• Stars
    star
    371
  • Rank 115,103 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

HackBox is a powerful and comprehensive tool that combines a variety of techniques for web application and network security assessments, including XSS testing, subdomain scanning, SSRF injection, and more. Its user-friendly interface and wide range of features make it a valuable asset for security professionals.

GitHub release GitHub stars GitHub forks GitHub issues GitHub pulls GitHub watch GitHub license

HackB0x v2.0

HackBox is the combination of awesome tools and techniques.

HackBox is a comprehensive and powerful tool that combines a variety of cutting-edge techniques to empower security professionals in their mission to identify and remediate vulnerabilities within web applications and networks. The tool is equipped with a wide range of functions that enable users to conduct various security assessments and penetration testing activities with ease and efficiency.

The tool boasts several features that are essential for identifying and mitigating common web application vulnerabilities. For instance, HackBox includes an Xss function that enables users to test web applications for cross-site scripting (XSS) vulnerabilities. Additionally, the tool includes an Exploits function, which allows users to simulate attacks and test for various exploits, including SQL injection and remote file inclusion.

HackBox also includes a Subdomain scanner function that enables users to scan and discover subdomains associated with a target web application or network. This function is useful for identifying potentially vulnerable subdomains that may be overlooked in a typical security assessment.

The Whois Lookup function enables users to gather domain registration information, such as the owner's contact details, domain expiration date, and nameserver details. This function is essential for conducting reconnaissance activities and determining the legitimacy of a target domain.

HackBox also includes a SSRF Injection function that enables users to simulate server-side request forgery (SSRF) attacks, which are becoming increasingly prevalent in modern web application vulnerabilities. The tool also features an Nmap Auto banner function, which automatically identifies the banners of services running on the target system.

The tool also includes a Js Url parser function that enables users to parse JavaScript URLs, which are commonly used in malicious attacks. Additionally, HackBox includes a Web Headers function, which enables users to view HTTP headers and detect vulnerabilities such as cross-site scripting and cross-site request forgery.

The Listener function enables users to listen to network traffic, which is useful for identifying and monitoring network activity. Additionally, HackBox includes a Current Network Stats function that displays real-time information about network traffic and usage.

HackBox also includes a CORS Misconfig function, which enables users to identify and exploit cross-origin resource sharing (CORS) misconfigurations. Finally, the tool features an AWS S3 Misconfig function, which enables users to detect and exploit misconfigured Amazon Web Services (AWS) S3 buckets.

HackBox is an all-in-one tool that is designed to assist security professionals in conducting effective and efficient security assessments and penetration testing activities. The tool's extensive feature set, combined with its user-friendly interface, makes it a valuable asset in any security professional's arsenal.

Usage

git clone https://github.com/samhaxr/hackbox && cd hackbox

virtualenv venv && source venv/bin/activate

pip install -r requirements.txt

python hackbox.py

YouTube Tutorial

YouTube

Credits

Shawar Khan https://twitter.com/ShawarkOFFICIAL

Jobart Abama https://twitter.com/jobertabma

VulnersCom https://github.com/vulnersCom/getsploit

Erwin De Laat https://twitter.com/erwindelaat

thehappydinoa https://twitter.com/thehappydinoa