STRLCPY/kitsec-core

new readme (#14)
idrisschebak committed with GitHub 1 year ago

60eaef79

1 parent aef5d1d2

Total 1 files

■ ■ ■ ■ ■ ■

README.md

		skipped 1 lines
2	2		<img src="assets/logo.png" alt="seckit logo" width='50%' height='50%'/>
3	3		</p>
4	4
	5	+	<p align="center">
	6	+	A minimalistic Python framework for fast and centralized ethical hacking.
	7	+	</p>
5	8
6	9		<p align="center">
7	10		<a href="https://github.com/kitsec-labs/kitsec-core/issues"><img src="https://img.shields.io/badge/contributions-welcome-blue"></a>
8	11		<a href="https://pepy.tech/project/kitsec"><img src="https://static.pepy.tech/badge/kitsec"></a>
9	12		<a href="https://pypi.org/project/kitsec/"><img src="https://img.shields.io/pypi/v/kitsec?color=blue"></a>
10	13		<a href="https://github.com/kitsec-labs/kitsec-core/blob/main/LICENSE"><img src="https://img.shields.io/badge/licence-agpl--3.0-blue"></a>
11		-
12		-
13		-
14	14		</p>
15		-
16		-	<p align="center">
17		-	<a href="#install">Install</a> •
18		-	<a href="#usage">Usage</a> •
19		-	<a href="#guidelines">Guidelines</a>
20		-	</p>
21		-
22		-	---
23		-	# Testimonials
24		-
25		-	> "I was familiar with ethical hacking tools, but Kitsec impressed me. It's user-friendly and centralized, making it fast and efficient. It offers a wide range of capabilities, including OWASP Top 10 coverage, fuzzing, port scanning and more. Some of its features are usually only found in closed source products. Overall, Kitsec is an exceptional ethical hacking tool that I highly recommend." [yassinek3ch](https://hackerone.com/yassinek3ch?type=user), One of Top Moroccan HackerOne Hunters
26		-
27		-
28		-	---
29		-
30		-	# Ethical hacking, made easy.
31		-
32		-	[Kitsec](https://www.kitsec.app/) is a powerful toolkit CLI designed to help you simplify and centralize your security workflow. Whether you're a seasoned professional or
33		-	just getting started, Kitsec provides a comprehensive set of tools to help you stay on top of your game. With its multi-threaded pooling technique,
34		-	it can execute multiple tasks simultaneously, making it a lightning-fast solution for security tasks.
35		-
36		-	### ✨ Features
37		-
38		-	- [Convert](#convert): Applies a specified decoding or hashing function to input data. (ie. URL, HTML, Base64, ASCII, Hex, Octal, Binary & GZIP).
39		-	- [Enumerator](#enumerator): Enumerates subdomains for a given domain using subfinder, amass, assetfinder and findomain and active enumeration.
40		-	- [Capture](#capture): Send a GET request to a specified URL, capture the request headers, extract the hostname, path, and cookies and missing headers.
41		-	- [Portscan](#portscan): Scan a host for common or all possible open ports.
42		-	- [Certificate](#certificate): Check the SSL/TLS certificate information for a given URL.
43		-	- [Storm](#storm): Sends HTTP requests to a given URL with a specified number of attacks and requests.
44		-	- [Disturb](#disturb): Send multiple HTTP requests to the specified URL with the same payload.
45		-	- [Fuzz](#fuzz): Test your web applications against path fuzzing and file fuzzing.
46		-	- [CIDR](#cidr): Looks up the CIDR range for a company's domain name from its RDAP record.
47		-	- [CVE](#cve): Retrieves CVE data for a specific product name (company name) from NIST's National Vulnerability Database (NVD).
48		-	- [VPS](#vps-logger): Login to your VPS with a single command.
49		-
50		-
51		-	### 🛣️ Roadmap
52		-
53		-	- Convert: Add more encoding/decoding functions.
54		-	- Graphql: Add graphql grabber.
55		-	- Storm: Add raid types: flood, hybrid and single shot.
56		-	- VPS: Add linode logger.
57		-	- Fuzz: Enrich fuzzing.
58		-	- Shuffler: Enrich Shuffle IP/Agent/Referer lists.
59		-
60		-	# Install
61		-
62		-	<details>
63		-	<summary>Run using Python </summary>
64		-
65		-	Install dependencies:
66		-
67		-	````
68		-	pip install kitsec
69		-	````
70		-
71		-
72		-	Install go dependencies:
73		-
74		-	````
75		-	kitsec deps
76		-	````
77		-
78		-	Run kitsec:
79		-
80		-	````
81		-	kitsec <command> <options>
82		-	````
83		-
84		-
85		-	</details>
86		-
87		-	<details>
88		-	<summary>Run using Docker </summary>
89		-
90		-
91		-	Pull the image from docker hub:
92		-
93		-	````
94		-	docker pull idrisschebak/kitsec
95		-	````
96		-
97		-	Or build the docker image from the docker directory:
98		-
99		-	````
100		-	docker build -t kitsec .
101		-	````
102		-
103		-	To run kitsec within the docker container:
104		-
105		-	````
106		-	docker run -it kitsec kitsec <command> <options>
107		-	````
108		-
109		-	For example:
110		-
111		-	````
112		-	docker run -it kitsec kitsec cve python -l 2
113		-	````
114		-
115		-	</details>
116		-
117		-
118		-	<details>
119		-
120		-	<summary>tips</summary>
121		-
122		-
123		-	</details>
124		-
125		-	# Usage
126		-
127		-
128		-	### 📸 Capture <a name="capture"></a>
129		-
130		-	Intercept requests to example.com. This will capture the request headers and extract the hostname and path + cookies! :
131	15
132	16
133		-	``````
134		-	Usage: kitsec capture [OPTIONS] URL
135		-
136		-	Captures the request headers for a given URL.
137		-
138		-	Options:
139		-	--help Show this message and exit.
140		-
141		-	Example:
142		-	kitsec capture https://example.com
143		-	``````
144		-
145		-
146		-	<details>
147		-	<summary>Output</summary>
148		-
149		-	``````
150		-	GET /mynetwork/ HTTP/1.1
151		-	Host: www.website.com
152		-	Accept-Encoding: gzip, deflate, br
153		-	Accept: /
154		-	Connection: keep-alive
155		-	Cookie: bcookie="v=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
156		-	lang=v=2&lang=en-us;
157		-	li_gc=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
158		-	lidc="b=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
159		-	JSESSIONID=ajax:xxxxxxxxxxxxxxxxxx;
160		-	bscookie="v=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
161		-
162		-	Response headers:
163		-	Cache-Control: no-cache, no-store
164		-	Pragma: no-cache
165		-	Content-Length: 7486
166		-	Content-Type: text/html; charset=utf-8
167		-	Content-Encoding: gzip
168		-	Expires: Thu, 01 Jan 1970 00:00:00 GMT
169		-	Vary: Accept-Encoding
170		-	Content-Security-Policy: default-src ; connect-src 'self' .domain etc etc etc *
171		-	X-Frame-Options: sameorigin
172		-	X-Content-Type-Options: nosniff
173		-	Strict-Transport-Security: max-age=31536000
174		-	Expect-CT: max-age=86400, report-uri="https://www.website.com/platform-telemetry/ct"
175		-	X-Li-Fabric: prod-lzx7
176		-	X-Li-Pop: azd-prod-lzx7-x
177		-	X-Li-Proto: http/1.1
178		-	X-LI-UUID: AAX2TIh6unm3s+DezlC6rw==
179		-	X-Cache: CONFIG_NOCACHE
180		-	X-MSEdge-Ref: Ref A: BB20069DED8C4CF68A735496B4DAFD79 Ref B: PAR02EDGE0721 Ref C: 2023-03-07T10:04:11Z
181		-	Date: Tue, 07 Mar 2023 10:04:11 GMT
182		-
183		-	Missing headers:
184		-	X-XSS-Protection, X-Content-Type-Options, Strict-Transport-Security, Content-Security-Policy, Referrer-Policy, Feature-Policy
185		-	``````
186		-	</details>
187		-
188		-
189		-	### 🪄 Convert <a name="convert"></a>
190		-
191		-	Convert your data from one format to another:
192		-
193		-	````
194		-	Usage: kitsec convert [OPTIONS] INPUT [-t TYPE]
195		-
196		-	Applies a specified decoding or hashing function to input data.
197		-
198		-	Arguments:
199		-	INPUT The input data to be converted.
200		-
201		-	Options:
202		-	-t, --type TYPE The type of conversion to apply (HTML, Base64, ASCII,
203		-	Hex, Octal, Binary & GZIP).
204		-	--help Show this message and exit.
205		-
206		-	Example:
207		-	kitsec convert S2l0c2VjIFJvY2tzIQ== -t Base64
208		-	````
209		-
210		-	<details>
211		-	<summary>Output</summary>
212		-
213		-	```
214		-	Kitsec Rocks!
215		-	```
216		-	</details>
217		-
218		-	### 🧮 Enumerate <a name="enumerate"></a>
219		-
220		-	Enumerate subdomains for example.com
221		-
222		-	````
223		-	Usage: kitsec enumerator [OPTIONS] DOMAIN
224		-
225		-	Enumerates subdomains for a given domain using Subfinder and active enumeration.
226		-
227		-	Arguments:
228		-	DOMAIN The domain to enumerate subdomains for.
229		-
230		-	Options:
231		-	-r, --request Fetch HTTP response for active subdomains.
232		-	-t, --technology Analyze technologies used by subdomains.
233		-	-a, --active Perform active enumeration.
234		-	--help Show this message and exit.
235		-
236		-	Example:
237		-	kitsec enumerator -r -t -a example.com
238		-	````
239		-
240		-	<details>
241		-	<summary>Output</summary>
242		-
243		-	```
244		-	Subdomain Status Reason Technology
245		-	---------------------------- -------- ------------------- ----------------------------------------------------------------
246		-	tracking.webapp.domain1.com 503 Service Unavailable []
247		-	legal.domain1.com 404 Not Found ['Strikingly', 'Lua', 'jQuery', 'Nginx', 'OpenResty']
248		-	help.domain1.com 403 Forbidden ['Cloudflare']
249		-	staging-api.domain1.com 401 Unauthorized []
250		-	api.domain1.com 401 Unauthorized []
251		-	staging-app.domain1.com 200 OK ['Nginx', 'Google Font API', 'React', 'Stripe']
252		-	staging-website.domain1.com 200 OK ['Nginx', 'Google Font API', 'React', 'Stripe']
253		-	sales.domain1.com 200 OK ['Nginx', 'Google Font API', 'React', 'Stripe']
254		-	```
255		-
256		-	</details>
257		-
258		-	### 📡 Port Scan <a name="portscan"></a>
259		-
260		-	Scan for all or most common open ports on example.com:
261		-
262		-	````
263		-	Usage: kitsec portscan [OPTIONS] HOSTNAME
264		-
265		-	Performs a TCP port scan on a specified hostname and a range of ports.
266		-
267		-	Arguments:
268		-	HOSTNAME The hostname or URL of the target host.
269		-
270		-	Options:
271		-	-c, --common-ports Scan only the most common HTTP ports (80, 8080, and 443).
272		-	--help Show this message and exit.
273		-
274		-	Example:
275		-	kitsec portscan -c example.com
276		-	````
277		-
278		-	<details>
279		-	<summary>Output</summary>
280		-
281		-	```
282		-	Open Ports:
283		-	example.com:80
284		-	example.com:443
285		-	```
286		-
287		-	</details>
288		-
289		-	### 📶 CIDR <a name="cidr"></a>
290		-
291		-	Search for CIDR ranges for a given domain name:
292		-
293		-	`````
294		-	Usage: kitsec cidr [OPTIONS] COMPANY_NAME
295		-
296		-	Look up the CIDR range for a company's domain name.
297		-
298		-	Arguments:
299		-	COMPANY_NAME The name of the company's domain name to look up.
300		-
301		-	Options:
302		-	--help Show this message and exit.
303		-
304		-	Returns:
305		-	- The CIDR range for the company's domain name as a string.
306		-	- If an exception is raised during the lookup process,
307		-	an error message will be displayed.
308		-
309		-	Example:
310		-	kitsec cidr github.com
311		-	`````
312		-	<details>
313		-	<summary>Output</summary>
314		-
315		-	`The CIDR range for domain.com is 141.82.112.0/20`
316		-	</details>
317		-
318		-	### 📜 Certificate <a name="certificate"></a>
319		-
320		-	Search for ssl / tlsfor the specified host and port:
321		-
322		-	`````
323		-	Usage: kitsec certifcate [OPTIONS] HOSTNAME
324		-
325		-	Check the SSL/TLS certificate for the specified host and port.
326		-
327		-	Arguments:
328		-	HOSTNAME The hostname to check the certificate for.
329		-
330		-	Options:
331		-	-p, --port INTEGER The port to connect to. Default is 443.
332		-	--help Show this message and exit.
333		-
334		-	Returns:
335		-	None. Displays the certificate information to the console.
336		-
337		-	Example:
338		-	kitsec certificate github.com
339		-
340		-	`````
341		-	<details>
342		-	<summary>Output</summary>
343		-
344		-	````
345		-	Hostname: github.com
346		-	Not Before: 2023-02-14 00:00:00
347		-	Not After: 2024-03-14 23:59:59
348		-	````
349		-	</details>
350		-
351		-	### 🌐 CVE <a name="cve"></a>
352		-
353		-	Search for CVEs for the specified product.
354		-
355		-	`````
356		-	Usage: kitsec cve [OPTIONS] PRODUCT_NAME
357		-
358		-	Retrieves CVE data for a specific product and displays it.
359		-
360		-	Arguments:
361		-	PRODUCT_NAME The product name (company name) to search for.
362		-
363		-	Options:
364		-	--limit INTEGER Number of results to display (default=10).
365		-	--help Show this message and exit.
366		-
367		-	Example:
368		-	kitsec cve python -l 2
369		-	`````
370		-
371		-	<details>
372		-	<summary>Output</summary>
373		-
374		-	```
375		-	CVE ID CVE-2023-26477
376		-	CWE CWE-94: Improper Control of Generation of Code ('Code Injection') (4.10)
377		-	Severity Severity information not available
378		-	Summary XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional parameters. This has been patched in the supported versions 13.10.10, 14.9-rc-1, and 14.4.6. As a workaround, it is possible to edit `FlamingoThemesCode.WebHomeSheet` and manually perform the changes from the patch fixing the issue.
379		-
380		-	CVE ID CVE-2018-1000802
381		-	CWE CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') (4.10)
382		-	Severity Severity information not available
383		-	Summary Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
384		-	```
385		-
386		-	</details>
387		-
388		-
389		-	### 🌪️ storm <a name="storm"></a>
390		-
391		-	Send HTTP requests to a given URL with a specified number of Attacks and requests.
392		-
393		-	`````
394		-	Usage: kitsec storm [OPTIONS] URL
395		-
396		-	Sends HTTP requests to a given URL with a specified number of threats and requests.
397		-
398		-	Arguments:
399		-	URL The URL to send HTTP requests to.
400		-
401		-	Options:
402		-	-a, --num-attacks INT Number of parallel attacks to send requests from. Default: 6.
403		-	-r, --num-requests INT Number of requests to send from each threat. Default: 200.
404		-	-y, --num-retries INT Number of times to retry failed requests. Default: 4.
405		-	-p, --pause-before-retry INT Number of milliseconds to wait before retrying a failed
406		-	request. Default: 3000.
407		-	--help Show this message and exit.
408		-
409		-	Example:
410		-	kitsec storm https://example.com/
411		-	`````
412		-
413		-	### 🌫️ fuzz <a name="fuzz"></a>
414		-
415		-
416		-	`````
417		-	Usage: kitsec fuzz [OPTIONS] BASE_URL
418		-
419		-	Sends HTTP GET requests to a specified base URL with a given list of paths.
