djedi/toolbelt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
toolbelt/README.md
rpriven 2006ba5a45
Added logo
2025-11-01 00:27:03 -06:00

341 lines
9.2 KiB
Markdown
Raw Blame History

# Djedi Toolbelt v2.0
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Python: 3.6+](https://img.shields.io/badge/Python-3.6+-blue.svg)](https://www.python.org/)
**Comprehensive security tool installer with interactive menus, pre-built profiles, and distro-specific support.**
---
![Djedi Toolbelt](images/toolbelt.jpeg)
## 🚀 What's New in v2.0
-**Interactive 3-Level Menu System** - Browse categories, select tools, install profiles
-**Pre-Built Profiles** - Bug Bounty, CTF, Web App, Network, Full Pentest
-**Distro Detection** - Kali, Debian, Ubuntu support with appropriate tool sets
-**No Root Requirement** - Runs as user, uses sudo only when needed
-**Comprehensive Logging** - Dual output (console + file)
-**Fresh Integration** - Detects and recommends modern CLI tools
-**Modular Architecture** - Clean, maintainable Python code
---
## 📋 Quick Start
```bash
# Clone the repository
git clone https://github.com/rpriven/toolbelt.git
cd toolbelt
# Run toolbelt (no sudo needed!)
python3 toolbelt.py
```
**Important:** Do NOT run as root/sudo. The script will use sudo for specific commands that require it.
---
## 🎯 Features
### Interactive Menu System
**Level 1 - Main Menu:**
- Quick Install Profiles
- Browse & Select Categories
- Install Prerequisites (fresh)
- View Installed Tools
- Check for Tool Updates
- Manage Wordlists
**Level 2 - Categories:**
- 📦 APT Tools - Package manager tools
- 🔷 Go Tools - Security tools written in Go
- 🔧 /opt Tools - Tools cloned to /opt
- 🐍 Python Tools - Tools via pip3
- 🐳 Docker Tools - Containerized tools
- 📜 Useful Scripts - PEAS, PowerView, etc.
**Level 3 - Tool Selection:**
- Install all tools in category
- Individual tool selection (gum multi-select)
**Tool Update Management:**
- Check versions of installed tools
- Update all ProjectDiscovery tools (pdtm)
- Update all Go tools to @latest
- Select individual tools to update (gum multi-select)
**Wordlist Management:**
- Install SecLists (comprehensive wordlist collection)
- View installed wordlists and directory structure
- Update SecLists from GitHub
### Pre-Built Profiles
**Bug Bounty Hunter** - Web app testing and reconnaissance
- nmap, masscan, nikto, sqlmap, burpsuite
- nuclei, httpx, subfinder, katana, amass
- Sublist3r, wafw00f, XSStrike
- wfuzz, arjun, scripts collection
**CTF Player** - Capture The Flag tools
- nmap, burpsuite, sqlmap, wireshark
- Python tools: wfuzz, scrapy, requests
- Scripts collection
**Web Application Testing** - Web security focus
- nmap, nikto, sqlmap, burpsuite
- nuclei, httpx, katana
- wafw00f, XSStrike, Striker
- wfuzz, arjun, scrapy
**Network Pentesting** - Network recon and scanning
- nmap, masscan, wireshark
- naabu, amass, assetfinder, httprobe
- RustScan (Docker)
**Full Pentesting Arsenal** - Everything (5GB+)
- All APT tools
- All Go tools
- All /opt tools
- All Python tools
- All Docker tools
- All scripts
---
## 🛠️ Tool Categories
### APT Tools (via package manager)
**Kali Linux:**
nmap, masscan, naabu, nuclei, burpsuite, feroxbuster, nikto, gobuster, seclists, sqlmap, git, docker.io, docker-compose, golang-go, wireshark
**Debian/Ubuntu:**
nmap, masscan, nikto, sqlmap, git, docker.io, docker-compose, golang-go, wireshark, burpsuite
### Go Tools (via go install)
naabu, nuclei, katana, httpx, subfinder, amass, assetfinder, httprobe, gowitness, subjack, hakrawler, webanalyze
*All ProjectDiscovery tools included*
### /opt Tools (cloned to /opt)
- **pimpmykali** (Kali only) - Golang + Impacket setup
- **xnLinkFinder** - Link finder for bug bounty
- **Knockpy** - Subdomain enumeration
- **Sublist3r** - Subdomain discovery
- **Striker** - Web application scanner
- **wafw00f** - WAF detection
- **waymore** - Web archive scraper
- **XSStrike** - XSS detection suite
### Python Tools (via pip3)
wfuzz, arjun, scrapy, tld, requests, fuzzywuzzy
### Docker Tools
**RustScan** - Fast port scanner
- Includes alias setup for shell
### Useful Scripts (downloaded to ~/scripts)
- **linpeas.sh** - Linux privilege escalation
- **jaws-enum.ps1** - Windows enumeration
- **LinEnum.sh** - Linux enumeration
- **winPEASany_ofs.exe** - Windows privilege escalation
- **php-reverse-shell.php** - PHP reverse shell
- **linux-exploit-suggester.sh** - Linux exploit suggester
- **PowerView.ps1** - PowerShell AD enumeration
---
## 🔧 Requirements
- **OS:** Kali Linux, Debian, or Ubuntu
- **Python:** 3.6+
- **Package Manager:** apt
- **Privileges:** sudo access (script runs as user, not root)
- **Optional:** gum (for interactive multi-select) - `go install github.com/charmbracelet/gum@latest`
---
## 📖 Usage Examples
### Install a Profile
```bash
python3 toolbelt.py
# Select: 1) Quick Install Profiles
# Choose: Bug Bounty Hunter
```
### Browse Categories
```bash
python3 toolbelt.py
# Select: 2) Browse & Select Categories
# Choose category (e.g., Go Tools)
# Option 1: Install all tools
# Option 2: Select specific tools (interactive multi-select with gum)
```
### Interactive Tool Selection (gum)
With gum installed, you get beautiful interactive multi-select:
