{"id":13334118,"url":"https://github.com/htrgouvea/spellbook","last_synced_at":"2025-09-03T13:31:55.513Z","repository":{"id":38230686,"uuid":"63075519","full_name":"htrgouvea/spellbook","owner":"htrgouvea","description":"Framework for rapid development of offensive security tools","archived":false,"fork":false,"pushed_at":"2024-07-01T23:38:48.000Z","size":72681,"stargazers_count":97,"open_issues_count":21,"forks_count":22,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-07-29T20:08:07.359Z","etag":null,"topics":["bugbounty","ctf","exploit","framework","offensive-security","pentest","perl","security","security-tools"],"latest_commit_sha":null,"homepage":"https://heitorgouvea.me/","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/htrgouvea.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["htrgouvea"]}},"created_at":"2016-07-11T14:36:28.000Z","updated_at":"2024-07-29T20:08:12.037Z","dependencies_parsed_at":"2023-11-12T16:05:17.221Z","dependency_job_id":"f494a214-a4b5-4b56-950c-5c183c62a1fc","html_url":"https://github.com/htrgouvea/spellbook","commit_stats":null,"previous_names":["gouveaheitor/security-spellbook"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/htrgouvea%2Fspellbook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/htrgouvea%2Fspellbook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/htrgouvea%2Fspellbook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/htrgouvea%2Fspellbook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/htrgouvea","download_url":"https://codeload.github.com/htrgouvea/spellbook/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231889021,"owners_count":18441359,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","ctf","exploit","framework","offensive-security","pentest","perl","security","security-tools"],"created_at":"2024-07-29T19:02:38.397Z","updated_at":"2025-09-03T13:31:55.501Z","avatar_url":"https://github.com/htrgouvea.png","language":"Perl","funding_links":["https://github.com/sponsors/htrgouvea"],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://heitorgouvea.me/images/projects/spellbook/logo.png\" width=\"120px\" height=\"120px\"\u003e\n  \u003ch3 align=\"center\"\u003e\u003cb\u003eSpellbook\u003c/b\u003e\u003c/h3\u003e\n  \u003cp align=\"center\"\u003eA framework for rapid development of reusable security tools\u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/htrgouvea/spellbook/blob/master/LICENSE.md\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/license-MIT-blue.svg\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/htrgouvea/spellbook/releases\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/version-0.3.7-blue.svg\"\u003e\n    \u003c/a\u003e\n      \u003cbr/\u003e\n    \u003cimg src=\"https://github.com/htrgouvea/spellbook/actions/workflows/linter.yml/badge.svg\"\u003e\n    \u003cimg src=\"https://github.com/htrgouvea/spellbook/actions/workflows/zarn.yml/badge.svg\"\u003e\n    \u003cimg src=\"https://github.com/htrgouvea/spellbook/actions/workflows/security-gate.yml/badge.svg\"\u003e\n    \u003cimg src=\"https://github.com/htrgouvea/spellbook/actions/workflows/test-on-ubuntu.yml/badge.svg\"\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n---\n\n### Summary\n\nSpellbook uses FBP: \"In computer programming, flow-based programming (FBP) is a programming paradigm that defines applications as networks of \"black box\" processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.\" [[1]](https://en.wikipedia.org/wiki/Flow-based_programming)\n\nThe main focus of this “micro-framework” is turn in reality the rapid development of security tools using reusable patterns of FBP. \n\n\"Third clark law: any sufficiently advanced technology is indistinguishable from magic\" - that's why this project is called spellbook.\n\n---\n\n### Download and install\n\n```bash\n# Download\n$ git clone https://github.com/htrgouvea/spellbook \u0026\u0026 cd spellbook\n\n# Install libs and dependencies\n$ cpanm --installdeps .\n```\n\n---\n\n### How to use\n\n```\nSpellbook v0.3.6\nCore Commands\n==============\n\tCommand          Description\n\t-------          -----------\n\t-s, --search     List modules, you can filter by category\n\t-m, --module     Set a module to use\n\t-h, --help       To see help menu of a module\n```\n\n### Example\n\n```\n# Searching for exploits \n$ ./spellbook.pl --search advisory\n\nModule: Advisory::CVE_2017_5487\nDescription: Read usernames leaked on WordPress API\n=================================================\n\nModule: Advisory::CVE_2006_3392\nDescription: Read arbitrary files for servers running Webmin before 1.290 and Usermin before 1.220\n=================================================\n\nModule: Advisory::CVE_2016_10045\nDescription: PHPMailer \u003c 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)\n=================================================\n\nModule: Advisory::CVE_2021_41773\nDescription: Exploit path Traversal or RCE in Apache HTTP Server 2.4\n=================================================\n\nModule: Advisory::CVE_2023_29489\nDescription: Exploit for cPanel Reflected XSS - CVE-2023-29489\n=================================================\n[...]\n```\n\n```\n# Using an exploit\n$ perl spellbook.pl -m Advisory::CVE_2006_3392 --help\n\nAdvisory::CVE_2006_3392\n=======================\n-h, --help     See this menu\n-t, --target   Define a target\n-f, --file     Define a file to read\n```\n\n```\n$ perl spellbook.pl -m Advisory::CVE_2006_3392 -t http://172.30.0.15:10000/ -f /etc/passwd\n\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\nbin:x:2:2:bin:/bin:/bin/sh\nsys:x:3:3:sys:/dev:/bin/sh\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/bin/sh\n[...]\n```\n\nIf you are interested in developing new modules, a good start point is to read the [development guide](/wiki/Developer-Guide).\n\n---\n\n### Docker container\n\n```\n$ docker build -t spellbook .\n$ docker run -ti --rm spellbook --search exploits\n```\n\n---\n\n### Contribution\n\nYour contributions and suggestions are heartily ♥ welcome. [See here the contribution guidelines.](/.github/CONTRIBUTING.md) Please, report bugs via [issues page](https://github.com/htrgouvea/spellbook/issues) and for security issues, see here the [security policy.](/SECURITY.md) (✿ ◕‿◕)\n\n---\n\n### License\n\nThis work is licensed under [MIT License.](/LICENSE.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhtrgouvea%2Fspellbook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhtrgouvea%2Fspellbook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhtrgouvea%2Fspellbook/lists"}