THC HackSuite CMS - FyreByte

The most versatile penetration testing cms around

THC stands for Tools & Design Hack Challenges, and was originally created by icecube aka zomgwtfbbq. The HackSuite is powered by a very easy to expand cms backbone which makes it possible to add plug-ins and add-ons such as apps, themes and modules to the environment with a minimum of effort and programming skills. The default template is fully xhtml compliant and makes extensive use of jQuery and php, no need for mysql or any other database backend.

Despite it's name you can use this tool for just about anything, though the main purpose of this tool is to be a quick solution for penetration testers and programmers. As we speak there are 22 modules available for download, including: ftp server brute force, wpa default session key calculator, database brute forcing, login brute forcing, mail server dictionary attacker but also modules for eg analyzing your configuration files.

It's free, so why not give it a try?

faq section: find answers to your questions

faq section: find answers to your questions

development: wysiwyg callbacks, modules and apps creation

modules: all kinds of handy (security) tools

test servers: highly configurable servers to test attacks against

proxy support: manage and use proxies easily

environment: easily overview and test your environment

sscan: communicate with or spy on (external) resources

file managing: total control over your files and directories

editing: except for binaries like images all can be edited

manager: manage all your modules, apps and callbacks

configuration: tools that can be used to configure and fetch data

channel: communicate with the hacksuite youtube channel

password cracking: extendable (salted) password bruteforcer

wordlist creator: create wordlists based on user data

exploit injection: (mass) scan targets on any vulnerability

server check: find dangerous code, shells and programs

edit your configuration files and it's default values

debug context, paths and other variables

add new apps to the environment

recover your configuration files and reset them to default values

change style of the hacksuite

show the faq section

view your log files

add and scrape proxies

configure dork files and sql errors

manager for search widgets

change the amount of links in the menubar

removes finished tasks or cleans the task data file

Attacking a user account by bruteforcing the twitter login system.

Attempts to find suspicious and evil files or code.

THC AntiHash is a tool that bruteforces (salted) password hashes

Performs a simple DoS attack on a webserver

Detects sites guarded by CloudFlare and gets the server's real ip address

xAnalyze is a module that can search through corrupt data and configuration files and find the exact position of errors.

AntiFTP uses wordlists in order to bruteforce FTP user accounts.

Bruteforces youtube accounts.

THC Database Brute is a tool that can bruteforce multiple database types using wordlists.

THC SpeedtouchBrute attempts to get the default wpa/wep key for a variety of routers such as Thomson and Speedtouch routers.

Simple mail bomber written in PHP.

Mister LG can create upload forms and test targets on file upload vulnerabilities.

Discovers interesting locations, paths and data of a website.

xScan is a portscanner that scans (remote) systems for open ports. You can either scan a range of ports or manually enter the ports you want to scan.

THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data.

THC Dork is an automatic Google dork result extractor, ideal to find vulnerable websites and scripts on the web.

THC Sscan is a very versatile tool for scanning (html) files.

Bruteforces facebook accounts using wordlists.

Vulnerability scanner that can find possible exploitable websites

Creates wordlists based upon specified user information

HTTPAuth is a tool that can bruteforce HTTP Authentication scripts using wordlists.

AntiMail attacks pop3 mailbox accounts using wordlists.

No apps available

Attack THC_HS Login

- Change the default index content of the suite

- How to load iframes in your modules

- Create a vulnerability scanner module

- How to make a new native tool

- Monitoring tasks, bridging and show output realtime

most online same time: 432

currently online: 23

version: 0.4.7

downloads: 2054

native: 12

modules: 22

apps: 0

callbacks: 1

templates: 1