{"id":13389957,"url":"https://github.com/Leviathan36/kaboom","last_synced_at":"2025-03-13T14:32:18.130Z","repository":{"id":38293141,"uuid":"146003874","full_name":"Leviathan36/kaboom","owner":"Leviathan36","description":"A tool to automate penetration tests","archived":false,"fork":false,"pushed_at":"2024-03-09T20:55:16.000Z","size":1108,"stargazers_count":381,"open_issues_count":1,"forks_count":92,"subscribers_count":23,"default_branch":"master","last_synced_at":"2024-11-03T04:32:32.430Z","etag":null,"topics":["dirb","hydra","nikto","nmap-scripts","penetration-testing","pentest","pentest-scripts","pentest-tool","pentesting","pentesting-networks"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Leviathan36.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-24T14:46:34.000Z","updated_at":"2024-11-01T12:24:52.000Z","dependencies_parsed_at":"2024-10-25T05:27:05.513Z","dependency_job_id":"a7dfbbdd-d543-456e-bbc7-4f798695905b","html_url":"https://github.com/Leviathan36/kaboom","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Leviathan36%2Fkaboom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Leviathan36%2Fkaboom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Leviathan36%2Fkaboom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Leviathan36%2Fkaboom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Leviathan36","download_url":"https://codeload.github.com/Leviathan36/kaboom/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243422700,"owners_count":20288503,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dirb","hydra","nikto","nmap-scripts","penetration-testing","pentest","pentest-scripts","pentest-tool","pentesting","pentesting-networks"],"created_at":"2024-07-30T13:01:42.378Z","updated_at":"2025-03-13T14:32:15.924Z","avatar_url":"https://github.com/Leviathan36.png","language":"Shell","readme":"![Release](https://img.shields.io/badge/release-stable%201.0.0-green.svg)\r\n![Language](https://img.shields.io/badge/made%20with-bash-brightgreen.svg)\r\n![License](https://img.shields.io/badge/license-GPLv3-blue.svg)\r\n![LastUpdate](https://img.shields.io/badge/last%20update-2019%2F05-orange.svg)\r\n![TestedOn](https://img.shields.io/badge/tested%20on-Kali%20Linux-red.svg)\r\n\r\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/Leviathan36/kaboom/blob/master/kaboom_images/logo.png\" width=\"80%\" height=\"auto\"\u003e\u003c/p\u003e\r\n\r\n## About\r\nKaboom is an automatism for penetration tests. It performs several tasks for the first two phases of the test: information gathering and vulnerability assessment.\r\nAll informations collected are saved into a directory hierarchy very\r\nsimple to browse (also in case of multiple targets).\r\n\r\n## Details\r\nKaboom performs several tasks:\r\n\r\n   1. **Information Gathering**\r\n\r\n        * Port scan (**Nmap**)\r\n        * Web resources enumeration (**Dirb**)\r\n\r\n   2. **Vulnerability assessment**\r\n\r\n        * Web vulnerability assessment (**Nikto** - **Dirb**)\r\n        * Vulnerability assessment (**Nmap** - **Metasploit**)\r\n        * Automatic Vulnerabilities research (**Searchsploit** - **Metasploit**)\r\n        * Dictionary Attacks (**Hydra**)\r\n\r\n            * SSH\r\n            * POP3\r\n            * IMAP\r\n            * RDP\r\n\r\n## Usage\r\nKaboom can be used in two ways:\r\n\r\n   * Interactive mode:\r\n\r\n   `kaboom [ENTER], and the script does the rest`\r\n\r\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/Leviathan36/kaboom/blob/master/kaboom_images/screenshots/interactive_mode.png\" width=\"80%\" height=\"auto\"\u003e\u003c/p\u003e\r\n\r\n   * NON-interactive mode:\r\n\r\n   `kaboom -t \u003ctarget_ip\u003e -f \u003creport_path\u003e [-p one_or_more_phases]`\r\n\r\n\u003cbr\u003e\r\n\r\n**If you want to see the help:**\r\n\u003cbr\u003e\r\n\r\n   `kaboom -h (or --help)`\r\n\r\n\u003cbr\u003e\r\n\r\n_**For more screenshots see the relative [directory](https://github.com/Leviathan36/kaboom/tree/master/kaboom_images/screenshots/) of the repository.