Jok3r is a Python3 CLI (Command Line Interface) application which provides penetration testers huge help for network infrastructure and web black-box security tests. This pentesting program can save you a lot of time on everything that can be automated during network/web pentesting process, so you can focus on more important and interesting stuff.
Jok3r v2: Network and Web Pentest Framework
This network and web pentest framework tries to solve the enumerated problems. Main Jok3r feature is that it aggregates a lot off hacking tools and scripts together. Therefore, you won’t need to spend precious time on everything that can be automated and you’ll have more time for vulnerability discovering.
Jok3r framework offers you numerous open sourced hacking tools, in order to help you during all necessary pentesting activities:
- Port scanning, Fingerprinting, Vulnerability scanning, Exploitation of detected vulnerabilities, Bruteforce attack if needed, Post-exploitation, and much more.
- Install automatically all the hacking tools used by Jok3r,
- Keep the toolbox up-to-date,
- Easily add new tools.
- (Reconaissance, Vulnerability scanning, Exploitation, Account bruteforce, (Basic) Post-exploitation).
- Target most common network services (including web),
- Run security checks by chaining hacking tools, following standard process
- Let Jok3r automatically choose the checks to run according to the context and knowledge about the target.
Mission management / Local database
- Organize targets by missions in local database,
- Fully manage missions and targets (hosts/services) via interactive shell (like msfconsole db),
- Access results from security checks.
add/edit/removetools, security checks, supported network services, by editing settings files with an easy-to-understand syntax.
You can install it inside Docker container, if you want to prevent possible dependencies issues and tool installation. Pull Jok3r Docker Image:
$ sudo docker pull koutto/jok3r
Then run fresh Docker container:
$ sudo docker run -i -t --name jok3r-container -w /root/jok3r --net=host koutto/jok3r
--net=hostoption is required to share host’s interface. It is needed for reverse connections (e.g. Ping to container when testing for RCE, Get a reverse shell).
Clone it from the github repo:
$ git clone https://github.com/koutto/jok3r.git
Then navigate to the Jok3r directory, install requirements and run
$ cd jok3r/ $ pip3 install -r requirements.txt $ python3 install-all.sh
To start using Jok3r, run the following:
$ python3 jok3r.py ____. __ ________ `Combine the best of... | | ____ | | __\_____ \______ ...open-source Hacking Tools` | |/ _ \| |/ / _(__ <_ __ \ /\__| ( (_) ) < / \ | \/ \________|\____/|__|_ \/______ /__| v2.0 \/ \/ ~ Network & Web Pentest Framework ~ [ Manage Toolbox | Automate Attacks | Chain Hacking Tools ] usage: python3 jok3r.py Supported commands: toolbox Manage the toolbox info View supported services/options/checks db Define missions scopes, keep tracks of targets & view attacks results attack Run checks against targets optional arguments: -h, --help show this help message and exit
toolbox allows you to manage hacking tools:
usage: python3 jok3r.py toolbox <args> optional arguments: -h, --help show this help message and exit Toolbox management: Tools are classified by services they can target into the toolbox. Tools that may be used against various different services are grouped under the name "multi". --show Show toolbox content for a given service --show-all Show full toolbox content --install Install the tools for a given service --install-all Install all the tools in the toolbox --update Update the installed tools for a given service --update-all Update all installed tools in the toolbox --uninstall Uninstall the tools for a given service --uninstall-tool Uninstall a given tool --uninstall-all Uninstall all tools in the toolbox --fast Fast mode, disable prompts and post-install checks
To install the whole toolbox, run:
$ python3 jok3r.py toolbox --install-all --fast
An to update all the tools, run:
$ python3 jok3r.py toolbox --update-all --fast
To see all available options, commands and detailed usage guide, click “documentation” button below.