Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/mcnamee/huntkit

Docker - Ubuntu with a bunch of PenTesting tools and wordlists
https://github.com/mcnamee/huntkit
docker penetration-testing pentest pentesting
Last synced: about 1 month ago
JSON representation
Docker - Ubuntu with a bunch of PenTesting tools and wordlists
Host: GitHub
URL: https://github.com/mcnamee/huntkit
Owner: mcnamee
License: mit
Created: 2020-06-16T10:05:37.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-03-12T09:20:31.000Z (6 months ago)
Last Synced: 2024-06-07T00:31:47.884Z (3 months ago)
Topics: docker, penetration-testing, pentest, pentesting
Language: Shell
Homepage: https://hub.docker.com/r/mcnamee/huntkit
Size: 216 KB
Stars: 204
Watchers: 5
Forks: 45
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project

awesome-hacking-lists - mcnamee/huntkit - Docker - Ubuntu with a bunch of PenTesting tools and wordlists (Shell)
README

        


  

  

  

  


  

    What is this?

      —  

    Instructions

      —  

    Tools

  

  




## What is this?

HuntKit is a collection of [penetration testing, bug bounty hunting, capture the flag, red teaming] tools in a single Docker image. Simply run the image and start using the tools.

__Why?__

I got sick of waiting for VitualBox to start, Kali to boot, then dealing with the slugish-ness of operating in a VM. I still use Kali for certain tasks. But for a quick nmap scan (for example), using this container is *a lot* quicker.

- The tool run very __quick__ (opposed to running inside a VM for example)

- Simpler to keep the tools __up to date__

- __Disposable__ - Something broken? Simply prune and start again

## Instructions

### Run from DockerHub

```bash

docker run -it mcnamee/huntkit

```

  Advanced usage

  ```bash

  # Advanced:

  # Line 2: maps ~/Loot to the Docker's /root/loot

  # Line 3: Allows OpenVPN usage

  # Line 4: Opens and maps port 4444 (for listeners such as Metasploit)

  # Line 5: Sets the machine's hostname to huntkit

  docker run -it \

    -v ~/Loot:/root/loot \

    --cap-add=NET_ADMIN --device=/dev/net/tun \

    -p 4444:4444 \

    -h huntkit \

    mcnamee/huntkit

  ```

  (Update) Pull the latest from Docker Hub

  ```bash

  docker pull mcnamee/huntkit

  ```

  Build it yourself

  ```bash

  # 1. Clone the repo

  git clone https://github.com/mcnamee/huntkit.git && cd huntkit

  # 2. Build the image

  docker build . -t mcnamee/huntkit

  ```

[![asciicast](https://asciinema.org/a/403549.svg)](https://asciinema.org/a/403549)

## Tools

### Recon

| Tool | Description & Example |

| --- | --- |

| [amass](https://github.com/OWASP/Amass) | _Network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques._ 
`amass enum -v -src -ip -brute -min-for-recursive 2 -d kali.org` |

| [brutespray](https://github.com/x90skysn3k/brutespray) | _Service scanner by bruteforcing._ 
`brutespray --file nmap.gnmap` |

| [cloudflair](https://github.com/christophetd/CloudFlair) | _CloudFlair is a tool to find origin servers of websites protected by CloudFlare who are publicly exposed and don't restrict network access to the CloudFlare IP ranges as they should._ 
 `export CENSYS_API_ID=... && export CENSYS_API_SECRET=...` 
 `cloudflair resound.ly` |

| [commix](https://github.com/commixproject/commix) | _Command injection exploiter - used to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks._ 
 `commix --url="http://192.168.0.23/commix-testbed/scenarios/referer/referer(classic).php" --level=3` |

| [dalfox](https://github.com/hahwul/dalfox) | _XSS Scanning and Parameter Analysis tool._ 
 `dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123 -b https://hahwul.xss.ht` |

| [dirb](https://tools.kali.org/web-applications/dirb) | _Looks for existing (and/or hidden) Web Objects, by launching a dictionary based attack against a web server and analyzing the response._ 
 `dirb https://kali.org $WORDLISTS/seclists/Discovery/Web-Content/CommonBackdoors-PHP.fuzz.txt` |

| [dnmasscan](https://github.com/rastating/dnmasscan) | _dnmasscan is a bash script to automate resolving a file of domain names and subsequentlly scanning them using masscan._ 
 `dnmasscan listofdomains.txt dns.log -p80,443 - oG masscan.log` |

