The new version is built on Docker and can run on any host that has Docker installed. The old version is built on shell scripts and can only run on Linux and Mac environments.
Project Introduction#
A penetration testing toolbox based on Docker, dedicated to providing portable and ready-to-use penetration testing tools that can be downloaded on demand. Common penetration testing tools have been packaged as Docker images and pushed to Docker Hub. Users are provided with a shell console through which they can:
- View a list of third-party security tools
- Download third-party security tools as needed
- Run third-party security tools
- View documentation and usage examples for third-party security tools (using the "demos" command)
Siusiu also supports non-interactive mode, making it easy for Siusiu to be called by other programs, for example: "siusiu exec help".
Installation and Usage#
- Download the binary file by clicking on the Docker release, download the corresponding version, and give it executable permissions.
- Git installation:
git clone --depth 1 https://github.com/ShangRui-hash/siusiu.git
cd siusiu
go build -o siusiu
- GO installation:
go get github.com/ShangRui-hash/siusiu@latest
go install github.com/ShangRui-hash/siusiu@latest
Usage:
siusiu:/ > help
Commands:
403bypasser 403 bypass tool
amass Information gathering tool
arjun Parameter discovery tool
cewl Web scraping tool to generate dictionaries from website keywords
clear Clear the screen
cloudfail Tool to find the real IP behind Cloudflare
crawlergo Browser crawler for URL collection using Chrome headless mode
cve-2018-15473-exp SSH username enumeration vulnerability exploitation tool
davtest WebDAV exploitation tool
dirsearch Directory brute-forcing tool
ds_store_exp .DS_Store file leakage exploitation script
exit Exit the program
fetcher Tool to make a specified directory into a dictionary
ffuf Fuzzing tool
firefox-decrypt Firefox browser password extraction tool
gau Passive URL collection based on domain name (open threat+wayback machine+common crawl)
githack:bugscanteam Git leakage exploitation tool (downloads .git folder for easy retrieval of historical versions)
githack:lijiejie Git leakage exploitation tool (only downloads current version)
gobuster Directory scanning tool (backup for dirsearch when it fails)
gopherus SSRF vulnerability gopher protocol payload generation tool
help Display help
http3-client HTTP3 client
hydra Weak password cracking tool
input-scanner Tool to extract URLs from JavaScript files
jsfinder Tool to extract URLs and subdomains from JavaScript source code
ksubdomain Subdomain brute-forcing tool
linkfinder Tool to discover endpoints and their parameters in JavaScript files
nmap Host discovery, port scanning, service scanning, version identification
pacu AWS exploitation framework
paramspider Parameter mining tool
payloads-all-the-things Comprehensive collection of payloads
php_mt_seed PHP pseudo-random number seed cracker
pocsuite3 POC testing framework
rip-hg.pl .hg file leakage exploitation script (downloads .gh folder for easy inspection of historical versions)
rip-svn.pl .svn file leakage exploitation script (downloads .svn folder for easy inspection of historical versions)
searchsploit Exploit/POC search tool
smbmap SMB service exploitation tool
smtp-user-enum SMTP username enumeration tool
sqlmap SQL injection attack tool
sqlmapapi SQLmap API
steghide Steganography tool
stegseek Brute-forcing tool for steganography passwords
subfinder Subdomain query tool
svn-exp svn-exp file leakage exploitation script
tool-helper Get help documentation for a tool
waybackurls Query historical pages of a specified domain name
wfuzz Web application fuzzing tool
whatweb Web fingerprinting tool
wpscan WordPress vulnerability scanning tool
xray Vulnerability scanner
xray-listen Xray listening tool
If the user does not have pocsuite3 installed, it will be automatically downloaded and run.
Running sqlmap and dirsearch in the siusiu console.
Download link: https://github.com/ShangRui-hash/siusiu