{"id":13844262,"url":"https://github.com/ThomasTJdev/WMD","last_synced_at":"2025-07-11T22:31:15.507Z","repository":{"id":87657564,"uuid":"79669090","full_name":"ThomasTJdev/WMD","owner":"ThomasTJdev","description":"Python framework for IT security tools","archived":false,"fork":false,"pushed_at":"2017-01-28T13:54:34.000Z","size":3797,"stargazers_count":265,"open_issues_count":2,"forks_count":111,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-03T02:11:12.272Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ThomasTJdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-01-21T19:54:20.000Z","updated_at":"2025-03-25T18:43:45.000Z","dependencies_parsed_at":"2023-03-13T18:40:18.576Z","dependency_job_id":null,"html_url":"https://github.com/ThomasTJdev/WMD","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ThomasTJdev/WMD","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2FWMD","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2FWMD/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2FWMD/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2FWMD/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ThomasTJdev","download_url":"https://codeload.github.com/ThomasTJdev/WMD/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2FWMD/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264909966,"owners_count":23682096,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:38.767Z","updated_at":"2025-07-11T22:31:15.499Z","avatar_url":"https://github.com/ThomasTJdev.png","language":"Python","readme":"# WMD\n## Weapon of Mass Destruction\n\nThis is a python tool with a collection of IT security software. The software is incapsulated in \"modules\". The modules does consist of pure python code and/or external third programs.\n\n## Main functions\n\n1) To use a module, run the command \"use [module_call]\", e.g. \"use apsniff\", to activate the module. \n2) The modules options can be changed with \"set [parameter] [value]\". \n3) Inside the modules, you always have the possibilty to view the options with the command \"so\". \n4)Your environment settings is in core/config.ini. Please adjust them before running.\n\n**Screenshot:** \n![WMD MAIN](screenshots/wmdframe2.png)\n\n## Web menu\n\nRun the command \"www\" from the console to activate a Flask server showing the modules in your browser. Access it from: 127.0.0.1:5000.\n\nModules are loaded directly into a xterm. \n**DEV:** Try the SniffHTTP and APsniff module - define parameters in the browser.\n\n**Screenshot:** \n![WMD WWW](screenshots/www.png)\n\n## Modules\nCAT: | TYPE: | CALL: | NAME: | DESCRIPTION: \n----------------|--------------|-----------------|--------------------------------|----------------------------------------------\nbruteforce | creds | changeme | Default creds scan | Scan IP's for services and try logging in with default credentials (Arthur: ztgrace)\nbruteforce | loginpath | adminfinder | Admin Finder | A Simple script to find admin-paths for webpages. (Arthur: Spaddex) \nbruteforce | rar | bfrar | BF RAR | Bruteforce a RAR file \nbruteforce | ssh | bfssh | Bruteforce SSH | Bruteforce SSH login \nbruteforce | web | bfweb | Bruteforce weblogin form | Bruteforce a weblogin form with word- and passlist \nbruteforce | zip | bfzip | BF ZIP | Bruteforce a ZIP file \ncracking | aut | john | John the Ripper | As you know - kill the hash \ncracking | hash | hashid | Identify hash | Identify a hash \ncracking | wpa | crackwpa | Crack WPA 4-way handshake | Gather WPA 4-way handshake from accesspoint and crack it \nexploit | browser | browserpwn | Browser Autopwn2 | This module will automatically serve browser exploits (Arthur: sinn3r[at]metasploit.com) \nexploit | search | exploitdb | Exploitdb | Shell-style script to search exploit-db.com exploits. (Arthur: mattoufoutu) \nmail | sin | mspoofcheck | Spoofcheck email domain | Check if a domain can be spoofed for e.g. emailing \nmonitor | arp | arpmon | ARP monitor alert | Monitor ARP table and alert for changes \nmonitor | ip | ipmon | IP monitor alert | Monitor IP's and alert for changes \nother | settings | settings | Change settings | Change your environment settings, e.g. interface \npentesting | niptt | sparta | SPARTA | SPARTA is a python GUI application which simplifies network infrastructure penetration testing.\nphishing | ap | etphis | Ewil Twin phishing | Create a Evil Twin and redirect user to fake password page. \nphishing | webpage | webphis | Webpage phishing | Run a local flask server with phishing pages. \nrecon | dns | dig | Domain info groper | Using dig command you can query DNS name servers for your DNS lookup related tasks \nrecon | dns | dnsmap | dnsmap | DNS Network Mapper. Enumeration and bruteforcing. \nrecon | dns | dnsrecon | dnsrecon | Multiple DNS recon abilities. \nrouter | framework | rsploit | Routersploit | Framework for routers with exploits and getting creds. (Arthur: Reverse Shell Security) \nscan | sin | lanscan | Lan scan | Scan local net - recon \nsniff | aut | apsniff | AP sniff | Create AP and sniff HTTPS and avoid HSTS + Beef \nsniff | http | sniffhttp | Sniff HTTP | Sniff HTTP packages. Extract username and passwords from traffic. \nsniff | sin | bettercap | Bettercap | Bettercap integration for sniffing packets and bypass HSTS and HTTPS \nsocialeng | instagram | instabot | Instagram bot | Instagram bot for performing various activities (Arthur: LevPasha) \nspoof | arp | arpspoof | ARP spoof | Spoofing ARP \nsql | sqli | gdsqli | Gdork SQLi | Scrape net for urls and check if they are prone to SQL injection \nsql | sqli | sqlmap | SQLmap | Just an activation of SQLmap.