{"id":13846095,"url":"https://github.com/mcnamee/huntkit","last_synced_at":"2025-04-12T19:42:10.973Z","repository":{"id":41140773,"uuid":"272673912","full_name":"mcnamee/huntkit","owner":"mcnamee","description":"Docker - Ubuntu with a bunch of PenTesting tools and wordlists","archived":false,"fork":false,"pushed_at":"2025-02-20T09:05:49.000Z","size":204,"stargazers_count":248,"open_issues_count":0,"forks_count":55,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-04T00:05:56.255Z","etag":null,"topics":["docker","penetration-testing","pentest","pentesting"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/mcnamee/huntkit","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mcnamee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"mcnamee"}},"created_at":"2020-06-16T10:05:37.000Z","updated_at":"2025-04-03T07:53:11.000Z","dependencies_parsed_at":"2025-02-28T20:13:33.270Z","dependency_job_id":null,"html_url":"https://github.com/mcnamee/huntkit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcnamee%2Fhuntkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcnamee%2Fhuntkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcnamee%2Fhuntkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcnamee%2Fhuntkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mcnamee","download_url":"https://codeload.github.com/mcnamee/huntkit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248625259,"owners_count":21135511,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","penetration-testing","pentest","pentesting"],"created_at":"2024-08-04T17:04:20.257Z","updated_at":"2025-04-12T19:42:10.951Z","avatar_url":"https://github.com/mcnamee.png","language":"Shell","funding_links":["https://github.com/sponsors/mcnamee"],"categories":["Shell"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\r\n  \u003cimg src=\"https://github.com/mcnamee/huntkit/raw/master/docs/hero.png\" alt=\"HuntKit\" style=\"width:100%\" /\u003e\r\n  \u003cp\u003e\u003c/p\u003e\r\n  \u003csup\u003e\r\n    \u003ca href=\"https://hub.docker.com/r/mcnamee/huntkit\"\u003e\r\n      \u003cimg src=\"https://img.shields.io/docker/v/mcnamee/huntkit?style=flat-square\" alt=\"version\" /\u003e\r\n    \u003c/a\u003e\r\n    \u003ca href=\"/LICENSE\"\u003e\r\n      \u003cimg src=\"https://img.shields.io/github/license/mcnamee/huntkit?style=flat-square\" alt=\"license\" /\u003e\r\n    \u003c/a\u003e\r\n  \u003c/sup\u003e\r\n  \u003cbr /\u003e\r\n  \u003cp align=\"center\"\u003e\r\n    \u003ca href=\"#intro\"\u003e\u003cb\u003eWhat is this?\u003c/b\u003e\u003c/a\u003e\r\n    \u0026nbsp;\u0026nbsp;\u0026mdash;\u0026nbsp;\u0026nbsp;\r\n    \u003ca href=\"#instructions\"\u003e\u003cb\u003eInstructions\u003c/b\u003e\u003c/a\u003e\r\n    \u0026nbsp;\u0026nbsp;\u0026mdash;\u0026nbsp;\u0026nbsp;\r\n    \u003ca href=\"#tools\"\u003e\u003cb\u003eTools\u003c/b\u003e\u003c/a\u003e\r\n  \u003c/p\u003e\r\n  \u003cbr /\u003e\r\n\u003c/div\u003e\r\n\r\n## What is this?\r\n\r\nHuntKit is a collection of [penetration testing, bug bounty hunting, capture the flag, red teaming] tools in a single Docker image. Simply run the image and start using the tools.\r\n\r\n__Why?__\r\n\r\nI got sick of waiting for VitualBox to start, Kali to boot, then dealing with the slugish-ness of operating in a VM. I still use Kali for certain tasks. But for a quick nmap scan (for example), using this container is *a lot* quicker.