```bash
python3 toolbelt.py
# Select: 2) Browse & Select Categories
# Choose: Go Tools
# Select: 2) Select Specific Tools
# Use SPACE to toggle, ENTER when done
# Confirm selection and install
```
**Without gum:** The script will prompt you to install it or fall back to "Install All" option.
### Check Installed Tools
```bash
python3 toolbelt.py
# Select: 4) View Installed Tools
```
### Update Tools
```bash
python3 toolbelt.py
# Select: 5) Check for Tool Updates
# Option 1: Check versions only (see what's outdated)
# Option 2: Update all ProjectDiscovery tools (pdtm -ua)
# Option 3: Update all Go tools to @latest
# Option 4: Select specific tools to update (gum multi-select)
```
**Update strategies:**
- **Fast PD Update:** Option 2 uses `pdtm` for lightning-fast ProjectDiscovery tool updates
- **Comprehensive Update:** Option 3 updates ALL Go tools (PD + non-PD)
- **Selective Update:** Option 4 lets you cherry-pick which tools to update
### Manage Wordlists
```bash
python3 toolbelt.py
# Select: 6) Manage Wordlists
# Option 1: Install SecLists (~500MB)
# Option 2: View installed wordlists and structure
# Option 3: Update SecLists from GitHub
```
**SecLists includes:**
- **Passwords**: rockyou, common passwords, leaked databases
- **Usernames**: Common usernames and names
- **Subdomains**: DNS enumeration wordlists
- **Directories**: Web content discovery lists
- **Fuzzing**: XSS, SQLi, and other injection payloads
**Installation location:** `~/wordlists/SecLists/`
---
## 🔗 Integration with Fresh
Toolbelt integrates with [fresh](https://github.com/rpriven/fresh) for modern CLI productivity tools.
**Recommended Setup:**
1. **Install fresh first** - Modern CLI foundation (fzf, ripgrep, bat, etc.)
2. **Install toolbelt** - Security tools
3. **Install tmux-recon** (optional) - Pentesting automation
Fresh provides essential CLI tools that enhance the security workflow. Toolbelt will detect if fresh is installed and prompt you to install it if missing.
---
## 📂 Architecture
```
toolbelt/
├── toolbelt.py # Main entry point with interactive menus
├── utils.py # Distro detection, logging, helpers
├── config.py # Tool definitions, profiles, categories
├── installer.py # Installation logic for each category
├── toolbelt_old.py # Original v1.0 (reference)
└── toolbelt.sh.old # Legacy bash version (archived)
```
**Modular Design:**
- `utils.py` - System checks, logging setup, helper functions
- `config.py` - Tool lists, profile definitions, category metadata
- `installer.py` - Installation functions for each tool category
- `toolbelt.py` - Interactive menu system and main flow
---
## 🔐 Security Notes
- **No Root Execution**: Script runs as regular user, uses sudo only for specific commands
- **Logging**: All operations logged to `~/toolbelt-install.log`
- **Smart Detection**: Skips already-installed tools
- **Error Handling**: Comprehensive error checking and reporting
---
## 🐛 Known Issues
- Individual tool selection menu (Level 3) coming in next update
- Custom profile saving/loading planned for future release
---
## 🤝 Contributing
Contributions welcome! Please feel free to submit pull requests or open issues for:
- Additional tool suggestions
- New profiles
- Platform support improvements
- Bug fixes
---
## 📝 Version History
**v2.0.0** (2025-10-31)
- Complete rewrite with interactive menu system
- Pre-built profile support
- Distro detection (Kali, Debian, Ubuntu)
- Removed root requirement
- Added comprehensive logging
- Fresh integration
- Modular architecture
**v1.0** (2023)
- Original automated installer
- Bash and Python versions
- Root required
- No menu system
---
## 📜 License
This project is licensed under the MIT License - see the LICENSE file for details.
---
## 🙏 Acknowledgments
- Built for the pentesting and bug bounty community
- Integrates tools from ProjectDiscovery, OWASP, and many open source developers
- Inspired by the need for quick, consistent tool setup across environments
- Part of the Djedi security tooling ecosystem
---
**Djedi Toolbelt** - Because every pentester deserves a well-equipped toolbelt. 🔧
Reference in a new issue View git blame Copy permalink