Kali Linux Tutorials

Web-Hacking-Toolkit multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support.

Installation

Docker

Pull the image from Docker Hub:

docker pull signedsecurity/web-hacking-toolkit

Run a container and attach a shell:

docker run \
 -it \
 --rm \
 --shm-size="2g" \
 --name web-hacking-toolkit \
 --hostname web-hacking-toolkit \
 -p 22:22 \
 -v $(pwd)/data:/root/data \
 signedsecurity/web-hacking-toolkit \
 /bin/bash

Docker Compose

Docker-Compose can also be used.

version: "3.9"

services:
    web-hacking-toolkit:
        image: signedsecurity/web-hacking-toolkit
        container_name: web-hacking-toolkit
        hostname: web-hacking-toolkit
        stdin_open: true
        shm_size: 2gb
        ports:
            - "22:22" # exposed for GUI support sing SSH with X11 forwarding
        volumes:
            - ./data:/root/data
        restart: unless-stopped

Build and run container:

docker-compose up

Attach shell:

docker-compose exec web-hacking-toolkit /bin/bash

Build from Source

Clone this repository and build the image:

git clone https://github.com/signedsecurity/web-hacking-toolkit.git && \
cd web-hacking-toolkit && \
make build-images

Run a container and attach a shell:

make run

GUI Support

By default, no GUI tools can be run in a Docker container as no X11 server is available. To run them, you must change that. What is required to do so depends on your host machine. If you:

• run on Linux, you probably have X11
• run on Mac OS, you need Xquartz (brew install Xquartz)
• run on Windows, you have a problem

Using SSH with X11 forwarding

Use X11 forwarding through SSH if you want to go this way. Run start_ssh inside the container to start the server, make sure you expose port 22 when starting the container: docker run -p 127.0.0.1:22:22 ..., then use ssh -X ... when connecting (the script prints the password).

Installed

Tools

Category	Name	Description
Discovery/DOMAIN	Amass	In-depth Attack Surface Mapping and Asset Discovery
Utility/ANY	anew	A tool for adding new lines to files, skipping duplicates
Discovery/PARAM	Arjun	HTTP parameter discovery suite.
Army-Knife/PROXY	Burp Suite Community	The BurpSuite Project community edition.
Utility/HTTP	curl	A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features
Discovery/DNS	dnsx	dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
Discovery/FUZZ	ffuf	Fast web fuzzer written in Go
Discovery/DOMAIN	findomain	The fastest
Browser	firefox	Safe and easy web browser from Mozilla
Utility/SHOT	gowitness	mag gowitness – a golang, web screenshot utility using Chrome Headless
Misc	html-tool	Take URLs or filenames for HTML documents on stdin and extract tag contents, attribute values, or comments
Utility/HTTP	httpx	httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
Discovery/PORT	masscan	TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Discovery/PORT	naabu	A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Discovery/PORT	nmap	Nmap – the Network Mapper. Github mirror of official SVN repository.
Army-Knife/SCAN	nuclei	Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
Discovery/PORT	ps.sh	A wrapper around tools used for port scanning(nmap, naabu & masscan), the goal being reducing scan time, increasing scan efficiency and automating the workflow.
Discovery/DOMAIN	sigsubfind3r	A subdomain discovery tool – it gathers a list of subdomains passively using various online sources.
Discovery/URL	sigurlfind3r	A passive reconnaissance tool for known URLs discovery – it gathers a list of URLs passively using various online sources.
Army-Knife/SCAN	sigurlscann3r	A web application attack surface mapping tool. It takes in a list of urls then performs numerous probes
Discovery/DOMAIN	subdomains.sh	A wrapper around for subdomains gathering tools (amass, subfinder, findomain & sigsubfind3r) to increase gathering efficiency and automating the workflow.
Discovery/DOMAIN	subfinder	Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Utility/Terminal	tmux	tmux is a terminal multiplexer: it enables a number of terminals to be created, accessed, and controlled from a single screen. tmux may be detached from a screen and continue running in the background, then later reattached
Utility/Editor	vim	A highly configurable text editor built to make creating and changing any kind of text very efficient.
Discovery/Tech	wappalyzer	Wappalyzer identifies technologies on websites, such as CMS, web frameworks, ecommerce platforms, JavaScript libraries, analytics tools and more.
Utility/HTTP	wuzz	Interactive cli tool for HTTP inspection

Wordlists

Wordlist	Description
SecLists	SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
jhaddix / content_discovery_all.txt	a masterlist of content discovery URLs and files (used most commonly with gobuster)