Repository files navigation

• Table of contents
• Changelog 📌 :
• Badges 📌 :
• Support me 💰 :
• Contributors ⭐ :
• Versions
  • 06/2021 : 2.3
  • 03/2020 : 2.2.3
• Blogs & Articles 📰 :
• Overview 📙 :
• Features 📙 :
  • Pentesting Tools Selection 📙 :
  • Resources and cheatsheets 📙 :
• Screenshots 💻 :
• Demos 💻 :
• Installation 🛠️ :
• Lockdoor Tools contents 🛠️ :
  • Information Gathering 🔎 :
  • Web Hacking 🌐 :
  • Privilege Escalation⚠️ :
  • Reverse Engineering ⚡:
  • Exploitation ❗:
  • Shells 🐚:
  • Password Attacks ✳️:
  • Encryption - Decryption 🛡️:
  • Social Engineering 🎭:
• Lockdoor Resources contents 📚 :
  • Information Gathering 🔎 :
  • Crypto 🛡️:
  • Exploitation ❗:
  • Networking 🖧 :
  • Password Attacks ✳️:
  • Post Exploitation ❗❗:
  • Privilege Escalation⚠️:
  • Pentesting & Security Assessment Findings Report Templates 📝 :
  • Reverse Engineering ⚡ :
  • Social Engineering 🎭:
  • Walk Throughs 🚶 :
  • Web Hacking 🌐 :
  • Other 📚 :
• Contributing :

    - Fixing some CI     - making a more stable version     - new docker iaage build    - adding packages for each supported distros

• BTC Addresse : 1NR2oqsuevvWJwzCyhBXmqEA5eYAaSoJFk

• Config file checking.

• Updating the tools.

• Showing the current version of Lockdoor by -v arg.

• checking the version and asking for possible update.

• Making it easier to customize.

• No added tools for the moment.

• Fixing the docker misconfiguration, the docker version now works perfectly.

  • Information Gathring Tools (21)
  • Web Hacking Tools(15)
  • Reverse Engineering Tools (15)
  • Exploitation Tools (6)
  • Pentesting & Security Assessment Findings Report Templates (6)
  • Password Attack Tools (4)
  • Shell Tools + Blackarch's Webshells Collection (4)
  • Walk Throughs & Pentest Processing Helpers (3)
  • Encryption/Decryption Tools (2)
  • Social Engineering tools (1)
  • All you need as Privilege Escalation scripts and exploits

• Information Gathring Tools (21)
• Web Hacking Tools(15)
• Reverse Engineering Tools (15)
• Exploitation Tools (6)
• Pentesting & Security Assessment Findings Report Templates (6)
• Password Attack Tools (4)
• Shell Tools + Blackarch's Webshells Collection (4)
• Walk Throughs & Pentest Processing Helpers (3)
• Encryption/Decryption Tools (2)
• Social Engineering tools (1)
• All you need as Privilege Escalation scripts and exploits
• Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin)

