Tools for performing brute-force attacks on various services, such as admin panel finding, cryptographic hash decryption, and login attempts.
Functionality for analyzing, encoding, decoding, and guessing secret keys for JSON Web Tokens (JWT).
Tools for launching different types of Distributed Denial-of-Service (DDoS) attacks for assessing server and network infrastructure resilience.
Tools for gathering domain, IP, network, and subdomain information, useful for reconnaissance and vulnerability assessment.
Features for creating, managing, and scaling a botnet infrastructure, valuable for studying botnets and their operations.
Specific scanners for popular Content Management Systems (CMS) like Drupal, Joomla, Magento, and WordPress, for identifying vulnerabilities in websites using these platforms.
Scanners for port scanning, amplification factor calculation, and network-related vulnerability assessment.
Various vulnerability scanners for detecting different types of web application vulnerabilities, including CSRF, XSS, RCE, and more.
Utility modules for common tasks and operations, such as working with files, managing cookies, and updating the library.
Tools for analyzing web pages, filling forms, generating random data, and parsing URLs, useful for web scraping and data analysis.
Utilities for handling proxy configurations and checking the validity of proxy servers, beneficial for tasks that require anonymity and security.
The "bane" library offers comprehensive support for a wide range of proxies across the majority of its functionalities. Notably, it includes support for TOR in various components, enhancing anonymity and security. The only exceptions are SSH and database connections, which fall outside the project's control.
Thanks to its advanced capabilities, "bane" ensures that TOR users remain anonymous and free from any DNS leakage, reinforcing privacy and security for users seeking anonymity.
"bane" has implemented a feature that enables each request to exit through a different TOR node without the need to obtain a new identity or restart TOR's service. This innovation adds an extra layer of sophistication to the project, further enhancing user experience.
For added challenge and effectiveness in HTTP-based DDoS attacks, "bane" generates HTTP requests with headers featuring random but legitimate values, courtesy of its extensive list of 20,000 user-agents and header values. Subsequently, it rearranges these headers into a random order and selectively removes certain headers (with caution to retain critical ones) before sending the request, ensuring a multifaceted and impactful approach to DDoS attacks.
bane offers an added layer of security by incorporating a hardcoded list of U.S. government and military IP ranges for several countries. This feature ensures that when generating random IP addresses for its botnet scanner, the tool will steer clear of these specified IP ranges. By doing so, bane mitigates the risk of unintentional interference with government or military infrastructure, thus safeguarding the user from any inadvertent involvement with such sensitive networks. This proactive approach not only protects users from legal complications but also underscores bane's commitment to responsible and ethical usage in the realm of cybersecurity.
Bane offers a streamlined and efficient process for security testing. It autonomously parses all available URLs, media sources (videos, images, etc.), and HTML forms, eliminating the need for manual intervention. This automation allows bane to systematically test each element one at a time while respecting the form's input types. It intelligently fills each parameter with the appropriate values, optimizing the testing process for comprehensive security assessments.
If you are using Windows, please follow these steps:
bane using pip:pip install bane
If you are on Linux, run the following command with sudo to ensure that required packages, sshpass and tor are installed ( it may take some time to finish their installation without any output so wait few minutes ):
sudo pip install bane
Otherwise if you wish to install the current version on github:
git clone https://github.com/AlaBouali/bane cd bane pip install .
To use bane you need to open the Python interpreter from your terminal / cmd, as bane can be used only within the interpreter after importing it or as a part of a script:
python
or
python3
After that, import bane and start using it as explained in the documentation above:
import bane
If you are using jython , please navigate to the site-packages directory (e.g., C:\jython\Lib\site-packages). Open the dns folder, and within the resolver.py file, comment out line 1149 by placing a # in front of it:
socket.SOCK_DGRAM: [socket.SOL_UDP],
#socket.SOCK_DGRAM: [socket.SOL_UDP],
WARNING: can't import layer ipsec: cannot import name 'gcd' from 'fractions' (C:\...
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH WARNING: can't import layer ipsec: cannot import name 'gcd' from 'fractions' (/usr/lib/python3.9/fractions.py)