WMD is a python tool with an accumulation of IT security software. The product is incapsulated in “modules”. The modules consists of unadulterated python code and or external third programs.
Also Read Air-Hammer – A Online Brute-Force Attack Tool
Run the command “www” from the console to activate a Flask server showing the modules in your browser. Access it from: 127.0.0.1:5000.
Modules are loaded directly into a xterm.
DEV: Try the SniffHTTP and APsniff module – define parameters in the browser.
CAT | TYPE | CALL | NAME | DESCRIPTION |
---|---|---|---|---|
bruteforce | creds | changeme | Default creds scan | Scan IP’s for services and try logging in with default credentials (Arthur: ztgrace) |
bruteforce | loginpath | adminfinder | Admin Finder | A Simple script to find admin-paths for webpages. (Arthur: Spaddex) |
bruteforce | rar | bfrar | BF RAR | Bruteforce a RAR file |
bruteforce | ssh | bfssh | Bruteforce SSH | Bruteforce SSH login |
bruteforce | web | bfweb | Bruteforce weblogin form | Bruteforce a weblogin form with word- and passlist |
bruteforce | zip | bfzip | BF ZIP | Bruteforce a ZIP file |
cracking | aut | john | John the Ripper | As you know – kill the hash |
cracking | hash | hashid | Identify hash | Identify a hash |
cracking | wpa | crackwpa | Crack WPA 4-way handshake | Gather WPA 4-way handshake from accesspoint and crack it |
exploit | browser | browserpwn | Browser Autopwn2 | This module will automatically serve browser exploits (Arthur: sinn3r[at]metasploit.com) |
exploit | search | exploitdb | Exploitdb | Shell-style script to search exploit-db.com exploits. (Arthur: mattoufoutu) |
sin | mspoofcheck | Spoofcheck email domain | Check if a domain can be spoofed for e.g. emailing | |
monitor | arp | arpmon | ARP monitor alert | Monitor ARP table and alert for changes |
monitor | ip | ipmon | IP monitor alert | Monitor IP’s and alert for changes |
other | settings | settings | Change settings | Change your environment settings, e.g. interface |
pentesting | niptt | sparta | SPARTA | SPARTA is a python GUI application which simplifies network infrastructure penetration testing. |
phishing | ap | etphis | Ewil Twin phishing | Create a Evil Twin and redirect user to fake password page. |
phishing | webpage | webphis | Webpage phishing | Run a local flask server with phishing pages. |
recon | dns | dig | Domain info groper | Using dig command you can query DNS name servers for your DNS lookup related tasks |
recon | dns | dnsmap | dnsmap | DNS Network Mapper. Enumeration and bruteforcing. |
recon | dns | dnsrecon | dnsrecon | Multiple DNS recon abilities. |
router | framework | rsploit | Routersploit | Framework for routers with exploits and getting creds. (Arthur: Reverse Shell Security) |
scan | sin | lanscan | Lan scan | Scan local net – recon |
sniff | aut | apsniff | AP sniff | Create AP and sniff HTTPS and avoid HSTS + Beef |
sniff | http | sniffhttp | Sniff HTTP | Sniff HTTP packages. Extract username and passwords from traffic. |
sniff | sin | bettercap | Bettercap | Bettercap integration for sniffing packets and bypass HSTS and HTTPS |
socialeng | instabot | Instagram bot | Instagram bot for performing various activities (Arthur: LevPasha) | |
spoof | arp | arpspoof | ARP spoof | Spoofing ARP |
sql | sqli | gdsqli | Gdork SQLi | Scrape net for urls and check if they are prone to SQL injection |
sql | sqli | sqlmap | SQLmap | Just an activation of SQLmap. |
system | mac | macc | Macchanger | Change your MAC address |
tools | search | searchht | Search hacktools | Searchengine for hackingtools |
wifi | accesspoint | createap | Create an Accesspoint | Create an Accesspoint |
wifi | wifi | wifiutils | WiFi utils | Utilities for WiFi, e.g. deauth, WiFi’s, clients, probes, etc. |
Before your first run, please: 1. Adjust your environment settings in core/config.ini.default
2. Rename core/config.ini.default
to core/config.ini
Start the console with: python3 wmd.py
Start a single module: python3 wmd.py -m [CALL]
Start webserver: python3 wmd.py -w
Start without checking requirements: python3 wmd.py -nc
Before your first run, please: 1. Adjust your environment settings in core/config.ini.default
2. Rename core/config.ini.default
to core/config.ini
Requirements:
Optional tools/software/GIT:
modules which needs them will inform you about it and just dont run..
Checkout the template in modules/module_template.py
Run python3 wmd.py -a modulePathName.py
Do a run through config.ini and extract names for the updatecommand instead of DRY in two functions
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…