Awesome Open Source
Awesome Open Source

Disclaimer

Use this tool to make penetration tests or any hacking CTF's more efficient. This tool should be used on applications that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.
Please check the known bugs and issues at the bottom before installation.
A Wiki page for troubleshooting is coming very soon...

What is Karkinos?

Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following:

  • Encoding/Decoding characters
  • Encrypting/Decrypting text or files
  • Reverse shell handling
  • Cracking and generating hashes

Dependencies

  • Any server capable of hosting PHP; tested with Apache Server
  • Tested with PHP 7.4.9
  • Python3
    Make sure it is in your path as:
    Windows: python
    Linux: python3
    If it is not, please change the commands in includes/pid.php
  • pip3
  • Raspberry Pi Zero friendly :) (crack hashes at your own risk)

Newest Feature

Introducing Modules

Modules are now in one place for better organisation and accessibility.

Modules

New Module

Directory and File Busting demo:

Directory and File Busting Demo

Installing

This installation guide assumes you have all the dependencies.

Linux/BSD

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && tar -xf passlist.zip You can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory.
  5. Add extension=php_sqlite3.dll to your php.ini file.
    If you don't know where to find this, refer to the PHP docs.
  6. Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.
    Important: using port 5555 will conflict with the reverse shell handler server
    If you insist on using port 5555, change the reverse shell handler server PORT value in /bin/Server/app.py Line 88
    Important: using port 5556 will conflict with the directory and file busting server
    If you insist on using port 5556, change the directory and file busting server PORT value in /bin/Busting/app.py Line 111

Windows

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && tar -xf passlist.zip
    You can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory.
  5. Add extension=php_sqlite3.dll to your php.ini file.
    If you don't know where to find this, refer to the PHP docs.
  6. Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.
    Important: using port 5555 will conflict with the reverse shell handler server
    If you insist on using port 5555, change the reverse shell handler server PORT value in /bin/Server/app.py Line 88
    Important: using port 5556 will conflict with the directory and file busting server
    If you insist on using port 5556, change the directory and file busting server PORT value in /bin/Busting/app.py Line 111

Demo

Open screenshots in full screen for a better view

Home Menu

Landing page and quick access menu.

Home 1

User stats are displayed here. Currently, the stats recorded are only the total hashes and hash types cracked successfully.

Home 2

Encoding/Decoding

This page allows you to encode/decode in common formats (more may be added soon)

Encode and Decode

Encrypt/Decrypt

Encrypting and decrypting text or files is made easy and is fully trusted since it is done locally.

Encrypt and Decrypt

Modules

More modules will be added.
Modules

Reverse Shell Handling

Reverse shells can be captured and interacted with on this page.

Create a listener instance

Listener 1

Configure the listener

Listener 2

Start the listener and capture a shell

Listener 3

Full reverse shell handling demo:

Reverse Shell Handling Demo

Directory and File Busting

Create an instance

Bust 1

Configure it

Bust 2

Start scanning

Bust 2

Full Directory and File Busting demo:

Directory and File Busting Demo

Generating Hashes

Karkinos can generate commonly used hashes such as:

  • MD5
  • SHA1
  • SHA256
  • SHA512

    Generating Hashes

Cracking Hashes

Karkinos offers the option to simultaneously crack hashes using a built-in wordlist consisting of over 15 million common and breached passwords. This list can easily be modified and/or completely replaced.

Cracking Hashes

Future Work

Pull requests and bug reports are always appreciated.
Below are features to be added/fixed:

  • Creating a Wiki page to help customize Karkinos or troubleshoot common issues

Find me on

Twitter


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
php (16,378
pentesting (371
ctf (169
hacking-tools (66
ctf-tools (51
reverse-shell (48
encoder-decoder (39
penetration-testing-tools (19