| [dnsx](https://github.com/projectdiscovery/dnsx) | _Allows you to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers._ 
 cat domains.txt | dnsx |

| [ffuf](https://github.com/ffuf/ffuf) | _A fast web fuzzer._ 
 - `ffuf -w /path/to/postdata.txt -X POST -d "username=admin\&password=FUZZ" -u https://target/login.php -fc 401` |

| [gau](https://github.com/lc/gau) | _getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain._ 
 - `gau example.com` |

| [httpx](https://github.com/projectdiscovery/httpx) | _Take a list of domains and probe for working http and https servers._ 
 cat domains.txt | httpx |

| [linkfinder](https://github.com/GerbenJavado/LinkFinder) | _Discover endpoints and their parameters in JavaScript files._ 
 `linkfinder -i https://example.com -d -o cli` |

| [masscan](https://github.com/robertdavidgraham/masscan) | _An Internet-scale port scanner._ 
 `masscan -p1-65535 -iL listofips.txt --max-rate 1800 -oG masscan.log` |

| [meg](https://github.com/robertdavidgraham/masscan) | _A tool for fetching lots of URLs but still being 'nice' to servers._ 
 `meg paths.txt hosts.txt` |

| [nikto](https://tools.kali.org/information-gathering/nikto) | _Web server scanner which performs comprehensive tests against web servers for multiple items (dangerous files, outdated dependencies...)._ 
 `nikto -host=https://kali.org` |

| [nmap](https://nmap.org/) | _A utility for network discovery and security auditing_. 
 `nmap -sV 192.168.0.1` |

| [nuclei](https://github.com/projectdiscovery/nuclei) | _Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use._. 
 `nuclei -l urls.txt -t $ADDONS/nuclei/ADDONS/nuclei/technologies/ -o ~/projects/results.txt` |

| [pagodo](https://github.com/opsdisk/pagodo) | _Passive Google dork script to collect potentially vulnerable web pages and applications on the Internet._. 
 `pagodo -d $DOMAIN -g dorks/sensitive_directories.dorks -l 100 -s -e 35.0 -j 1.1` |

| [recon-ng](https://github.com/lanmaster53/recon-ng) | _Web-based open source reconnaissance framework._ 
 `recon-ng` |

| [sherlock](https://github.com/sherlock-project/sherlock) | _Hunt down social media accounts by username across social networks._ 
 `sherlock user1 user2 user3` |

| [subfinder](https://github.com/projectdiscovery/subfinder) | _Subdomain discovery tool to find valid subdomains for websites by using passive online sources._ 
 `subfinder -d kali.org -v` |

| [subjs](https://github.com/lc/subjs) | _Fetches javascript files from a list of URLS or subdomains. Analyzing javascript files can help you find undocumented endpoints, secrets, and more._ 
 cat urls.txt | subjs |

| [sublist3r](https://github.com/aboul3la/Sublist3r) | _Enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and more._ 
 `sublist3r -d kali.org` |

| [sqlmap](http://sqlmap.org/) | _Automates the process of detecting and exploiting SQL injection flaws and taking over of database servers_ 
 `sqlmap -u https://example.com --forms --crawl=10 --level=5 --risk=3` |

| [theharvester](https://tools.kali.org/information-gathering/theharvester) | _Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database._ 
 theharvester -d kali.org -b "bing, certspotter, dnsdumpster, dogpile, duckduckgo, google, hunter, linkedin, linkedin_links, twitter, yahoo" |

| [wafw00f](https://github.com/enablesecurity/wafw00f) | _Web Application Firewall Fingerprinting Tool._ 
 `wafw00f resound.ly` |

| [whatweb](https://github.com/urbanadventurer/WhatWeb) | _Scans websites and highlights the CMS used, JavaScript libraries, web servers, version numbers, email addresses, account IDs, web framework modules, SQL errors, and more._ 
 `whatweb kali.org` |

| [wpscan](https://github.com/wpscanteam/wpscan) | _WordPress Security Scanner._ 
 `wpscan --url kali.org` |

| [xsstrike](https://github.com/s0md3v/XSStrike) | _Advanced XSS Detection Suite._ 
 `xsstrike -u="http://192.168.0.115" --data="query"` |

