🎉 Your OPSEC companion. Now with tldr-pages integration! 🎉
WITCHCRAFT is a toolkit for cybersecurity. It handles forensic research, OSINT, scanning, backups, data copying, and penetration testing for apps and APIs, serving as a flexible platform for diverse security tasks.
https://cosmic-zip.github.io/wiki/wiki.html
The project initially includes a set of default files. These files are created using the best possible data analysis techniques, and their final versions are merged into the main project.
The spellbook package also provide:
-
Advanced osint search in over 1000 sources
-
Default Credentials Database
-
IP Lookup
-
A Set of Social Media Pages for Evil Twin Attacks
-
General Wordlists for Directories and Subdomains
-
MAC Address Vendor Database
-
Usernames Wordlist
-
XSS Wordlist
-
And more, UwU!
-
Unique Wordlists:
- Moth
- Ladybug
sudo snap alias witchcraft-cybersecurity.witchcraft witchcraft
To build the project, follow these instructions:
Step 1: Clone the Repository
git clone https://github.com/cosmic-zip/witchcraft.git --branch=main --depth 1
cd witchcraft
Step 2: Run the Build Script
Execute the provided build script build.sh:
chmod +x build-devel.sh
./build-devel.sh
The script will prompt you to enter the root password, create a folder called 'release,' and place the built executables inside it. Additionally, it will prompt you to run the commands for downloading the archive files for OSINT and wordlists. You can choose to download one, both, or neither, but keep in mind that the archives are required for ip lookup operations.
Running Witch_Craft
Execute the following command to run the witchcraft application:
witchcraft
Note: The first argument will always not have a "-" (minus) before it.
witchcraft nuke.hd --device /dev/sdx1
witchcraft search.meta --keywork "Anonymous"
witchcraft search.ipscore --ip 127.0.0.1
The witchcraft project is extensible through static files and Rust code. Moreover, it is possible to extend its functionalities using db.json
. This file contains a list of small shell scripts, which means you can integrate anything that interacts with the terminal using ARGS (argsv, readargs(), sys.args(), etc).
Note: There is a Python script called sort.py inside /var/witchcraft/spellbook/dataset. It is used to create a sorted version of the dataset.
{
"description": "Securely deletes and overwrites the contents of a device seven times",
"name": "nuke.hd",
"command": "shred -vzn 7 @@device"
}
Put your cloned pages in /var/witchcraft/spellbook/evilpages. Use the SingleFile extension or a similar tool to clone webpages:
https://addons.mozilla.org/en-US/firefox/addon/single-file/
To record logs of all your interactions, create a file named .witchrc
in your home folder and add the following line to it:
path_log_file=~/my_frog.jsonl
You can use ~/
to represent your home directory or specify the complete path, such as:
path_log_file=/path/to/my/file.jsonl
🎉 This project is licensed under the GNU General Public License v3.0.
WITCHCRAFT includes IP2Proxy LITE data available from https://www.ip2location.com/proxy-database WITCHCRAFT includes cinsscore data available from https://www.cinsscore.com