From a46f01005b6905c8ec058777ba027ebf961a53cf Mon Sep 17 00:00:00 2001 From: Hardik Zinzuvadiya <25708027+Z4nzu@users.noreply.github.com> Date: Sun, 15 Mar 2026 13:54:03 +0530 Subject: [PATCH] Phase 1+2: Fix all 30 critical bugs and 4 security vulnerabilities --- Dockerfile | 20 +- core.py | 326 ++++++++++++++++++--------- docker-compose.yml | 11 +- tools/anonsurf.py | 99 ++------ tools/ddos.py | 191 +++++----------- tools/exploit_frameworks.py | 9 +- tools/information_gathering_tools.py | 33 ++- tools/other_tools.py | 11 +- tools/others/android_attack.py | 5 +- tools/others/mix_tools.py | 29 ++- tools/others/socialmedia.py | 30 ++- tools/others/socialmedia_finder.py | 11 +- tools/payload_creator.py | 150 ++++-------- tools/phising_attack.py | 231 +++++++------------ tools/remote_administration.py | 13 +- tools/reverse_engineering.py | 7 +- tools/sql_tools.py | 10 +- tools/wireless_attack_tools.py | 187 ++++++--------- tools/wordlist_generator.py | 4 +- 19 files changed, 586 insertions(+), 791 deletions(-) diff --git a/Dockerfile b/Dockerfile index f7b0f2b..bf5d54d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,20 @@ FROM kalilinux/kali-rolling:latest + RUN apt-get update && \ - apt-get install -y git python3-pip figlet sudo && \ - apt-get install -y boxes php curl xdotool wget + apt-get install -y --no-install-recommends \ + git python3-pip python3-venv sudo curl wget php && \ + rm -rf /var/lib/apt/lists/* WORKDIR /root/hackingtool COPY requirements.txt ./ -RUN pip3 install --no-cache-dir boxes flask lolcat requests -r requirements.txt + +# Bug 21 fix: boxes/lolcat/flask are NOT pip packages — removed +RUN pip3 install --no-cache-dir -r requirements.txt + COPY . . -RUN true && echo "/root/hackingtool/" > /home/hackingtoolpath.txt; -EXPOSE 1-65535 -ENTRYPOINT ["python3", "/root/hackingtool/hackingtool.py"] \ No newline at end of file + +# Bug 20 fix: path file must be in /root/ not /home/ (running as root in Docker) +RUN mkdir -p /root/.hackingtool/tools + +# Vuln 3 fix: removed EXPOSE 1-65535 — this tool is a CLI, not a server +ENTRYPOINT ["python3", "/root/hackingtool/hackingtool.py"] diff --git a/core.py b/core.py index 9fb68ee..def583f 100644 --- a/core.py +++ b/core.py @@ -1,20 +1,37 @@ -from rich.console import Console -from rich.panel import Panel -from rich.table import Table -from rich import box -from rich.traceback import install -from rich.theme import Theme - import os import sys import webbrowser +from collections.abc import Callable from platform import system -from traceback import print_exc -from typing import Callable, List, Tuple -# Enable rich tracebacks +from rich import box +from rich.console import Console +from rich.panel import Panel +from rich.prompt import Prompt +from rich.table import Table +from rich.theme import Theme +from rich.traceback import install + +from constants import ( + THEME_PRIMARY, THEME_BORDER, THEME_ACCENT, + THEME_SUCCESS, THEME_ERROR, THEME_WARNING, + THEME_DIM, THEME_ARCHIVED, THEME_URL, +) + +# Enable rich tracebacks globally install() -_theme = Theme({"purple": "#7B61FF"}) + +_theme = Theme({ + "purple": "#7B61FF", + "success": THEME_SUCCESS, + "error": THEME_ERROR, + "warning": THEME_WARNING, + "archived": THEME_ARCHIVED, + "url": THEME_URL, + "dim": THEME_DIM, +}) + +# Single shared console — all tool files do: from core import console console = Console(theme=_theme) @@ -22,95 +39,118 @@ def clear_screen(): os.system("cls" if system() == "Windows" else "clear") -def validate_input(ip, val_range): - val_range = val_range or [] +def validate_input(ip, val_range: list) -> int | None: + """Return the integer if it is in val_range, else None.""" + if not val_range: + return None try: ip = int(ip) if ip in val_range: return ip - except Exception: - return None + except (TypeError, ValueError): + pass return None -class HackingTool(object): - TITLE: str = "" - DESCRIPTION: str = "" - INSTALL_COMMANDS: List[str] = [] - INSTALLATION_DIR: str = "" - UNINSTALL_COMMANDS: List[str] = [] - RUN_COMMANDS: List[str] = [] - OPTIONS: List[Tuple[str, Callable]] = [] - PROJECT_URL: str = "" +class HackingTool: + TITLE: str = "" + DESCRIPTION: str = "" + INSTALL_COMMANDS: list[str] = [] + UNINSTALL_COMMANDS: list[str] = [] + RUN_COMMANDS: list[str] = [] + OPTIONS: list[tuple[str, Callable]] = [] + PROJECT_URL: str = "" + + # OS / capability metadata + SUPPORTED_OS: list[str] = ["linux", "macos"] + REQUIRES_ROOT: bool = False + REQUIRES_WIFI: bool = False + REQUIRES_GO: bool = False + REQUIRES_RUBY: bool = False + REQUIRES_JAVA: bool = False + REQUIRES_DOCKER: bool = False + + # Archived tool flags + ARCHIVED: bool = False + ARCHIVED_REASON: str = "" def __init__(self, options=None, installable=True, runnable=True): options = options or [] - if isinstance(options, list): - self.OPTIONS = [] - if installable: - self.OPTIONS.append(("Install", self.install)) - if runnable: - self.OPTIONS.append(("Run", self.run)) - self.OPTIONS.extend(options) - else: - raise Exception("options must be a list of (option_name, option_fn) tuples") + if not isinstance(options, list): + raise TypeError("options must be a list of (option_name, option_fn) tuples") + self.OPTIONS = [] + if installable: + self.OPTIONS.append(("Install", self.install)) + if runnable: + self.OPTIONS.append(("Run", self.run)) + self.OPTIONS.extend(options) def show_info(self): desc = f"[cyan]{self.DESCRIPTION}[/cyan]" if self.PROJECT_URL: - desc += f"\n[green]🔗 {self.PROJECT_URL}[/green]" - console.print(Panel(desc, title=f"[bold purple]{self.TITLE}[/bold purple]", border_style="purple", box=box.DOUBLE)) + desc += f"\n[url]🔗 {self.PROJECT_URL}[/url]" + if self.ARCHIVED: + desc += f"\n[archived]⚠ ARCHIVED: {self.ARCHIVED_REASON}[/archived]" + console.print(Panel( + desc, + title=f"[{THEME_PRIMARY}]{self.TITLE}[/{THEME_PRIMARY}]", + border_style="purple", + box=box.DOUBLE, + )) def show_options(self, parent=None): - clear_screen() - self.show_info() + """Iterative menu loop — no recursion, no stack growth.""" + while True: + clear_screen() + self.show_info() - table = Table(title="Options", box=box.SIMPLE_HEAVY) - table.add_column("No.", style="bold cyan", justify="center") - table.add_column("Action", style="bold yellow") + table = Table(title="Options", box=box.SIMPLE_HEAVY) + table.add_column("No.", style="bold cyan", justify="center") + table.add_column("Action", style="bold yellow") - for index, option in enumerate(self.OPTIONS): - table.add_row(str(index + 1), option[0]) + for index, option in enumerate(self.OPTIONS): + table.add_row(str(index + 1), option[0]) - if self.PROJECT_URL: - table.add_row("98", "Open Project Page") - table.add_row("99", f"Back to {parent.TITLE if parent else 'Exit'}") + if self.PROJECT_URL: + table.add_row("98", "Open Project Page") + table.add_row("99", f"Back to {parent.TITLE if parent else 'Exit'}") + console.print(table) - console.print(table) + raw = Prompt.ask("\n[bold cyan][?] Select an option[/bold cyan]", default="99") + try: + choice = int(raw) + except ValueError: + console.print("[error]⚠ Please enter a number.[/error]") + Prompt.ask("[dim]Press Enter to continue[/dim]", default="") + continue - option_index = input("\n[?] Select an option: ").strip() - try: - option_index = int(option_index) - if option_index - 1 in range(len(self.OPTIONS)): - ret_code = self.OPTIONS[option_index - 1][1]() - if ret_code != 99: - input("\nPress [Enter] to continue...") - elif option_index == 98: - self.show_project_page() - elif option_index == 99: + if choice == 99: if parent is None: sys.exit() return 99 - except (TypeError, ValueError): - console.print("[red]⚠ Please enter a valid option.[/red]") - input("\nPress [Enter] to continue...") - except Exception: - console.print_exception(show_locals=True) - input("\nPress [Enter] to continue...") - return self.show_options(parent=parent) + elif choice == 98 and self.PROJECT_URL: + self.show_project_page() + elif 1 <= choice <= len(self.OPTIONS): + try: + self.OPTIONS[choice - 1][1]() + except Exception: + console.print_exception(show_locals=True) + Prompt.ask("[dim]Press Enter to continue[/dim]", default="") + else: + console.print("[error]⚠ Invalid option.[/error]") def before_install(self): pass def install(self): self.before_install() if isinstance(self.INSTALL_COMMANDS, (list, tuple)): - for INSTALL_COMMAND in self.INSTALL_COMMANDS: - console.print(f"[yellow]→ {INSTALL_COMMAND}[/yellow]") - os.system(INSTALL_COMMAND) - self.after_install() + for cmd in self.INSTALL_COMMANDS: + console.print(f"[warning]→ {cmd}[/warning]") + os.system(cmd) + self.after_install() def after_install(self): - console.print("[green]✔ Successfully installed![/green]") + console.print("[success]✔ Successfully installed![/success]") def before_uninstall(self) -> bool: return True @@ -118,10 +158,10 @@ class HackingTool(object): def uninstall(self): if self.before_uninstall(): if isinstance(self.UNINSTALL_COMMANDS, (list, tuple)): - for UNINSTALL_COMMAND in self.UNINSTALL_COMMANDS: - console.print(f"[red]→ {UNINSTALL_COMMAND}[/red]") - os.system(UNINSTALL_COMMAND) - self.after_uninstall() + for cmd in self.UNINSTALL_COMMANDS: + console.print(f"[error]→ {cmd}[/error]") + os.system(cmd) + self.after_uninstall() def after_uninstall(self): pass @@ -130,63 +170,129 @@ class HackingTool(object): def run(self): self.before_run() if isinstance(self.RUN_COMMANDS, (list, tuple)): - for RUN_COMMAND in self.RUN_COMMANDS: - console.print(f"[cyan]⚙ Running:[/cyan] [bold]{RUN_COMMAND}[/bold]") - os.system(RUN_COMMAND) - self.after_run() + for cmd in self.RUN_COMMANDS: + console.print(f"[cyan]⚙ Running:[/cyan] [bold]{cmd}[/bold]") + os.system(cmd) + self.after_run() def after_run(self): pass - def is_installed(self, dir_to_check=None): - console.print("[yellow]⚠ Unimplemented: DO NOT USE[/yellow]") - return "?" - def show_project_page(self): - console.print(f"[blue]🌐 Opening project page: {self.PROJECT_URL}[/blue]") + console.print(f"[url]🌐 Opening: {self.PROJECT_URL}[/url]") webbrowser.open_new_tab(self.PROJECT_URL) -class HackingToolsCollection(object): - TITLE: str = "" +class HackingToolsCollection: + TITLE: str = "" DESCRIPTION: str = "" - TOOLS: List = [] + TOOLS: list = [] def __init__(self): pass def show_info(self): - console.rule(f"[bold purple]{self.TITLE}[/bold purple]", style="purple") - console.print(f"[italic cyan]{self.DESCRIPTION}[/italic cyan]\n") + console.rule(f"[{THEME_PRIMARY}]{self.TITLE}[/{THEME_PRIMARY}]", style="purple") + if self.DESCRIPTION: + console.print(f"[italic cyan]{self.DESCRIPTION}[/italic cyan]\n") + + def _active_tools(self) -> list: + """Return tools that are not archived and are OS-compatible.""" + from os_detect import CURRENT_OS + return [ + t for t in self.TOOLS + if not getattr(t, "ARCHIVED", False) + and CURRENT_OS.system in getattr(t, "SUPPORTED_OS", ["linux", "macos"]) + ] + + def _archived_tools(self) -> list: + return [t for t in self.TOOLS if getattr(t, "ARCHIVED", False)] + + def _incompatible_tools(self) -> list: + from os_detect import CURRENT_OS + return [ + t for t in self.TOOLS + if not getattr(t, "ARCHIVED", False) + and CURRENT_OS.system not in getattr(t, "SUPPORTED_OS", ["linux", "macos"]) + ] + + def _show_archived_tools(self): + """Show archived tools sub-menu (option 98).""" + archived = self._archived_tools() + if not archived: + console.print("[dim]No archived tools in this category.[/dim]") + Prompt.ask("[dim]Press Enter to return[/dim]", default="") + return + + while True: + clear_screen() + console.rule(f"[archived]Archived Tools — {self.TITLE}[/archived]", style="yellow") + + table = Table(box=box.MINIMAL_DOUBLE_HEAD, show_lines=True) + table.add_column("No.", justify="center", style="bold yellow") + table.add_column("Tool", style="dim yellow") + table.add_column("Reason", style="dim white") + + for i, tool in enumerate(archived): + reason = getattr(tool, "ARCHIVED_REASON", "No reason given") + table.add_row(str(i + 1), tool.TITLE, reason) + + table.add_row("99", "Back", "") + console.print(table) + + raw = Prompt.ask("[bold yellow][?] Select[/bold yellow]", default="99") + try: + choice = int(raw) + except ValueError: + continue + + if choice == 99: + return + elif 1 <= choice <= len(archived): + archived[choice - 1].show_options(parent=self) def show_options(self, parent=None): - clear_screen() - self.show_info() + """Iterative menu loop — no recursion, no stack growth.""" + while True: + clear_screen() + self.show_info() - table = Table(title="Available Tools", box=box.MINIMAL_DOUBLE_HEAD) - table.add_column("No.", justify="center", style="bold cyan") - table.add_column("Tool Name", style="bold yellow") + active = self._active_tools() + incompatible = self._incompatible_tools() + archived = self._archived_tools() - for index, tool in enumerate(self.TOOLS): - table.add_row(str(index), tool.TITLE) + table = Table(title="Available Tools", box=box.MINIMAL_DOUBLE_HEAD) + table.add_column("No.", justify="center", style="bold cyan") + table.add_column("Tool", style="bold yellow") - table.add_row("99", f"Back to {parent.TITLE if parent else 'Exit'}") - console.print(table) + for index, tool in enumerate(active): + table.add_row(str(index), tool.TITLE) - tool_index = input("\n[?] Choose a tool: ").strip() - try: - tool_index = int(tool_index) - if tool_index in range(len(self.TOOLS)): - ret_code = self.TOOLS[tool_index].show_options(parent=self) - if ret_code != 99: - input("\nPress [Enter] to continue...") - elif tool_index == 99: + if archived: + table.add_row("[dim]98[/dim]", f"[archived]Archived tools ({len(archived)})[/archived]") + if incompatible: + console.print(f"[dim]({len(incompatible)} tools hidden — not supported on current OS)[/dim]") + + table.add_row("99", f"Back to {parent.TITLE if parent else 'Exit'}") + console.print(table) + + raw = Prompt.ask("\n[bold cyan][?] Choose a tool[/bold cyan]", default="99") + try: + choice = int(raw) + except ValueError: + console.print("[error]⚠ Please enter a number.[/error]") + continue + + if choice == 99: if parent is None: sys.exit() return 99 - except (TypeError, ValueError): - console.print("[red]⚠ Please enter a valid option.[/red]") - input("\nPress [Enter] to continue...") - except Exception: - console.print_exception(show_locals=True) - input("\nPress [Enter] to continue...") - return self.show_options(parent=parent) + elif choice == 98 and archived: + self._show_archived_tools() + elif 0 <= choice < len(active): + try: + ret = active[choice].show_options(parent=self) + except Exception: + console.print_exception(show_locals=True) + Prompt.ask("[dim]Press Enter to continue[/dim]", default="") + else: + console.print("[error]⚠ Invalid option.[/error]") diff --git a/docker-compose.yml b/docker-compose.yml index 301548b..fe45210 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,16 @@ version: "3.9" services: hackingtool: - image: vgpastor/hackingtool + # Bug 23 fix: was using external unverified image vgpastor/hackingtool + # Now builds from local Dockerfile — no third-party trust required + build: . container_name: hackingtool stdin_open: true tty: true volumes: - .:/root/hackingtool - ports: - - 22:22 \ No newline at end of file + - hackingtool_data:/root/.hackingtool + # Bug 22 fix: removed port 22:22 — this is a CLI tool, SSH exposure is unnecessary + +volumes: + hackingtool_data: diff --git a/tools/anonsurf.py b/tools/anonsurf.py index 93884db..ee49ffc 100644 --- a/tools/anonsurf.py +++ b/tools/anonsurf.py @@ -1,129 +1,58 @@ -# coding=utf-8 import os -from rich.console import Console -from rich.panel import Panel -from rich.prompt import Prompt -from rich.text import Text -from rich.table import Table - -from core import HackingTool -from core import HackingToolsCollection - -console = Console() -P_COLOR = "magenta" +from core import HackingTool, HackingToolsCollection, console class AnonymouslySurf(HackingTool): TITLE = "Anonymously Surf" DESCRIPTION = ( - "It automatically overwrites the RAM when\n" - "the system is shutting down and also change Ip." + "It automatically overwrites the RAM when the system shuts down\n" + "and also changes your IP address." ) + # Bug 28 fix: was "cd kali-anonsurf && ./installer.sh && cd .. && sudo rm -r kali-anonsurf" + # Deleting the source on install means there is no retry if install fails. + # Now kept in a separate step so failure does not destroy the source. INSTALL_COMMANDS = [ "sudo git clone https://github.com/Und3rf10w/kali-anonsurf.git", - "cd kali-anonsurf && sudo ./installer.sh && cd .. && sudo rm -r kali-anonsurf", + "cd kali-anonsurf && sudo ./installer.sh", ] RUN_COMMANDS = ["sudo anonsurf start"] PROJECT_URL = "https://github.com/Und3rf10w/kali-anonsurf" + SUPPORTED_OS = ["linux"] def __init__(self): - super(AnonymouslySurf, self).__init__([("Stop", self.stop)]) + super().__init__([("Stop", self.stop)]) def stop(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=f"bold {P_COLOR}")) - console.print("Stopping Anonsurf...", style=f"bold {P_COLOR}") + console.print("[bold magenta]Stopping Anonsurf...[/bold magenta]") os.system("sudo anonsurf stop") class Multitor(HackingTool): TITLE = "Multitor" - DESCRIPTION = "How to stay in multi places at the same time" + DESCRIPTION = "How to stay in multi places at the same time." INSTALL_COMMANDS = [ "sudo git clone https://github.com/trimstray/multitor.git", - "cd multitor;sudo bash setup.sh install", + "cd multitor && sudo bash setup.sh install", ] RUN_COMMANDS = [ "multitor --init 2 --user debian-tor --socks-port 9000 --control-port 9900 --proxy privoxy --haproxy" ] PROJECT_URL = "https://github.com/trimstray/multitor" + SUPPORTED_OS = ["linux"] def __init__(self): - # keep original behavior (non-runnable) while still initializing - super(Multitor, self).__init__(runnable=False) + super().__init__(runnable=False) class AnonSurfTools(HackingToolsCollection): TITLE = "Anonymously Hiding Tools" - DESCRIPTION = "" TOOLS = [ AnonymouslySurf(), Multitor(), ] - def _get_attr(self, obj, *names, default=""): - for n in names: - if hasattr(obj, n): - return getattr(obj, n) - return default - - def pretty_print(self): - table = Table(title="Anonymously Hiding Tools", show_lines=True, expand=True) - table.add_column("Title", style="magenta", no_wrap=True) - table.add_column("Description", style="magenta") - table.add_column("Project URL", style="magenta", no_wrap=True) - - for t in self.TOOLS: - title = self._get_attr(t, "TITLE", "Title", "title", default=t.__class__.__name__) - desc = self._get_attr(t, "DESCRIPTION", "Description", "description", default="") - url = self._get_attr(t, "PROJECT_URL", "PROJECT_URL", "PROJECT", "project_url", "projectUrl", default="") - table.add_row(str(title), str(desc).strip().replace("\n", " "), str(url)) - - panel = Panel(table, title=f"[{P_COLOR}]Available Tools[/ {P_COLOR}]", border_style=P_COLOR) - console.print(panel) - - def show_options(self, parent=None): - console.print("\n") - console.print(Panel.fit( - "[bold magenta]Anonymously Hiding Tools Collection[/bold magenta]\n" - "Select a tool to view options or run it.", - border_style=P_COLOR - )) - - table = Table(title="[bold cyan]Available Tools[/bold cyan]", show_lines=True, expand=True) - table.add_column("Index", justify="center", style="bold yellow") - table.add_column("Tool Name", justify="left", style="bold green") - table.add_column("Description", justify="left", style="white") - - for i, tool in enumerate(self.TOOLS): - title = self._get_attr(tool, "TITLE", "Title", "title", default=tool.__class__.__name__) - desc = self._get_attr(tool, "DESCRIPTION", "Description", "description", default="—") - table.add_row(str(i + 1), title, desc or "—") - - table.add_row("[red]99[/red]", "[bold red]Exit[/bold red]", "Return to previous menu") - console.print(table) - - try: - choice = Prompt.ask("[bold cyan]Select a tool to run[/bold cyan]", default="99") - choice = int(choice) - if 1 <= choice <= len(self.TOOLS): - selected = self.TOOLS[choice - 1] - # delegate if collection-style interface exists - if hasattr(selected, "show_options"): - selected.show_options(parent=self) - # otherwise, if the tool has actions or a run method, prefer those - elif hasattr(selected, "run"): - selected.run() - else: - console.print("[bold yellow]Selected tool has no runnable interface.[/bold yellow]") - elif choice == 99: - return 99 - except Exception: - console.print("[bold red]Invalid choice. Try again.[/bold red]") - return self.show_options(parent=parent) - if __name__ == "__main__": tools = AnonSurfTools() - tools.pretty_print() tools.show_options() diff --git a/tools/ddos.py b/tools/ddos.py index b8a1bbc..6950ba7 100644 --- a/tools/ddos.py +++ b/tools/ddos.py @@ -1,109 +1,87 @@ -# coding=utf-8 -import os import subprocess -from rich.console import Console from rich.prompt import Prompt -from rich.panel import Panel -from rich.text import Text -from rich.table import Table -from core import HackingTool -from core import HackingToolsCollection - -console = Console() -P_COLOR = "magenta" # primary purple/magenta theme for styling +from core import HackingTool, HackingToolsCollection, console class ddos(HackingTool): TITLE = "ddos" DESCRIPTION = ( - "Best DDoS Attack Script With 36 Plus Methods." - "DDoS attacks\n\b " - "for SECURITY TESTING PURPOSES ONLY! " + "Best DDoS Attack Script With 36 Plus Methods. " + "DDoS attacks for SECURITY TESTING PURPOSES ONLY!" ) - INSTALL_COMMANDS = [ "git clone https://github.com/the-deepnet/ddos.git", - "cd ddos;sudo pip3 install -r requirements.txt", + "cd ddos && sudo pip3 install -r requirements.txt", ] - PROJECT_URL = "https://github.com/the-deepnet/ddos.git" + PROJECT_URL = "https://github.com/the-deepnet/ddos" def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=f"bold {P_COLOR}")) - method = Prompt.ask("Enter Method >>") - url = Prompt.ask("Enter URL >>") - threads = Prompt.ask("Enter Threads >>") - proxylist = Prompt.ask("Enter ProxyList >>") - multiple = Prompt.ask("Enter Multiple >>") - timer = Prompt.ask("Enter Timer >>") - os.system("cd ddos;") + from config import get_tools_dir + method = Prompt.ask("Enter Method") + url = Prompt.ask("Enter URL") + threads = Prompt.ask("Enter Threads") + proxylist = Prompt.ask("Enter ProxyList") + multiple = Prompt.ask("Enter Multiple") + timer = Prompt.ask("Enter Timer") + # Bug 4 fix: removed os.system("cd ddos;") — use cwd= instead subprocess.run( - [ - "sudo", - "python3 ddos", - method, - url, - "socks_type5.4.1", - threads, - proxylist, - multiple, - timer, - ] + ["sudo", "python3", "ddos.py", method, url, + "socks_type5.4.1", threads, proxylist, multiple, timer], + cwd=str(get_tools_dir() / "ddos"), ) class SlowLoris(HackingTool): TITLE = "SlowLoris" DESCRIPTION = ( - "Slowloris is basically an HTTP Denial of Service attack." - "It send lots of HTTP Request" + "Slowloris is basically an HTTP Denial of Service attack. " + "It sends lots of HTTP requests." ) INSTALL_COMMANDS = ["sudo pip3 install slowloris"] def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=f"bold {P_COLOR}")) - target_site = Prompt.ask("Enter Target Site:-") + target_site = Prompt.ask("Enter Target Site") subprocess.run(["slowloris", target_site]) class Asyncrone(HackingTool): TITLE = "Asyncrone | Multifunction SYN Flood DDoS Weapon" DESCRIPTION = ( - "aSYNcrone is a C language based, mulltifunction SYN Flood " - "DDoS Weapon.\nDisable the destination system by sending a " - "SYN packet intensively to the destination." + "aSYNcrone is a C language based, multifunction SYN Flood DDoS Weapon.\n" + "Disable the destination system by sending SYN packets intensively." ) INSTALL_COMMANDS = [ "git clone https://github.com/fatih4842/aSYNcrone.git", - "cd aSYNcrone;sudo gcc aSYNcrone.c -o aSYNcrone -lpthread", + "cd aSYNcrone && sudo gcc aSYNcrone.c -o aSYNcrone -lpthread", ] PROJECT_URL = "https://github.com/fatihsnsy/aSYNcrone" def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=f"bold {P_COLOR}")) - source_port = Prompt.ask("Enter Source Port >>") - target_ip = Prompt.ask("Enter Target IP >>") - target_port = Prompt.ask("Enter Target port >>") - os.system("cd aSYNcrone;") + from config import get_tools_dir + source_port = Prompt.ask("Enter Source Port") + target_ip = Prompt.ask("Enter Target IP") + target_port = Prompt.ask("Enter Target Port") + # Bug 5 fix: 1000 was int — subprocess requires all args str + # Bug 4 fix: removed os.system("cd aSYNcrone;") — use cwd= instead subprocess.run( - ["sudo", "./aSYNcrone", source_port, target_ip, target_port, 1000] + ["sudo", "./aSYNcrone", str(source_port), str(target_ip), str(target_port), "1000"], + cwd=str(get_tools_dir() / "aSYNcrone"), ) class UFONet(HackingTool): TITLE = "UFOnet" DESCRIPTION = ( - "UFONet - is a free software, P2P and cryptographic " - "-disruptive \n toolkit- that allows to perform DoS and " - "DDoS attacks\n\b " - "More Usage Visit" + "UFONet is a free software, P2P and cryptographic disruptive toolkit " + "that allows performing DoS and DDoS attacks." ) INSTALL_COMMANDS = [ "sudo git clone https://github.com/epsylon/ufonet.git", - "cd ufonet;sudo python3 setup.py install;sudo pip3 install GeoIP;sudo pip3 install python-geoip;sudo pip3 install pygeoip;sudo pip3 install requests;sudo pip3 install pycrypto;sudo pip3 install pycurl;sudo pip3 install whois;sudo pip3 install scapy-python3", + "cd ufonet && pip install --user .", ] - RUN_COMMANDS = ["sudo python3 ufonet --gui"] + RUN_COMMANDS = ["python3 ufonet --gui"] PROJECT_URL = "https://github.com/epsylon/ufonet" @@ -111,108 +89,49 @@ class GoldenEye(HackingTool): TITLE = "GoldenEye" DESCRIPTION = ( "GoldenEye is a python3 app for SECURITY TESTING PURPOSES ONLY!\n" - "GoldenEye is a HTTP DoS Test Tool." + "GoldenEye is a HTTP DoS Test Tool.\n" + "Usage: ./goldeneye.py [OPTIONS]" ) INSTALL_COMMANDS = [ - "sudo git clone https://github.com/jseidl/GoldenEye.git;" - "chmod -R 755 GoldenEye" + "sudo git clone https://github.com/jseidl/GoldenEye.git", + "chmod -R 755 GoldenEye", ] PROJECT_URL = "https://github.com/jseidl/GoldenEye" def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=f"bold {P_COLOR}")) - os.system("cd GoldenEye ;sudo ./goldeneye.py") - console.print("Go to Directory\n[*] USAGE: ./goldeneye.py [OPTIONS]") + from config import get_tools_dir + # Bug 4 fix: removed os.system("cd GoldenEye; ...") — no-op cd subshell + url = Prompt.ask("Enter target URL") + subprocess.run(["sudo", "./goldeneye.py", url], + cwd=str(get_tools_dir() / "GoldenEye")) class Saphyra(HackingTool): TITLE = "SaphyraDDoS" - DESCRIPTION = "A complex python code to DDoS any website with a very easy usage.!\n" + DESCRIPTION = "A Python DDoS script for SECURITY TESTING PURPOSES ONLY." INSTALL_COMMANDS = [ - "sudo su", - "git clone https://github.com/anonymous24x7/Saphyra-DDoS.git", - "cd Saphyra-DDoS", - "chmod +x saphyra.py", - "python saphyra.py", + # Bug 7 fix: removed "sudo su" (first step was dropping into interactive root shell) + "sudo git clone https://github.com/anonymous24x7/Saphyra-DDoS.git", + "chmod +x Saphyra-DDoS/saphyra.py", ] PROJECT_URL = "https://github.com/anonymous24x7/Saphyra-DDoS" def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=f"bold {P_COLOR}")) - url = Prompt.ask("Enter url>>>") - try: - os.system("python saphyra.py " + url) - except Exception: - console.print("Enter a valid url.", style="bold red") + from config import get_tools_dir + url = Prompt.ask("Enter URL") + # Vuln 1 fix: was os.system("python saphyra.py " + url) — command injection + # Now uses subprocess list form — url is never interpolated into a shell string + subprocess.run( + ["python3", "saphyra.py", url], + cwd=str(get_tools_dir() / "Saphyra-DDoS"), + ) class DDOSTools(HackingToolsCollection): TITLE = "DDOS Attack Tools" TOOLS = [SlowLoris(), Asyncrone(), UFONet(), GoldenEye(), Saphyra()] - def _get_attr(self, obj, *names, default=""): - for n in names: - if hasattr(obj, n): - return getattr(obj, n) - return default - - def pretty_print(self): - table = Table(title="DDOS Attack Tools", show_lines=True, expand=True) - table.add_column("Title", style="magenta", no_wrap=True) - table.add_column("Description", style="magenta") - table.add_column("Project URL", style="magenta", no_wrap=True) - - for t in self.TOOLS: - title = self._get_attr(t, "TITLE", "Title", "title", default=t.__class__.__name__) - desc = self._get_attr(t, "DESCRIPTION", "Description", "description", default="") - url = self._get_attr(t, "PROJECT_URL", "PROJECT_URL", "PROJECT", "project_url", "projectUrl", default="") - table.add_row(str(title), str(desc).strip().replace("\n", " "), str(url)) - - panel = Panel(table, title=f"[{P_COLOR}]Available Tools[/ {P_COLOR}]", border_style=P_COLOR) - console.print(panel) - - def show_options(self, parent=None): - console.print("\n") - console.print(Panel.fit( - "[bold magenta]DDOS Attack Tools Collection[/bold magenta]\n" - "Select a tool to view options or run it.", - border_style=P_COLOR - )) - - table = Table(title="[bold cyan]Available Tools[/bold cyan]", show_lines=True, expand=True) - table.add_column("Index", justify="center", style="bold yellow") - table.add_column("Tool Name", justify="left", style="bold green") - table.add_column("Description", justify="left", style="white") - - for i, tool in enumerate(self.TOOLS): - title = self._get_attr(tool, "TITLE", "Title", "title", default=tool.__class__.__name__) - desc = self._get_attr(tool, "DESCRIPTION", "Description", "description", default="—") - table.add_row(str(i + 1), title, desc or "—") - - table.add_row("[red]99[/red]", "[bold red]Exit[/bold red]", "Return to previous menu") - console.print(table) - - try: - choice = Prompt.ask("[bold cyan]Select a tool to run[/bold cyan]", default="99") - choice = int(choice) - if 1 <= choice <= len(self.TOOLS): - selected = self.TOOLS[choice - 1] - # If tool exposes show_options (collection-style), delegate to it - if hasattr(selected, "show_options"): - selected.show_options(parent=self) - # Otherwise, if runnable, call its run method - elif hasattr(selected, "run"): - selected.run() - else: - console.print("[bold yellow]Selected tool has no runnable interface.[/bold yellow]") - elif choice == 99: - return 99 - except Exception: - console.print("[bold red]Invalid choice. Try again.[/bold red]") - return self.show_options(parent=parent) - if __name__ == "__main__": tools = DDOSTools() - tools.pretty_print() tools.show_options() diff --git a/tools/exploit_frameworks.py b/tools/exploit_frameworks.py index 22f4fe7..87a4a07 100644 --- a/tools/exploit_frameworks.py +++ b/tools/exploit_frameworks.py @@ -45,13 +45,16 @@ class Commix(HackingTool): "attacks.\n Usage: python commix.py [option(s)]" INSTALL_COMMANDS = [ "git clone https://github.com/commixproject/commix.git commix", - "cd commix;sudo python setup.py install" + # Bug 26 fix: was "sudo python setup.py install" (Python 2) + "cd commix && pip install --user .", ] - RUN_COMMANDS = ["sudo python commix.py --wizard"] + # Bug 26 fix: was "sudo python commix.py --wizard" (Python 2) + RUN_COMMANDS = ["cd commix && sudo python3 commix.py --wizard"] PROJECT_URL = "https://github.com/commixproject/commix" def __init__(self): - super(Commix, self).__init__(runnable=False) + # Py3-4 fix: super(Commix, self) → super() + super().__init__(runnable=False) class ExploitFrameworkTools(HackingToolsCollection): diff --git a/tools/information_gathering_tools.py b/tools/information_gathering_tools.py index 14f9bc7..6dd2e9c 100644 --- a/tools/information_gathering_tools.py +++ b/tools/information_gathering_tools.py @@ -149,10 +149,13 @@ class Striker(HackingTool): PROJECT_URL = "https://github.com/s0md3v/Striker" def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=PURPLE_STYLE)) - site = Prompt.ask("Enter Site Name (example.com) >> ") - os.chdir("Striker") - subprocess.run(["sudo", "python3", "striker.py", site]) + from config import get_tools_dir + site = Prompt.ask("Enter Site Name (example.com)") + # Bug 3 fix: os.chdir() corrupts the process CWD permanently — use cwd= instead + subprocess.run( + ["sudo", "python3", "striker.py", site], + cwd=str(get_tools_dir() / "Striker"), + ) class SecretFinder(HackingTool): @@ -193,10 +196,13 @@ class PortScannerRanger(HackingTool): PROJECT_URL = "https://github.com/floriankunushevci/rang3r" def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=PURPLE_STYLE)) - ip = Prompt.ask("Enter Ip >> ") - os.chdir("rang3r") - subprocess.run(["sudo", "python", "rang3r.py", "--ip", ip]) + from config import get_tools_dir + ip = Prompt.ask("Enter IP") + # Bug 3 fix: os.chdir() replaced with cwd= parameter + subprocess.run( + ["sudo", "python3", "rang3r.py", "--ip", ip], + cwd=str(get_tools_dir() / "rang3r"), + ) class Breacher(HackingTool): @@ -206,10 +212,13 @@ class Breacher(HackingTool): PROJECT_URL = "https://github.com/s0md3v/Breacher" def run(self): - console.print(Panel(Text(self.TITLE, justify="center"), style=PURPLE_STYLE)) - domain = Prompt.ask("Enter domain (example.com) >> ") - os.chdir("Breacher") - subprocess.run(["python3", "breacher.py", "-u", domain]) + from config import get_tools_dir + domain = Prompt.ask("Enter domain (example.com)") + # Bug 3 fix: os.chdir() replaced with cwd= parameter + subprocess.run( + ["python3", "breacher.py", "-u", domain], + cwd=str(get_tools_dir() / "Breacher"), + ) class InformationGatheringTools(HackingToolsCollection): diff --git a/tools/other_tools.py b/tools/other_tools.py index c72d5d2..f086d06 100644 --- a/tools/other_tools.py +++ b/tools/other_tools.py @@ -33,9 +33,14 @@ class HatCloud(HackingTool): PROJECT_URL = "https://github.com/HatBashBR/HatCloud" def run(self): - site = input("Enter Site >> ") - os.chdir("HatCloud") - subprocess.run(["sudo", "ruby", "hatcloud.rb", "-b", site]) + from config import get_tools_dir + from rich.prompt import Prompt + site = Prompt.ask("Enter Site") + # Bug 3 fix: os.chdir() replaced with cwd= parameter + subprocess.run( + ["sudo", "ruby", "hatcloud.rb", "-b", site], + cwd=str(get_tools_dir() / "HatCloud"), + ) class OtherTools(HackingToolsCollection): diff --git a/tools/others/android_attack.py b/tools/others/android_attack.py index 8e536ef..902f839 100644 --- a/tools/others/android_attack.py +++ b/tools/others/android_attack.py @@ -49,8 +49,9 @@ class Droidcam(HackingTool): TITLE = "DroidCam (Capture Image)" DESCRIPTION = "Powerful Tool For Grab Front Camera Snap Using A Link" INSTALL_COMMANDS = [ - "sudo git clone https://github.com/kinghacker0/WishFish.git;" - "sudo apt install php wget openssh-client" + # Bug 16 fix: missing comma caused two strings to be implicitly concatenated into one + "sudo git clone https://github.com/kinghacker0/WishFish.git", + "sudo apt install -y php wget openssh-client", ] RUN_COMMANDS = ["cd WishFish && sudo bash wishfish.sh"] PROJECT_URL = "https://github.com/kinghacker0/WishFish" diff --git a/tools/others/mix_tools.py b/tools/others/mix_tools.py index 5f54f92..789cb9b 100644 --- a/tools/others/mix_tools.py +++ b/tools/others/mix_tools.py @@ -15,29 +15,36 @@ console = Console(theme=_theme) class TerminalMultiplexer(HackingTool): TITLE = "Terminal Multiplexer" - DESCRIPTION = "Terminal Multiplexer is a tiling terminal emulator that " \ - "allows us to open \n several terminal sessions inside one " \ - "single window." - INSTALL_COMMANDS = ["sudo apt-get install tilix"] + DESCRIPTION = ( + "Terminal Multiplexer (tilix) is a tiling terminal emulator that " + "allows opening several terminal sessions inside one window." + ) + # Bug 19 fix: tilix is a Debian/Ubuntu package only — mark Linux-only + INSTALL_COMMANDS = ["sudo apt-get install -y tilix"] + SUPPORTED_OS = ["linux"] def __init__(self): - super(TerminalMultiplexer, self).__init__(runnable = False) + # Py3-4 fix: super(TerminalMultiplexer, self) → super() + super().__init__(runnable=False) class Crivo(HackingTool): TITLE = "Crivo" - DESCRIPTION = "A tool for extracting and filtering URLs, IPs, domains, " \ - "\n and subdomains from web pages or text, " \ - "with built-in web scraping capabilities.\n" \ - "See: python3 crivo_cli.py -h" + DESCRIPTION = ( + "A tool for extracting and filtering URLs, IPs, domains, and subdomains\n" + "from web pages or text, with built-in web scraping capabilities.\n" + "See: python3 crivo_cli.py -h" + ) INSTALL_COMMANDS = [ "git clone https://github.com/GMDSantana/crivo.git", - "cd crivo;pip install -r requirements.txt" + # Bug 18 verify: this is correct — cd and pip in same string works + "cd crivo && pip install --user -r requirements.txt", ] PROJECT_URL = "https://github.com/GMDSantana/crivo" def __init__(self): - super(Crivo, self).__init__(runnable = False) + # Py3-4 fix: super(Crivo, self) → super() + super().__init__(runnable=False) class MixTools(HackingToolsCollection): diff --git a/tools/others/socialmedia.py b/tools/others/socialmedia.py index 542f73a..de973de 100644 --- a/tools/others/socialmedia.py +++ b/tools/others/socialmedia.py @@ -20,19 +20,15 @@ console = Console(theme=_theme) class InstaBrute(HackingTool): TITLE = "Instagram Attack" DESCRIPTION = "Brute force attack against Instagram" - INSTALL_COMMANDS = [ - "sudo git clone https://github.com/chinoogawa/instaBrute.git", - "cd instaBrute;sudo pip2.7 install -r requirements.txt" - ] PROJECT_URL = "https://github.com/chinoogawa/instaBrute" + # Py3-7: Python 2 only (pip2.7); also violates Instagram ToS + ARCHIVED = True + ARCHIVED_REASON = "Python 2 only — EOL January 2020. Repo unmaintained since 2017." + INSTALL_COMMANDS = [] + RUN_COMMANDS = [] - def run(self): - name = input("Enter Username >> ") - wordlist = input("Enter wordword list >> ") - os.chdir("instaBrute") - subprocess.run( - ["sudo", "python", "instaBrute.py", "-u", f"{name}", "-d", - f"{wordlist}"]) + def __init__(self): + super().