Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests.
The goal is to save as much time as possible during network/web pentests by automating as many security tests as possible in order to quickly identify low-hanging fruits vulnerabilities, and then spend more time on more interesting and tricky stuff !
It is based upon the observation that there are many hacking open-source tools/scripts (from various sources) targeting common network services available out there, that allow to perform various tasks from fingerprinting to exploitation. Therefore, the idea of Jok3r is to combine those open-source tools in a smart way to get the more relevant results.
python3 jok3r.py toolbox --show-all
python3 jok3r.py toolbox --install-all --fast
python3 jok3r.py toolbox --update-all
python3 jok3r.py toolbox --update-all --fast
python3 jok3r.py info --services
python3 jok3r.py info --checks <service>
python3 jok3r.py info --attack-profiles <service>
python3 jok3r.py info --products
Create a new mission in local database:
python3 jok3r.py db
jok3rdb[default]> mission -a mayhem
[+] Mission "mayhem" successfully added
[*] Selected mission is now mayhem
jok3rdb[mayhem]>
Single target:
python3 jok3r.py attack -t https://www.example.com/ --add2db mayhem
python3 jok3r.py attack -t 192.168.1.42:1433 -s mssql --add2db mayhem --fast
python3 jok3r.py attack -t 192.168.1.142:21 -s ftp --cat-only recon,vulnscan --add2db mayhem
Multiple targets:
python3 jok3r.py attack -m mayhem --profile red-team --fast
python3 jok3r.py attack -m mayhem --fast
python3 jok3r.py attack -m mayhem -f "port=21,2121;service=ftp" --fast
python3 jok3r.py attack -m mayhem -f "port=2121;service=ftp" -f "ip=192.168.1.42;service=http"