项目地址:https://github.com/ThomasTJdev/WMD

大规模杀伤性武器(Weapon of Mass Destruction)

这是一款用 Python 写的安全工具集。软件封装于“模块”中。模块主要由纯 Python 代码和第三方程序组成。

主要功能

1) 要使用模块,运行命令 "use [module_call]",例如使用 "use apsniff" 激活模块。 2) 可以使用 "set [parameter] [value]" 更改模块选项。 3) 在模块内,可以用命令 "so" 查看选项。 4) 环境设置位于 core/config.ini 中。请在运行程序之前进行调整。

截屏:
WMD MAIN

Web 界面

控制台运行命令“www”,激活 Flask 服务,即可在浏览器中展示模块。通过 127.0.0.1:5000 访问。

模块会直接加载到 xterm 中。

DEV: 可以试一下 SniffHTTP 和 APsniff 模块 - 可在浏览器中定义参数。

Screenshot:
WMD WWW

模块列表

CAT: TYPE: CALL: NAME: DESCRIPTION:
bruteforce creds changeme Default creds scan Scan IP's for services and try logging in with default credentials (Arthur: ztgrace)
bruteforce loginpath adminfinder Admin Finder A Simple script to find admin-paths for webpages. (Arthur: Spaddex)
bruteforce rar bfrar BF RAR Bruteforce a RAR file
bruteforce ssh bfssh Bruteforce SSH Bruteforce SSH login
bruteforce web bfweb Bruteforce weblogin form Bruteforce a weblogin form with word- and passlist
bruteforce zip bfzip BF ZIP Bruteforce a ZIP file
cracking aut john John the Ripper As you know - kill the hash
cracking hash hashid Identify hash Identify a hash
cracking wpa crackwpa Crack WPA 4-way handshake Gather WPA 4-way handshake from accesspoint and crack it
exploit browser browserpwn Browser Autopwn2 This module will automatically serve browser exploits (Arthur: sinn3r[at]metasploit.com)
exploit search exploitdb Exploitdb Shell-style script to search exploit-db.com exploits. (Arthur: mattoufoutu)
mail sin mspoofcheck Spoofcheck email domain Check if a domain can be spoofed for e.g. emailing
monitor arp arpmon ARP monitor alert Monitor ARP table and alert for changes
monitor ip ipmon IP monitor alert Monitor IP's and alert for changes
other settings settings Change settings Change your environment settings, e.g. interface
pentesting niptt sparta SPARTA SPARTA is a python GUI application which simplifies network infrastructure penetration testing.
phishing ap etphis Ewil Twin phishing Create a Evil Twin and redirect user to fake password page.
phishing webpage webphis Webpage phishing Run a local flask server with phishing pages.
recon dns dig Domain info groper Using dig command you can query DNS name servers for your DNS lookup related tasks
recon dns dnsmap dnsmap DNS Network Mapper. Enumeration and bruteforcing.
recon dns dnsrecon dnsrecon Multiple DNS recon abilities.
router framework rsploit Routersploit Framework for routers with exploits and getting creds. (Arthur: Reverse Shell Security)
scan sin lanscan Lan scan Scan local net - recon
sniff aut apsniff AP sniff Create AP and sniff HTTPS and avoid HSTS + Beef
sniff http sniffhttp Sniff HTTP Sniff HTTP packages. Extract username and passwords from traffic.
sniff sin bettercap Bettercap Bettercap integration for sniffing packets and bypass HSTS and HTTPS
socialeng instagram instabot Instagram bot Instagram bot for performing various activities (Arthur: LevPasha)
spoof arp arpspoof ARP spoof Spoofing ARP
sql sqli gdsqli Gdork SQLi Scrape net for urls and check if they are prone to SQL injection
sql sqli sqlmap SQLmap Just an activation of SQLmap.
system mac macc Macchanger Change your MAC address
tools search searchht Search hacktools Searchengine for hackingtools
wifi accesspoint createap Create an Accesspoint Create an Accesspoint
wifi wifi wifiutils WiFi utils Utilities for WiFi, e.g. deauth, WiFi's, clients, probes, etc.

运行

运行前: 1. 调整core/config.ini.default 中的环境选项。 2. 将 core/config.ini.default 重命名为 core/config.ini

开启终端: python3 wmd.py

使用单独的模块: python3 wmd.py -m [CALL]

开启 web 服务: python3 wmd.py -w

不检查依赖运行: python3 wmd.py -nc

环境要求:

  • Linux 系统
  • Python3
  • Python 库的要求位于 requirements.txt

可选项 tools/software/GIT:

这些模块需要时会通知你,并不会直接运行

  • GIT: Admin-Finder
  • Aircrack-ng
  • Airomon-ng
  • Airodump-ng
  • Airolib-ng
  • Arp
  • Arpspoof
  • Beef
  • Bettercap
  • GIT: changeme
  • CrackMapExec
  • Create_ap
  • Dig
  • Dnsmap
  • GIT: Dnsrecon
  • GIT: Exploitdb
  • GIT: Hashid
  • Hostapd
  • GIT: Instabot
  • John the Ripper
  • Nmap
  • GIT: Routersploit
  • SPARTA
  • GIT: Spoofcheck
  • GIT: XSSER

部署

项目结构

  • core --> 核心文件中使用了所有的代码。
  • files --> 静态文件,密码列表等。
  • logs --> 用于保存日志的标准文件夹。
  • modules --> 包括各种模块。
  • tmp --> 你猜呢
  • tools --> GIT 工具。
  • www --> webserver 的文件。

新模块

可以在 modules/module_template.py 中检查模板。

添加模块

Run python3 wmd.py -a modulePathName.py


Paper 本文由 Seebug Paper 发布,如需转载请注明来源。本文地址:http://paper.seebug.org/217/