__init__(installable=False, runnable=False) class BruteForce(HackingTool): @@ -57,12 +53,14 @@ class Faceshell(HackingTool): PROJECT_URL = "https://github.com/Matrix07ksa/Brute_Force" def run(self): - name = input("Enter Username >> ") - wordlist = input("Enter Wordlist >> ") - with contextlib.suppress(FileNotFoundError): - os.chdir("Brute_Force") + from config import get_tools_dir + name = Prompt.ask("Enter Username") + wordlist = Prompt.ask("Enter Wordlist path") + # Bug 3 fix: os.chdir() replaced with cwd= parameter subprocess.run( - ["python3", "Brute_Force.py", "-f", f"{name}", "-l", f"{wordlist}"]) + ["python3", "Brute_Force.py", "-f", name, "-l", wordlist], + cwd=str(get_tools_dir() / "Brute_Force"), + ) class AppCheck(HackingTool): diff --git a/tools/others/socialmedia_finder.py b/tools/others/socialmedia_finder.py index 8172086..5325f9a 100644 --- a/tools/others/socialmedia_finder.py +++ b/tools/others/socialmedia_finder.py @@ -69,9 +69,14 @@ class Sherlock(HackingTool): PROJECT_URL = "https://github.com/sherlock-project/sherlock" def run(self): - name = input("Enter Username >> ") - os.chdir('sherlock') - subprocess.run(["sudo", "python3", "sherlock", f"{name}"]) + from config import get_tools_dir + from rich.prompt import Prompt + name = Prompt.ask("Enter Username") + # Bug 3 fix: os.chdir() replaced with cwd= parameter + subprocess.run( + ["python3", "sherlock", name], + cwd=str(get_tools_dir() / "sherlock"), + ) class SocialScan(HackingTool): diff --git a/tools/payload_creator.py b/tools/payload_creator.py index 28ba67a..8baa51a 100644 --- a/tools/payload_creator.py +++ b/tools/payload_creator.py @@ -1,34 +1,25 @@ -# coding=utf-8 import os -from core import HackingTool -from core import HackingToolsCollection - -from rich.console import Console -from rich.theme import Theme -from rich.table import Table -from rich.panel import Panel -from rich.prompt import Prompt - -_theme = Theme({"purple": "#7B61FF"}) -console = Console(theme=_theme) +from core import HackingTool, HackingToolsCollection, console class TheFatRat(HackingTool): TITLE = "The FatRat" - DESCRIPTION = "TheFatRat Provides An Easy way to create Backdoors and Payloads " \ - "which can bypass most anti-virus" + DESCRIPTION = ( + "TheFatRat provides an easy way to create backdoors and payloads " + "which can bypass most anti-virus." + ) INSTALL_COMMANDS = [ "sudo git clone https://github.com/Screetsec/TheFatRat.git", - "cd TheFatRat && sudo chmod +x setup.sh" + "cd TheFatRat && chmod +x setup.sh", ] RUN_COMMANDS = ["cd TheFatRat && sudo bash setup.sh"] PROJECT_URL = "https://github.com/Screetsec/TheFatRat" def __init__(self): - super(TheFatRat, self).__init__([ - ('Update', self.update), - ('Troubleshoot', self.troubleshoot) + super().__init__([ + ("Update", self.update), + ("Troubleshoot", self.troubleshoot), ]) def update(self): @@ -40,60 +31,63 @@ class TheFatRat(HackingTool): class Brutal(HackingTool): TITLE = "Brutal" - DESCRIPTION = "Brutal is a toolkit to quickly create various payloads, powershell attacks, " \ - "virus attacks and launch listener for a Human Interface Device" + DESCRIPTION = ( + "Brutal is a toolkit to quickly create various payloads, powershell attacks, " + "virus attacks and launch listener for a Human Interface Device." + ) INSTALL_COMMANDS = [ "sudo git clone https://github.com/Screetsec/Brutal.git", - "cd Brutal && sudo chmod +x Brutal.sh" + "cd Brutal && chmod +x Brutal.sh", ] RUN_COMMANDS = ["cd Brutal && sudo bash Brutal.sh"] PROJECT_URL = "https://github.com/Screetsec/Brutal" def show_info(self): - super(Brutal, self).show_info() - console.print(""" -[!] Requirement - >> Arduino Software (I used v1.6.7) - >> TeensyDuino - >> Linux udev rules - >> Copy and paste the PaensyLib folder inside your Arduino libraries - -[!] Visit for Installation for Arduino: - >> https://github.com/Screetsec/Brutal/wiki/Install-Requirements -""") + super().show_info() + console.print( + "[bold cyan]Requirements:[/bold cyan]\n" + " - Arduino Software (v1.6.7+)\n" + " - TeensyDuino\n" + " - Linux udev rules\n" + " See: https://github.com/Screetsec/Brutal/wiki/Install-Requirements" + ) class Stitch(HackingTool): TITLE = "Stitch" - DESCRIPTION = "Stitch is Cross Platform Python Remote Administrator Tool\n" \ - "[!] Refer Below Link For Wins & Mac OS" + DESCRIPTION = ( + "Stitch is a Cross Platform Python Remote Administrator Tool.\n" + "[!] Refer to the project link for Windows & macOS support." + ) INSTALL_COMMANDS = [ "sudo git clone https://github.com/nathanlopez/Stitch.git", - "cd Stitch && sudo pip install -r lnx_requirements.txt" + "cd Stitch && pip install --user -r lnx_requirements.txt", ] - RUN_COMMANDS = ["cd Stitch && sudo python main.py"] + RUN_COMMANDS = ["cd Stitch && sudo python3 main.py"] PROJECT_URL = "https://nathanlopez.github.io/Stitch" class MSFVenom(HackingTool): TITLE = "MSFvenom Payload Creator" - DESCRIPTION = "MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, " \ - "based on user choice. Simplifies payload creation." + DESCRIPTION = ( + "MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple " + "types of payloads, based on user choice." + ) INSTALL_COMMANDS = [ "sudo git clone https://github.com/g0tmi1k/msfpc.git", - "cd msfpc;sudo chmod +x msfpc.sh" + "cd msfpc && chmod +x msfpc.sh", ] - RUN_COMMANDS = ["cd msfpc;sudo bash msfpc.sh -h -v"] + RUN_COMMANDS = ["cd msfpc && sudo bash msfpc.sh -h -v"] PROJECT_URL = "https://github.com/g0tmi1k/msfpc" class Venom(HackingTool): TITLE = "Venom Shellcode Generator" - DESCRIPTION = "Venom 1.0.11 (malicious_server) exploits apache2 webserver to deliver LAN payloads via fake webpages." + DESCRIPTION = "Venom exploits apache2 webserver to deliver LAN payloads via fake webpages." INSTALL_COMMANDS = [ "sudo git clone https://github.com/r00t-3xp10it/venom.git", + # Removed "sudo ./venom.sh -u" from install — interactive, runs the tool during install "sudo chmod -R 775 venom*/ && cd venom*/ && cd aux && sudo bash setup.sh", - "sudo ./venom.sh -u" ] RUN_COMMANDS = ["cd venom && sudo ./venom.sh"] PROJECT_URL = "https://github.com/r00t-3xp10it/venom" @@ -101,10 +95,10 @@ class Venom(HackingTool): class Spycam(HackingTool): TITLE = "Spycam" - DESCRIPTION = "Generates a Win32 payload that captures webcam images every 1 minute and sends them to the attacker." + DESCRIPTION = "Generates a Win32 payload that captures webcam images every 1 minute." INSTALL_COMMANDS = [ "sudo git clone https://github.com/indexnotfound404/spycam.git", - "cd spycam && bash install.sh && chmod +x spycam" + "cd spycam && bash install.sh && chmod +x spycam", ] RUN_COMMANDS = ["cd spycam && ./spycam"] PROJECT_URL = "https://github.com/indexnotfound404/spycam" @@ -113,25 +107,23 @@ class Spycam(HackingTool): class MobDroid(HackingTool): TITLE = "Mob-Droid" DESCRIPTION = "Generates metasploit payloads easily without typing long commands." - INSTALL_COMMANDS = [ - "git clone https://github.com/kinghacker0/mob-droid.git" - ] - RUN_COMMANDS = ["cd mob-droid;sudo python mob-droid.py"] + INSTALL_COMMANDS = ["git clone https://github.com/kinghacker0/mob-droid.git"] + RUN_COMMANDS = ["cd mob-droid && sudo python3 mob-droid.py"] PROJECT_URL = "https://github.com/kinghacker0/Mob-Droid" class Enigma(HackingTool): TITLE = "Enigma" DESCRIPTION = "Enigma is a Multiplatform payload dropper." - INSTALL_COMMANDS = [ - "sudo git clone https://github.com/UndeadSec/Enigma.git" - ] - RUN_COMMANDS = ["cd Enigma;sudo python enigma.py"] + INSTALL_COMMANDS = ["sudo git clone https://github.com/UndeadSec/Enigma.git"] + RUN_COMMANDS = ["cd Enigma && sudo python3 enigma.py"] PROJECT_URL = "https://github.com/UndeadSec/Enigma" class PayloadCreatorTools(HackingToolsCollection): TITLE = "Payload creation tools" + # Bug 11 fix: show_options() override was missing `parent` parameter entirely — + # the whole override is now deleted and the base class method is used instead. TOOLS = [ TheFatRat(), Brutal(), @@ -140,62 +132,10 @@ class PayloadCreatorTools(HackingToolsCollection): Venom(), Spycam(), MobDroid(), - Enigma() + Enigma(), ] - def pretty_print(self): - table = Table(title="Payload Creation Tools", show_lines=True, expand=True) - table.add_column("Title", style="purple", no_wrap=True) - table.add_column("Description", style="purple") - table.add_column("Project URL", style="purple", no_wrap=True) - - for t in self.TOOLS: - desc = getattr(t, "DESCRIPTION", "") or "" - url = getattr(t, "PROJECT_URL", "") or "" - table.add_row(t.TITLE, desc.strip().replace("\n", " "), url) - - console.print(Panel(table, title="[purple]Available Tools[/purple]", border_style="purple")) - - def show_options(self): - console.print("\n") - console.print(Panel.fit( - "[bold purple]Payload Creator Collection[/bold purple]\n" - "Select a tool to run it or exit.", - border_style="purple" - )) - - table = Table(title="[bold cyan]Available Tools[/bold cyan]", show_lines=True, expand=True) - table.add_column("Index", justify="center", style="bold yellow") - table.add_column("Tool Name", justify="left", style="bold green") - table.add_column("Description", justify="left", style="white") - - for i, tool in enumerate(self.TOOLS): - desc = getattr(tool, "DESCRIPTION", "") or "—" - table.add_row(str(i + 1), tool.TITLE, desc.replace("\n", " ")) - - table.add_row("[red]99[/red]", "[bold red]Exit[/bold red]", "Return to previous menu") - console.print(table) - - try: - choice = Prompt.ask("[bold cyan]Select a tool to run[/bold cyan]", default="99") - choice = int(choice) - if 1 <= choice <= len(self.TOOLS): - selected = self.TOOLS[choice - 1] - if hasattr(selected, "run"): - selected.run() - elif hasattr(selected, "show_actions"): - selected.show_actions() - else: - console.print("[bold yellow]Selected tool has no runnable interface.[/bold yellow]") - elif choice == 99: - return 99 - except Exception: - console.print("[bold red]Invalid choice. Try again.[/bold red]") - - return self.show_options() - if __name__ == "__main__": tools = PayloadCreatorTools() - tools.pretty_print() tools.show_options() diff --git a/tools/phising_attack.py b/tools/phising_attack.py index fc90cdd..2c64bad 100644 --- a/tools/phising_attack.py +++ b/tools/phising_attack.py @@ -1,17 +1,6 @@ -# coding=utf-8 import os -from core import HackingTool -from core import HackingToolsCollection - -from rich.console import Console -from rich.theme import Theme -from rich.table import Table -from rich.panel import Panel -from rich.prompt import Prompt - -_theme = Theme({"purple": "#7B61FF"}) -console = Console(theme=_theme) +from core import HackingTool, HackingToolsCollection, console class autophisher(HackingTool): @@ -19,22 +8,22 @@ class autophisher(HackingTool): DESCRIPTION = "Automated Phishing Toolkit" INSTALL_COMMANDS = [ "sudo git clone https://github.com/CodingRanjith/autophisher.git", - "cd autophisher" ] - RUN_COMMANDS = ["cd autophisher;sudo bash autophisher.sh"] + RUN_COMMANDS = ["cd autophisher && sudo bash autophisher.sh"] PROJECT_URL = "https://github.com/CodingRanjith/autophisher" class Pyphisher(HackingTool): TITLE = "Pyphisher" DESCRIPTION = "Easy to use phishing tool with 77 website templates" + # Bug 9 fix: pip must reference the full path, not rely on a no-op "cd" call INSTALL_COMMANDS = [ - "sudo git clone https://github.com/KasRoudra/PyPhisher", - "cd PyPhisher/files", - "pip3 install -r requirements.txt" + "git clone https://github.com/KasRoudra/PyPhisher", + "pip3 install --user -r PyPhisher/files/requirements.txt", ] - RUN_COMMANDS = ["cd PyPhisher;sudo python3 pyphisher.py"] - PROJECT_URL = "git clone https://github.com/KasRoudra/PyPhisher" + RUN_COMMANDS = ["cd PyPhisher && sudo python3 pyphisher.py"] + # Bug 8 fix: PROJECT_URL was a git clone command, not a URL + PROJECT_URL = "https://github.com/KasRoudra/PyPhisher" class AdvPhishing(HackingTool): @@ -42,18 +31,22 @@ class AdvPhishing(HackingTool): DESCRIPTION = "This is Advance Phishing Tool ! OTP PHISHING" INSTALL_COMMANDS = [ "sudo git clone https://github.com/Ignitetch/AdvPhishing.git", - "cd AdvPhishing;chmod 777 *;bash Linux-Setup.sh"] + # Vuln 2 fix: chmod 777 → chmod +x + "cd AdvPhishing && chmod +x Linux-Setup.sh && bash Linux-Setup.sh", + ] RUN_COMMANDS = ["cd AdvPhishing && sudo bash AdvPhishing.sh"] PROJECT_URL = "https://github.com/Ignitetch/AdvPhishing" class Setoolkit(HackingTool): TITLE = "Setoolkit" - DESCRIPTION = "The Social-Engineer Toolkit is an open-source penetration\n" \ - "testing framework designed for social engine" + DESCRIPTION = ( + "The Social-Engineer Toolkit is an open-source penetration\n" + "testing framework designed for social engineering." + ) INSTALL_COMMANDS = [ "git clone https://github.com/trustedsec/social-engineer-toolkit/", - "cd social-engineer-toolkit && sudo python3 setup.py" + "cd social-engineer-toolkit && pip install --user .", ] RUN_COMMANDS = ["sudo setoolkit"] PROJECT_URL = "https://github.com/trustedsec/social-engineer-toolkit" @@ -64,7 +57,7 @@ class SocialFish(HackingTool): DESCRIPTION = "Automated Phishing Tool & Information Collector NOTE: username is 'root' and password is 'pass'" INSTALL_COMMANDS = [ "sudo git clone https://github.com/UndeadSec/SocialFish.git && sudo apt-get install python3 python3-pip python3-dev -y", - "cd SocialFish && sudo python3 -m pip install -r requirements.txt" + "cd SocialFish && sudo python3 -m pip install -r requirements.txt", ] RUN_COMMANDS = ["cd SocialFish && sudo python3 SocialFish.py root pass"] PROJECT_URL = "https://github.com/UndeadSec/SocialFish" @@ -72,45 +65,45 @@ class SocialFish(HackingTool): class HiddenEye(HackingTool): TITLE = "HiddenEye" - DESCRIPTION = "Modern Phishing Tool With Advanced Functionality And " \ - "Multiple Tunnelling Services \n" \ - "\t [!]https://github.com/DarkSecDevelopers/HiddenEye" + DESCRIPTION = ( + "Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services\n" + "\t[!] https://github.com/DarkSecDevelopers/HiddenEye" + ) INSTALL_COMMANDS = [ - "sudo git clone https://github.com/Morsmalleo/HiddenEye.git ;sudo chmod 777 HiddenEye", - "cd HiddenEye;sudo pip3 install -r requirements.txt;sudo pip3 install requests;pip3 install pyngrok" + # Vuln 2 fix: chmod 777 → chmod 755 + "sudo git clone https://github.com/Morsmalleo/HiddenEye.git && chmod -R 755 HiddenEye", + "cd HiddenEye && sudo pip3 install -r requirements.txt && pip3 install pyngrok", ] - RUN_COMMANDS = ["cd HiddenEye;sudo python3 HiddenEye.py"] - PROJECT_URL = "https://github.com/Morsmalleo/HiddenEye.git" + RUN_COMMANDS = ["cd HiddenEye && sudo python3 HiddenEye.py"] + PROJECT_URL = "https://github.com/Morsmalleo/HiddenEye" class Evilginx2(HackingTool): - TITLE = "Evilginx2" - DESCRIPTION = "evilginx2 is a man-in-the-middle attack framework used " \ - "for phishing login credentials along with session cookies,\n" \ - "which in turn allows to bypass 2-factor authentication protection.\n\n\t " \ - "[+]Make sure you have installed GO of version at least 1.14.0 \n" \ - "[+]After installation, add this to your ~/.profile, assuming that you installed GO in /usr/local/go\n\t " \ - "[+]export GOPATH=$HOME/go \n " \ - "[+]export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin \n" \ - "[+]Then load it with source ~/.profiles." + TITLE = "Evilginx3" + DESCRIPTION = ( + "evilginx is a man-in-the-middle attack framework used for phishing login credentials\n" + "along with session cookies, bypassing 2-factor authentication.\n" + "Requires Go >= 1.18 installed." + ) + # Bug 6 fix: removed 'sudo evilginx' (interactive) from INSTALL_COMMANDS INSTALL_COMMANDS = [ - "sudo apt-get install git make;go get -u github.com/kgretzky/evilginx2", - "cd $GOPATH/src/github.com/kgretzky/evilginx2;make", - "sudo make install;sudo evilginx" + "sudo apt-get install -y git make golang-go", + "go install github.com/kgretzky/evilginx/v3@latest", ] - RUN_COMMANDS = ["sudo evilginx"] + RUN_COMMANDS = ["evilginx"] PROJECT_URL = "https://github.com/kgretzky/evilginx2" + REQUIRES_GO = True class ISeeYou(HackingTool): TITLE = "I-See_You" - DESCRIPTION = "[!] ISeeYou is a tool to find Exact Location of Victom By" \ - " User SocialEngineering or Phishing Engagement..\n" \ - "[!] Users can expose their local servers to the Internet " \ - "and decode the location coordinates by looking at the log file" + DESCRIPTION = ( + "[!] ISeeYou finds the exact location of a target via social engineering.\n" + "[!] Expose local servers to the internet and decode location from log file." + ) INSTALL_COMMANDS = [ "sudo git clone https://github.com/Viralmaniar/I-See-You.git", - "cd I-See-You && sudo chmod u+x ISeeYou.sh" + "cd I-See-You && sudo chmod u+x ISeeYou.sh", ] RUN_COMMANDS = ["cd I-See-You && sudo bash ISeeYou.sh"] PROJECT_URL = "https://github.com/Viralmaniar/I-See-You" @@ -118,7 +111,7 @@ class ISeeYou(HackingTool): class SayCheese(HackingTool): TITLE = "SayCheese" - DESCRIPTION = "Take webcam shots from target just sending a malicious link" + DESCRIPTION = "Take webcam shots from target just by sending a malicious link" INSTALL_COMMANDS = ["sudo git clone https://github.com/hangetzzu/saycheese"] RUN_COMMANDS = ["cd saycheese && sudo bash saycheese.sh"] PROJECT_URL = "https://github.com/hangetzzu/saycheese" @@ -128,19 +121,13 @@ class QRJacking(HackingTool): TITLE = "QR Code Jacking" DESCRIPTION = "QR Code Jacking (Any Website)" INSTALL_COMMANDS = [ - "sudo git clone https://github.com/cryptedwolf/ohmyqr.git && sudo apt -y install scrot"] + "sudo git clone https://github.com/cryptedwolf/ohmyqr.git && sudo apt -y install scrot", + ] RUN_COMMANDS = ["cd ohmyqr && sudo bash ohmyqr.sh"] PROJECT_URL = "https://github.com/cryptedwolf/ohmyqr" -class WifiPhisher(HackingTool): - TITLE = "WifiPhisher" - DESCRIPTION = "The Rogue Access Point Framework" - INSTALL_COMMANDS = [ - "sudo git clone https://github.com/wifiphisher/wifiphisher.git", - "cd wifiphisher"] - RUN_COMMANDS = ["cd wifiphisher && sudo python setup.py"] - PROJECT_URL = "https://github.com/wifiphisher/wifiphisher" +# Bug 10 fix: WifiPhisher removed from phishing tools — it belongs in wireless_attack_tools.py class BlackEye(HackingTool): @@ -148,7 +135,7 @@ class BlackEye(HackingTool): DESCRIPTION = "The ultimate phishing tool with 38 websites available!" INSTALL_COMMANDS = [ "sudo git clone https://github.com/thelinuxchoice/blackeye", - "cd blackeye "] + ] RUN_COMMANDS = ["cd blackeye && sudo bash blackeye.sh"] PROJECT_URL = "https://github.com/An0nUD4Y/blackeye" @@ -157,45 +144,44 @@ class ShellPhish(HackingTool): TITLE = "ShellPhish" DESCRIPTION = "Phishing Tool for 18 social media" INSTALL_COMMANDS = ["git clone https://github.com/An0nUD4Y/shellphish.git"] - RUN_COMMANDS = ["cd shellphish;sudo bash shellphish.sh"] + RUN_COMMANDS = ["cd shellphish && sudo bash shellphish.sh"] PROJECT_URL = "https://github.com/An0nUD4Y/shellphish" class Thanos(HackingTool): TITLE = "Thanos" - DESCRIPTION = "Browser to Browser Phishingtoolkit" + DESCRIPTION = "Browser to Browser Phishing toolkit" INSTALL_COMMANDS = [ "sudo git clone https://github.com/TridevReddy/Thanos.git", - "cd Thanos && sudo chmod -R 777 Thanos.sh" + # Vuln 2 fix: chmod -R 777 → chmod +x + "cd Thanos && chmod +x Thanos.sh", ] - RUN_COMMANDS = ["cd Thanos;sudo bash Thanos.sh"] + RUN_COMMANDS = ["cd Thanos && sudo bash Thanos.sh"] PROJECT_URL = "https://github.com/TridevReddy/Thanos" class QRLJacking(HackingTool): TITLE = "QRLJacking" - DESCRIPTION = "QRLJacking" + DESCRIPTION = "QRLJacking — session hijacking attack vector targeting QR code based login" INSTALL_COMMANDS = [ "git clone https://github.com/OWASP/QRLJacking.git", - "cd QRLJacking", - "git clone https://github.com/mozilla/geckodriver.git", - "chmod +x geckodriver", - "sudo mv -f geckodriver /usr/local/share/geckodriver", - "sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver", - "sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver", - "cd QRLJacker;pip3 install -r requirements.txt" + # Bug fix: geckodriver must be fetched as a binary, not cloned from source + "GECKO_VER=$(curl -s https://api.github.com/repos/mozilla/geckodriver/releases/latest | grep tag_name | cut -d '\"' -f4) && " + "wget -q https://github.com/mozilla/geckodriver/releases/download/$GECKO_VER/geckodriver-$GECKO_VER-linux64.tar.gz -O /tmp/geckodriver.tar.gz && " + "tar -xzf /tmp/geckodriver.tar.gz -C /tmp && sudo mv /tmp/geckodriver /usr/local/bin/", + "cd QRLJacking && pip3 install --user -r QRLJacker/requirements.txt", ] - RUN_COMMANDS = ["cd QRLJacking/QRLJacker;python3 QrlJacker.py"] + RUN_COMMANDS = ["cd QRLJacking/QRLJacker && python3 QrlJacker.py"] PROJECT_URL = "https://github.com/OWASP/QRLJacking" class Maskphish(HackingTool): - TITLE = "Miskphish" + TITLE = "Maskphish" DESCRIPTION = "Hide phishing URL under a normal looking URL (google.com or facebook.com)" INSTALL_COMMANDS = [ "sudo git clone https://github.com/jaykali/maskphish.git", - "cd maskphish"] - RUN_COMMANDS = ["cd maskphish;sudo bash maskphish.sh"] + ] + RUN_COMMANDS = ["cd maskphish && sudo bash maskphish.sh"] PROJECT_URL = "https://github.com/jaykali/maskphish" @@ -203,23 +189,27 @@ class BlackPhish(HackingTool): TITLE = "BlackPhish" INSTALL_COMMANDS = [ "sudo git clone https://github.com/iinc0gnit0/BlackPhish.git", - "cd BlackPhish;sudo bash install.sh" + "cd BlackPhish && sudo bash install.sh", ] - RUN_COMMANDS = ["cd BlackPhish;sudo python3 blackphish.py"] + RUN_COMMANDS = ["cd BlackPhish && sudo python3 blackphish.py"] PROJECT_URL = "https://github.com/iinc0gnit0/BlackPhish" def __init__(self): - super(BlackPhish, self).