## https://sploitus.com/exploit?id=3CCC5B18-4CA6-591D-AD95-F40F8D11244E
WRAITH
Offensive Security Framework โ an all-in-one, menu-driven recon & exploitation toolkit for Linux.
โ For authorized security testing only. Every action is logged.
---
## โฆ Overview
**WRAITH** packs a full security-assessment workflow into a single, menu-driven
console: network & device discovery, vulnerability scanning, DNS recon, web/
WordPress testing, password auditing, hash cracking, a built-in **wordlist
generator**, an encoder/crypto multitool and an HTML report generator โ plus an
**optional local web GUI**.
- **Pure Python** โ works with the standard library alone (one optional dep).
- **Menu-first** โ everything starts from a menu and control always returns to
it. `Ctrl+C` returns to the menu; only `q` quits.
- **Self-contained** โ the scanning engine uses raw Python sockets. It never
opens external terminals or spawns a browser.
> Built for ethical hackers and pentesters operating **within an authorized
> scope** (engagements, labs, CTFs).
---
## ๐ Table of Contents
- [Features](#-features)
- [Installation](#-installation)
- [Usage](#-usage)
- [Modules](#-modules)
- [Wordlists](#-wordlists)
- [Output & Reports](#-output--reports)
- [Project Structure](#-project-structure)
- [Optional GUI](#-optional-gui)
- [Disclaimer](#-disclaimer)
- [License](#-license)
- [Author](#-author)
---
## โจ Features
| Category | Modules |
|----------|---------|
| ๐ฐ๏ธ **Recon** | Network scanner ยท Device scanner (AP / IP cameras / IoT) ยท Vulnerability scanner ยท DNS recon |
| ๐ **Web / Attack** | Web app scanner (generic / WordPress) ยท Password auditing (SSH/FTP/HTTP/WordPress) ยท Hash toolkit |
| ๐งฐ **Arsenal** | Wordlist Forge (user/password generator) ยท Encoder / Crypto multitool ยท HTML report generator ยท Local GUI |
Highlights:
- ๐ฅ **Wordlist Forge** โ CUPP-style password profiler, username/email generator, and a crunch-style charset generator.
- ๐ **Password auditing** with **constant-memory streaming** (handles `rockyou.txt` ~14M, including `.gz`).
- ๐งฌ **Hash toolkit** โ identify + dictionary-crack MD5/SHA1/224/256/384/512/NTLM.
- ๐ **Pure-Python DNS resolver** (A/AAAA/NS/MX/TXT/CNAME via UDP + EDNS0) with subdomain bruteforce.
- ๐ท **Smart camera fingerprinting** with anti-false-positive logic and confidence scoring.
- ๐ **HTML report** aggregating every scan into one navigable file.
---
## ๐ Installation
### Requirements
- Linux
- Python **3.8+** (no mandatory dependencies)
### Quick start
```bash
# 1. Clone the repository
git clone https://github.com/devbyflippy/wraith.git
cd wraith
# 2. (Optional) install extras โ enables SSH password auditing
pip install -r requirements.txt
# 3. Make the launcher executable
chmod +x wraith.sh
# 4. Run
./wraith.sh
```
### Run options
```bash
./wraith.sh # normal CLI
./wraith.sh --gui # also start the local GUI
./wraith.sh --no-color # disable ANSI colors
./wraith.sh --no-boot # skip the boot animation
# without the launcher:
python3 -m wraith
```
On startup you'll see a boot animation, then an **authorization banner** โ type
`yes` to proceed to the main menu.
---
## ๐ฎ Usage
```
RECON 1) Network scanner
2) Device scanner (AP / cameras / IoT)
3) Vulnerability scanner
4) DNS recon
WEB/ATTACK 5) Web application scanner (generic / WordPress)
6) Password auditing (SSH/FTP/HTTP/WordPress)
7) Hash toolkit (identify / crack)
ARSENAL 8) Wordlist Forge (user/password generator)
9) Encoder / Crypto multitool
10) Report generator (HTML)
11) Local GUI interface (optional)
q) Quit the framework
```
**Targets** accept a single host/domain, CIDR (`192.168.1.0/24`), range
(`192.168.1.10-50`), or a comma-separated list. **Ports** accept `top`, `all`,
ranges (`1-1024`) or lists (`22,80,443`).
---
## ๐งฉ Modules
### ๐ฐ๏ธ Recon
| Module | What it does |
|--------|--------------|
| **Network scanner** | Host discovery (ICMP + TCP), multithreaded port scan with banner grabbing, ARP cache with OUI vendor lookup. |
| **Device scanner** | WiFi APs via `nmcli`; **IP cameras** via RTSP/HTTP content-confirmed fingerprinting + OUI (Hikvision, Dahua, Axis, Reolink, Foscamโฆ), with anti-false-positive & confidence; IoT/embedded detection. |
| **Vulnerability scanner** | Risky exposed services (Telnet, anonymous FTP, Redis/Docker/Elastic no-authโฆ), versions with known CVEs, sensitive files, outdated TLS. |
| **DNS recon** | Pure-Python resolver (A/AAAA/NS/MX/TXT/CNAME, UDP+EDNS0), reverse DNS, multithreaded subdomain bruteforce. |
### ๐ Web / Attack
| Module | What it does |
|--------|--------------|
| **Web app scanner** | Generic: security headers, HTTP methods, sensitive paths, directory listing, TLS. **WordPress**: version, user enumeration (REST API + author archive), plugins, `xmlrpc.php`, `debug.log`. |
| **Password auditing** | Weak/default credential testing over **SSH** (paramiko), **FTP**, **HTTP Basic**, **HTTP form** and **WordPress**. Streaming engine, multithreaded, stop-on-first, default **rockyou.txt** (`.gz` supported). |
| **Hash toolkit** | Identify hash types, compute hashes, and **dictionary-crack** MD5/SHA1/224/256/384/512/NTLM in streaming. |
### ๐งฐ Arsenal
| Module | What it does |
|--------|--------------|
| **Wordlist Forge** | **Password profiler** (CUPP-style from target info), **username/email generator** (from first+last name), **charset brute generator** (crunch-style, lazy & capped). |
| **Encoder / Crypto** | base64/base32/hex/url/rot13/binary, auto-decode, **JWT decoder**, hashing. |
| **Report generator** | Aggregates all JSON reports into a single dark, navigable **HTML report**. |
| **Local GUI** | stdlib web server on `127.0.0.1`, same engines as the CLI. Optional, opens no browser. |
---
## ๐ Wordlists
In password auditing / hash cracking, leaving the wordlist field empty uses the
first available of:
1. `/usr/share/wordlists/rockyou.txt`
2. `/usr/share/wordlists/rockyou.txt.gz` โ read **compressed**, no extraction
3. `wordlists/rockyou.txt(.gz)` inside the project
4. `wordlists/passwords-top.txt` โ quick fallback (bundled)
> ๐ก rockyou has ~14M passwords โ a full run can take hours. Use *stop-on-first*
> or `wordlists/passwords-top.txt` for quick tests. Wordlists produced by the
> **Wordlist Forge** are saved to `wordlists/`.
---
## ๐ Output & Reports
- `output/logs/session_*.log` & `.jsonl` โ full action trace.
- `output/*.json` โ per-scan reports.
- `output/wraith_report_*.html` โ aggregated HTML report.
---
## ๐๏ธ Project Structure
```
wraith/
โโโ wraith.sh # launcher
โโโ requirements.txt # OPTIONAL dependencies
โโโ assets/logo.svg # logo
โโโ wordlists/ # bundled + generated wordlists
โโโ output/ # runtime reports & logs
โโโ wraith/ # Python package
โโโ __main__.py # python3 -m wraith
โโโ app.py # consent + main menu
โโโ core/ # config ยท ui ยท logger ยท utils
โโโ modules/ # netscan ยท devices ยท vulnscan ยท dnsrecon
โ # webscan ยท passwords ยท hashkit
โ # wordgen ยท encoder ยท report
โโโ gui/ # server ยท index.html
```
---
## ๐ฅ๏ธ Optional GUI
Enable from the menu (option **11**) or with `--gui`. It serves a console on
`http://127.0.0.1:8765`. Open the URL yourself โ WRAITH never launches a browser.
The most sensitive actions (password auditing, hash cracking) stay on the CLI
with explicit confirmation and are **not** exposed via the API.
---
## โ ๏ธ Disclaimer
This software is provided for **authorized security testing and educational
purposes only**. Use it exclusively on systems you **own** or have **explicit
written permission** to test. Unauthorized access to computer systems is illegal
and may result in criminal and civil liability. The author assumes **no
responsibility** for misuse or damage caused by this program. By using WRAITH you
accept full responsibility for your actions.
---
## ๐ License
Released under the **MIT License** โ see [LICENSE](LICENSE).
---
## ๐ค Author
devbyflippy
> ๐ก๏ธ Built with care for the ethical hacking community. Hack responsibly.