Hack-Tools is a web extension for web application penetration testing, which contains a large number of testing tools, such as XSS Payload and reverse shell. By using web extensions, we don’t need to search for various payloads in different websites or local storage spaces, and most of the tools provided by Hack-Tools can be used with one electric shock. In addition, Hack-Tools can also be accessed in pop-up mode, or used directly in the browser’s console tab.
Dynamic reverse shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
Shell generation (TTYShell generation)
XSS vulnerability Payload
Basic SQL injection vulnerability Payload
The local file contains the vulnerability Payload (LFI)
Hash generator (MD5, SHA1, SHA256, SHA512)
Integrate various practical Linux commands (port forwarding, SUID)
RSSFeed (Exploit database and Cisco security advice)
CVE vulnerability search engine
Various methods to filter and download data from remote machines
Researchers can use the following commands to clone the source code of the project to the local:
git clone https://github.com/LasCC/Hack-Tools.git
Click [here] to get the plug-in release version.
In addition, the majority of researchers can also construct the project source code according to their own needs.
Mozilla Firefox browser
Researchers can click [here] to get the Hack-Tools plug-in version for Firefox browser.
Source code build
yarn install && yarn build
When we finish building the source code, webpack will create a new directory named dist. Next, we also need to open the developer mode of the browser, and then enter the extension/plug-in management interface (Chromium):
Click the “Load unpacked” button in the upper left corner of the interface:
After clicking this button, we need to select the tool to compile the dist folder just generated:
At this point, the tool configuration has been completed, and then we can use Hack-Tools in the penetration test process!
Tool running screenshot