This tools is continued from Nefix, DirsPy and Xmasspy project.
Installation
Will work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux.
$ git clone https://github.com/koboi137/darksplitz
$ cd darksplitz/
$ sudo ./install.sh
Features
- Extract mikrotik credential (user.dat)
- Password generator
- Reverse IP lookup
- Mac address sniffer
- Online md5 cracker
- Mac address lookup
- Collecting url from web.archive.org
- Web backdoor (Dark Shell)
- Winbox exploit (CVE-2018-14847)
- ChimeyRed exploit for mipsbe (Mikrotik)
- Exploit web application
- Mass apple dos (CVE-2018-4407)
- Libssh exploit (CVE-2018-10933)
- Discovering Mikrotik device
- Directory scanner
- Subdomain scanner
- Mac address scanner
- Mac address pinger
- Vhost scanner (bypass cloudflare)
- Mass bruteforce (wordpress)
- Interactive msfrpc client
Exploit web application
- plUpload file upload
- jQuery file upload (CVE-2018-9206)
- Laravel (.env)
- sftp-config.json (misc)
- Wordpress register (enable)
- elfinder file upload
- Drupal 7 exploit (CVE-2018-7600)
- Drupal 8 exploit (CVE-2018-7600)
- com_fabrik exploit (joomla)
- gravityform plugin file upload (wordpress)
- geoplace3 plugin file upload (wordpress)
- peugeot-music plugin file upload (wordpress)
Notes
This tool will work fine under root, because scapy module and other need root user to access more features. But you can run as user too in some features. ;)