Some updates

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,68 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+# ******** NOTE ********
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '20 19 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java', 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/python-package.yml

@@ -0,0 +1,39 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Python package
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.5, 3.6, 3.7, 3.8]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install flake8 pytest
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+    - name: Lint with flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+    - name: Test with pytest
+      run: |
+        pytest

.github/workflows/ruby.yml

@@ -0,0 +1,33 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0
+      with:
+        ruby-version: 2.6
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake

.gitignore

@@ -30,3 +30,10 @@ apikeys.py
 
 # Junk files
 shodan
+pentest*
+kickoff*
+kick-off*
+knownbugs.txt
+.swp
+cpentest
+*sqlite

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "jok3r-pocs"]
+	path = jok3r-pocs
+	url = https://github.com/koutto/jok3r-pocs

CHANGELOG.rst

@@ -1,6 +1,16 @@
 =========
 Changelog
 =========
+**v3.0 BETA 3 Arkham Subversion** 2020-07-21
+	*Add RPC service and tool (disabled by default)
+	*Add initial scheme for F5 BIG IP vulnerability scanner and exploiter
+	*Add/fix/customize some bits here and there
+	*First pre-release v0.1
+
+**v3.0 BETA 3** 2020-07-18
+	* Add waf-checker and Pentest1 to attacks profiles
+	* Fix several minor bugs and customizations
+	* Kali GPG key updated
 
 **v3.0 BETA 2** 2019-07-09
 	* Fix several bugs after testings

README.rst

@@ -2,12 +2,12 @@
 
    <h1 align="center">
 
-.. image:: ./pictures/logo.png
+.. image:: ./pictures/joker.png
 
 .. raw:: html
 
    <br class="title">
-   Jok3r v3 beta
+   Jok3r v3 beta Arkham SubVersion
    <br>
 
 .. image:: https://img.shields.io/badge/python-3.6-blue.svg
@@ -18,13 +18,6 @@
    :target: https://jok3r.readthedocs.io/en/latest/
    :alt: Documentation ReadTheDocs
 
-.. image:: https://img.shields.io/microbadger/image-size/koutto/jok3r.svg
-    :target: https://hub.docker.com/r/koutto/jok3r/
-    :alt: Docker Size
-
-.. image:: https://img.shields.io/docker/cloud/build/koutto/jok3r.svg
-    :alt: Docker Build Status
-
 .. raw:: html
 
    </h1>
@@ -37,7 +30,6 @@ and bugs might be present.**
 **Many tests are going on: see https://github.com/koutto/jok3r/blob/master/tests/TESTS.rst. 
 Ideas, bug reports, contributions are welcome !**
 
-
 .. contents:: 
     :local:
     :depth: 1
@@ -487,11 +479,12 @@ Supported Services & Security Checks
 -  `Oracle (default 1521/tcp)`_
 -  `PostgreSQL (default 5432/tcp)`_
 -  `RDP (default 3389/tcp)`_
+-  `RPC (default 2049/udp)`_
 -  `SMB (default 445/tcp)`_
 -  `SMTP (default 25/tcp)`_
 -  `SNMP (default 161/udp)`_
 -  `SSH (default 22/tcp)`_
--  `Telnet (default 21/tcp)`_
+-  `Telnet (default 23/tcp)`_
 -  `VNC (default 5900/tcp)`_
 
 
@@ -761,6 +754,19 @@ RDP (default 3389/tcp)
     | ms12-020 | vulnscan | Check for MS12-020 RCE vulnerability (any Windows before 13 Mar 2012) | metasploit |
     +---------+----------+-----------------------------------------------------------------------+------------+
 
+RPC (default 2049/udp)
+----------------------
+
+.. code-block:: console
+
+    +----------+----------+-----------------------------------------------------------------------+------------+
+    | Name                  | Category | Description                                              | Tool used  |
+    +----------+----------+-----------------------------------------------------------------------+------------+
+    | ls-rpc-srv            | recon    | Listing RPC services                                     | rpcscan    |
+    | ls-nfs-mountpoints    | recon    | Listing NFS mount points                                 | rpcscan    |
+    | ls-nfs-shares         | recon    | Listing NFS shares                                       | rpcscan    |
+    +----------+----------+-----------------------------------------------------------------------+------------+
+
 
 SMB (default 445/tcp)
 ---------------------
@@ -869,4 +875,4 @@ Known Issues
 =============
 Changelog
 =============
-See `Changelog <https://github.com/koutto/jok3r/blob/master/CHANGELOG.rst>`_
+See `Changelog <https://github.com/koutto/jok3r/blob/master/CHANGELOG.rst>`_

TODO.rst

@@ -12,6 +12,7 @@ BUGS
 IMPROVEMENTS / NEW FEATURES
 ===============================================================================
 * Run custom command
+* New command: kick-off
 * Session / Restore
 * Indicate checks that need a reverse connection (IP reachable from target)
 * Products SMTP (eg Exim) https://en.wikipedia.org/wiki/List_of_mail_server_software
@@ -47,6 +48,58 @@ TOOLS/CHECKS TO ADD
 * Wordpress RCE https://github.com/opsxcq/exploit-CVE-2016-10033
 * https://github.com/peacand/winsharecrawler
 * https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt
+* https://github.com/dwisiswant0/findom-xss
+* https://github.com/devanshbatham/ParamSpider
+* https://github.com/google/tsunami-security-scanner
+* https://github.com/OWASP/Amass
+* https://github.com/inc0d3/moodlescan
+* https://github.com/m4ll0k/WAScan
+* https://github.com/skavngr/rapidscan
+* https://github.com/projectdiscovery/nuclei
+* https://pypi.org/project/SpitzerSec/
+* https://github.com/OJ/gobuster
+* https://github.com/khalilbijjou/WAFNinja.git
+* https://github.com/jas502n/CVE-2020-5902
+* https://github.com/D4Vinci/CWFF
+* https://github.com/bhassani/EternalBlueC
+
+TOR MONITORING:
+* https://github.com/andreyglauzer/VigilantOnion
+* https://github.com/teal33t/poopak
+* https://github.com/CIRCL/AIL-framework
+* https://github.com/s-rah/onionscan
+* https://github.com/automatingosint/osint_public
+* https://github.com/trandoshan-io
+* https://github.com/itsmehacker/DarkScrape/blob/master/README.md
+* https://github.com/GoSecure/freshonions-torscraper
+* https://github.com/DedSecInside/TorBot
+* https://github.com/AshwinAmbal/DarkWeb-Crawling-Indexing/blob/master/README.md
+* https://github.com/k4m4/onioff
+* https://github.com/MikeMeliz/TorCrawl.py
+* https://github.com/bunseokbot/darklight
+* https://github.com/saidortiz/onion_osint
+* https://github.com/vlall/Darksearch
+* https://github.com/ntddk/onionstack
+* https://github.com/mrrva/illCrawler
+* https://github.com/scresh/Digamma
+* https://github.com/reidjs/onionup/blob/master/README.md
+* https://github.com/desyncr/onionuptime/blob/master/README.md
+
+CVE SELECTION TO ADD
+===============================================================================
+
+F5 BIG-IP vulnerabilities:
+
+* CVE-2020-5902
+* CVE-2020-5903
+* CVE-2020-5857
+* CVE-2020-5876
+* CVE-2020-5877
+* CVE-2020-5883
+* CVE-2020-5885
+* CVE-2020-5881
+* CVE-2020-5875
+
 
 DOCUMENTATION
 ===============================================================================
@@ -58,8 +111,6 @@ SERVICES TO ADD
 * NFS
     * nfsshell (sudo apt-get install libreadline-dev ; make)
 * MongoDB
-* RPC
-    * https://github.com/hegusung/RPCScan.git
 * DNS
 * LDAP
 * MDNS
@@ -70,6 +121,12 @@ SERVICES TO ADD
 * RSH
 * IMAP
 
+Dorking capabilities (Google, shodan, Bing, Censys...)
+#########################################################################################
+# DORKS
+#########################################################################################
+Tools:
+# darkd0rk3r, dorkme, fast-google-dorks-search,gdork,goodork3,google DB tool,googledorker,katana
 
 
 

doc/command_attack.rst

@@ -54,7 +54,7 @@ The command `attack` is where security checks against targets are started.
 There are 2 modes of attacks:
 
 * Single target
-* Multiple targets from a mission sccope in database
+* Multiple targets from a mission scope in database
 
 
 Single Target Mode
@@ -99,7 +99,7 @@ Multiple Targets Mode
 =====================
 This mode is designed to work with the local database: First you create a mission
 to define the scope of the pentest in the database (see :ref:`command-db`), and then
-you run security checks against all or a subset a targets from the scope:
+you run security checks against all or a subset of targets from the scope:
 
 * Example to run checks against **all targets from the mission "MayhemProject"**, using 
   fast mode (i.e. without asking for any confirmation before targets and checks):

doc/installation.rst

@@ -78,4 +78,15 @@ run the following commands:
 Manual install
 ==============
 
-TODO
+    .. code-block:: console
+
+    git clone https://github.com/cbk914/jok3r.git
+    cd jok3r
+    chmod +x jok3r.py
+
+* You can install full toolbox or just a few tools targeting a given service.
+See available options with toolbox help command.
+
+    .. code-block:: console
+
+    python3 jok3r.py toolbox -h

docker_j0k3r.sh

@@ -0,0 +1,6 @@
+# CONSOLE
+sudo docker run -i -t --name jok3r-container -w /root/jok3r -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --shm-size 2g --net=host koutto/jok3r
+# GUI
+#sudo docker run -i -t -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix koutto/jok3r &
+#xhost +
+