badKarma – Network Reconnaissance Toolkit

badKarma is an open source GUI based network reconnaissance toolkit which aims to assist penetration testers during network infrastructure assessments. This toolkit will make all security testing process faster and more convenient.

The tool will combine in a single UI several actions such as scanning, exploitation and brute-forcing exposed services

badKarma – Network Reconnaissance Toolkit

Current available workspace’s extensions are:

  • Shell: this is the main module of the toolkit since it allow the tester to execute preconfigured shell tasks. Shell commands are located under the “conf” directory.
  • Bruter: as the name says, bruter is the brute-force extension. It allow the tester to send a target directly to Hydra and configure the parameters through a GUI. Default hydra parameters can be modified from conf/bruter.conf.
  • Screenshot: this extension allow the tester to take screenshots of possibile http,rdp,rtsp,vnc and x11 servers, screenshots will be stored in the session file as base64 and can be shown from badKarma.
  • WebSession: a fast and ready to use webview in tailing with mitmproxy, it allow to browse a target’s website and read, edit or resend HTTP requests. Some common payloads are available as well, just click on a payload to copy it on the clipboard. Since full dumps are too big to be imported inside the session file, only mitmdump’s default ouput is imported.
  • Metasploit: a metasploit wrapper that let testers run metasploit auxiliary and exploits.
  • Browser: just an “open in browser” for http menu item, take it as an example to build your own extensions.

There is several ways to add targets from the GUI directly or using shodan api configuration once you have the list of targets it will be easy to run any type of attack with a large list of tools such as bruter, nmap , whtweb, whatwaf, sslscan and more.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments