Posted_Agenda_: Lockdoor-Framework: A PenTesting Framework With Cyber Security Resources

About Lockdoor-Framework
Author: SofianeHamlaoui

Tested on: Kali Linux, Ubuntu, Arch Linux, Fedora, OpenSuse and Windows (Cygwin)

LockDoor is a Framework aimed at helping penetration testers, bug bounty hunters And cyber security engineers. This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters. As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one. With all of that ! It automates the Pentesting process to help you do the job more quickly and easily.

Lockdoor-Framework installation:
For now, Lockdoor-Framework supports Debian-based Linux distros (Kali Linux, ParrotSec, Ubuntu...), Arch Linux based distros (Manjaro, BlackArch, ArchStrike...), Fedora, OpenSuse, Cygwin on Windows.

Open your Terminal and enter these commands:

You can watch detail here:

Lockdoor Tools contents 🛠️:
* Information Gathering 🔎:

dirsearch: A Web path scanner
brut3k1t: security-oriented bruteforce framework
gobuster: DNS and VHost busting tool written in Go
Enyx: an SNMP IPv6 Enumeration Tool
Goohak: Launchs Google Hacking Queries Against A Target Domain
Nasnum: The NAS Enumerator
Sublist3r: Fast subdomains enumeration tool for penetration testers
wafw00f: identify and fingerprint Web Application Firewall
Photon: ncredibly fast crawler designed for OSINT.
Raccoon: offensive security tool for reconnaissance and vulnerability scanning
DnsRecon: DNS Enumeration Script
Nmap: The famous security Scanner, Port Scanner, & Network Exploration Tool
sherlock: Find usernames across social networks
snmpwn: An SNMPv3 User Enumerator and Attack tool
Striker: an offensive information and vulnerability scanner.
theHarvester: E-mails, subdomains and names Harvester
URLextractor: Information gathering & website reconnaissance
denumerator.py: Enumerates list of subdomains
other: other Information gathering,recon and Enumeration scripts I collected somewhere.
ReconDog: Reconnaissance Swiss Army Knife
RED_HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
Dracnmap: Info Gathering Framework

* Web Hacking 🌐:

Spaghetti: Spaghetti - Web Application Security Scanner
CMSmap: CMS scanner
BruteXSS: BruteXSS is a tool to find XSS vulnerabilities in web application
J-dorker: Website List grabber from Bing
droopescan: scanner, identify, CMSs, Drupal, Silverstripe.
Optiva: Web Application Scanner
V3n0M: Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
AtScan: Advanced dork Search & Mass Exploit Scanner
WPSeku: Wordpress Security Scanner
WPScan: A simple Wordpress scanner written in python
XSStrike: Most advanced XSS scanner.
SQLMap: automatic SQL injection and database takeover tool
WhatWeb: the Next generation web scanner
joomscan: Joomla Vulnerability Scanner Project
Dzjecter: Server checking Tool

* Privilege Escalation ⚠️:

Linux 🐧:linux_checksec.sh
linux_enum.sh
linux_gather_files.sh
linux_kernel_exploiter.pl
linux_privesc.py
linux_privesc.sh
linux_security_test
Linux_exploits folder
Windows : windows-privesc-check.py
windows-privesc-check.exe
MySql:raptor_udf.c
raptor_udf2.c

* Reverse Engineering ⚡:

Radare2: unix-like reverse engineering framework
VirtusTotal: VirusTotal tools
Miasm: Reverse engineering framework
Mirror: reverses the bytes of a file
DnSpy: .NET debugger and assembly
AngrIo: A python framework for analyzing binaries (Suggested by @Hamz-a)
DLLRunner: a smart DLL execution script for malware analysis in sandbox systems.
Fuzzy Server: a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
yara: a tool aimed at helping malware researchers toidentify and classify malware samples
Spike: a protocol fuzzer creation kit + audits
other: other scripts collected somewhere

* Exploitation ❗:

Findsploit: Find exploits in local and online databases instantly
Pompem: Exploit and Vulnerability Finder
rfix: Python tool that helps RFI exploitation.
InUrlBr: Advanced search in search engines
Burpsuite: Burp Suite for security testing & scanning.
linux-exploit-suggester2: Next-Generation Linux Kernel Exploit Suggester
other: other scripts I collected somewhere.

* Shells 🐚:

WebShells: BlackArch's Webshells Collection

ShellSum: A defense tool - detect web shells in local directories

Weevely: Weaponized web shell

python-pty-shells: Python PTY backdoors

* Password Attacks ✳️:

crunch : a wordlist generator

CeWL : a Custom Word List Generator

patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

* Encryption - Decryption 🛡️:

Codetective: a tool to determine the crypto/encoding algorithm used
findmyhash: Python script to crack hashes using online services

* Social Engineering 🎭:

scythe: an accounts enumerator

Contributing:

Fork Lockdoor-Framework:
git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git

Create your feature branch

Commit your changes

Push to the branch

Create a new Pull Request

Features 📙:

Pentesting Tools Selection 📙:

Tools ?: Lockdoor doesn't contain all pentesting tools (Added value) , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite (Added value) and the most used toolsby Pentesters (Added value).
what Tools ?: the tools contains Lockdoor are a collection from the best tools (Added value) on Kali Linux, ParrotSec and BlackArch. Also some private tools (Added value) from some other hacking teams (Added value) like InurlBr, iran-cyber. Without forgeting some cool and amazing tools I found on Github made by some perfect human beigns (Added value).
Easy customization: Easily add/remove tools. (Added value)
Installation: You can install the tool automatically using the install.sh. Manually or on Docker [COMING SOON]

Resources and cheatsheets 📙 (Added value):

Resources: That's what makes Lockdoor Added value, Lockdoor Doesn't contain only tools! Pentesing and Security Assessment Findings Reports templates (Added value), Pentesting walkthrough examples and tempales (Added value) and more.
Cheatsheets: Everyone can forget something on processing or a tool use, or even some trciks. Here comes the Cheatsheets (Added value) role! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

Check the Wiki Pages to know more about the tool 📙:

Lockdoor Wiki page Home

Lockdoor Demos

Lockdoor Screenshots

Lockdoor-Framework's screenshots: