lockdoor-framework 1.0

Lockdoor Framework : A Penetration Testing framework

Lockdoor Pentesting Framework

[~] Tested on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin) [~]

!NEWS!

[~] Version 1.0 Beta IS OUT !!

Versions:

09/2019 : 1.0Beta

• Information Gathring Tools (21)
• Web Hacking Tools(15)
• Reverse Engineering Tools (15)
• Exploitation Tools (6)
• Pentesting & Security Assessment Findings Report Templates (6)
• Password Attack Tools (4)
• Shell Tools + Blackarch's Webshells Collection (4)
• Walk Throughs & Pentest Processing Helpers (3)
• Encryption/Decryption Tools (2)
• Social Engineering tools (1)
• All you need as Privilege Escalation scripts and exploits
• Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin)

09/2019 : 1.0_TEST

• Information Gathring tools (20)
• Web Hacking Tools (14)
• Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin)
• Some bugs That I'm fixing with time so don't worry about that.
• Test :

Check the Wiki Pages to know more about the tool.

• The Wiki pages :
• Lockdoor Wiki page Home
• [Lockdoor Demos](ttps://github.com/SofianeHamlaoui/Lockdoor-Framework/wiki/Demos
• Lockdoor Screenshots

Overview

LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one.

Features

Added value : (what makes it different from other frameworks).

Pentesting Tools Selection:

• Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
• what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali,Parrot Os and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
• Easy Customization: Easily add/remove tools. (Added value)

Resources and cheatsheets: (Added value)

• Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools ! Pentesing and Security Assessment Findings Reports templates (Added value) , Pentesting walkthrough examples and tempales (Added value) and more.

• Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role ! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Lockdoor Tools contents:

Information Gathering:

Tools:

• dirsearch : A Web path scanner
• brut3k1t : security-oriented bruteforce framework
• gobuster : DNS and VHost busting tool written in Go
• Enyx : an SNMP IPv6 Enumeration Tool
• Goohak : Launchs Google Hacking Queries Against A Target Domain
• Nasnum : The NAS Enumerator
• Sublist3r : Fast subdomains enumeration tool for penetration testers
• wafw00f : identify and fingerprint Web Application Firewall
• Photon : ncredibly fast crawler designed for OSINT.
• Raccoon : offensive security tool for reconnaissance and vulnerability scanning
• DnsRecon : DNS Enumeration Script
• sherlock : Find usernames across social networks
• snmpwn : An SNMPv3 User Enumerator and Attack tool
• Striker : an offensive information and vulnerability scanner.
• theHarvester : E-mails, subdomains and names Harvester
• URLextractor : Information gathering & website reconnaissance
• denumerator.py : Enumerates list of subdomains
• other : other Information gathering,recon and Enumeration scripts I collected somewhere.
• Frameworks: : - ReconDog : Reconnaissance Swiss Army Knife : - RED_HAWK : All in one tool for Information Gathering, Vulnerability Scanning and Crawling : - TIDoS : Offensive Manual Web Application Penetration Testing Framework. : - Dracnmap : Info Gathering Framework

Web Hacking:

Tools:

• Spaghetti : Spaghetti - Web Application Security Scanner
• HTTPoxyScan : HTTPoxy Exploit Scanner by 1N3
• CMSmap : CMS scanner
• BruteXSS : BruteXSS is a tool to find XSS vulnerabilities in web application
• J-dorker : Website List grabber from Bing
• droopescan : scanner , identify , CMSs , Drupal , Silverstripe.
• ptiva : Web Application Scanne
• V3n0M : Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
• Priv8SqliTool : Find Sqli Targets v
• SqliV : massive SQL injection vulnerability scanner
• AtScan : Advanced dork Search & Mass Exploit Scanner
• WPSeku : Wordpress Security Scanner
• WpBrute : Wordpress BruteForce Tools
• Wpscan : A simple Wordpress scanner written in python
• B7S-ToolB0x : Wordpress vulnerability scanner
• XSStrike : Most advanced XSS scanner.
• joomscan : Joomla Vulnerability Scanner Project
• Frameworks: : - Dzjecter : Server checking Tool : - W3af : web application attack and audit framework

Privilege Escalation:

Linux :

• Scripts :
• linux_checksec.sh
• linux_enum.sh
• linux_gather_files.sh
• linux_kernel_exploiter.pl
• linux_privesc.py
• linux_privesc.sh
• linux_security_test
• Linux_exploits folder

Windows :

• windows-privesc-check.py
• windows-privesc-check.exe

MySql :

• raptor_udf.c
• raptor_udf2.c

Reverse Engineering:

• Radare2 : unix-like reverse engineering framework
• VirtusTotal : VirusTotal tools
• Miasm : Reverse engineering framework
• Mirror : reverses the bytes of a file
• DnSpy : .NET debugger and assembly
• DLLRunner : a smart DLL execution script for malware analysis in sandbox systems.
• Fuzzy Server : a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
• yara : a tool aimed at helping malware researchers toidentify and classify malware samples
• Spike : a protocol fuzzer creation kit + audits
• other : other scripts collected somewhere

Exploitation:

• Findsploit : Find exploits in local and online databases instantly
• MassExpConsole : concurrent exploiting
• Pompem : Exploit and Vulnerability Finder
• rfix : Python tool that helps RFI exploitation.
• InUrlBr : Advanced search in search engines
• linux-exploit-suggester2 : Next-Generation Linux Kernel Exploit Suggester
• other : other scripts I collected somewhere.

Shells:

• WebShells : Webshells Collection
• ShellSum : A defense tool - detect web shells in local directories
• Weevely : Weaponized web shell
• python-pty-shells : Python PTY backdoors

Password Attacks:

• crunch : a wordlist generator
• CeWL : a Custom Word List Generator
• patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

Encryption - Decryption:

• Codetective : a tool to determine the crypto/encoding algorithm used
• findmyhash : Python script to crack hashes using online services
• hashID : Software to identify the different types of hashes

Post Exploitation::

• TheFatRat : massive exploiting tool

Reverse Engineering:

• scythe : an accounts enumerator

Lockdoor Resources contents:

Information Gathering:

• Cheatsheet_SMBEnumeration
• configuration_management
• dns_enumeration
• file_enumeration
• http_enumeration
• information_gathering_owasp_guide
• miniserv_webmin_enumeration
• ms_sql_server_enumeration
• nfs_enumeration
• osint_recon_ng
• passive_information_gathering
• pop3_enumeration
• ports_emumeration
• rpc_enumeration
• scanning
• smb_enumeration
• smtp_enumeration
• snmb_enumeration
• vulnerability_scanning

Crypto:

• Crypto101.pdf

Exploitation:

• computer_network_exploits
• file_inclusion_vulnerabilities
• File_Transfers
• nc_transfers
• networking_pivoting_and_tunneling
• network_pivoting_techniques
• pivoting
• pivoting_
• Public Exploits
• reverse_shell_with_msfvenom

Networking:

• bpf_syntax
• Cheatsheet_Networking
• Cheatsheet_Oracle
• networking_concept
• nmap_quick_reference_guide
• tcpdump

Password Attacks:

• password_attacks
• Some-Links-To-Wordlists

Post Exploitation:

• Cheatsheet_AVBypass
• Cheatsheet_BuildReviews
• code-execution-reverse-shell-commands
• important-linux-serv-files

Privilege Escalation:

• Cheatsheet_LinuxPrivilegeEsc
• linux_enumeration
• windows_enumeration
• windows_priv_escalation
• windows_priv_escalation_practical

Pentesting & Security Assessment Findings Report Templates:

• Demo Company - Security Assessment Findings Report.docx
• linux-template.md
• PWKv1-REPORT.doc
• pwkv1_report.doc
• template-penetration-testing-report-v03.pdf
• windows-template.md

Reverse Engineering:

• Buffer_Overflow_Exploit
• buffer_overflows
• gdb_cheat_sheet
• r2_cheatsheet
• win32_buffer_overflow_exploitation
• 64_ia_32_jmp_instructions
• course_notes
• debuging
• IntelCodeTable_x86
• Radare2 cheatsheet
• x86_assembly_x86_architecture
• x86_opcode_structure_and_instruction_overview

Social Engineering:

• social_engineering

Walk Throughs:

• Cheatsheet_PenTesting.txt
• OWASP Testing Guide v4
• OWASPv4_Checklist.xlsx

Web Hacking:

• auxiliary_info.md
• Cheatsheet_ApacheSSL
• Cheatsheet_AttackingMSSQL
• Cheatsheet_DomainAdminExploitation
• Cheatsheet_SQLInjection
• Cheatsheet_VulnVerify.txt
• code-execution-reverse-shell-commands
• file_upload.md
• html5_cheat_sheet
• jquery_cheat_sheet_1.3.2
• sqli
• sqli_cheatsheet
• sqli-quries
• sqli-tips
• web_app_security
• web_app_vulns_Arabic
• Xss_1
• Xss_2
• xss_actionscript
• xxe

Other:

• Security : - Best Version of BriskSec Security Cheatsheets
• Images (I'll let you discover that)
• Google Hacking DataBase
• Google Fu