Information Gathering

badKarma – Advanced Network Reconnaissance Toolkit

badKarma - Advanced Network Reconnaissance Toolkit

badKarma is a python3 GTK+ network infrastructure penetration testing toolkit.

badKarma aim to help the tester in all the penetration testing phases (information gathering, vulnerability assessment,exploitation,post-exploitation and reporting). It allow the tester to save time by having point-and-click access to their toolkit and interacte with them through GUIs or Terminals, also every task is logged under a sqlite database in order to help during the reporting phase or in a incident response scenario.
It is also available a proxychains switch that let everything go through proxies, and last but not least, every commands can be adjusted before the execution by disabling the “auto-execute” checkbox.
badKarma is licensed under GNU GPL version 3.
The database by default is located inside the “/tmp” directory, this means that you have to save it in a different location before rebooting your computer.
It contains all the information gained during the activity, real-time updated, it is used like a session file, and it can be exported or/and imported.
It is possible to add target and scan them with nmap or import an nmap XML report, also some defaults scan profiles are already available as well.
By defaults all the nmap output are stored inside the “/tmp” directory , then the output is imported in the sqlite database and deleted.
badKarma is modular, the extensions are full-interactive and they allow the tester to tune tasks options, also every extension output is logged under the database and can be exported as a raw txt from the “Logs” tab.
Extensions can be found under the “extension” directory,current available extensions are:
  • Shell: this is the main module of the toolkit since it allow the tester to execute preconfigured shell tasks. Shell commands are located under the “conf” directory.
  • Bruter: as the name says, bruter is the brute-force extension. It allow the tester to send a target directly to Hydra and configure the parameters through a GUI.
  • Screenshot: this extension allow the tester to take a screenshot of possibile web servers, the screenshot will be stored in the log database as base64 and can be normally shown from badKarma.
  • Browser: just an “open in browser” for webservers menu item, take it as an example to build your own extensions.







install Kali linux dependecies:

# apt install python3-pip python3-gi phantomjs gir1.2-gtk-vnc-2.0 ffmpeg `

clone the repository:

$ git clone

install python dependecies:

# cd badKarma
# pip3 install -r requirements.txt


$ chmod +x
$ ./

Website security, detecting malwares on the website and removal services, website backup services, daily website file scanning and file changes monitoring