Sh0zack : Advanced Penetration Testing Framework | Powered by Bash
Supports THM & HTB Machines, CTFs, and Real-World Pentesting
| Feature | Description |
|---|---|
| Port Scanning | Scan open ports using Nmap, Rustscan, or the Sh0zack Port Scan Tool. |
| DNS Enumeration | Discover subdomains with Gobuster or the Advanced Sh0zack DNS Scan Tool. |
| Directory Fuzzer | Enumerate directories and files using Gobuster, WFuzz, or the Sh0zack Directory Scan Tool. |
| Brute Force | Perform brute force attacks with Hydra or the Sh0zack Brute Force Tool. |
| Listener Setter | Code to set up a listener to catch reverse shells. |
| Privilege Escalation Check | Custom binary ( only for linux systems ) to identify potential privilege escalation vectors. |
| Shell Generator | Generate various types of reverse and bind shells (e.g., Bash, Python, Netcat, PHP, etc.). |
| Decrypting Tools | Decrypt encoded data using multiple methods. |
| Web Scanner | Scan websites for vulnerabilities using Nikto, OWASP ZAP, Skipfish, WPScan, or CMSmap. |
| AI Chat | integrated AI tool to chat about pentesting |
- The Logic of this tool is also including providing each functionality to be independent and easy to use without the need of other tools
- Use Nmap,Smb , Rustscan, or Sh0zack's custom tool to scan a network
nmap -sV -Pn <target-ip>
rustscan -a <target-ip>
./tools/portscan.sh <target-ip> -o <output-file>- Enumerate subdomains using Gobuster or Sh0zack's Advanced DNS Scan Tool.
gobuster dns -d <domain> -w <wordlist> -o <output-file>
./tools/dns.sh -u <url> -w <wordlist> -o <output-file> -t <threads> -T <timeout> -n -v- Use Gobuster, WFuzz, or Sh0zack's custom tool to find hidden directories and files.
gobuster dir -u <url> -w <wordlist> -x php,html,txt -o <output-file>
./tools/dirscan.sh -u <url> -w <wordlist> -o <output-file> -t <threads> -T <timeout>- Perform brute-force attacks on many services like ssh and ftp and http , using Sh0zack's custom brute force tool
hydra -L <userlist> -P <passwordlist> <target-ip> ssh
./tools/bruteforce.sh -u <user> -p <password> -t <target-ip> -s ssh- Set up a listener to catch reverse shells using Netcat or Sh0zack's custom script
./tools/listener.sh -p <port>- check potential privilege escalation vectors on a Linux system ( yet to have it on windows)
./tools/privesc.sh- Decrypt encoded data using Base64, Hex, or other encryption methods.
./tools/decrypt.sh -e base64 -i <input-file> -o <output-file>*Scan websites for vulnerabilities using tools like Nikto, OWASP ZAP, WPScan, and others.
nikto -h <target-website>
wpscanner --url <target-url>
./tools/webscan.sh -u <url> -o <output-file>- SQLi, XSS detection and WAF bypass are in the way ...
| Tool | Description | Usage |
|---|---|---|
| 🔍 DNS Scanner | Fast and customizable DNS enumeration | ./tools/dns.sh -u <url> -w <wordlist> -o <output_file> -t <threads> -T <timeout> -n -v |
| 🖧 Port Scanner | Efficient multi-threaded port scanning | ./tools/port-scanner.sh <target> |
| 📁 Directory Scanner | Discover hidden directories and files | ./tools/dir.sh -u <url> -w <wordlist> -o <output_file> -t <threads> -T <timeout> -v |
| 🔐 SSL Analyzer | Evaluate SSL/TLS security configurations | ./tools/ssl-analyzer.sh <domain> |
| 🕷️ Web Crawler | Recursively map website structure | ./tools/webcrawler.sh -u <url> -d <depth> -o <output_file> |
... and many more powerful tools!
git clone https://github.com/sh0z3n/Sh0zack.git
cd Sh0zack
./sh0zack.sh
for internal tools installation use :
chmod +x/scripts/install.sh && ./install.sh for wordlists generation :
chmod +x/scripts/get-wordlists.sh && ./get-wordlists.sh -
🚄 High-speed scanning with multi-threading support
-
🎨 Customizable output formats (JSON, CSV, XML)
-
🔧 Modular design for easy integration and expansion
-
📊 Detailed reporting with vulnerability assessment
-
🔒 Built-in security measures to prevent abuse
We invite you to contribute to Sh0zack by adding new modules, improving code logic, or creating odd scripts.
- Fork the repository and submit a pull request after working on your branch. Most pull requests will be reviewed and approved within
24hours !
Built with ❤️ for future security researchers worldwide