion_vulnerabilities
  • File_Transfers
  • nc_transfers
  • networking_pivoting_and_tunneling
  • network_pivoting_techniques
  • pivoting
  • Public Exploits
  • reverse_shell_with_msfvenom

Networking :

  • bpf_syntax
  • Cheatsheet_Networking
  • Cheatsheet_Oracle
  • networking_concept
  • nmap_quick_reference_guide
  • tcpdump

Password Attacks ✳️:

  • password_attacks
  • Some-Links-To-Wordlists

Post Exploitation ❗❗:

  • Cheatsheet_AVBypass
  • Cheatsheet_BuildReviews
  • code-execution-reverse-shell-commands
  • important-linux-serv-files

Privilege Escalation ⚠️:

  • Cheatsheet_LinuxPrivilegeEsc
  • linux_enumeration
  • windows_enumeration
  • windows_priv_escalation
  • windows_priv_escalation_practical

Pentesting & Security Assessment Findings Report Templates :

  • Demo Company – Security Assessment Findings Report.docx
  • linux-template.md
  • PWKv1-REPORT.doc
  • pwkv1_report.doc
  • template-penetration-testing-report-v03.pdf
  • windows-template.md
  • OSCP-OS-XXXXX-Lab-Report_Template3.2.docx
  • OSCP-OS-XXXXX-Exam-Report_Template3.2.docx
  • CherryTree_template.ctb

Reverse Engineering ⚡ :

  • Buffer_Overflow_Exploit
  • buffer_overflows
  • gdb_cheat_sheet
  • r2_cheatsheet
  • win32_buffer_overflow_exploitation
  • 64_ia_32_jmp_instructions
  • course_notes
  • debuging
  • IntelCodeTable_x86
  • Radare2 cheat sheet
  • x86_assembly_x86_architecture
  • x86_opcode_structure_and_instruction_overview

Social Engineering :

  • social_engineering

Walk Throughs :

  • Cheatsheet_PenTesting.txt
  • OWASP Testing Guide v4
  • OWASPv4_Checklist.xlsx

Web Hacking :

  • auxiliary_info.md
  • Cheatsheet_ApacheSSL
  • Cheatsheet_AttackingMSSQL
  • Cheatsheet_DomainAdminExploitation
  • Cheatsheet_SQLInjection
  • Cheatsheet_VulnVerify.txt
  • code-execution-reverse-shell-commands
  • file_upload.md
  • html5_cheat_sheet
  • jquery_cheat_sheet_1.3.2
  • sqli
  • sqli_cheatsheet
  • sqli-quries
  • sqli-tips
  • web_app_security
  • web_app_vulns_Arabic
  • Xss_1
  • Xss_2
  • xss_actionscript
  • xxe

Other :

  • Security Security
    • Best Version of BriskSec Security Cheatsheets :
  • Images (I’ll let you discover that)
  • Google Hacking DataBase
  • Google Fu

Download Lockdoor here – https://github.com/SofianeHamlaoui/Lockdoor-Framework

Source : Haxf4rall

Previous ArticleNext Article

Send this to a friend