Hcon Security Testing Framework on cloud( AWS/Azure/Google Cloud )

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments. Contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals,web developers, manual vulnerability assessments and much more.

Even useful to anybody interested in information security domain – students, Security Professionals,web developers, manual vulnerability assessments and much more.

Most of the part of HconSTF is semi-automated but you still need your brain to work it out.
It can be use in all kind of security testing stages, it has tools for conducting tasks like,

Web Penetration Testing

Web Exploits Development
Web Malware Analysis
Open Source Intelligence ( Cyber Spying & Doxing )

HconSTF is very flexible and good enough for any
1. IT Security Professionals
2. Web Bug bounty Hunters
3. Web Developers
4. IT students
or any one interested in IT security

Version Info :
Current version : 0.5 codename ‘PRIME’
Type : Portable (no need to install , run from pendrive or any memory card)
Platform : Windows : XP , Vista , 7 both x32 & x64, 8, Linux (wine)
Linux : All Linux distributions are supported including Kali, Backbox, Blackbuntu, Weakerthan

License :
Various Open Source
in simple words its totally free as free speech, no license fees.

Terms of usage :
This software comes with no guaranties and warranties of any kind. Use it at your own risk.
By using this software, you are agreed to this term of usage.
Because of the nature of the software if it is used in any unlawful activity or anything relative to cybercrime then the author of the software is NOT at all responsible in anything you do with this software.
you as the user of this software is responsible for your own deeds.

A testing framework or more specifically a testing

automation framework is an execution environment for automated tests. It is the overall system in which the tests will be automated. ! It is defined as the set of assumptions, concepts, and practices that constitute a work platform or support for automated testing.

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals,web developers, manual vulnerability assessments and much more.

Hcon Security Testing Framework on cloud for AWS

Features of HconSTF:

Categorized and comprehensive toolset
Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few

HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
Each option is configured for penetration testing and Vulnerability assessments
Specially configured and enhanced for gaining easy & solid anonymity
Works for web app testing assessments specially for owasp top 10
Easy to use & collaborative Operating System like interface

Multi-Language support (feature in heavy development translators needed)
Hacker Friendly
Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use interface, small in size and light on resources. contains hundreds of features for :
Web Penetration Testing

Web Exploits Development
Web Malware Analysis
OSINT & Cyber spying
Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development.
HconSTF contains blend of online and offline tools for Pentesting called ‘WebUI‘.
includes scanners, encoders, and much more
IDB is Integrated database with huge amount of Web payloads like :

Xss
Sqli
LDAP
Command execution

Helps in many Open source intelligence based tasks like
Passive Web & Network Reconnaissance
Doxing
Cyber Spying

Hash cracking
Huge amount of Plugins more than 165
Encoding / Decoding & hashing Features and tools, supports wide variety of formats, character set and algorithms for making payloads undetectable

Darknets and proxies integrated, Spoofing tools. supports integration with many decoy options, includes many tools for proxies and anonymizing networks
readily configured for:
Tor
AdvOR
I2P
Https, Socks 4 /

Contains many integrated useful reporting features like :
Screenshots
Note taking
Session saving & exporting

Custom Url Logging
Automated Request logging
Includes Hackery-Hybrid, collection of huge amount of learning bookmarks for learning any techniques, tools.
Available for both all Windows and Linux based systems

Easy to use & collaborative Operating System like interface
Includes Custom scripts for doing many pentesting tasks
Includes Cleaner for running HconSTF smoothly
Light on Hardware Resources & Small in size
Portable – no need to install, can work from any USB storage device

Multi-Language support (Partial)
Works side-by-side with your normal web browser without any conflict issues
Works on both architectures x86 & x64 on windows XP, Vista, 7 and on Linux with Wine
Netbook compatible – User interface is designed for using framework on small screen sizes
Free & Open source

Recon / Mapping
Editors / Debuggers
Exploitation / Audit
Anonymity

Passwords
Cryptography
Database
Scripting / Automation
Network Utilities

Reporting

Major Features of HconSTF:

Categorized and comprehensive toolset
Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
Each and every option is configured for penetration testing and Vulnerability assessments
Specially configured and enhanced for gaining easy & solid anonymity
Works for web app testing assessments specially for owasp top 10
Easy to use & collaborative Operating System like interface
Multi-Language support (feature in heavy development translators needed)

Installation Instructions For Windows

Installation Instructions For Windows

Note: How to find PublicDNS in AWS

Step 1) RDP Connection: To connect to the deployed instance, Please follow Instructions to Connect to Windows instance on AWS Cloud

1) Connect to the virtual machine using following RDP credentials:

Hostname: PublicDNS / IP of machine
Port : 3389

Username: To connect to the operating system, use RDP and the username is Administrator.
Password: Please Click here to know how to get password .

Step 2) Click the Windows “Start” button and select “All Programs” and then point to HconSTF

Step 3) Other Information:

1.Default installation path: will be in your root folder “C:\HconSTFPortable”
2.Default ports: