Hcon Security Testing Framework on cloud

1-click AWS Deployment 1-click Azure Deployment

Overview

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments. Contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals,web developers, manual vulnerability assessments and much more. 

Even useful to anybody interested in information security domain – students, Security Professionals,web developers, manual vulnerability assessments and much more. 

Most of the part of HconSTF is semi-automated but you still need your brain to work it out.
It can be use in all kind of security testing stages, it has tools for conducting tasks like,
 

  • Web Penetration Testing 
  • Web Exploits Development 
  • Web Malware Analysis 
  • Open Source Intelligence ( Cyber Spying & Doxing )
     

HconSTF is very flexible and good enough for any
1. IT Security Professionals
2. Web Bug bounty Hunters
3. Web Developers
4. IT students
or any one interested in IT security

Version Info : 
Current version : 0.5 codename ‘PRIME’
Type : Portable (no need to install , run from pendrive or any memory card)
Platform : Windows : XP , Vista , 7 both x32 & x64, 8, Linux (wine)
                  Linux : All Linux distributions are supported including Kali, Backbox, Blackbuntu, Weakerthan

License : 
Various Open Source
in simple words its totally free as free speech, no license fees.

Terms of usage :
This software comes with no guaranties and warranties of any kind. Use it at your own risk.
By using this software, you are agreed to this term of usage.
Because of the nature of the software if it is used in any unlawful activity or anything relative to cybercrime then the author of the software is NOT at all responsible in anything you do with this software.
you as the user of this software is responsible for your own deeds. 

A testing framework or more specifically a testing 

 automation framework is an execution environment for automated tests. It is the overall system in which the tests will be automated. ! It is defined as the set of assumptions, concepts, and practices that constitute a work platform or support for automated testing.
 

 

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals,web developers, manual vulnerability assessments and much more.

Hcon Security Testing Framework on cloud for AWS

 

Features

Features of HconSTF:

  • Categorized and comprehensive toolset 
  • Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few 
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF) 
  • Each option is configured for penetration testing and Vulnerability assessments 
  • Specially configured and enhanced for gaining easy & solid anonymity 
  • Works for web app testing assessments specially for owasp top 10 
  • Easy to use & collaborative Operating System like interface 
  • Multi-Language support (feature in heavy development translators needed) 
  • Hacker Friendly
  • Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use interface, small in size and light on resources. contains hundreds of features for :
     
  • Web Penetration Testing 
  • Web Exploits Development 
  • Web Malware Analysis 
  • OSINT & Cyber spying
     
  • Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development.
     
  • HconSTF contains blend of online and offline tools for Pentesting called ‘WebUI‘.
    includes scanners, encoders, and much more
      
  • IDB is Integrated database with huge amount of Web payloads like :
     
  • Xss 
  • Sqli 
  • LDAP 
  • Command execution
  • Helps in many Open source intelligence based tasks like
     
  • Passive Web & Network Reconnaissance 
  • Doxing
     
  • Cyber Spying 
  • Hash cracking
     
  • Huge amount of Plugins more than 165
     
  •  
  • Encoding / Decoding & hashing Features and tools, supports wide variety of formats, character set and algorithms for making payloads undetectable
     
  •  
  • Darknets and proxies integrated, Spoofing tools. supports integration with many decoy options, includes many tools for proxies and anonymizing networks
    readily configured for:
     
  • Tor 
  • AdvOR 
  • I2P 
  • Https, Socks 4 / 
      
  • Contains many integrated useful reporting features like :
     
  • Screenshots 
  • Note taking 
  • Session saving & exporting 
  • Custom Url Logging 
  • Automated Request logging
     
  • Includes Hackery-Hybrid, collection of huge amount of learning bookmarks for learning any techniques, tools. 
  • Available for both all Windows and Linux based systems
  • Easy to use & collaborative Operating System like interface 
  • Includes Custom scripts for doing many pentesting tasks 
  • Includes Cleaner for running HconSTF smoothly
     
  • Light on Hardware Resources & Small in size
     
  • Portable – no need to install, can work from any USB storage device
     
  • Multi-Language support (Partial)
     
  • Works side-by-side with your normal web browser without any conflict issues
     
  • Works on both architectures x86 & x64 on windows XP, Vista, 7 and on Linux with Wine
     
  • Netbook compatible – User interface is designed for using framework on small screen sizes
     
  • Free & Open source
     
  • Recon / Mapping
     
  • Editors / Debuggers 
  • Exploitation / Audit 
  • Anonymity 
  • Passwords 
  • Cryptography 
  • Database 
  • Scripting / Automation 
  • Network Utilities 
  • Reporting

Major Features of HconSTF:

  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Multi-Language support (feature in heavy development translators needed)

AWS

Installation Instructions For Windows

Note: How to find PublicDNS in AWS

Step 1) RDP  Connection: To connect to the deployed instance, Please follow Instructions to Connect to Windows  instance on AWS Cloud

1) Connect to the virtual machine using following RDP credentials:

  • Hostname: PublicDNS  / IP of machine
  • Port : 3389

Username: To connect to the operating system, use RDP and the username is Administrator.
Password: Please Click here to know how to get password .

Step 2) Click the Windows “Start” button and select “All Programs” and then point to HconSTF

Step 3) Other Information:

1.Default installation path: will be in your root folder “C:\HconSTFPortable”
2.Default ports:

  • Windows Machines:  RDP Port – 3389
  • Http: 80
  • Https: 443

Configure custom inbound and outbound rules using this link

Installation Step by Step Screenshots

 

 

 

 

 

 

 

 

 

 

 

Videos

 

Hcon Security Testing Framework on cloud