420		-
421		-	Args:
422		-	- base_url (str): The base URL to send requests to. The URL must include the protocol (http or https).
423		-
424		-	Options:
425		-	- file-fuzz (bool): Whether to use file format fuzzing or not
426		-	- path-fuzz (bool): Whether to use path fuzzing or not
427		-	--help Show this message and exit.
428		-
429		-	Example:
430		-	kitsec fuzz example.com
431		-	`````
432		-
433		-	### 🧢 VPS <a name="vps-logger"></a>
434		-
435		-	Connects to a remote VPS server and tails the auth.log file.
436		-
437		-	``````
438		-	Usage: kitsec vps-logger [OPTIONS]
	17	+	------
439	18
440		-	Connects to a remote VPS server and tails the auth.log file.
	19	+	## Documentation
441	20
442		-	Prompts:
443		-	-h, --host TEXT The IP address of the VPS server to connect to.
444		-	-u, --username TEXT The limited user account to use for connecting to the VPS server.
445		-	-p, --password TEXT The password for the user account.
446		-	--help Show this message and exit.
	21	+	For full documentation, visit [Kitsec](https://www.kitsec.app/docs).
447	22
448		-	Returns:
449		-	- Prints a continuous stream of output from the auth.log file to the console.
	23	+	## Community
450	24
451		-	The program attempts to connect to the specified VPS server using SSH, with the provided
452		-	username and password. Once connected, it invokes a shell and sends the command to tail
453		-	the auth.log file using sudo. It then continuously checks for new output from the file and
454		-	prints it to the console as it is received.
455		-	``````
	25	+	For help, discussion about best practices, or any other conversation that would benefit from being searchable:
456	26
457		-	# Guidelines
	27	+	[Discuss Kitsec Core on GitHub](https://github.com/kitsec-labs/kitsec-core/discussions)
458	28
459		-	Here are some guidelines for using open source tools for ethical hacking:
	29	+	## Contributing
460	30
461		-	<ol>
462		-	<li>Bug bounties are not a license to hack indiscriminately. Stay within your scope and safe harbour.</li>
	31	+	If you're interested in contributing to Kitsec Core, please read our [contributing docs](https://github.com/tailwindcss/tailwindcss/blob/master/.github/CONTRIBUTING.md) before submitting a pull request.
463	32
464		-	<li>Ensure you have a strong understanding of the open source tools being used and their impact.</li>
465		-
466		-	<li>Always obtain written permission from the owner of the target system before testing.</li>
467		-
468		-	<li>Never go beyond the scope of the agreement.</li>
469	33
470		-	<li>Be professional in your approach.</li>
471		-	</ol>
472		-
473		-	Here are some examples of websites that offer bug bounty programs for ethical hackers to test their skills:
474		-
475		-	<ol>
476		-
477		-	<li><a href="https://bughunters.google.com/">Google Vulnerability Reward Program</a></li>
478		-
479		-	<li><a href="https://www.microsoft.com/en-us/msrc/bounty">Microsoft Bounty Program</a></li>
480		-
481		-	<li><a href="https://www.hackerone.com/">HackerOne</a></li>
482		-
483		-	<li><a href="https://www.bugcrowd.com/">Bugcrowd</a></li>
484		-
485		-	<li><a href="https://www.synack.com/">Synack</a></li>
486		-	</ol>
487		-
488		-
489		-	# Reporting Bugs and Contributing
490		-
491		-	If you encounter any bugs or would like to suggest new features [here](https://github.com/kitsec-labs/kitsec/issues/new).
492	34		# Disclaimer
493	35
494	36		This project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool.
495	37
496		-	# Acknowledgements
497		-
498		-	Thank you to @projectdiscovery, @milo2012, @duyet, @ayoubfathi, @Bo0oM and @Practical-Formal-Methods for opening their tools to the world.
499		-
500		-	# License
501		-
502		-	Kitsec is licensed under the [MIT License](https://github.com/kitsec-labs/kitsec-core/blob/main/LICENSE).
503		-

new readme (#14)