badKarma: Network Reconnaissance Toolkit

CyberPunk Information Gathering

Last Commit: 12/17/2018

badKarma: Network Reconnaissance Toolkit

Introduction

badKarma is an open source GUI based toolkit which aims to assist penetration testers during network infrastructure assessments. This tool will save your time with point-and-click access to a complete and customizable arsenal. In addition, all the informations gained will automatically be stored under a session file.

badKarma: Network Reconnaissance Toolkit

BadKarma is a Network Reconnaissance Toolkit, written in Python3, that can help you in all the penetration testing phases: information gathering, vulnerability assessment, exploitation, post-exploitation and reporting.

This tool is modular and it’s loaded with some very useful reconnaissance and active scanning modules, such as:

Nmap, Masscan, Shodan, SearchSploit, Metasploit, Dnsrecon, dnsenum, and Whois information resource.

You can select any of these modules during the penetration testing process to collect valuable information about the target hosts.

Features:

badKarma is modular, the extensions are full-interactive and they allow you to tune tasks options.
task’s output is logged beneath a session file, which is a sqlite database and contains all the information gained during the activity, real-time updated.
it allows you to add targets from the GUI (some defaults scan profiles are already available).
you can also import tools output files from the main menu.

Extensions

Shell: main module of the toolkit since it allow the tester to execute preconfigured shell tasks. Shell commands are located under the conf directory.
Bruter: the brute-force extension. It allow the tester to send a target directly to Hydra and configure the parameters through a GUI. Default hydra parameters can be modified from conf/bruter.conf.
Screenshot: this extension allow the tester to take screenshots of possibile http, rdp, rtsp, vnc and x11 servers, screenshots will be stored in the session file as base64 and can be shown from badKarma.
WebSession: a fast and ready to use webview in tailing with mitmproxy, it allow to browse a target’s website and read, edit or resend HTTP requests.
Metasploit: a metasploit wrapper that let testers run metasploit auxiliary and exploits.
Browser: just an “open in browser” for http menu item, take it as an example to build your own extensions.

Session file

The Session file is a sqlite database, contains all the information gained during the activity, real-time updated. By default the session file is located inside the /tmp directory, it can be stored under a different location or imported from badkarma’s main menu. Inside the session file there are four tables: hosts, ports, activity_log and notes.

Targets

Targets are stored inside the session file. There is a shodan-api’s script (smap.py) that let you importing target’s data directly from shodan. It is located inside the scripts directory (requires a shodan api key inside conf/shodan.conf. By default all the scan output are stored inside the /tmp directory, then the output is imported in the session file and deleted.

Requirements:

Python3
Kali Linux dependencies: phantomjs, mitmproxy, ffmpeg…
Python dependencies: requirements.txt (python-libnmap, sqlalchemy, shodan)

badKarma Install

It is recommended to work with badKarma in Kali Linux or BlackArch, but it should work in any Linux distro.

If you are a Kali Linux user, install the following dependencies:

$ sudo apt install python3-pip python3-gi phantomjs mitmproxy ffmpeg gir1.2-gtk-vnc-2.0 \
gir1.2-gtksource-3.0 gir1.2-vte-2.91 gir1.2-osmgpsmap-1.0 gir1.2-webkit2-4.0

Clone it from the GitHub repo and navigate to the working directory:

$ git clone https://github.com/r3vn/badKarma.git

Then install Python dependencies:

$ pip3 install -r requirements.txt

Now you can run it as follows:

$ chmod +x badkarma.py
$ ./badkarma.py

Basic Usage

BadKarma dashboard will open, start by entering the target and by specifying IP address.

It is loaded with different tabs: Hosts view, Services view, and Logs. Hosts view tab shows the target hosts information about host IP, hostname, and its status. The services tab will show the running services on the target.