Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following:
- Encoding/Decoding characters
- Encrypting/Decrypting text or files
- Reverse shell handling
- Cracking and generating hashes
- Any server capable of hosting PHP; tested with Apache Server
- Tested with PHP 7.4.9
- Python3 (in your path)
- pip3
- Raspberry Pi Zero friendly :) (crack hashes at your own risk)
Installing
This installation guide assumes you have all the dependancies.
Linux
- git clone https://github.com/helich0pper/Karkinos.git
- cd Karkinos
- pip3 install -r requirements.txt
- cd wordlists && tar -xf passlist.zip You can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory.
- Add extension=php_sqlite3.dll to your php.ini file.
If you don't know where to find this, refer to the PHP docs. - Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.
Windows
- git clone https://github.com/helich0pper/Karkinos.git
- cd Karkinos
- pip3 install -r requirements.txt
- cd wordlists && tar -xf passlist.zip
You can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory. - Add extension=php_sqlite3.dll to your php.ini file.
If you don't know where to find this, refer to the PHP docs. - Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.
Demo
Home Menu
Landing page and quick access menu.
User stats are displayed here. Currently, the stats recorded are only the total hashes and hash types cracked successfully.
This page allows you to encode/decode in common formats (more may be added soon)
Encrypting and decrypting text or files is made easy and is fully trusted since it is done locally.
Reverse shells can be captured and interacted with on this page.
Create a listener instance
Start the listener and capture a shell
Generating Hashes
Karkinos can generate commonly used hashes such as:
- MD5
- SHA1
- SHA256
- SHA512
Karkinos offers the option to simultaneously crack hashes using a built-in wordlist consisting of over 15 million common and breached passwords. This list can easily be modified and/or completely replaced.
Pull requests and bug reports are always appreciated.
Below are known bugs and issues:
- Reverse shell handling server code is currently being reworked but it works fine
Find me on
Use this tool to make penetration tests or any hacking CTF's more efficient. This tool should be used on applications that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.
Please check the known bugs and issues at the bottom before installation.