\nsystem | mac | macc | Macchanger | Change your MAC address \ntools | search | searchht | Search hacktools | Searchengine for hackingtools \nwifi | accesspoint | createap | Create an Accesspoint | Create an Accesspoint \nwifi | wifi | wifiutils | WiFi utils | Utilities for WiFi, e.g. deauth, WiFi's, clients, probes, etc. \n\n\n\n## Run\n\n_**Before your first run, please:**_\n_1. Adjust your environment settings in `core/config.ini.default`_\n_2. Rename `core/config.ini.default` to `core/config.ini`_\n\nStart the console with:\n`python3 wmd.py`\n\nStart a single module:\n`python3 wmd.py -m [CALL]`\n\nStart webserver:\n`python3 wmd.py -w`\n\nStart without checking requirements:\n`python3 wmd.py -nc`\n\n## Requirements\n\n_**Before your first run, please:**_\n_1. Adjust your environment settings in `core/config.ini.default`_\n_2. Rename `core/config.ini.default` to `core/config.ini`_\n\n**Requirements:** \n* Linux operating system\n* Python3\n* Python libraries requirements in **requirements.txt**\n\n**Optional tools/software/GIT:** \n_modules which needs them will inform you about it and just dont run.._\n* GIT: Admin-Finder\n* Aircrack-ng\n* Airomon-ng\n* Airodump-ng\n* Airolib-ng\n* Arp\n* Arpspoof\n* Beef\n* Bettercap\n* GIT: changeme\n* CrackMapExec\n* Create_ap\n* Dig\n* Dnsmap\n* GIT: Dnsrecon\n* GIT: Exploitdb\n* GIT: Hashid\n* Hostapd\n* GIT: Instabot\n* John the Ripper\n* Nmap\n* GIT: Routersploit\n* SPARTA\n* GIT: Spoofcheck\n* GIT: XSSER\n\n## Development\n### Structure\n\n* core --\u003e The core files with functions used all over the code\n* files --\u003e Static files, passwordlist, etc.\n* logs --\u003e Standard folder for saving logs into\n* modules --\u003e Containing the modules\n* tmp --\u003e Guess\n* tools --\u003e GIT tools\n* www --\u003e Files for the webserver\n\n#### New module\n\nCheckout the template in `modules/module_template.py`\n\n#### Add module\n\nRun `python3 wmd.py -a modulePathName.py`\n\n#### Pull requests\n\n* Only python3 code\n* Code needs to follow pep8 flake8 (no need for linebreak)\n\n## Todo \n### First priority\n* More modules\n* ~~Interactive webinterface. Set settings and get results in the browser~~ \u003c-- sniffhttp and apsniff done\n* Rename config.ini to config.ini.default to avoid overriding userspecific config file\n\n### Various \n* Proxychain\n* Tor\n* Threading on all BF\n* Try/except on imports on modules for running with os.system\n* Add run command with : in modules\n* Add info about 'set para value' in modules (missing?!)\n* Regenerate modules.xml (loop through modules)\n* Design modules with core import and parser for design\n* Check that there are enough credit to arthurs of tools, repos, etc.\n* Split updatetools into local tools vs git\n* When adding modules strip \u003c\u003e to ensuring XML format\n* Change behavior of install and update tools\n* Add invoke option inside all modules\n* All modules - change options to Options\n* Split files folder up into lists, etc\n* Core network and wifi - merged?\n* Original arthurs will be displayed below banner on modules. Todo.\n* When showing modules indicate somehow what they require\n* ~~Set modules parameters in browser dialog~~\n* Add args to all modules and create dialog HTML (automated tool in development)\n\n### core/tools.py\n* Do a run through config.ini and extract names for the updatecommand instead of DRY in two functions\n\n### Internal code\n* cleanup getLocalIP (local_ip) in functions\n* PEP8/Flake8 for old modules\n\n### Modules\n* ~~SQLmap~~\n* ~~Sparta~~\n* ~~http sniff pwd~~ \u003c-- Done\n* ~~Evil Twin~~ - deauth + info about unmanaging in NetworkManager\n* ~~Evil Twin - arg parse for landingpage / + logfunction~~\n* monitor network auto\n* xsser\n* target attack website or ip\n* system information\n* dns fake\n* grep, sed, awk\n* scapy on all network activity\n* Admin finder - checkout google/bing search before BF\n* Changeme - Ztgrace\n* Osint frame\n* Bettercap modules. Implementation in other modules. Excellent performance.\n* Create Access Point with hostapd and dnsmasq. Already implemented in Ewil Twin\n","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FThomasTJdev%2FWMD","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FThomasTJdev%2FWMD","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FThomasTJdev%2FWMD/lists"}