### Exploitation

| Tool | Description & Example |

| --- | --- |

| [breach-parse](https://github.com/hmaverickadams/breach-parse) | _A tool for parsing breached passwords._
 `breach-parse @tesla.com tesla.txt "~/Downloads/BreachCompilation/data"` |

| [crunch](https://tools.kali.org/password-attacks/crunch) | _Wordlist generator where you can specify a standard character set or a character set you specify._ 
 `crunch 6 6 0123456789abcdef -o 6chars.txt` |

| [cupp](https://github.com/Mebus/cupp) | _Personal wordlist generator._ 
 `cupp -i` |

| [john](https://github.com/magnumripper/JohnTheRipper) | _John the Ripper is a fast password cracker._ 
 `zip2john filename.zip > hash.txt`
 `john hash.txt` |

| [jwttool](https://github.com/ticarpi/jwt_tool) | _A toolkit for validating, forging and cracking JWTs (JSON Web Tokens)._ 
 `jwttool eyJ0eXAiOiJ.eyJsb2dpbi.aqNCvShlN -A` |

| [metasploit](https://tools.kali.org/exploitation-tools/metasploit-framework) | _A penetration testing platform that enables you to find, exploit, and validate vulnerabilities.._ 
 `msfconsole` |

| [hydra](https://tools.kali.org/password-attacks/hydra) | hydra -f -l [email protected] -P $WORDLISTS/seclists/Passwords/darkweb2017-top1000.txt website.com http-post-form "/login:user=^USER^&pass=^PASS^:Failed" |

| [netcat](http://netcat.sourceforge.net/) | _A networking utility which reads and writes data across network connections, using the TCP/IP protocol._ 
 `nc -nvlp 1234` |

| [searchsploit](https://tools.kali.org/exploitation-tools/exploitdb) | _Searchable archive from The Exploit Database._ 
 `searchsploit oracle windows remote` |

| [setoolkit](https://www.trustedsec.com/tools/the-social-engineer-toolkit-set/) | _Social Engineering Toolkit._ 
 `setoolkit` |

### Other

| Tool | Description |

| --- | --- |

| FTP | _Connect to an FTP server._ 
 `ftp ftp.google.com` |

| [Go](https://golang.org/) | The Go programming language |

| [Interlace](https://github.com/codingo/Interlace) | _Easily turn single threaded command line applications into a fast, multi-threaded application._ 
 `interlace -tL targets.txt -threads 5 -c "gobuster dns -d _target_ -w wordlist.txt --noprogress --quiet >> _target_.txt" -v` |

| [NodeJS](https://nodejs.org/) | _Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine._ |

| [Oh My Zsh](https://ohmyz.sh/) | _Zsh is a framework for managing your zsh configuration, bundled with thousands of helpful functions, helpers, plugins, themes._ |

| [OpenVPN](https://openvpn.net/) | _Connect to a VPN._ 
 Add `--cap-add=NET_ADMIN --device=/dev/net/tun` to the `docker run` to use OpenVPN. |

| [Perl](https://www.perl.org/) | _Perl is a highly capable, feature-rich programming language with over 30 years of development._ |

| [PHP](https://www.php.net/) | _The PHP scripting language._ |

| [Proxychains](https://github.com/haad/proxychains) | _Redirects connections through SOCKS4a/5 or HTTP proxies._ |

| [Python 3](https://www.python.org/) | _The Python programming language_ |

| [Ruby](https://www.ruby-lang.org/) | _A dynamic, open source programming language with a focus on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write._ |

| [smbclient](https://installlion.com/kali/kali/main/s/smbclient/install/index.html) | `smbclient \\192.168.0.45\Media` |

| [Tor](https://www.torproject.org/) | _Browse Privately._ |

| [tmux](https://github.com/tmux/tmux/wiki) | _tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal._ 
`CNTR+b c` Create window 
`CNTR+b n` Switch to next window |

| [unfurl](https://github.com/tomnomnom/unfurl) | _Pull out bits of URLs provided on stdin._ 
 cat urls.txt | unfurl --unique domains |

| [zsh](https://www.zsh.org/) | _Zsh is an extended Bourne shell with many improvements, including some features of Bash, ksh, and tcsh._ |

## Wordlists

- Amass

- Dirb

- Kali's `rockyou.txt`

- Metasploit

- The Harvester

- [SecLists](https://github.com/danielmiessler/SecLists)