Skip to content

WITCHCRAFT is a toolkit for cybersecurity. It handles forensic research, OSINT, scanning, backups, data copying, and penetration testing for apps and APIs, serving as a flexible platform for diverse security tasks.

License

Notifications You must be signed in to change notification settings

cosmic-zip/witchcraft

Repository files navigation

banner

banner

witchcraft-cybersecurity witchcraft GitHub issues GitHub License GitHub top language

🎉 Your OPSEC companion. Now with tldr-pages integration! 🎉


WITCHCRAFT

WITCHCRAFT is a toolkit for cybersecurity. It handles forensic research, OSINT, scanning, backups, data copying, and penetration testing for apps and APIs, serving as a flexible platform for diverse security tasks.

Visit the wiki:

https://cosmic-zip.github.io/wiki/wiki.html

Instalation

The project initially includes a set of default files. These files are created using the best possible data analysis techniques, and their final versions are merged into the main project.

The spellbook package also provide:

  • Advanced osint search in over 1000 sources

  • Default Credentials Database

  • IP Lookup

  • A Set of Social Media Pages for Evil Twin Attacks

  • General Wordlists for Directories and Subdomains

  • MAC Address Vendor Database

  • Usernames Wordlist

  • XSS Wordlist

  • And more, UwU!

  • Unique Wordlists:

    • Moth
    • Ladybug

Install using snap

Get it from the Snap Store

After installed add a snap alias:

sudo snap alias witchcraft-cybersecurity.witchcraft witchcraft

Build from source (recommended for parrot/kali linux)

To build the project, follow these instructions:

Step 1: Clone the Repository

git clone https://github.com/cosmic-zip/witchcraft.git --branch=main --depth 1
cd witchcraft

Step 2: Run the Build Script

Execute the provided build script build.sh:

chmod +x build-devel.sh
./build-devel.sh

The script will prompt you to enter the root password, create a folder called 'release,' and place the built executables inside it. Additionally, it will prompt you to run the commands for downloading the archive files for OSINT and wordlists. You can choose to download one, both, or neither, but keep in mind that the archives are required for ip lookup operations.

Running Witch_Craft

Execute the following command to run the witchcraft application:

witchcraft

Note: The first argument will always not have a "-" (minus) before it.

This script will run like:

witchcraft nuke.hd --device /dev/sdx1
witchcraft search.meta --keywork "Anonymous"
witchcraft search.ipscore --ip 127.0.0.1

Plugins

The witchcraft project is extensible through static files and Rust code. Moreover, it is possible to extend its functionalities using db.json. This file contains a list of small shell scripts, which means you can integrate anything that interacts with the terminal using ARGS (argsv, readargs(), sys.args(), etc).

Note: There is a Python script called sort.py inside /var/witchcraft/spellbook/dataset. It is used to create a sorted version of the dataset.

{
    "description": "Securely deletes and overwrites the contents of a device seven times",
    "name": "nuke.hd",
    "command": "shred -vzn 7 @@device"
}

Evilpages

Put your cloned pages in /var/witchcraft/spellbook/evilpages. Use the SingleFile extension or a similar tool to clone webpages:

https://addons.mozilla.org/en-US/firefox/addon/single-file/

RC File

To record logs of all your interactions, create a file named .witchrc in your home folder and add the following line to it:

path_log_file=~/my_frog.jsonl

You can use ~/ to represent your home directory or specify the complete path, such as:

path_log_file=/path/to/my/file.jsonl

License

🎉 This project is licensed under the GNU General Public License v3.0.

WITCHCRAFT includes IP2Proxy LITE data available from https://www.ip2location.com/proxy-database WITCHCRAFT includes cinsscore data available from https://www.cinsscore.com

About

WITCHCRAFT is a toolkit for cybersecurity. It handles forensic research, OSINT, scanning, backups, data copying, and penetration testing for apps and APIs, serving as a flexible platform for diverse security tasks.

Topics

Resources

License

Stars

Watchers

Forks

Languages