Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
🔥 Ultimate Hacker Toolkit
A professional‑grade, all‑in‑one security testing framework written in Rust.
Includes modules for vulnerability scanning, stress testing (DoS simulation), credential stuffing, spam/flooding, payload generation, and reporting.
⚠️ Legal Disclaimer: This tool is for authorised security testing and educational purposes only. Unauthorised use against systems you do not own or have explicit permission to test is illegal. Use at your own risk.
✨ Features
| Module | Description |
|---|---|
| Scanner | Port scanning, SQL injection detection, XSS detection, directory brute‑forcing, subdomain enumeration, SSL/TLS analysis, security headers audit, CVE matching |
| Advanced Scanning | DNS Zone Transfer (AXFR) checker, Subdomain Takeover detector (GitHub Pages, S3, Heroku, Shopify, Squarespace), and Technology Fingerprinting (Nginx, Apache, WordPress, React, next.js, Drupal, Nuxt, Vue, PHP, ASP.NET, IIS) |
| Offline CVE Database | Browse and query a local CVE database by keywords, CVE ID, product, or description (accessible via CLI and GUI) |
| Stress | HTTP flood, Slowloris, UDP flood, SYN flood simulation, advanced HTTP flood with random methods |
| Credential Stuffing | Mass login attempts with wordlists, proxy rotation, rate limiting, result logging |
| Spam | Database flooding, email bomber, SMS bomber, comment spam, registration spam |
| Payload | Reverse shells (Linux, Windows, Python, PHP, Node.js, Ruby, Perl), bind shells, PHP web shells, download & execute |
| Report | HTML and JSON report generation, beautiful vulnerability reports with direct GUI export pickers |
📦 Installation
Prerequisites
- Rust (1.70+)
- Cargo
Build from source
🚀 Usage
Command Line Interface (CLI)
Get general help:
1. Vulnerability Scanner (scan)
Scan a target URL or host (includes port scanning, SQLi, XSS, directory brute forcing, subdomain discovery, SSL analysis, security header audits, and CVE matching).
# Quick scan with default options
# Full scan with a custom proxy and rate limits, saving HTML report
2. Offline CVE Lookup (cve-search)
Query the local database of Common Vulnerabilities and Exposures by keywords.
3. Payload Generation (payload)
Generate reverse shells, bind shells, web shells, and download/execution payloads across multiple languages.
# Generate a reverse shell payload
# Generate a PHP web shell and save to a file
4. Stress Testing (stress)
Simulate network load on targets.
# HTTP flood with 50 threads for 60 seconds
5. Credential Stuffing (cred-stuff)
Perform mass login tests against an authentication endpoint.
6. Spam & Flooding (spam)
Test rate limiting on databases, forums, forms, and services.
# Flood a database API endpoint with random data
7. Report Generation (report)
Create HTML reports from raw scan JSON files.
Graphical User Interface (GUI)
Launch the interactive dashboard with real-time logs, live async progress bars, and file export options: