The new version is built on Docker and can run on any host that has Docker installed. The old version is built on shell scripts and can only run on Linux and Mac environments.
Project Introduction#
A penetration testing toolbox based on Docker, dedicated to providing portable, ready-to-use, and on-demand downloading of penetration testing tools.
Commonly used penetration testing tools have been encapsulated as Docker images and pushed to Docker Hub. Users are provided with a shell console, through which they can:
- View a list of third-party security tools
- Download third-party security tools on demand
- Run third-party security tools
- View the documentation and usage examples of third-party security tools (using the "demos" command)
Siusiu also supports non-interactive mode, making it easy to call Siusiu from other programs, for example: siusiu exec help.
Installation and Usage#
- Download the binary file. Click on the Docker release, download the corresponding version, and give it executable permissions.
- Git installation
git clone --depth 1 https://github.com/ShangRui-hash/siusiu.git
cd siusiu
go build -o siusiu
- GO installation
go get github.com/ShangRui-hash/siusiu@latest
go install github.com/ShangRui-hash/siusiu@latest
Usage:
siusiu:/ > help
Commands:
403bypasser 403 Bypass Tool
amass Information Gathering Tool
arjun Parameter Discovery Tool
cewl Web Crawler for Generating Dictionaries
clear clear the screen
cloudfail Tool for Finding the Real IP Behind Cloudflare
crawlergo Browser Crawler for URL Collection Using Chrome Headless Mode
cve-2018-15473-exp SSH User Enumeration Vulnerability Exploitation Tool
davtest WebDAV Exploitation Tool
dirsearch Directory Brute-Force Tool
ds_store_exp .DS_Store File Leakage Exploitation Script
exit exit the program
fetcher Tool for Making a Specified Directory into a Dictionary
ffuf Fuzz Testing Tool
firefox-decrypt Firefox Browser Password Extraction Tool
gau Passive URL Collection Based on Domain Name (Open Threat + Wayback Machine + Common Crawl)
githack:bugscanteam Git Leak Exploitation Tool (Downloads the .git Folder for Easy Retrieval of Historical Versions)
githack:lijiejie Git Leak Exploitation Tool (Only Downloads the Current Version)
gobuster Directory Scanning Tool (Used as a Backup for Dirsearch)
gopherus SSRF Vulnerability Gopher Protocol Payload Generation Tool
help display help
http3-client HTTP3 Client
hydra Weak Password Brute-Force Tool
input-scanner Tool for Extracting URLs from JS Files
jsfinder Tool for Extracting URLs and Subdomains from JS Source Code
ksubdomain Subdomain Brute-Force Tool
linkfinder Tool for Discovering Endpoints and Their Parameters in JavaScript Files
nmap Host Discovery, Port Scanning, Service Scanning, Version Identification
pacu AWS Exploitation Framework
paramspider Parameter Mining Tool
payloads-all-the-things Comprehensive Collection of Payloads
php_mt_seed PHP Pseudo-Random Number Seed Cracker
pocsuite3 POC Testing Framework
rip-hg.pl .hg File Leakage Exploitation Script (Downloads the .gh Folder for Easy Inspection of Historical Versions)
rip-svn.pl .svn File Leakage Exploitation Script (Downloads the .svn Folder for Easy Inspection of Historical Versions)
searchsploit Exploit/POC Search Tool
smbmap SMB Service Exploitation Tool
smtp-user-enum SMTP User Enumeration Tool
sqlmap SQL Injection Attack Tool
sqlmapapi SQLmap API
steghide Steganography Tool
stegseek Steganography Password Cracking Tool
subfinder Subdomain Query Tool
svn-exp svn-exp File Leakage Exploitation Script
tool-helper Get Help Documentation for a Tool
waybackurls Query Historical Pages of a Specified Domain Name
wfuzz Web Application Fuzzing Tool
whatweb Web Fingerprinting Tool
wpscan WordPress Vulnerability Scanning Tool
xray Vulnerability Scanner
xray-listen Xray Listening Tool
If the user has not installed pocsuite3, it will be automatically downloaded and run.
Run sqlmap and dirsearch in the siusiu console.
Download link: https://github.com/ShangRui-hash/siusiu