Web Hacking ToolKit
A web hacking toolkit docker image with GUI applications support.
Resources
Installation
Docker
Pull the image from Docker Hub:
docker pull signedsecurity/web-hacking-toolkitRun a container and attach a shell:
docker run \
-it \
--rm \
--shm-size="2g" \
--name web-hacking-toolkit \
--hostname web-hacking-toolkit \
-p 22:22 \
-v $(pwd)/data:/root/data \
signedsecurity/web-hacking-toolkit \
/bin/bashDocker Compose
Docker-Compose can also be used.
version: "3.9"
services:
web-hacking-toolkit:
image: signedsecurity/web-hacking-toolkit
container_name: web-hacking-toolkit
hostname: web-hacking-toolkit
stdin_open: true
shm_size: 2gb # increase shared memory size to prevent firefox from crashing
ports:
- "22:22" # exposed for GUI support sing SSH with X11 forwarding
volumes:
- ./data:/root/data
restart: unless-stoppedBuild and run container:
docker-compose upAttach shell:
docker-compose exec web-hacking-toolkit /bin/bashBuild from Source
Clone this repository and build the image:
git clone https://github.com/signedsecurity/web-hacking-toolkit.git && \
cd web-hacking-toolkit && \
make build-imageRun a container and attach a shell:
make runGUI Support
By default, no GUI tools can be run in a Docker container as no X11 server is available. To run them, you must change that. What is required to do so depends on your host machine. If you:
- run on Linux, you probably have X11
- run on Mac OS, you need Xquartz (
brew install Xquartz) - run on Windows, you have a problem
Using SSH with X11 forwarding
Use X11 forwarding through SSH if you want to go this way. Run start_ssh inside the container to start the server, make sure you expose port 22 when starting the container: docker run -p 127.0.0.1:22:22 ..., then use ssh -X ... when connecting (the script prints the password).
Installed
Tools
| Category | Name | Description |
|---|---|---|
| Discovery/DOMAIN | Amass | In-depth Attack Surface Mapping and Asset Discovery |
| Utility/ANY | anew | A tool for adding new lines to files, skipping duplicates |
| Discovery/PARAM | Arjun | HTTP parameter discovery suite. |
| Army-Knife/PROXY | Burp Suite Community | The BurpSuite Project community edition. |
| Utility/CDN | cdncheck | A CLI wrapper for ProjectDiscovery's cdncheck library - "Helper library that checks if a given IP belongs to known CDN ranges (akamai, cloudflare, incapsula and sucuri)". |
| Scanner/RCE | commix | Automated All-in-One OS Command Injection Exploitation Tool. |
| Scanner/CRLF | crlfuzz | A fast tool to scan CRLF vulnerability written in Go |
| Utility/HTTP | curl | A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features |
| Scanner/XSS | dalfox | waning_crescent_moonfox_face DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |
| Discovery/DNS | dnsx | dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. |
| Scanner/LFI | dotdotpwn | DotDotPwn - The Directory Traversal Fuzzer |
| Discovery/FUZZ | ffuf | Fast web fuzzer written in Go |
| Discovery/DOMAIN | findomain | The fastest |
| Browser | firefox | Safe and easy web browser from Mozilla |
| Utility/SHOT | gowitness | mag gowitness - a golang, web screenshot utility using Chrome Headless |
| Discovery/DNS | hakrevdns | Small, fast, simple tool for performing reverse DNS lookups en masse. |
| Utility/HTTP | httpx | httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |
| Discovery/PORT | masscan | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |
| Discovery/DNS | massdns | A high-performance DNS stub resolver. |
| Discovery/PORT | naabu | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |
| Discovery/PORT | nmap | Nmap - the Network Mapper. Github mirror of official SVN repository. |
| Army-Knife/SCAN | nuclei | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |
| Utility/Networking | ping | Tools to test the reachability of network hosts. |
| Discovery/PORT | ps.sh | A wrapper around tools used for port scanning(nmap, naabu & masscan), the goal being reducing scan time, increasing scan efficiency and automating the workflow. |
| Discovery/DOMAIN | sigsubfind3r | A subdomain discovery tool - it gathers a list of subdomains passively using various online sources. |
| Discovery/URL | sigurlfind3r | A passive reconnaissance tool for known URLs discovery - it gathers a list of URLs passively using various online sources. |
| Army-Knife/SCAN | sigurlscann3r | A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes |
| Scanner/SQLi | sqlmap | Automatic SQL injection and database takeover tool |
| Discovery/DOMAIN | subdomains.sh | A wrapper around for subdomains gathering tools (amass, subfinder, findomain & sigsubfind3r) to increase gathering efficiency and automating the workflow. |
| Discovery/DOMAIN | subfinder | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
| Utility/URL | urlx | A go(golang) utility for URLs parsing & pull out bits of the URLS. |
| Discovery/Tech | waf00f | The Web Application Firewall Fingerprinting Tool. |
| Discovery/Tech | wappalyzer | Wappalyzer identifies technologies on websites, such as CMS, web frameworks, ecommerce platforms, JavaScript libraries, analytics tools and more. |
| Discovery/WHOIS | whois | whois - client for the whois directory service |
| Discovery/Tech | whatweb | Next generation web scanner. |
| Scanner/WP | wprecon | WPRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress. |
| Scanner/WP | wpscan | WordPress Security Scanner |
| Utility/HTTP | wuzz | Interactive cli tool for HTTP inspection |
Wordlists
| Wordlist | Description |
|---|---|
| SecLists | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |
| jhaddix / content_discovery_all.txt | a masterlist of content discovery URLs and files (used most commonly with gobuster) |