Karkinos Swiss Army Knife for PenTesting & Hacking CTF's
Karkinos Swiss Army Knife for PenTesting & Hacking CTF's

Karkinos: Swiss Army Knife for PenTesting & Hacking CTF’s

Use this tool to make penetration tests or any hacking CTF’s more efficient. This tool should be used on applications that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.

Karkinos is a light-weight ‘Swiss Army Knife’ for penetration testing and/or hacking CTF’s. Currently, Karkinos offers the following:

  • Encoding/Decoding characters
  • Encrypting/Decrypting text or files
  • Reverse shell handling
  • Cracking and generating hashes

Dependencies

  • Any server capable of hosting PHP
  • Tested with PHP 7.4.9
  • Tested with Python 3.8
    Make sure it is in your path as:
    Windows: python
    Linux: python3
    If it is not, please change the commands in includes/pid.php
  • pip3
  • Raspberry Pi Zero friendly 🙂 (crack hashes at your own risk)

Installing

This installation guide assumes you have all the dependencies. A Wiki page for installation, troubleshooting, and usage is coming very soon…

Linux/BSD

git clone https://github.com/helich0pper/Karkinos.git
cd Karkinos
pip3 install -r requirements.txt
cd wordlists && unzip passlist.zip

You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.

Note

Make sure you have write privilages for db/main.db

  • Enable extension=mysqli in your php.ini file.

If you don’t know where to find this, refer to the PHP docs. Note: MySQLi is only used to store statistics.

Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.

Important: using port 5555, 5556, or 5557 will conflict with the Modules
If you insist on using these ports, change the PORT value in:

/bin/Server/app.py Line 87
/bin/Busting/app.py Line 155
/bin/PortScan/app.py Line 128

Windows

git clone https://github.com/helich0pper/Karkinos.git
cd Karkinos
pip3 install -r requirements.txt
cd wordlists && unzip passlist.zip

You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.

Note

Make sure you have write privilages for db/main.db

  • Enable extension=mysqli.dll in your php.ini file.

If you don’t know where to find this, refer to the PHP docs. Note: MySQLi is only used to store statistics

Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.

Important: using port 5555, 5556, or 5557 will conflict with the Modules
If you insist on using these ports, change the PORT value in:

/bin/Server/app.py Line 87
/bin/Busting/app.py Line 155
/bin/PortScan/app.py Line 128

Demo

Open screenshots in full screen for a better view

Home Menu

Landing page and quick access menu.

Karkinos Home Menu
Karkinos Home Menu

User stats are displayed here. Currently, the stats recorded are only the total hashes and hash types cracked successfully.

Stats for Karkinos
Stats for Karkinos

Encoding/Decoding

This page allows you to encode/decode in common formats (more may be added soon)

Encoding and Decoding
Encoding and Decoding

Encrypt/Decrypt

Encrypting and decrypting text or files is made easy and is fully trusted since it is done locally.

Encrypt and Decrypt
Encrypt and Decrypt

Modules

More modules will be added.

Reverse Shell Handling

Reverse shells can be captured and interacted with on this page.

Create a listener instance

Create a listener instance
Create a listener instance

Configure the listener

Configure the listener
Configure the listener

Start the listener and capture a shell

Start listener and capture a shell
Start listener and capture a shell

Directory and File Busting

Create an instance

Instance for Busting
Instance for Busting

Configure it

Configure Busting
Configure Busting

Start scanning

Directory and File Busting
Directory and File Busting

Port Scanning

Launch the scanner

Port scanning module
Port scanning module

Configure it

Configuring port scanning
Configuring port scanning

Start scanning

Port scanning with Karkinos
Port scanning with Karkinos

Generating Hashes

Karkinos can generate commonly used hashes such as:

  • MD5
  • SHA1
  • SHA256
  • SHA512
Generating Hashes with Karkinos
Generating Hashes with Karkinos

Cracking Hashes

Karkinos offers the option to simultaneously crack hashes using a built-in wordlist consisting of over 15 million common and breached passwords. This list can easily be modified and/or completely replaced.

Cracking Hashes with Karkinos
Cracking Hashes with Karkinos
Dark Mode

Karkinos (this link opens in a new window) by helich0pper (this link opens in a new window)

Penetration Testing and Hacking CTF’s Swiss Army Knife with: Reverse Shell Handling – Encoding/Decoding – Encryption/Decryption – Cracking Hashes / Hashing

More Stories
Android-PIN-Bruteforce Unlock Android phone by bruteforcing lockscreen PIN
Android-PIN-Bruteforce: Unlock an Android phone by bruteforcing the lockscreen PIN