Kithack is a framework designed to automate the process of downloading and installing different penetration testing tools, with a special option to generate cross-platform backdoors using the Metasploit Framework.
KitHack compatible distributions:
|Arch Linux||En desarrollo|
# Update your list of packages $ sudo apt update # Install python3 python3-pip $ sudo apt install python3 python3-pip # Clone the repository $ git clone https://github.com/AdrMXR/KitHack.git # Enter the repository $ cd KitHack # Install KitHack $ sudo bash install.sh # Start KitHack $ sudo python3 KitHack.py # You can also run it from the shortcut $kithack # When you want to update run $ sudo bash update.sh # To uninstall run $ sudo bash uninstall.sh
- Ngrok authtoken
1) Debug deprecated tools.
- It is essential that our users [report] us (mailto:[email protected]) any tool that is not being installed correctly, because that way we can completely debug it from kithack.
2) Integration of new tools.
- As we debug tools we also integrate some new ones, if you have a personal project on github that you would like to see featured in our toolkit, or if you are interested in being a kithack contributor, please read our [contribution policy](https:// github.com/AdrMXR/KitHack/blob/master/docs/CONTRIBUTING.md).
3) Unification of Payload types (by stages and without stages).
- Kithack allows us to use both staged and individual payloads. If you want to know their differences, see here.
4) Incorporation of a new method that allows legitimate Android applications to be infected.
- Kithack gives us the option of being able to infect an original APK. It should be noted that not all applications are vulnerable.
5) Generation of TCP connections with ngrok.
- Now you can also work with ngrok to perform attacks outside your network without opening ports. The
ngrok.ymlconfiguration file is stored in
KitHack/.configby default. If for some reason you need kithack to request your authtoken again, type
6) Metasploit automation.
- You don’t have to waste time re-configuring your payload, kithack takes care of putting metasploit on listen quickly.
7) Customization of payloads for android.
- Now you also have the possibility to customize your own payload for Android. With kithack you can change the default name of the apk generated by metasploit known as “MainActivity” and you can also modify the default Android icon. Click here to know the format.
8) Automated persistence enforcement for any APK.
- Forget about your metasploit session expiring very quickly, with kithack you can now generate your persistence file for any APK. If you want to know how to start it in the meterpreter shell, click here.
9) Execution of tools.
- Now the user will be able to run the tools directly from kithack even though they are already installed.
- If you need to remove kithack-generated content from your
outputfolders, you can run the
clean.shfile to do so quickly.
Some vulnerable APKs:
|Google Now Launcher||1.4.large|
- Wifi Attacks
- Passwords Attacks
- Web Attacks
- Information Gathering
- Backdoors with msfvenom
If you find any errors in the tool, follow these steps:
- Take a screenshot and see the bug in detail.
- Contact me through the following email: [email protected]
- Send the screenshot and explain your problem with that bug.
Copyright (c) 2019 Adrian William
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.