Skip to main content
  1. All Posts/

Shr3dKit

Tools Shell


This tool kit is very much influenced by infosecn1nja’s kit.
Use this script to grab majority of the repos.
NOTE: hard coded in /opt and made for Kali Linux
Total Size (so far): 2.5+Gb
Install Guide:

apt -y install git apache2 python-requests libapache2-mod-php python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl libssl1.0-dev libffi-dev python-dev python-pip tcpdump python-virtualenv build-essential cmake libgtk-3-dev libboost-all-dev libx11-dev libatlas-base-dev libboost-python-dev pkg-config
git clone https://github.com/shr3ddersec/Shr3dKit.git
pip install -r requirements.txt
bash shr3dkit.sh

Change Log

June-13-2019
Tools Added: Added CobaltStrike-ToolKit, mimipenguin, PyKEK, ACLight
--------------------------------------------------
May-06-2019
Code: Added Invoke-CradleCrafter to Weaponization.
--------------------------------------------------
April-2019
Fixed: macro_pack, LaZagne
Code: Added all requirements to script, seperated pip requirements and merged to one file.

Tools Added: Modlishka, pwndb, cat-sites, Phantom-Evasion

Phantom Evasion Forewarning

Contents

Reconnaissance

Active Intelligence Gathering

  • EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness
  • AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump
  • AQUATONE is a set of tools for performing reconnaissance on domain names. https://github.com/michenriksen/aquatone
  • spoofcheck a program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. https://github.com/BishopFox/spoofcheck
  • Nmap is used to discover hosts and services on a computer network, thus building a “map” of the network. https://github.com/nmap/nmap
  • dnsrecon a tool DNS Enumeration Script. https://github.com/darkoperator/dnsrecon

Passive Intelligence Gathering

  • Social Mapper OSINT Social Media Mapping Tool, takes a list of names & images (or LinkedIn company name) and performs automated target searching on a huge scale across multiple social media sites. Not restricted by APIs as it instruments a browser using Selenium. Outputs reports to aid in correlating targets across sites. https://github.com/SpiderLabs/social_mapper
  • skiptracer OSINT scraping framework, utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget. https://github.com/xillwillx/skiptracer
  • ScrapedIn a tool to scrape LinkedIn without API restrictions for data reconnaissance. https://github.com/dchrastil/ScrapedIn
  • linkScrape A LinkedIn user/company enumeration tool. https://github.com/NickSanzotta/linkScrape
  • FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. https://github.com/ElevenPaths/FOCA
  • theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual
    hosts, open ports/ banners, and employee names from different public sources. https://github.com/laramies/theHarvester
  • Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites. https://github.com/laramies/metagoofil
  • SimplyEmail Email recon made fast and easy, with a framework to build on. https://github.com/killswitch-GUI/SimplyEmail
  • truffleHog searches through git repositories for secrets, digging deep into commit history and branches. https://github.com/dxa4481/truffleHog
  • Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset. https://github.com/ChrisTruncer/Just-Metadata
  • typofinder a finder of domain typos showing country of IP address. https://github.com/nccgroup/typofinder
  • pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account. https://github.com/thewhiteh4t/pwnedOrNot
  • GitHarvester This tool is used for harvesting information from GitHub like google dork. https://github.com/metac0rtex/GitHarvester
  • pwndb is a python command-line tool for searching leaked credentials using the Onion service with the same name. https://github.com/davidtavarez/pwndb/

Frameworks

  • Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. https://www.paterva.com/web7/downloads.php
  • SpiderFoot the open source footprinting and intelligence-gathering tool. https://github.com/smicallef/spiderfoot
  • datasploit is an OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats. https://github.com/DataSploit/datasploit
  • Recon-ng is a full-featured Web Reconnaissance framework written in Python. https://bitbucket.org/LaNMaSteR53/recon-ng

Weaponization

  • Composite Moniker Proof of Concept exploit for CVE-2017-8570. https://github.com/rxwx/CVE-2017-8570
  • Exploit toolkit CVE-2017-8759 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. https://github.com/bhdresh/CVE-2017-8759
  • CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum. https://github.com/unamer/CVE-2017-11882
  • Adobe Flash Exploit CVE-2018-4878. https://github.com/anbai-inc/CVE-2018-4878
  • Exploit toolkit CVE-2017-0199 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. https://github.com/bhdresh/CVE-2017-0199
  • demiguise is a HTA encryption tool for RedTeams. https://github.com/nccgroup/demiguise
  • Office-DDE-Payloads collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique. https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads
  • CACTUSTORCH Payload Generation for Adversary Simulations. https://github.com/mdsecactivebreach/CACTUSTORCH
  • SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. https://github.com/mdsecactivebreach/SharpShooter
  • Don’t kill my cat is a tool that generates obfuscated shellcode that is stored inside of polyglot images. The image is 100% valid and also 100% valid shellcode. https://github.com/Mr-Un1k0d3r/DKMC
  • Malicious Macro Generator Utility Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism. https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator
  • SCT Obfuscator Cobalt Strike SCT payload obfuscator. https://github.com/Mr-Un1k0d3r/SCT-obfuscator
  • Invoke-Obfuscation PowerShell Obfuscator. https://github.com/danielbohannon/Invoke-Obfuscation
  • Invoke-DOSfuscation cmd.exe Command Obfuscation Generator & Detection Test Harness. https://github.com/danielbohannon/Invoke-DOSfuscation
  • morphHTA Morphing Cobalt Strike’s evil.HTA. https://github.com/vysec/morphHTA
  • Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. https://github.com/trustedsec/unicorn
  • Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. https://www.shellterproject.com/
  • EmbedInHTML Embed and hide any file in an HTML file. https://github.com/Arno0x/EmbedInHTML
  • SigThief Stealing Signatures and Making One Invalid Signature at a Time. https://github.com/secretsquirrel/SigThief
  • Veil is a tool designed to generate metasploit…