**_\r\n\r\n## Dir Hierarchy\r\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/Leviathan36/kaboom/blob/master/kaboom_images/dir_hierarchy.PNG\" width=\"80%\" height=\"auto\"\u003e\u003c/p\u003e\r\n\r\n## Customization\r\nIt's possible to customize the script by changing the value of variables at the beginning of the file.\r\nIn particularly you can choose the wordlists used by Hydra and Dirb, specify another Metasploit scan script and\r\nchange the output file names.\r\n\r\n```bash\r\n#KABOOM_PATH=''\t\t# THE PATH COULD BE SET HERE INSTEAD OF IN BASHRC FILE\r\n\r\nif [[ \"$KABOOM_PATH\" == '' ]]; then\r\n\tKABOOM_PATH='.'\r\nfi\r\n\r\n# USER WORDLISTS\r\nUSERLIST_HYDRA_SSH=\"$KABOOM_PATH/user_wordlist_short.txt\"\r\nUSERLIST_HYDRA_POP3=\"$KABOOM_PATH/user_wordlist_short.txt\"\r\nUSERLIST_HYDRA_IMAP=\"$KABOOM_PATH/user_wordlist_short.txt\"\r\nUSERLIST_HYDRA_RDP=\"$KABOOM_PATH/user_wordlist_short.txt\"\r\nUSERLIST_HYDRA_SMB=\"$KABOOM_PATH/user_wordlist_short.txt\"\r\n\r\n# PASSWORD WORDLISTS\r\nPASSLIST_HYDRA=\"$KABOOM_PATH/fasttrack.txt\"\r\nPASSLIST_HYDRA_SSH=\"$PASSLIST_HYDRA\"\r\nPASSLIST_HYDRA_POP3=\"$PASSLIST_HYDRA\"\r\nPASSLIST_HYDRA_IMAP=\"$PASSLIST_HYDRA\"\r\nPASSLIST_HYDRA_RDP=\"$PASSLIST_HYDRA\"\r\nPASSLIST_HYDRA_SMB=\"$PASSLIST_HYDRA\"\r\n\r\n# DIRB WORDLISTS\r\nHTTP_WORDLIST=\"$KABOOM_PATH/custom_url_wordlist.txt\"\r\nHTTP_EXTENSIONS_FILE=\"$KABOOM_PATH/custom_extensions_common.txt\"\r\n\r\n# METASPLOIT SCAN SCRIPT\r\nMETASPLOIT_SCAN_SCRIPT='./metasploit_scan_script'\r\n\r\n# NMAP FILES\r\nSCRIPT_SYN='script-syn'\r\nUDP='udp'\r\nSYN='syn'\r\n```\r\n\r\n## New features\r\n* _**Customization**_ (see above)\r\n* _**Multi-target specification**_\r\n    * You can specify up to 254 hosts (C-class network)\r\n* _**New CLI interface**_\r\n* _**More powerfull Nmap scan**_\r\n* _**Better directory hierarchy**_\r\n* _**Automatic research of Metasploit module associated with CVE code found**_\r\n* _**Recognition of services exposed on not canonical ports**_ (ex: http on 7000)\r\n* _**Print out and save credentials found**_\r\n\r\n\r\n## Twin Brother\r\nDuring the development of Kaboom was born a parallel project called **trigmap** (trigger Nmap).\r\nThis tool performs the same tasks of Kaboom, but with a different philosophy; infact, it uses only **Nmap** to execute\r\nhis work.\r\nGenerally Kaboom isn't better than Trigmap and vice versa, but simply it's a good thing to use both the scripts to gather more evidences.\r\n\r\nFor more informations about this tool take a look [to this link](https://github.com/Leviathan36/trigmap).\r\n\r\n\u003cbr\u003e\r\n\u003cbr\u003e\r\n\r\n-------------------------------------\r\n## Disclaimer:\r\nAuthor assume no liability and are not responsible for any misuse or damage caused by this program.\r\n\r\nKaboom is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.\r\n\r\n## License:\r\nKaboom is released under GPLv3 license. See [LICENSE](LICENSE) for more details.\r\n","funding_links":[],"categories":["Shell","Shell (473)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLeviathan36%2Fkaboom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FLeviathan36%2Fkaboom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLeviathan36%2Fkaboom/lists"}