  * Reddit : https://www.reddit.com/r/cybersecurity/comments/d4hthh/lockdoor_a_penetration_testing_framework_with/  * Medium.com : https://medium.com/@SofianeHamlaoui/lockdoor-framework-a-penetration-testing-framework-with-cyber-security-resources-sofiane-22fbb7942378  * Xploit Lab : https://xploitlab.com/lockdoor-framework-penetration-testing-framework-with-cyber-security-resources/  * Station X : https://www.stationx.net/threat-intelligence-17th-september/  * Kelvin Security : https://blog.kelvinsecurity.com/2019/09/12/lookdoor-framework-a-penetration-testing-framework-with-cyber-security-resources/  * All About hacking : https://www.allabouthack.com/2019/09/lookdoor-framework-penetration-testing.html  * Wired Intel : http://wiredintel.bravehost.com/wired/2019/09/15/%F0%9F%94%90-lockdoor-a-penetration-testing-framework-with-cyber-security-resources        * Social networks :              * LinkedIn :                    * By Nermin S. : https://www.linkedin.com/posts/nsmajic_sofianehamlaouilockdoor-framework-activity-6578952540564529152-B-0P              * Twitter :                    * By Me :D : https://twitter.com/S0fianeHamlaoui/status/1173079963567820801                    * National Cyber Security Services : https://twitter.com/NationalCyberS1/status/1173917454151475202                    * Xploit Lab : https://twitter.com/xploit_lab/status/1173990273644261376                    * More : https://twitter.com/search?q=Lockdoor%20Framework                    * More : https://twitter.com/search?q=Lookdoor%20Framework              * Facebook :                    * By ME :D : https://www.facebook.com/S0fianeHamlaoui/posts/678704759315090                    * National Cyber Security Services : https://www.facebook.com/ncybersec/posts/1273735519463836                    * Xploit Lab : https://www.facebook.com/XploitLab/posts/2098443780463126                    * Root Developers : https://www.facebook.com/root.deve/posts/1181412315364265                    * More : https://www.facebook.com/search/top/?q=Lockdoor%20Framework        * Youtube :              * My youtube video : https://www.youtube.com/watch?v=_agvb29FQrs              * The Shadow Brokers video : https://www.youtube.com/watch?v=6njKRrKQtow

LockDoor is a Framework aimed athelping penetration testers, bug bounty hunters And cyber security engineers.This tool is designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. But containing the favorite and the most used tools by Pentesters.As pentesters, most of us has his personal ' /pentest/ ' directory so this Framework is helping you to build a perfect one.With all of that ! It automates the Pentesting process to help you do the job more quickly andeasily.

• Tools:Lockdoor doesn't contain all pentesting tools , let's be honest ! Who ever used all the Tools you find on all those Penetration Testing distributions ? Lockdoor contains only the favorite and the most used tools by Pentesters.

• what Tools: the tools containsLockdoor are a collection from the best tools on Kali,Parrot Os and BlackArch. Also some private tools from some other hacking teams like InurlBr, iran-cyber. Without forgetting some cool and amazing tools I found on Github made by some perfect human beings.

• Easy customization: Easily add/remove tools.

• Installation: You can install the tool automatically using the installer.sh , Manually or by running the Docker Image.

• Resources: That's what makesLockdoor, Lockdoor Doesn't contain only tools ! Pentesing and Security Assessment Findings Reports templates, Pentesting walkthrough examples and templates and more.

• Cheatsheets: Everyone can forget something on processing or a tool use, or even some tricks. Here comes the Cheatsheets role ! there are cheatsheets about everything, every tool on the framework and any enumeration,exploitation and post-exploitation techniques.

The recommended way to use Lockdoor is by pulling the Docker Image so you will not haveto worry about dependencies issues.

• A Docker image is available on Docker Hub and automatically re-built at each update:https://hub.docker.com/r/sofianehamlaoui/lockdoor. It is initially based on the official debian docker image (debian).

• Docker Installation

  • Installing requirments

           sudo apt install docker< Debian-based distributions       sudo dnf install docker< RPM-based distributions       sudo pacman -S docker< Arch-based distributions       sudo zypper install docker< OS-based distributions       sudo yum install docker< RH-based distributions

  • Running the container

           1.*Pull lockdoor Docker Image:*            sudo docker pull sofianehamlaoui/lockdoor

           2.*Run fresh Docker container:*            sudo docker run -it --name lockdoor-container -w /Lockdoor-Framework --net=host sofianehamlaoui/lockdoor

           3.*Run Lockdoor Framework*            sudo lockdoor

           4.*To re-run a stopped container:*            sudo docker start -i sofianehamlaoui/lockdoor

           5.*To open multiple shells inside the container:*            sudo dockerexec -it lockdoor-container bash

• Using LockAller - Lockdoor Installer

  Installing it using the script may take some time depends on the packages already installed on your system.> here you can find a fresh installation on a new debian distro with no pre-installed packages : [11min]

  git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git&&cd Lockdoor-Framework&& chmod +x ./install.sh&& ./install.sh

• Tools:
  • dirsearch : A Web path scanner
  • brut3k1t : security-oriented bruteforce framework
  • gobuster : DNS and VHost busting tool written in Go
  • Enyx : an SNMP IPv6 Enumeration Tool
  • Goohak : Launchs Google Hacking Queries Against A Target Domain
  • Nasnum : The NAS Enumerator
  • Sublist3r : Fast subdomains enumeration tool for penetration testers
  • wafw00f : identify and fingerprint Web Application Firewall
  • Photon : ncredibly fast crawler designed for OSINT.
  • Raccoon : offensive security tool for reconnaissance and vulnerability scanning
  • DnsRecon : DNS Enumeration Script
  • Nmap : The famous security Scanner, Port Scanner, & Network Exploration Tool
  • sherlock : Find usernames across social networks
  • snmpwn : An SNMPv3 User Enumerator and Attack tool
  • Striker : an offensive information and vulnerability scanner.
  • theHarvester : E-mails, subdomains and names Harvester
  • URLextractor : Information gathering & website reconnaissance
  • denumerator.py : Enumerates list of subdomains
  • other : other Information gathering,recon and Enumeration scripts I collected somewhere.
• Frameworks:
  • ReconDog : Reconnaissance Swiss Army Knife
  • RED_HAWK : All in one tool for Information Gathering, Vulnerability Scanning and Crawling
  • Dracnmap : Info Gathering Framework

• Tools:
  • Spaghetti : Spaghetti - Web Application Security Scanner
  • CMSmap : CMS scanner
  • BruteXSS : BruteXSS is a tool to find XSS vulnerabilities in web application
  • J-dorker : Website List grabber from Bing
  • droopescan : scanner , identify , CMSs , Drupal , Silverstripe.
  • Optiva : Web Application Scanne
  • V3n0M : Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • AtScan : Advanced dork Search & Mass Exploit Scanner
  • WPSeku : Wordpress Security Scanner
  • Wpscan : A simple Wordpress scanner written in python
  • XSStrike : Most advanced XSS scanner.
  • Sqlmap : automatic SQL injection and database takeover tool
  • WhatWeb : the Next generation web scanner
  • joomscan : Joomla Vulnerability Scanner Project
• Frameworks:
  • Dzjecter : Server checking Tool

• Tools:
  • Linux 🐧 :
    • Scripts :
      • linux_checksec.sh
      • linux_enum.sh
      • linux_gather_files.sh
      • linux_kernel_exploiter.pl
      • linux_privesc.py
      • linux_privesc.sh
      • linux_security_test
    • Linux_exploits folder
  • Windows |Windows| :
    • windows-privesc-check.py
    • windows-privesc-check.exe
  • MySql :
    • raptor_udf.c
    • raptor_udf2.c

• Radare2 : unix-like reverse engineering framework
• VirtusTotal : VirusTotal tools
• Miasm : Reverse engineering framework
• Mirror : reverses the bytes of a file
• DnSpy : .NET debugger and assembly
• AngrIo : A python framework for analyzing binaries ( Suggested by @Hamz-a )
• DLLRunner : a smart DLL execution script for malware analysis in sandbox systems.
• Fuzzy Server : a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
• yara : a tool aimed at helping malware researchers toidentify and classify malware samples
• Spike : a protocol fuzzer creation kit + audits
• other : other scripts collected somewhere

• Findsploit : Find exploits in local and online databases instantly
• Pompem : Exploit and Vulnerability Finder
• rfix : Python tool that helps RFI exploitation.
• InUrlBr : Advanced search in search engines
• Burpsuite : Burp Suite for security testing & scanning.
• linux-exploit-suggester2 : Next-Generation Linux Kernel Exploit Suggester
• other : other scripts I collected somewhere.

• WebShells : BlackArch's Webshells Collection
• ShellSum : A defense tool - detect web shells in local directories
• Weevely : Weaponized web shell
• python-pty-shells : Python PTY backdoors

• crunch : a wordlist generator
• CeWL : a Custom Word List Generator
• patator : a multi-purpose brute-forcer, with a modular design and a flexible usage

• Codetective : a tool to determine the crypto/encoding algorithm used
• findmyhash : Python script to crack hashes using online services

• scythe : an accounts enumerator

• Cheatsheet_SMBEnumeration
• configuration_management
• dns_enumeration
• file_enumeration
• http_enumeration
• information_gathering_owasp_guide
• miniserv_webmin_enumeration
• ms_sql_server_enumeration
• nfs_enumeration
• osint_recon_ng
• passive_information_gathering
• pop3_enumeration
• ports_emumeration
• rpc_enumeration
• scanning
• smb_enumeration
• smtp_enumeration
• snmb_enumeration
• vulnerability_scanning

• Crypto101.pdf

• computer_network_exploits
• file_inclusion_vulnerabilities
• File_Transfers
• nc_transfers
• networking_pivoting_and_tunneling
• network_pivoting_techniques
• pivoting
• pivoting_
• PublicExploits
• reverse_shell_with_msfvenom

• bpf_syntax
• Cheatsheet_Networking
• Cheatsheet_Oracle
• networking_concept
• nmap_quick_reference_guide
• tcpdump

• password_attacks
• Some-Links-To-Wordlists

• Cheatsheet_AVBypass
• Cheatsheet_BuildReviews
• code-execution-reverse-shell-commands

• Cheatsheet_LinuxPrivilegeEsc
• linux_enumeration
• windows_enumeration
• windows_priv_escalation
• windows_priv_escalation_practical

• Demo Company - Security Assessment Findings Report.docx
• linux-template.md
• PWKv1-REPORT.doc
• pwkv1_report.doc
• template-penetration-testing-report-v03.pdf
• windows-template.md
• OSCP-OS-XXXXX-Lab-Report_Template3.2.docx
• OSCP-OS-XXXXX-Exam-Report_Template3.2.docx
• CherryTree_template.ctb
• eventory-sample-pentest-report.pdf

• Buffer_Overflow_Exploit
• buffer_overflows
• gdb_cheat_sheet

• r2_cheatsheet

• win32_buffer_overflow_exploitation
• 64_ia_32_jmp_instructions
• course_notes
• debuging
• IntelCodeTable_x86
• Radare2 cheatsheet
• x86_assembly_x86_architecture
• x86_opcode_structure_and_instruction_overview

• social_engineering

• Cheatsheet_PenTesting.txt
• OWASP Testing Guide v4
• OWASPv4_Checklist.xlsx

• auxiliary_info.md
• Cheatsheet_ApacheSSL
• Cheatsheet_AttackingMSSQL
• Cheatsheet_DomainAdminExploitation
• Cheatsheet_SQLInjection
• Cheatsheet_VulnVerify.txt
• code-execution-reverse-shell-commands
• file_upload.md
• html5_cheat_sheet
• jquery_cheat_sheet_1.3.2
• sqli
• sqli_cheatsheet
• sqli-quries
• sqli-tips
• web_app_security
• web_app_vulns_Arabic
• Xss_1
• Xss_2
• xss_actionscript
• xxe

• Best collection Ever

• Images (I'll let you discover that)

• Google Hacking DataBase

• Google Fu

0. ReadContributing,The Code of Conduct andThe pull request template
1. Fork it (https://github.com/SofianeHamlaoui/Lockdoor-Framework/fork)
2. Create your feature branch
3. Commit your changes
4. Push to the branch
5. Create a new Pull Request