This toolbox includes several updated tools for red team assessments and bug bounty running exclusively on docker
Tools
| Pkg | Info |
|---|---|
| Airixss | Find possible xss vulnerable endpoints. |
| Amass | Recon - Network mapping of attack surfaces and external asset discovery. |
| AssetFinder | Find domains and subdomains potentially related to a given domain. |
| DNSRecon | Check all NS Records / Enumerate / Brute Force / PTR. |
| Findomain | Directory fuzzing/ports scan/vulnerabilities discovery (with Nuclei) - and more. |
| Freq | CLI tool for send fast Multiple get HTTP request. |
| Katana | A next-generation crawling and spidering framework. |
| Knock | Knockpy is a portable and modular python3 tool designed to quickly enumerate subdomains on a target domain through passive reconnaissance and dictionary scan. |
| Meg | Fetch URL - Many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating. |
| Nuclei | Fast and customisable vulnerability scanner based on simple YAML based DSL. |
| Pacu | AWS exploitation framework. |
| ParamSpider | Finds parameters from web archives of the entered (sub)domain. |
| Photon | Frawler designed for OSINT. |
| PureDNS | Fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. |
| Sudomy | Subdomain Enumeration & Analysis |
| Uncover | Quickly discover exposed hosts on the internet using multiple search engines. |
| Uro | URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content |
| Waybackurls | Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout |
| anew | Append lines from stdin to a file, but only if they don't already appear in the file |
| dnsvalidator | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. |
| dnsx | A fast and multi-purpose DNS toolkit designed for running DNS queries |
| gau | Getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan for any given domain |
| goop | Yet another tool to dump a git repository from a website. |
| gowitness | A golang, web screenshot utility using Chrome Headless. |
| hakcheckurl | Takes a list of URLs and returns their HTTP response codes |
| hakrawler | Fast golang web crawler for gathering URLs and JavaScript file locations. This is basically a simple implementation of the awesome Gocolly library. |
| hqurlscann3r | A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes |
| httprobe | Take a list of domains and probe for working http and https servers. |
| httpx | Fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library |
| massdns | Stub DNS resolver, to perform bulk lookups. |
| notify | Stream the output of several tools (or read from a file) and publish it to a variety of supported platforms. |
| qsreplace | Accept URLs on stdin, replace all query string values with a user-supplied value, only output each combination of query string parameters once per host and path. |
| sdlookup | IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io |
| subfinder | Fast passive subdomain enumeration tool. |
| subjs | subjs fetches javascript files from a list of URLS or subdomains. |
| trufflehog | Find leaked credentials. |
| xurlfind3r | Find domain's known URLs passively from several sources |
| JSFScan.sh | Javascript recon automation |
| unfurl | Pull out bits of URLs provided on stdin |
echo "https://google.com" | docker run -i securitybydesign/toolbox hakrawler -subs
For convenience you can export the commands directly in your zsh or bash profile and use as "local" commands
docker build . -t toolbox:latest
- With persistent volume (/mnt/toolbox)
docker compose up --build
- Add more tools
- Evaluate if pspy64 make sense here or can be removed