Arsenal is a Easy shell script (Bash) used to put in crucial instruments and necessities in your atmosphere and save time in putting in all these instruments.
Instruments in Arsenal
Title | description |
---|---|
Amass | The OWASP Amass Mission performs community mapping of assault surfaces and exterior asset discovery utilizing open supply info gathering and lively reconnaissance methods |
ffuf | A quick net fuzzer written in Go |
dnsX | Quick and multi-purpose DNS toolkit enable to run a number of DNS queries |
meg | meg is a device for fetching numerous URLs however nonetheless being ‘good’ to servers |
gf | A wrapper round grep to keep away from typing widespread patterns |
XnLinkFinder | This can be a device used to find endpoints crawling a goal |
httpX | httpx is a quick and multi-purpose HTTP toolkit enable to run a number of probers utilizing retryablehttp library, it’s designed to keep up the consequence reliability with elevated threads |
Gobuster | Gobuster is a device used to brute-force (DNS,Open Amazon S3 buckets,Internet Content material) |
Nuclei | Nuclei device is Golang Language-based device used to ship requests throughout a number of targets based mostly on nuclei templates resulting in zero false constructive or irrelevant outcomes and gives quick scanning on varied host |
Subfinder | Subfinder is a subdomain discovery device that discovers legitimate subdomains for web sites through the use of passive on-line sources. It has a easy modular structure and is optimized for pace. subfinder is constructed for doing one factor solely – passive subdomain enumeration, and it does that very nicely |
Naabu | Naabu is a port scanning device written in Go that means that you can enumerate legitimate ports for hosts in a quick and dependable method. It’s a actually easy device that does quick SYN/CONNECT scans on the host/checklist of hosts and lists all ports that return a reply |
assetfinder | Discover domains and subdomains doubtlessly associated to a given area |
httprobe | Take an inventory of domains and probe for working http and https servers |
knockpy | Knockpy is a python3 device designed to rapidly enumerate subdomains on a goal area by dictionary assault |
waybackurl | fetch recognized URLs from the Wayback Machine for *.area and output them on stdout |
Logsensor | A Highly effective Sensor Instrument to find login panels, and POST Kind SQLi Scanning |
Subzy | Subdomain takeover device which works based mostly on matching response fingerprints from can-i-take-over-xyz |
Xss-strike | Superior XSS Detection Suite |
Altdns | Subdomain discovery by alterations and permutations |
Nosqlmap | NoSQLMap is an open supply Python device designed to audit for in addition to automate injection assaults and exploit default configuration weaknesses in NoSQL databases and net purposes utilizing NoSQL to be able to disclose or clone knowledge from the database |
ParamSpider | Parameter miner for people |
GoSpider | GoSpider – Quick net spider written in Go |
eyewitness | EyeWitness is a Python device written by @CptJesus and @christruncer. It’s objective is that will help you effectively assess what property of your goal to look into first. |
CRLFuzz | A quick device to scan CRLF vulnerability written in Go |
DontGO403 | dontgo403 is a device to bypass 40X errors |
Chameleon | Chameleon gives higher content material discovery through the use of wappalyzer’s set of expertise fingerprints alongside customized wordlists tailor-made to every detected applied sciences |
uncover | uncover is a go wrapper utilizing APIs of well-known serps to rapidly uncover uncovered hosts on the web. It’s constructed with automation in thoughts, so you possibly can question it and make the most of the outcomes along with your present pipeline instruments |
wpscan | WordPress Safety Scanner |
Necessities in Arsenal
- Python3
- Git
- Ruby
- Wget
- GO-Lang
- Rust:quick:
Go-lang set up
sudo apt-get take away -y golang-go
sudo rm -rf /usr/native/go
wget https://go.dev/dl/go1.19.1.linux-amd64.tar.gz
sudo tar -xvf go1.19.1.linux-amd64.tar.gz
sudo mv go /usr/native
nano /and so on/profile or .profile
export GOPATH=$HOME/go
export PATH=$PATH:/usr/native/go/bin
export PATH=$PATH:$GOPATH/bin
supply /and so on/profile #to replace you shell dont fear
The right way to set up
git clone https://github.com/Micro0x00/Arsenal.git
cd Arsenal
sudo chmod +x Arsenal.sh
sudo ./Arsenal.sh