Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hunters-org/hunter-kit

Hunter-Kit is a cross platform security toolkit and framework that can automate most of the pentesting engagement from the recon to reporting phase
https://github.com/hunters-org/hunter-kit

attacks autmation frameworks pentesting-tools reconnaissance security security-tools toolkit

Last synced: 3 months ago
JSON representation

Hunter-Kit is a cross platform security toolkit and framework that can automate most of the pentesting engagement from the recon to reporting phase

Host: GitHub
URL: https://github.com/hunters-org/hunter-kit
Owner: hunters-org
License: mit
Created: 2024-02-15T20:37:13.000Z (9 months ago)
Default Branch: main
Last Pushed: 2024-06-29T13:36:59.000Z (5 months ago)
Last Synced: 2024-07-13T01:40:02.492Z (4 months ago)
Topics: attacks, autmation, frameworks, pentesting-tools, reconnaissance, security, security-tools, toolkit
Language: TypeScript
Homepage:
Size: 939 KB
Stars: 4
Watchers: 1
Forks: 5
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

![image](https://github.com/hunters-org/hunter-kit/assets/88955610/99b0dd80-4bfe-4846-9da2-e5d94d2892d7)

# hunter-kit
**Hunter-kit** is a comprehensive security toolkit designed for cross-platform usage with a magnificent UI. It streamlines the process of pentesting engagements by providing an extensive set of features to assist security professionals in scanning Web App targets, identifying vulnerabilities, and reporting them efficiently.

## Features

### 1. Reconnaissance
- **Subdomain Enumeration**: Discover subdomains associated with the target domain.
- **Wayback URLs**: Retrieve URLs from the Wayback Machine to understand the history of the target.
- **Parameter Discovery**: Identify and list parameters used by the target application.
- **JavaScript Files**: Analyze JS files for further investigation.

### 2. Secret & Token Search
- **JS File Analysis**: Scan JavaScript files to identify any secrets, tokens, API keys, or hard-coded information.

### 3. Initial Attack Vectors
- **Injection Attacks**: Perform injection attacks like SQLi, XSS, and SSTI to test for vulnerabilities.
- **Subdomain Takeover**: Detect and report subdomain takeover vulnerabilities.
- **Admin Panel Discovery**: Locate admin panels and test for default credentials.

### 4. Vulnerability Scanning
- **Tech Stack Detection**: Identify technologies used by the web application efficiently.
- **Subdomain Takeover**: Check for potential subdomain takeover vulnerabilities.
- **Admin Panel and Default Credentials**: Locate admin panels and test for default credentials.
- **Additional Scans**: Various other vulnerability scanning capabilities.

### 5. Results and Reporting
- **Organized Results**: The toolkit organizes all results in a modern and reliable way, which is immensely helpful during the reporting phase.
- **Statistics**: Generate detailed statistics to provide a comprehensive overview of the findings.

# run the project

```bash
yarn install
```

make sure your deps in dir called `bin`

run the DepScript to download the scripts

```bash
python3 depScript.py
```

Run the Project locally

```bash
yarn start
```
## Contributing

Contributions are welcome! Please open an issue or submit a pull request if you have any suggestions, improvements, or bug reports.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## Acknowledgements

Special thanks to all the contributors and the open-source community for their valuable inputs and support.

---