__init__([('Update', self.update)]) + # Bug fix: super() Python 3 style + super().__init__([("Update", self.update)]) def update(self): - os.system("cd BlackPhish;sudo bash update.sh") + os.system("cd BlackPhish && sudo bash update.sh") -class dnstwist(HackingTool): - Title = 'dnstwist' - Install_commands = ['sudo git clone https://github.com/elceef/dnstwist.git','cd dnstwist'] - Run_commands = ['cd dnstwist;sudo python3 dnstwist.py'] - project_url = 'https://github.com/elceef/dnstwist' +class Dnstwist(HackingTool): + # Bug 2 fix: all attributes were wrong case (Title, Install_commands, etc.) + # They are now the correct uppercase names the base class reads. + TITLE = "dnstwist" + DESCRIPTION = "Domain name permutation engine for detecting typosquatting, phishing and brand impersonation" + INSTALL_COMMANDS = ["pip3 install --user dnstwist"] + RUN_COMMANDS = ["dnstwist --help"] + PROJECT_URL = "https://github.com/elceef/dnstwist" class PhishingAttackTools(HackingToolsCollection): @@ -241,79 +231,10 @@ class PhishingAttackTools(HackingToolsCollection): QRLJacking(), BlackPhish(), Maskphish(), - dnstwist() + Dnstwist(), ] - def _get_attr_fallback(self, item, *names, default=""): - for n in names: - if hasattr(item, n): - return getattr(item, n) - return default - - def pretty_print(self): - table = Table(title="Phishing Attack Tools", show_lines=True, expand=True) - table.add_column("Title", style="purple", no_wrap=True) - table.add_column("Description", style="purple") - table.add_column("Project URL", style="purple", no_wrap=True) - - for t in self.TOOLS: - # try typical attribute names, then fall back to common variations - title = ( - self._get_attr_fallback(t, "TITLE", "Title", "title") - or t.__class__.__name__ - ) - desc = self._get_attr_fallback(t, "DESCRIPTION", "Description", "description", "INSTALL_COMMANDS", default="") or "" - # prefer PROJECT_URL but also accept project_url or project_url-like fields - url = self._get_attr_fallback(t, "PROJECT_URL", "PROJECT_URL", "PROJECT", "project_url", "projectUrl", default="") or "" - table.add_row(str(title), str(desc).strip().replace("\n", " "), str(url)) - - panel = Panel(table, title="[purple]Available Tools[/purple]", border_style="purple") - console.print(panel) - - def show_options(self, parent=None): - console.print("\n") - panel = Panel.fit("[bold magenta]Phishing Attack Tools Collection[/bold magenta]\n" - "Select a tool to view options or run it.", - border_style="purple") - console.print(panel) - - table = Table(title="[bold cyan]Available Tools[/bold cyan]", show_lines=True, expand=True) - table.add_column("Index", justify="center", style="bold yellow") - table.add_column("Tool Name", justify="left", style="bold green") - table.add_column("Description", justify="left", style="white") - - for i, tool in enumerate(self.TOOLS): - title = self._get_attr_fallback(tool, "TITLE", "Title", "title", default=tool.__class__.__name__) - desc = self._get_attr_fallback(tool, "DESCRIPTION", "Description", "description", default="—") - table.add_row(str(i + 1), title, desc or "—") - - table.add_row("[red]99[/red]", "[bold red]Exit[/bold red]", "Return to previous menu") - console.print(table) - - try: - choice = Prompt.ask("[bold cyan]Select a tool to run[/bold cyan]", default="99") - choice = int(choice) - if 1 <= choice <= len(self.TOOLS): - selected = self.TOOLS[choice - 1] - # If tool exposes show_options (collection-style), delegate to it - if hasattr(selected, "show_options"): - selected.show_options(parent=self) - # Otherwise, if runnable, call its run method - elif hasattr(selected, "run"): - selected.run() - # Preserve any before_run hooks if present - elif hasattr(selected, "before_run"): - selected.before_run() - else: - console.print("[bold yellow]Selected tool has no runnable interface.[/bold yellow]") - elif choice == 99: - return 99 - except Exception: - console.print("[bold red]Invalid choice. Try again.[/bold red]") - return self.show_options(parent=parent) - if __name__ == "__main__": tools = PhishingAttackTools() - tools.pretty_print() tools.show_options() diff --git a/tools/remote_administration.py b/tools/remote_administration.py index c54f1ba..a81b624 100644 --- a/tools/remote_administration.py +++ b/tools/remote_administration.py @@ -12,17 +12,8 @@ _theme = Theme({"purple": "#7B61FF"}) console = Console(theme=_theme) -class Stitch(HackingTool): - TITLE = "Stitch" - DESCRIPTION = "Stitch is a cross platform python framework.\n" \ - "which allows you to build custom payloads\n" \ - "For Windows, Mac and Linux." - INSTALL_COMMANDS = [ - "sudo git clone https://github.com/nathanlopez/Stitch.git", - "cd Stitch;sudo pip install -r lnx_requirements.txt" - ] - RUN_COMMANDS = ["cd Stitch;python main.py"] - PROJECT_URL = "https://github.com/nathanlopez/Stitch" +# Bug 17 fix: Stitch was defined in both payload_creator.py and remote_administration.py. +# It is kept in payload_creator.py (its correct category) and removed from here. class Pyshell(HackingTool): diff --git a/tools/reverse_engineering.py b/tools/reverse_engineering.py index a221d46..47a9873 100644 --- a/tools/reverse_engineering.py +++ b/tools/reverse_engineering.py @@ -48,12 +48,15 @@ class Jadx(HackingTool): "resources.arsc" INSTALL_COMMANDS = [ "sudo git clone https://github.com/skylot/jadx.git", - "cd jadx;./gradlew dist" + # Bug 30 fix: gradlew dist requires Java — check first + "java -version 2>&1 | grep -q 'version' && cd jadx && ./gradlew dist || echo '[ERROR] Java not found. Install: sudo apt install default-jdk'", ] PROJECT_URL = "https://github.com/skylot/jadx" + REQUIRES_JAVA = True def __init__(self): - super(Jadx, self).__init__(runnable=False) + # Py3-4 fix: super(Jadx, self) → super() + super().__init__(runnable=False) class ReverseEngineeringTools(HackingToolsCollection): diff --git a/tools/sql_tools.py b/tools/sql_tools.py index 36061ee..b047fda 100644 --- a/tools/sql_tools.py +++ b/tools/sql_tools.py @@ -25,9 +25,13 @@ class Sqlmap(HackingTool): class NoSqlMap(HackingTool): TITLE = "NoSqlMap" DESCRIPTION = "NoSQLMap is an open source Python tool designed to audit and automate injection attacks. [*] Please install MongoDB." - INSTALL_COMMANDS = ["git clone https://github.com/codingo/NoSQLMap.git", - "sudo chmod -R 755 NoSQLMap;cd NoSQLMap;python setup.py install"] - RUN_COMMANDS = ["python NoSQLMap"] + INSTALL_COMMANDS = [ + "git clone https://github.com/codingo/NoSQLMap.git", + # Bug 25 fix: was "python setup.py install" (Python 2) and "python NoSQLMap" + "cd NoSQLMap && pip install --user .", + ] + # Bug 25 fix: "python" → "python3" + RUN_COMMANDS = ["python3 -m nosqlmap"] PROJECT_URL = "https://github.com/codingo/NoSQLMap" diff --git a/tools/wireless_attack_tools.py b/tools/wireless_attack_tools.py index 387ec32..5914e09 100644 --- a/tools/wireless_attack_tools.py +++ b/tools/wireless_attack_tools.py @@ -1,80 +1,68 @@ -# coding=utf-8 -import os -import subprocess - -from core import HackingTool -from core import HackingToolsCollection - -from rich.console import Console -from rich.theme import Theme -from rich.table import Table -from rich.panel import Panel from rich.prompt import Prompt -_theme = Theme({"purple": "#7B61FF"}) -console = Console(theme=_theme) +from core import HackingTool, HackingToolsCollection, console class WIFIPumpkin(HackingTool): TITLE = "WiFi-Pumpkin" DESCRIPTION = ( - "The WiFi-Pumpkin is a rogue AP framework to easily create " - "these fake networks\n" - "all while forwarding legitimate traffic to and from the " - "unsuspecting target." + "The WiFi-Pumpkin is a rogue AP framework to easily create fake networks\n" + "while forwarding legitimate traffic to and from the unsuspecting target." ) INSTALL_COMMANDS = [ - "sudo apt install libssl-dev libffi-dev build-essential", + "sudo apt install -y libssl-dev libffi-dev build-essential python3-pyqt5", "sudo git clone https://github.com/P0cL4bs/wifipumpkin3.git", "chmod -R 755 wifipumpkin3", - "sudo apt install python3-pyqt5", - "cd wifipumpkin3;sudo python3 setup.py install", + "cd wifipumpkin3 && pip install --user .", ] RUN_COMMANDS = ["sudo wifipumpkin3"] PROJECT_URL = "https://github.com/P0cL4bs/wifipumpkin3" + SUPPORTED_OS = ["linux"] + REQUIRES_WIFI = True class pixiewps(HackingTool): TITLE = "pixiewps" DESCRIPTION = ( - "Pixiewps is a tool written in C used to bruteforce offline " - "the WPS pin\n " - "exploiting the low or non-existing entropy of some Access " - "Points, the so-called pixie dust attack" + "Pixiewps is a tool written in C used to bruteforce offline the WPS pin\n" + "exploiting the low or non-existing entropy of some Access Points " + "(pixie dust attack)." ) INSTALL_COMMANDS = [ + # Bug 29 fix: removed wget https://pastebin.com/... (insecure download from pastebin) "sudo git clone https://github.com/wiire/pixiewps.git && apt-get -y install build-essential", - "cd pixiewps*/ && make", - "cd pixiewps*/ && sudo make install && wget https://pastebin.com/y9Dk1Wjh", + "cd pixiewps && make", + "cd pixiewps && sudo make install", ] PROJECT_URL = "https://github.com/wiire/pixiewps" + SUPPORTED_OS = ["linux"] + REQUIRES_WIFI = True def run(self): - os.system( - 'echo "' - '1.> Put your interface into monitor mode using ' - "'airmon-ng start {wireless interface}\n'" - "'2.> wash -i {monitor-interface like mon0}\'\n'" - "'3.> reaver -i {monitor interface} -b {BSSID of router} -c {router channel} -vvv -K 1 -f" - '| boxes -d boy' + console.print( + "[bold cyan]Usage:[/bold cyan]\n" + " 1. Put interface into monitor mode: [yellow]airmon-ng start [/yellow]\n" + " 2. Scan: [yellow]wash -i [/yellow]\n" + " 3. Attack: [yellow]reaver -i -b -c -vvv -K 1 -f[/yellow]\n" + " 4. Run: [yellow]pixiewps -h[/yellow]" ) - print("You Have To Run Manually By USing >>pixiewps -h ") class BluePot(HackingTool): TITLE = "Bluetooth Honeypot GUI Framework" DESCRIPTION = ( - "You need to have at least 1 bluetooth receiver " - "(if you have many it will work with those, too).\n" - "You must install/libbluetooth-dev on " - "Ubuntu/bluez-libs-devel on Fedora/bluez-devel on openSUSE" + "You need at least 1 bluetooth receiver.\n" + "Install libbluetooth-dev (Ubuntu) / bluez-libs-devel (Fedora) / bluez-devel (openSUSE)." ) INSTALL_COMMANDS = [ - "sudo wget https://raw.githubusercontent.com/andrewmichaelsmith/bluepot/master/bin/bluepot-0.2.tar.gz" - "sudo tar xfz bluepot-0.2.tar.gz;sudo rm bluepot-0.2.tar.gz" + # Bug 15 fix: missing comma caused implicit string concatenation — two strings joined + "sudo wget https://raw.githubusercontent.com/andrewmichaelsmith/bluepot/master/bin/bluepot-0.2.tar.gz", + "sudo tar xfz bluepot-0.2.tar.gz && sudo rm bluepot-0.2.tar.gz", ] RUN_COMMANDS = ["cd bluepot && sudo java -jar bluepot.jar"] PROJECT_URL = "https://github.com/andrewmichaelsmith/bluepot" + SUPPORTED_OS = ["linux"] + REQUIRES_JAVA = True class Fluxion(HackingTool): @@ -82,87 +70,92 @@ class Fluxion(HackingTool): DESCRIPTION = "Fluxion is a remake of linset by vk496 with enhanced functionality." INSTALL_COMMANDS = [ "git clone https://github.com/FluxionNetwork/fluxion.git", - "cd fluxion && sudo chmod +x fluxion.sh", + "cd fluxion && chmod +x fluxion.sh", ] - RUN_COMMANDS = ["cd fluxion;sudo bash fluxion.sh -i"] + RUN_COMMANDS = ["cd fluxion && sudo bash fluxion.sh -i"] PROJECT_URL = "https://github.com/FluxionNetwork/fluxion" + SUPPORTED_OS = ["linux"] + REQUIRES_WIFI = True class Wifiphisher(HackingTool): TITLE = "Wifiphisher" - DESCRIPTION = """ - Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. - Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing - targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the - connected clients in order to capture credentials (e.g. from third party login pages or WPA/WPA2 Pre-Shared Keys) or infect the - victim stations with malware..\n - For More Details Visit >> https://github.com/wifiphisher/wifiphisher - """ + DESCRIPTION = ( + "Wifiphisher is a rogue Access Point framework for conducting red team engagements\n" + "or Wi-Fi security testing. Easily achieve man-in-the-middle position against\n" + "wireless clients by performing targeted Wi-Fi association attacks." + ) INSTALL_COMMANDS = [ "git clone https://github.com/wifiphisher/wifiphisher.git", - "cd wifiphisher;sudo python3 setup.py install", + "cd wifiphisher && pip install --user .", ] - RUN_COMMANDS = ["cd wifiphisher;sudo wifiphisher"] + RUN_COMMANDS = ["cd wifiphisher && sudo wifiphisher"] PROJECT_URL = "https://github.com/wifiphisher/wifiphisher" + SUPPORTED_OS = ["linux"] + REQUIRES_WIFI = True class Wifite(HackingTool): TITLE = "Wifite" - DESCRIPTION = "Wifite is an automated wireless attack tool" + DESCRIPTION = "Wifite is an automated wireless attack tool." INSTALL_COMMANDS = [ "sudo git clone https://github.com/derv82/wifite2.git", - "cd wifite2 && sudo python3 setup.py install", + "cd wifite2 && pip install --user .", ] - RUN_COMMANDS = ["cd wifite2; sudo wifite"] + RUN_COMMANDS = ["sudo wifite"] PROJECT_URL = "https://github.com/derv82/wifite2" + SUPPORTED_OS = ["linux"] + REQUIRES_WIFI = True class EvilTwin(HackingTool): TITLE = "EvilTwin" DESCRIPTION = ( - "Fakeap is a script to perform Evil Twin Attack, by getting" - " credentials using a Fake page and Fake Access Point" + "Fakeap — perform Evil Twin Attack by getting credentials " + "using a Fake page and Fake Access Point." ) INSTALL_COMMANDS = ["sudo git clone https://github.com/Z4nzu/fakeap.git"] RUN_COMMANDS = ["cd fakeap && sudo bash fakeap.sh"] PROJECT_URL = "https://github.com/Z4nzu/fakeap" + SUPPORTED_OS = ["linux"] + REQUIRES_WIFI = True class Fastssh(HackingTool): TITLE = "Fastssh" DESCRIPTION = ( - "Fastssh is an Shell Script to perform multi-threaded scan" - " \n and brute force attack against SSH protocol using the " - "most commonly credentials." + "Fastssh — multi-threaded scan and brute force attack against SSH protocol\n" + "using the most commonly used credentials." ) INSTALL_COMMANDS = [ - "sudo git clone https://github.com/Z4nzu/fastssh.git && cd fastssh && sudo chmod +x fastssh.sh", + "sudo git clone https://github.com/Z4nzu/fastssh.git && cd fastssh && chmod +x fastssh.sh", "sudo apt-get install -y sshpass netcat", ] RUN_COMMANDS = ["cd fastssh && sudo bash fastssh.sh --scan"] PROJECT_URL = "https://github.com/Z4nzu/fastssh" + SUPPORTED_OS = ["linux"] class Howmanypeople(HackingTool): TITLE = "Howmanypeople" DESCRIPTION = ( - "Count the number of people around you by monitoring wifi " - "signals.\n" - "[@] WIFI ADAPTER REQUIRED* \n[*]" - "It may be illegal to monitor networks for MAC addresses, \n" - "especially on networks that you do not own. " - "Please check your country's laws" + "Count the number of people around you by monitoring wifi signals.\n" + "[@] WIFI ADAPTER REQUIRED\n" + "[*] It may be illegal to monitor networks for MAC addresses on networks you do not own." ) INSTALL_COMMANDS = [ - "sudo apt-get install tshark" - ";sudo python3 -m pip install howmanypeoplearearound" + # Bug 14 fix: missing comma caused "sudo apt-get install tshark;sudo python3..." + # to be one implicitly concatenated string — only first command ran + "sudo apt-get install -y tshark", + "sudo python3 -m pip install howmanypeoplearearound", ] RUN_COMMANDS = ["howmanypeoplearearound"] + SUPPORTED_OS = ["linux"] + REQUIRES_WIFI = True class WirelessAttackTools(HackingToolsCollection): TITLE = "Wireless attack tools" - DESCRIPTION = "" TOOLS = [ WIFIPumpkin(), pixiewps(), @@ -175,59 +168,7 @@ class WirelessAttackTools(HackingToolsCollection): Howmanypeople(), ] - def pretty_print(self): - table = Table(title="Wireless Attack Tools", show_lines=True, expand=True) - table.add_column("Title", style="purple", no_wrap=True) - table.add_column("Description", style="purple") - table.add_column("Project URL", style="purple", no_wrap=True) - - for t in self.TOOLS: - desc = getattr(t, "DESCRIPTION", "") or "" - url = getattr(t, "PROJECT_URL", "") or "" - table.add_row(t.TITLE, desc.strip().replace("\n", " "), url) - - panel = Panel(table, title="[purple]Available Tools[/purple]", border_style="purple") - console.print(panel) - - def show_options(self, parent=None): - console.print("\n") - panel = Panel.fit("[bold magenta]Wireless Attack Tools Collection[/bold magenta]\n" - "Select a tool to view options or run it.", - border_style="purple") - console.print(panel) - - table = Table(title="[bold cyan]Available Tools[/bold cyan]", show_lines=True, expand=True) - table.add_column("Index", justify="center", style="bold yellow") - table.add_column("Tool Name", justify="left", style="bold green") - table.add_column("Description", justify="left", style="white") - - for i, tool in enumerate(self.TOOLS): - title = getattr(tool, "TITLE", tool.__class__.__name__) - desc = getattr(tool, "DESCRIPTION", "—") - table.add_row(str(i + 1), title, desc or "—") - - table.add_row("[red]99[/red]", "[bold red]Exit[/bold red]", "Return to previous menu") - console.print(table) - - try: - choice = Prompt.ask("[bold cyan]Select a tool to run[/bold cyan]", default="99") - choice = int(choice) - if 1 <= choice <= len(self.TOOLS): - selected = self.TOOLS[choice - 1] - if hasattr(selected, "show_options"): - selected.show_options(parent=self) - elif hasattr(selected, "run"): - selected.run() - else: - console.print("[bold yellow]Selected tool has no runnable interface.[/bold yellow]") - elif choice == 99: - return 99 - except Exception: - console.print("[bold red]Invalid choice. Try again.[/bold red]") - return self.show_options(parent=parent) - if __name__ == "__main__": tools = WirelessAttackTools() - tools.pretty_print() - tools.show_options() \ No newline at end of file + tools.show_options() diff --git a/tools/wordlist_generator.py b/tools/wordlist_generator.py index 109dcd5..d075c7a 100644 --- a/tools/wordlist_generator.py +++ b/tools/wordlist_generator.py @@ -18,8 +18,8 @@ console = Console(theme=_theme) class Cupp(HackingTool): TITLE = "Cupp" - DESCRIPTION = "WlCreator is a C program that can create all possibilities of passwords,\n " \ - "and you can choose Length, Lowercase, Capital, Numbers and Special Chars" + # Bug 24 fix: DESCRIPTION was copy-pasted from WlCreator — completely wrong + DESCRIPTION = "Common User Passwords Profiler — generates personalized wordlists based on target info." INSTALL_COMMANDS = ["git clone https://github.com/Mebus/cupp.git"] RUN_COMMANDS = ["cd cupp && python3 cupp.py -i"] PROJECT_URL = "https://github.com/Mebus/cupp"