Network and Web Pentest Framework – Jok3r


Network and Web Pentest Framework – Jok3r

Introduction

Jok3r is a Python3 CLI (Command Line Interface) application which provides penetration testers huge help for network infrastructure and web black-box security tests. This pentesting program can save you a lot of time on everything that can be automated during network/web pentesting process, so you can focus on more important and interesting stuff.

Jok3r Logo

Jok3r v2: Network and Web Pentest Framework

This network and web pentest framework tries to solve the enumerated problems. Main Jok3r feature is that it aggregates a lot off hacking tools and scripts together. Therefore, you won’t need to spend precious time on everything that can be automated and you’ll have more time for vulnerability discovering.

Jok3r framework offers you numerous open sourced hacking tools, in order to help you during all necessary pentesting activities:

  • Port scanning, Fingerprinting, Vulnerability scanning, Exploitation of detected vulnerabilities, Bruteforce attack if needed, Post-exploitation, and much more.

Features:

Toolbox management

  • Install automatically all the hacking tools used by Jok3r,
  • Keep the toolbox up-to-date,
  • Easily add new tools.
  • (Reconaissance, Vulnerability scanning, Exploitation, Account bruteforce, (Basic) Post-exploitation).

Attack automation

  • Target most common network services (including web),
  • Run security checks by chaining hacking tools, following standard process
  • Let Jok3r automatically choose the checks to run according to the context and knowledge about the target.

Mission management / Local database

  • Organize targets by missions in local database,
  • Fully manage missions and targets (hosts/services) via interactive shell (like msfconsole db),
  • Access results from security checks.
Jok3r can be easily and quickly customized. You can easily add/edit/remove tools, security checks, supported network services, by editing settings files with an easy-to-understand syntax.

Install

Docker (Recommended)

You can install it inside Docker container, if you want to prevent possible dependencies issues and tool installation. Pull Jok3r Docker Image:

$ sudo docker pull koutto/jok3r

Then run fresh Docker container:

$ sudo docker run -i -t --name jok3r-container -w /root/jok3r --net=host koutto/jok3r
Important: --net=host option is required to share host’s interface. It is needed for reverse connections (e.g. Ping to container when testing for RCE, Get a reverse shell).

Linux/OS X

Clone it from the github repo:

$ git clone https://github.com/koutto/jok3r.git

Then navigate to the Jok3r directory, install requirements and run install-all.sh script:

$ cd jok3r/
$ pip3 install -r requirements.txt
$ python3 install-all.sh

Usage

To start using Jok3r, run the following:

$ python3 jok3r.py

         ____.       __    ________              `Combine the best of...
        |    | ____ |  | __\_____  \______           ...open-source Hacking Tools`
        |    |/  _ \|  |/ /  _(__  <_  __ \ 
    /\__|    (  (_) )    <  /       \  | \/
    \________|\____/|__|_ \/______  /__|      v2.0
                         \/       \/     
    
              ~ Network & Web Pentest Framework ~
   [ Manage Toolbox | Automate Attacks | Chain Hacking Tools ]
   

usage: 
python3 jok3r.py

Supported commands:
   toolbox    Manage the toolbox
   info       View supported services/options/checks
   db         Define missions scopes, keep tracks of targets & view attacks results
   attack     Run checks against targets
   

optional arguments:
  -h, --help  show this help message and exit

Command toolbox allows you to manage hacking tools:

usage: python3 jok3r.py toolbox <args>

optional arguments:
-h, --help                      show this help message and exit

Toolbox management:
   Tools are classified by services they can target into the toolbox. Tools that may
   be used against various
different services are grouped under the name "multi".

   --show                       Show toolbox content for a given service
   --show-all                   Show full toolbox content
   --install                    Install the tools for a given service
   --install-all                Install all the tools in the toolbox
   --update                     Update the installed tools for a given service
   --update-all                 Update all installed tools in the toolbox
   --uninstall                  Uninstall the tools for a given service
   --uninstall-tool             Uninstall a given tool
   --uninstall-all              Uninstall all tools in the toolbox
   --fast                       Fast mode, disable prompts and post-install checks

To install the whole toolbox, run:

$ python3 jok3r.py toolbox --install-all --fast

An to update all the tools, run:

$ python3 jok3r.py toolbox --update-all --fast

To see all available options, commands and detailed usage guide, click “documentation” button below.

Documentation Box
Download Box