Advanced Security Reconnaissance Toolkit for Ethical Hackers & Pentesters
Made by p6cy / kareeen133
_____ _____ _____ ____ ____ _____
/ ___// ____/ ____/ __ )/ __ /_ _/
\__ \/ __/ / / / __ / / / / / /
___/ / /___/ /___/ /_/ / /_/ / / /
/____/_____/\____/_____/\____/ /_/ v2.0
Advanced Security Reconnaissance Toolkit
- Subdomain enumeration with custom wordlists
- Subdomain takeover vulnerability detection
- WHOIS & DNS lookups with zone transfer checks
- Web technology fingerprinting
- Wayback Machine URL extraction
- Certificate transparency (crt.sh) search
- Multi-threaded port scanning
- Service version detection
- SSL/TLS security analysis
- Ping & traceroute
- GeoIP lookup
- Reverse DNS
- Security headers analysis
- CORS misconfiguration detection
- HTTP methods enumeration
- Website crawler
- Directory bruteforce
- Parameter fuzzing
- robots.txt parser
- XSS payloads (multiple contexts)
- SQL injection payloads (MySQL, MSSQL, Oracle, PostgreSQL)
- LFI/RFI payloads
- SSTI payloads (Jinja2, Twig, Freemarker, Smarty)
- XXE payloads
- Reverse shell generator (Bash, Python, PHP, NC, PowerShell)
- Hash generation (MD5, SHA1, SHA256, SHA512, bcrypt)
- Hash identification
- Hash cracking with wordlists
- JWT decode & none-algorithm attack
- Multi-format encoding/decoding (Base64, Hex, URL, HTML, Binary)
- Classical ciphers (Caesar, ROT13, Vigenere, XOR, Atbash)
- Username checker across 25+ platforms
- Email OSINT
- Google dork generator
- File metadata extraction
- Phone number lookup
- CVE lookup
- ExploitDB search
- Vulners database search
- Secure password generator
- Custom wordlist generator
- User agent spoofing
- Session export (JSON, HTML, Markdown)
# Clone the repository
git clone https://github.com/kareeen133/secbot.git
cd secbot
# Install dependencies
pip install -r requirements.txt
# Run SecBot
python main.py- Python 3.8+
- requests
- dnspython
- python-whois
- pyOpenSSL (optional, for detailed SSL info)
python main.pyType modules to see all categories, help to see all commands.
# Subdomain enumeration
secbot> subdomains example.com
# Port scanning
secbot> portscan 192.168.1.1
secbot> portscan example.com 1-1000
# Security headers check
secbot> headers https://example.com
# Generate XSS payloads
secbot> xss html
# Crack a hash
secbot> crack 5f4dcc3b5aa765d61d8327deb882cf99
# Check username across platforms
secbot> username johndoe
# Generate reverse shell
secbot> revshell python 10.10.10.10 4444
# CVE lookup
secbot> cve CVE-2021-44228| Command | Description |
|---|---|
subdomains <domain> |
Enumerate subdomains |
subdomain_takeover <domain> |
Check for takeover vulnerabilities |
whois <domain> |
WHOIS lookup |
dns <domain> |
DNS enumeration |
tech <url> |
Detect technologies |
crtsh <domain> |
Certificate transparency search |
portscan <host> [ports] |
Port scanning |
fullscan <host> |
Full scan + service detection |
ssl <host> |
SSL/TLS analysis |
ping <host> |
Ping host |
geoip <ip> |
GeoIP lookup |
ipinfo [ip] |
Get IP information |
headers <url> |
Security headers check |
cors <url> |
CORS misconfiguration check |
httpmethods <url> |
Check HTTP methods |
robots <url> |
Fetch robots.txt |
crawl <url> [depth] |
Crawl website |
dirbrute <url> |
Directory bruteforce |
xss [context] |
XSS payloads |
sqli [dbtype] |
SQLi payloads |
lfi [os] |
LFI payloads |
ssti [engine] |
SSTI payloads |
xxe |
XXE payloads |
hash <text> |
Generate hashes |
identify <hash> |
Identify hash type |
crack <hash> [wordlist] |
Crack hash |
jwt <token> |
Decode JWT |
jwtforge <token> |
JWT none-alg attack |
encode <type> <text> |
Encode text |
decode <type> <text> |
Decode text |
username <name> |
Check username |
email <address> |
Email OSINT |
dork <domain> |
Google dorks |
cve <id/keyword> |
CVE lookup |
exploitdb <query> |
Search ExploitDB |
revshell <type> <ip> <port> |
Reverse shell generator |
password [len] [type] |
Generate password |
export <format> |
Export session |
Add your screenshots here after running the tool
This tool is intended for authorized security testing and educational purposes only.
- Always obtain proper authorization before testing any systems
- The developers are not responsible for any misuse of this tool
- Use responsibly and ethically
Contributions are welcome! Feel free to:
- Report bugs
- Suggest new features
- Submit pull requests
- GitHub: @kareeen133
This project is licensed under the MIT License.
Star this repo if you find it useful!