Shr3dKit

This tool kit is very much influenced by infosecn1nja’s kit.
Use this script to grab majority of the repos.
NOTE: hard coded in /opt and made for Kali Linux
Total Size (so far): 2.5+Gb
Install Guide:

apt -y install git apache2 python-requests libapache2-mod-php python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl libssl1.0-dev libffi-dev python-dev python-pip tcpdump python-virtualenv build-essential cmake libgtk-3-dev libboost-all-dev libx11-dev libatlas-base-dev libboost-python-dev pkg-config

git clone https://github.com/shr3ddersec/Shr3dKit.git
pip install -r requirements.txt
bash shr3dkit.sh

Change Log

June-13-2019
Tools Added: Added CobaltStrike-ToolKit, mimipenguin, PyKEK, ACLight
--------------------------------------------------
May-06-2019
Code: Added Invoke-CradleCrafter to Weaponization.
--------------------------------------------------
April-2019
Fixed: macro_pack, LaZagne
Code: Added all requirements to script, seperated pip requirements and merged to one file.

Tools Added: Modlishka, pwndb, cat-sites, Phantom-Evasion

Phantom Evasion Forewarning

Contents

• Reconnaissance
• Weaponization
• Delivery
• Command and Control
• Lateral Movement
• Establish Foothold
• Escalate Privileges
• Data Exfiltration
• Misc
• References

Reconnaissance

Active Intelligence Gathering

• EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness
• AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump
• AQUATONE is a set of tools for performing reconnaissance on domain names. https://github.com/michenriksen/aquatone
• spoofcheck a program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. https://github.com/BishopFox/spoofcheck
• Nmap is used to discover hosts and services on a computer network, thus building a “map” of the network. https://github.com/nmap/nmap
• dnsrecon a tool DNS Enumeration Script. https://github.com/darkoperator/dnsrecon

Passive Intelligence Gathering

• Social Mapper OSINT Social Media Mapping Tool, takes a list of names & images (or LinkedIn company name) and performs automated target searching on a huge scale across multiple social media sites. Not restricted by APIs as it instruments a browser using Selenium. Outputs reports to aid in correlating targets across sites. https://github.com/SpiderLabs/social_mapper
• skiptracer OSINT scraping framework, utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget. https://github.com/xillwillx/skiptracer
• ScrapedIn a tool to scrape LinkedIn without API restrictions for data reconnaissance. https://github.com/dchrastil/ScrapedIn
• linkScrape A LinkedIn user/company enumeration tool. https://github.com/NickSanzotta/linkScrape
• FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. https://github.com/ElevenPaths/FOCA
• theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual
  hosts, open ports/ banners, and employee names from different public sources. https://github.com/laramies/theHarvester
• Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites. https://github.com/laramies/metagoofil
• SimplyEmail Email recon made fast and easy, with a framework to build on. https://github.com/killswitch-GUI/SimplyEmail
• truffleHog searches through git repositories for secrets, digging deep into commit history and branches. https://github.com/dxa4481/truffleHog
• Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset. https://github.com/ChrisTruncer/Just-Metadata
• typofinder a finder of domain typos showing country of IP address. https://github.com/nccgroup/typofinder
• pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account. https://github.com/thewhiteh4t/pwnedOrNot
• GitHarvester This tool is used for harvesting information from GitHub like google dork. https://github.com/metac0rtex/GitHarvester
• pwndb is a python command-line tool for searching leaked credentials using the Onion service with the same name. https://github.com/davidtavarez/pwndb/

Frameworks

• Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. https://www.paterva.com/web7/downloads.php
• SpiderFoot the open source footprinting and intelligence-gathering tool. https://github.com/smicallef/spiderfoot
• datasploit is an OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats. https://github.com/DataSploit/datasploit
• Recon-ng is a full-featured Web Reconnaissance framework written in Python. https://bitbucket.org/LaNMaSteR53/recon-ng

Weaponization

• Composite Moniker Proof of Concept exploit for CVE-2017-8570. https://github.com/rxwx/CVE-2017-8570
• Exploit toolkit CVE-2017-8759 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. https://github.com/bhdresh/CVE-2017-8759
• CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum. https://github.com/unamer/CVE-2017-11882
• Adobe Flash Exploit CVE-2018-4878. https://github.com/anbai-inc/CVE-2018-4878
• Exploit toolkit CVE-2017-0199 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. https://github.com/bhdresh/CVE-2017-0199
• demiguise is a HTA encryption tool for RedTeams. https://github.com/nccgroup/demiguise
• Office-DDE-Payloads collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique. https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads
• CACTUSTORCH Payload Generation for Adversary Simulations. https://github.com/mdsecactivebreach/CACTUSTORCH
• SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. https://github.com/mdsecactivebreach/SharpShooter
• Don’t kill my cat is a tool that generates obfuscated shellcode that is stored inside of polyglot images. The image is 100% valid and also 100% valid shellcode. https://github.com/Mr-Un1k0d3r/DKMC
• Malicious Macro Generator Utility Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism. https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator
• SCT Obfuscator Cobalt Strike SCT payload obfuscator. https://github.com/Mr-Un1k0d3r/SCT-obfuscator
• Invoke-Obfuscation PowerShell Obfuscator. https://github.com/danielbohannon/Invoke-Obfuscation
• Invoke-DOSfuscation cmd.exe Command Obfuscation Generator & Detection Test Harness. https://github.com/danielbohannon/Invoke-DOSfuscation
• morphHTA Morphing Cobalt Strike’s evil.HTA. https://github.com/vysec/morphHTA
• Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. https://github.com/trustedsec/unicorn
• Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. https://www.shellterproject.com/
• EmbedInHTML Embed and hide any file in an HTML file. https://github.com/Arno0x/EmbedInHTML
• SigThief Stealing Signatures and Making One Invalid Signature at a Time. https://github.com/secretsquirrel/SigThief
• Veil is a tool designed to generate metasploit…