Git Product home page Git Product logo

security-spellbook's Introduction

Spellbook

A micro-framework for rapid development of reusable security tools

Summary

Spellbook uses FBP: "In computer programming, flow-based programming (FBP) is a programming paradigm that defines applications as networks of "black box" processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented." [1]

The main focus of this “micro-framework” is turn in reality the rapid development of security tools using reusable patterns of FBP.

"Third clark law: any sufficiently advanced technology is indistinguishable from magic" - that's why this project is called spellbook.

Download and install

# Download
$ git clone https://github.com/htrgouvea/spellbook && cd spellbook

# Install libs and dependencies
$ cpan install Getopt::Long Mojo::File Mojo::JSON Find::Lib

How to use

Spellbook v0.2.6
Core Commands
==============
	Command          Description
	-------          -----------
	-s, --search     List modules, you can filter by category
	-m, --module     Set a module to use
	-h, --help       To see help menu of a module

Example

# Searching for exploits 
$ perl spellbook.pl --search exploit

Module: Exploit::CVE_2017_5487
Description: Read usernames leaked on WordPress API
=================================================

Module: Exploit::Shellshock
Description: Exploit for shellshock vuln
=================================================

Module: Exploit::Subdomain_Takeover_Check
Description: A checker for the possibility of subdomain takeover attack
=================================================
[...]

# Using an exploit
$ perl spellbook.pl -m Exploit::CVE_2006_3392 --help

Exploit::CVE_2006_3392
=======================
-h, --help     See this menu
-t, --target   Define a target
-f, --file     Define a file to read

$ perl spellbook.pl -m Exploit::CVE_2006_3392 -t http://172.30.0.15:10000/ -f /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
[...]

If you are interested in developing new modules, a good start point is to read the development guide.

Contribution

License

security-spellbook's People

Contributors

htrgouvea avatar lvmalware avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.