\r\n\r\n- The tool run very __quick__ (opposed to running inside a VM for example)\r\n- Simpler to keep the tools __up to date__\r\n- __Disposable__ - Something broken? Simply prune and start again\r\n\r\n## Instructions\r\n\r\n### Run from DockerHub\r\n\r\n```bash\r\ndocker run -it mcnamee/huntkit\r\n```\r\n\r\n\u003cdetails\u003e\r\n  \u003csummary\u003eAdvanced usage\u003c/summary\u003e\r\n\r\n  ```bash\r\n  # Advanced:\r\n  # Line 2: maps ~/Loot to the Docker's /root/loot\r\n  # Line 3: Allows OpenVPN usage\r\n  # Line 4: Opens and maps port 4444 (for listeners such as Metasploit)\r\n  # Line 5: Sets the machine's hostname to huntkit\r\n  docker run -it \\\r\n    -v ~/Loot:/root/loot \\\r\n    --cap-add=NET_ADMIN --device=/dev/net/tun \\\r\n    -p 4444:4444 \\\r\n    -h huntkit \\\r\n    mcnamee/huntkit\r\n  ```\r\n\u003c/details\u003e\r\n\r\n\u003cdetails\u003e\r\n  \u003csummary\u003e(Update) Pull the latest from Docker Hub\u003c/summary\u003e\r\n\r\n  ```bash\r\n  docker pull mcnamee/huntkit\r\n  ```\r\n\u003c/details\u003e\r\n\r\n\u003cdetails\u003e\r\n  \u003csummary\u003eBuild it yourself\u003c/summary\u003e\r\n\r\n  ```bash\r\n  # 1. Clone the repo\r\n  git clone https://github.com/mcnamee/huntkit.git \u0026\u0026 cd huntkit\r\n\r\n  # 2. Build the image\r\n  docker build . -t mcnamee/huntkit\r\n  ```\r\n\u003c/details\u003e\r\n\r\n\u003cdetails\u003e\r\n  \u003csummary\u003ePush to Docker Hub\u003c/summary\u003e\r\n\r\n  ```bash\r\n  # 1. Build the image\r\n  docker build . -t mcnamee/huntkit\r\n\r\n  # 2. Login to Docker Hub\r\n  docker login --username=supergates\r\n\r\n  # 3. Push the image\r\n  docker push mcnamee/huntkit\r\n\r\n  # 4. Delete all local images to start from scratch\r\n  docker image prune -a\r\n  ```\r\n\u003c/details\u003e\r\n\r\n[![asciicast](https://asciinema.org/a/403549.svg)](https://asciinema.org/a/403549)\r\n\r\n## Tools\r\n\r\n### Recon\r\n\r\n| Tool | Description \u0026 Example |\r\n| --- | --- |\r\n| [amass](https://github.com/OWASP/Amass) | _Network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques._ \u003cbr\u003e`amass enum -v -src -ip -brute -min-for-recursive 2 -d kali.org` |\r\n| [brutespray](https://github.com/x90skysn3k/brutespray) | _Service scanner by bruteforcing._ \u003cbr\u003e`brutespray --file nmap.gnmap` |\r\n| [commix](https://github.com/commixproject/commix) | _Command injection exploiter - used to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks._ \u003cbr\u003e `commix --url=\"http://192.168.0.23/commix-testbed/scenarios/referer/referer(classic).php\" --level=3` |\r\n| [dalfox](https://github.com/hahwul/dalfox) | _XSS Scanning and Parameter Analysis tool._ \u003cbr\u003e `dalfox url http://testphp.vulnweb.com/listproducts.php\\?cat\\=123 -b https://hahwul.xss.ht` |\r\n| [dirb](https://tools.kali.org/web-applications/dirb) | _Looks for existing (and/or hidden) Web Objects, by launching a dictionary based attack against a web server and analyzing the response._ \u003cbr\u003e `dirb https://kali.org $WORDLISTS/seclists/Discovery/Web-Content/CommonBackdoors-PHP.fuzz.txt` |\r\n| [dnmasscan](https://github.com/rastating/dnmasscan) | _dnmasscan is a bash script to automate resolving a file of domain names and subsequentlly scanning them using masscan._ \u003cbr\u003e `dnmasscan listofdomains.txt dns.log -p80,443 - oG masscan.log` |\r\n| [dnsx](https://github.com/projectdiscovery/dnsx) | _Allows you to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers._ \u003cbr\u003e \u003ccode\u003ecat domains.txt \u0026#124; dnsx\u003c/code\u003e |\r\n| [ffuf](https://github.com/ffuf/ffuf) | _A fast web fuzzer._ \u003cbr\u003e - `ffuf -w /path/to/postdata.txt -X POST -d \"username=admin\\\u0026password=FUZZ\" -u https://target/login.php -fc 401` |\r\n| [gau](https://github.com/lc/gau) | _getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain._ \u003cbr\u003e - `gau example.com` |\r\n| [httpx](https://github.com/projectdiscovery/httpx) | _Take a list of domains and probe for working http and https servers._ \u003cbr\u003e \u003ccode\u003ecat domains.txt \u0026#124; httpx\u003c/code\u003e |\r\n| [linkfinder](https://github.com/GerbenJavado/LinkFinder) | _Discover endpoints and their parameters in JavaScript files._ \u003cbr\u003e `linkfinder -i https://example.com -d -o cli` |\r\n| [masscan](https://github.com/robertdavidgraham/masscan) | _An Internet-scale port scanner._ \u003cbr\u003e `masscan -p1-65535 -iL listofips.txt --max-rate 1800 -oG masscan.log` |\r\n| [meg](https://github.com/robertdavidgraham/masscan) | _A tool for fetching lots of URLs but still being 'nice' to servers._ \u003cbr\u003e `meg paths.txt hosts.txt` |\r\n| [nikto](https://tools.kali.org/information-gathering/nikto) | _Web server scanner which performs comprehensive tests against web servers for multiple items (dangerous files, outdated dependencies...)._ \u003cbr\u003e `nikto -host=https://kali.org` |\r\n| [nmap](https://nmap.org/) | _A utility for network discovery and security auditing_. \u003cbr\u003e `nmap -sV 192.168.0.1` |\r\n| [nuclei](https://github.com/projectdiscovery/nuclei) | _Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use._. \u003cbr\u003e `nuclei -l urls.txt -t $ADDONS/nuclei/ADDONS/nuclei/technologies/ -o ~/projects/results.txt` |\r\n| [pagodo](https://github.com/opsdisk/pagodo) | _Passive Google dork script to collect potentially vulnerable web pages and applications on the Internet._. \u003cbr\u003e `pagodo -d $DOMAIN -g dorks/sensitive_directories.dorks -l 100 -s -e 35.0 -j 1.1` |\r\n| [recon-ng](https://github.com/lanmaster53/recon-ng) | _Web-based open source reconnaissance framework._ \u003cbr\u003e `recon-ng` |\r\n| [sherlock](https://github.com/sherlock-project/sherlock) | _Hunt down social media accounts by username across social networks._ \u003cbr\u003e `sherlock user1 user2 user3` |\r\n| [subfinder](https://github.com/projectdiscovery/subfinder) | _Subdomain discovery tool to find valid subdomains for websites by using passive online sources._ \u003cbr\u003e `subfinder -d kali.org -v` |\r\n| [subjs](https://github.com/lc/subjs) | _Fetches javascript files from a list of URLS or subdomains. Analyzing javascript files can help you find undocumented endpoints, secrets, and more._ \u003cbr\u003e \u003ccode\u003ecat urls.txt \u0026#124; subjs\u003c/code\u003e |\r\n| [sublist3r](https://github.com/aboul3la/Sublist3r) | _Enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and more._ \u003cbr\u003e `sublist3r -d kali.org` |\r\n| [sqlmap](http://sqlmap.org/) | _Automates the process of detecting and exploiting SQL injection flaws and taking over of database servers_ \u003cbr\u003e `sqlmap -u https://example.com --forms --crawl=10 --level=5 --risk=3` |\r\n| [theharvester](https://tools.kali.org/information-gathering/theharvester) | _Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database._ \u003cbr\u003e \u003ccode\u003etheharvester -d kali.org -b \"bing, certspotter, dnsdumpster, dogpile, duckduckgo, google, hunter, linkedin, linkedin_links, twitter, yahoo\"\u003c/code\u003e |\r\n| [wafw00f](https://github.com/enablesecurity/wafw00f) | _Web Application Firewall Fingerprinting Tool._ \u003cbr\u003e `wafw00f resound.ly` |\r\n| [whatweb](https://github.com/urbanadventurer/WhatWeb) | _Scans websites and highlights the CMS used, JavaScript libraries, web servers, version numbers, email addresses, account IDs, web framework modules, SQL errors, and more._ \u003cbr\u003e `whatweb kali.org` |\r\n| [wpscan](https://github.com/wpscanteam/wpscan) | _WordPress Security Scanner._ \u003cbr\u003e `wpscan --url kali.org` |\r\n| [xsstrike](https://github.com/s0md3v/XSStrike) | _Advanced XSS Detection Suite._ \u003cbr\u003e `xsstrike -u=\"http://192.168.0.115\" --data=\"query\"` |\r\n\r\n### Exploitation\r\n\r\n| Tool | Description \u0026 Example |\r\n| --- | --- |\r\n| [breach-parse](https://github.com/hmaverickadams/breach-parse) | _A tool for parsing breached passwords._\u003cbr\u003e `breach-parse @tesla.com tesla.txt \"~/Downloads/BreachCompilation/data\"` |\r\n| [crunch](https://tools.kali.org/password-attacks/crunch) | _Wordlist generator where you can specify a standard character set or a character set you specify._ \u003cbr\u003e `crunch 6 6 0123456789abcdef -o 6chars.txt` |\r\n| [cupp](https://github.com/Mebus/cupp) | _Personal wordlist generator._ \u003cbr\u003e `cupp -i` |\r\n| [john](https://github.com/magnumripper/JohnTheRipper) | _John the Ripper is a fast password cracker._ \u003cbr\u003e `zip2john filename.zip \u003e hash.txt`\u003cbr\u003e `john hash.txt` |\r\n| [jwttool](https://github.com/ticarpi/jwt_tool) | _A toolkit for validating, forging and cracking JWTs (JSON Web Tokens)._ \u003cbr\u003e `jwttool eyJ0eXAiOiJ.eyJsb2dpbi.aqNCvShlN -A` |\r\n| [metasploit](https://tools.kali.org/exploitation-tools/metasploit-framework) | _A penetration testing platform that enables you to find, exploit, and validate vulnerabilities.._ \u003cbr\u003e `msfconsole` |\r\n| [hydra](https://tools.kali.org/password-attacks/hydra) | \u003ccode\u003ehydra -f -l email@admin.com -P $WORDLISTS/seclists/Passwords/darkweb2017-top1000.txt website.com http-post-form \"/login:user=^USER^\u0026pass=^PASS^:Failed\"\u003c/code\u003e |\r\n| [netcat](http://netcat.sourceforge.net/) | _A networking utility which reads and writes data across network connections, using the TCP/IP protocol._ \u003cbr\u003e `nc -nvlp 1234` |\r\n| [searchsploit](https://tools.kali.org/exploitation-tools/exploitdb) | _Searchable archive from The Exploit Database._ \u003cbr\u003e `searchsploit oracle windows remote` |\r\n| [setoolkit](https://www.trustedsec.com/tools/the-social-engineer-toolkit-set/) | _Social Engineering Toolkit._ \u003cbr\u003e `setoolkit` |\r\n\r\n### Other\r\n\r\n| Tool | Description |\r\n| --- | --- |\r\n| FTP | _Connect to an FTP server._ \u003cbr\u003e `ftp ftp.google.com` |\r\n| [Go](https://golang.org/) | The Go programming language |\r\n| [Interlace](https://github.com/codingo/Interlace) | _Easily turn single threaded command line applications into a fast, multi-threaded application._ \u003cbr\u003e `interlace -tL targets.txt -threads 5 -c \"gobuster dns -d _target_ -w wordlist.txt --noprogress --quiet \u003e\u003e _target_.txt\" -v` |\r\n| [NodeJS](https://nodejs.org/) | _Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine._ |\r\n| [Oh My Zsh](https://ohmyz.sh/) | _Zsh is a framework for managing your zsh configuration, bundled with thousands of helpful functions, helpers, plugins, themes._ |\r\n| [OpenVPN](https://openvpn.net/) | _Connect to a VPN._ \u003cbr\u003e Add `--cap-add=NET_ADMIN --device=/dev/net/tun` to the `docker run` to use OpenVPN. |\r\n| [Perl](https://www.perl.org/) | _Perl is a highly capable, feature-rich programming language with over 30 years of development._ |\r\n| [PHP](https://www.php.net/) | _The PHP scripting language._ |\r\n| [Proxychains](https://github.com/haad/proxychains) | _Redirects connections through SOCKS4a/5 or HTTP proxies._ |\r\n| [Python 3](https://www.python.org/) | _The Python programming language_ |\r\n| [Ruby](https://www.ruby-lang.org/) | _A dynamic, open source programming language with a focus on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write._ |\r\n| [smbclient](https://installlion.com/kali/kali/main/s/smbclient/install/index.html) | `smbclient \\\\192.168.0.45\\Media` |\r\n| [Tor](https://www.torproject.org/) | _Browse Privately._ |\r\n| [tmux](https://github.com/tmux/tmux/wiki) | _tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal._ \u003cbr\u003e`CNTR+b c` Create window \u003cbr\u003e`CNTR+b n` Switch to next window |\r\n| [unfurl](https://github.com/tomnomnom/unfurl) | _Pull out bits of URLs provided on stdin._ \u003cbr\u003e \u003ccode\u003ecat urls.txt \u0026#124; unfurl --unique domains\u003c/code\u003e |\r\n| [zsh](https://www.zsh.org/) | _Zsh is an extended Bourne shell with many improvements, including some features of Bash, ksh, and tcsh._ |\r\n\r\n\u003c!-- END --\u003e\r\n\r\n## Wordlists\r\n\r\n- Amass\r\n- Dirb\r\n- Kali's `rockyou.txt`\r\n- Metasploit\r\n- The Harvester\r\n- [SecLists](https://github.com/danielmiessler/SecLists)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcnamee%2Fhuntkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmcnamee%2Fhuntkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcnamee%2Fhuntkit/lists"}