Git Product home page Git Product logo

debajyoti0-0 / brahmastra Goto Github PK

View Code? Open in Web Editor NEW
10.0 1.0 3.0 11.71 MB

Brahmastra empowers security teams to fortify their defenses and identify potential vulnerabilities in their systems. This comprehensive tool ensures the utmost protection against cyber threats, making it an indispensable asset in the field of cybersecurity.

License: GNU Affero General Public License v3.0

Python 95.35% Shell 4.65%
bash-script cms-detection metasploit-framework nmap penetration-testing python shell social-engeneering-toolkit vulnerability-scanners brahmastra directory-listing lfi-detection sql-injection xss-detection subdomain-finder

brahmastra's Introduction

ℹ️ Brahmastra:

"Brahmastra" is a powerful security analysis tool inspired by the ancient Indian mythology of Lord Brahma. Just as Lord Brahma was known for his divine wisdom and knowledge, this tool embodies those qualities by offering a comprehensive range of security assessment functionalities. With its Python-based script, Brahmastra combines network scanning, web crawling, vulnerability scanning, and CMS detection capabilities. By utilizing external tools and modules, it enables users to discover social media profiles, gather information, perform SSL analysis, identify subdomains, detect vulnerabilities such as SQL injection and XSS, and much more. The tool's intuitive menu system provides an easy-to-use interface, empowering security professionals to conduct thorough security assessments and uncover potential vulnerabilities and weaknesses in target systems. Embracing the name of an ancient divine weapon, Brahmastra aims to provide security practitioners with a potent tool to safeguard modern digital environments.

alt text

🛠️ Installation:

  • Simply execute the following command
git clone https://github.com/Debajyoti0-0/Brahmastra.git
  • Use the package manager pip to install Python libraries requirements.
sudo apt install python3-pip -y
cd Brahmastra
chmod +x *
sudo pip3 install -r requirements.txt
  • Then install the other requirements.
sudo ./install_tools.sh

🎯 Features:

  • OSINT Analysis: The tool allows you to find social media profiles associated with a target username. It utilizes the "social-analyzer" tool for this purpose.

  • Information Gathering: You can gather various types of information about a target URL or IP. It performs WHOIS lookup, DNS lookup, GEOIP lookup, and subnet calculation to provide detailed information about the target.

  • Vulnerability Scanning: The tool supports vulnerability scanning using the Nikto tool. It scans the target URL or IP for common vulnerabilities and provides detailed output.

  • Web Crawling: You can crawl a website by providing the target URL. The tool sends an HTTP GET request, parses the HTML content, and extracts and displays all the links found on the page.

  • TLS/SSL Scan: It allows you to perform an SSL scan on a target URL. The tool uses "sslyze" for this purpose and provides information about the SSL configuration of the target.

  • Basic Scan: This feature performs a basic scan on a target URL. It fetches the site title, IP address, web server information, CMS detection using "builtwith," Cloudflare detection, and scans for robots.txt and sitemap.xml files.

  • Network Scan: The tool supports Nmap scanning by allowing you to specify the target and scan options. It executes the Nmap command and displays the scan output.

  • Banner Grabbing: It can grab banners from a target URL or IP. The tool retrieves the IP address and sends an HTTP GET request to get the server header.

  • Subdomain Finder: This feature helps in finding subdomains of a target URL or IP. It uses the "ffuf" tool with a wordlist to perform the subdomain enumeration.

  • Directory Lister: It allows you to find directories on a target URL or IP. The tool uses "ffuf" with a wordlist to perform directory enumeration.

  • CMS Specific Scans: The tool includes specific scans for popular CMS platforms like WordPress and Joomla. It utilizes "wpscan" for WordPress scanning and "joomscan" for Joomla scanning.

  • SQL Injection Finder: It performs SQL injection detection on a target URL. You can provide a payload list, and the tool sends requests with each payload to check for vulnerability.

  • XSS Finder: This feature helps in detecting XSS vulnerabilities on a target URL. You can provide a payload list, and the tool sends requests with each payload to check for reflected XSS.

  • LFI Vulnerability Finder: The tool assists in finding Local File Inclusion (LFI) vulnerabilities on a target URL. It checks if the target URL is susceptible to LFI attacks.

These are the main features of the Brahmastra tool, offering a range of functionalities for reconnaissance, vulnerability assessment, and security testing.

⁉️ Usage:

python3 Brahmastra.py

📸 Screenshot:

alt text

💚 Contributing:

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

🔑 License:

Distributed under the GNU V3.0 License. See LICENSE for more information.

Project Maintainer: Debajyoti Haldar

Hack The Box

brahmastra's People

Contributors

debajyoti0-0 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

attacker-codeninja ratlesv

brahmastra's Issues

sudo ./install_tool.sh

When using the tool, it is actually sudo ./install_tools.sh the 's' is missing from yours, please try to include it to help others.
Thank you

Installing requirements.txt

Hey there,

I was wondering if you could help me out with an error I keep getting installing the requirement.txt.
It works flawlessly until it throws an Exception: Timeout error. I tried to try it with default-timeout set to 3000 but I don't think that's the issue here.

I attached a screenshot, if you come around to it, I really would appreciate it if you could take a look at it for me. Thanks man!

As you can see in the screenshot, I'm on deepin 20, never had any problems with installing python-project etc.

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.