Stars: 369
Forks: 86
Pull Requests: 7
Issues: 0
Watchers: 16
Last Updated: 2023-05-11 17:06:31
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
License: Other
Languages: CSS, JavaScript, Python, HTML, PHP, Dockerfile
This tool should be used on applications/networks that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Karkinos was made for a university Web Development project; feel free to add any features :)
Currently, Karkinos offers the following:
python
python3
includes/pid.php
.More information can be found in the Modules section.
This installation guide assumes you have all the dependencies. A Wiki page with troubleshooting steps can be found here.
A video going through these steps can be found here
git clone https://github.com/helich0pper/Karkinos.git
cd Karkinos
pip3 install -r requirements.txt
cd wordlists && unzip passlist.zip
You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.Make sure you have write privileges for db/main.db
extension=sqlite3
in your php.ini file. You will also need to install it using sudo apt-get install php7.0-sqlite3
. Replace "7.0" with your PHP version! php --version
php -S 127.0.0.1:8888
in the Karkinos directory uses a single thread. You will only be able to use 1 module at a time! (it may stall until the task is complete) PORT
value in:/bin/Server/app.py Line 87
/bin/Busting/app.py Line 155
/bin/PortScan/app.py Line 128
git clone https://github.com/helich0pper/Karkinos.git
cd Karkinos
pip3 install -r requirements.txt
cd wordlists && unzip passlist.zip
Make sure you have write privileges for db/main.db
extension=php_sqlite3.dll
in your php.ini file. Refer to the installation page here.php -S 127.0.0.1:8888
in the Karkinos directory uses a single thread. You will not be able to multitask modules! (it may stall until the task is complete) PORT
value in:/bin/Server/app.py Line 87
/bin/Busting/app.py Line 155
/bin/PortScan/app.py Line 128
Open screenshots in full screen for a better view
Landing page and quick access menu.
User stats are displayed here. Currently, the stats recorded are only the total hashes and hash types cracked successfully.
This page allows you to encode/decode in common formats (more may be added soon)
Encrypting and decrypting text or files is made easy and is fully trusted since it is done locally.
Reverse shells can be captured and interacted with on this page.
Karkinos can generate commonly used hashes such as:
Karkinos offers the option to simultaneously crack hashes using a built-in wordlist consisting of over 15 million common and breached passwords. This list can easily be modified and/or completely replaced.
Pull requests and bug reports are always appreciated.
Below are features to be added/fixed: