April 5, 2020
  • 5:30 pm Kaboom – Automatic Pentest Bash Script
  • 8:26 pm Archery – A Security Tool
  • 2:51 pm Commix – Automated All-in-One OS command injection and exploitation tool
  • 12:28 pm RouterSploit – Exploitation Framework for Embedded Devices
  • 12:23 pm Dunkin Donuts Hacked & User Information Stolen

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests.

Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challenging stuff.

To achieve that, it combines open-source Hacking tools to run various security checks against all common network services.


Toolbox management:
[*]Install automatically all the hacking tools used by Jok3r,
[*]Keep the toolbox up-to-date,
[*]Easily add new tools.

Attack automation:
[*]Target most common network services (including web),
[*]Run security checks by chaining hacking tools, following standard process (Reconnaissance, Vulnerability scanning, Exploitation, Account bruteforce, (Basic) Post-exploitation).
[*]Let Jok3r automatically choose the checks to run according to the context and knowledge about the target,

Mission management / Local database:
[*]Organize targets by missions in local database,
[*]Fully manage missions and targets (hosts/services) via interactive shell (like msfconsole db),
[*]Access results from security checks.

The recommended way to use Jok3r is inside a Docker container so you will not have to worry about dependencies issues and installing the various hacking tools of the toolbox.
A Docker image is available on Docker Hub and automatically re-built at each update: https://hub.docker.com/r/koutto/jok3r/. It is initially based on official Kali Linux Docker image (kalilinux/kali-linux-docker).

sudo docker pull koutto/jok3r
sudo docker run -i -t –name jok3r-container -w /root/jok3r –net=host koutto/jok3r

Download: https://github.com/koutto/jok3r/