tools:
- name: sqlmap_test
description: SQL injection testing with SQLMap
run:
kind: shell
cmd: "sqlmap -u {{url}} {{options}} --batch"
args:
url:
type: string
description: "Target URL to test for SQL injection"
required: true
options:
type: string
description: "Additional SQLMap options (e.g., --dbs, --tables, --dump)"
required: false
default: "--dbs"
- name: hydra_bruteforce
description: Password brute force attack using Hydra
run:
kind: shell
cmd: "hydra -l {{username}} -P {{wordlist}} {{target}} {{service}}"
args:
target:
type: string
description: "Target IP or hostname"
required: true
service:
type: string
description: "Service to attack (ssh, ftp, http-post-form, etc.)"
required: true
username:
type: string
description: "Username to test"
required: true
wordlist:
type: string
description: "Path to password wordlist"
required: true
- name: gobuster_scan
description: Directory and DNS brute forcing with Gobuster
run:
kind: shell
cmd: "gobuster {{mode}} -u {{target}} -w {{wordlist}} {{extra}}"
args:
mode:
type: string
description: "Scan mode (dir for directories, dns for subdomains, vhost for virtual hosts)"
required: false
default: "dir"
target:
type: string
description: "Target URL or domain"
required: true
wordlist:
type: string
description: "Path to wordlist file"
required: true
extra:
type: string
description: "Extra flags (e.g., -x php,html for extensions)"
required: false
default: ""
- name: nikto_scan
description: Web server vulnerability scanning with Nikto
run:
kind: shell
cmd: "nikto -h {{target}} {{options}}"
args:
target:
type: string
description: "Target web server URL or IP"
required: true
options:
type: string
description: "Additional Nikto options (e.g., -ssl for HTTPS, -Tuning x for specific tests)"
required: false
default: ""
