🎉 Your OPSEC companion. Run witchcraft help or witchcraft manual (for the complete manual) 🎉
witchcraft - A versatile toolkit for cybersecurity.
witchcraft [MODULE_NAME] [OPTION]... [FILE]... [IP]...
WITCHCRAFT is a powerful cybersecurity toolkit providing tools for forensic analysis, OSINT, scanning, backups, data copying, and penetration testing for applications and APIs. Its flexibility makes it suitable for a wide range of security tasks.
-
witchcraft map.localMap all open local connections. -
witchcraft search.meta --keyword user_nameSearch for theuser_namekeyword across over 1000 sites. -
witchcraft map.default --target example.comPerform a default port scan on the specified target.
The project initially includes a set of default files created using advanced data analysis techniques. Final versions are merged into the main project.
-
GitHub Installation: Visit witchcraft GitHub repository. Go to releases, download the latest version, unzip the file, and locate
installer.shanduninstall.sh.sudo bash installer.sh
-
Snap Package Installation:
snap install witchcraft-cybersecurity
-
Build from Source:
git clone https://github.com/cosmic-zip/witchcraft cd witchcraft sudo bash build-devel.shLocate the
distfolder, unzip the file, and useinstaller.shanduninstall.sh.The script prompts for root access, creates a
releasefolder, and places built executable inside. It also provides options for downloading archives for OSINT and wordlists required for IP lookup operations.
- Unique Wordlists: moth and ladybug
- Default Credentials Database
- IP Geolocation and Reputation/Score
- Social Media Pages for Evil Twin Attacks
- General Wordlists for Directories and Subdomains
- MAC Address Vendor Database
- Usernames Wordlist
- XSS Wordlist
- And more!
The spellbook has now been fully compressed and is 590MB in size. To download it, please check the README page for the updated link. If you are using the complete distribution package, you do not need to perform this step.
- To install the complete spellbook, simply download and copy it to: /var/spellbook
Clone pages into /var/spellbook/evilpages using the SingleFile extension or similar tools. Example:
witchcraft server.eviltwin --address 127.0.0.1:9000 --path foo/bar/index.htmlTo log interactions, create .witchrc in your home folder and add:
path_log_file=~/my_frog.jsonl
Replace ~/ with a specific path if desired.
Standard Command-Line Flags (SCLF) include:
account: Arguments for account info or token.address: IPv4/IPv6 or domain name.ip: IPv4/IPv6 address.device: Virtual/physical device (e.g., HDD, SSD).dns/domain: Domain name.database_name: Name of the database.data: Input data (e.g., "some data here!").file: File location.folder: Path to a folder.host: Hostname or IP address.image: Image file location.interface: Network device.keyspace_name: Cassandra keyspace name.message: Message string.output: Output file path.overwrite: Overwrite existing files.password: Plaintext password.path: File path.port: Port number.protocol: Communication protocol.recursive: Enable recursive mode.secret: File (data) to be hidden.share: Shared resource (e.g., folder, file, printer).snapshot_name: Name of the snapshot.table_name: Database table name.target: IPv4/IPv6 or domain name.timeout: Timeout duration.url: Full URL path with http/https.username: Username setup.wait: Delay duration in seconds.verbose: Enable verbose mode.wordlist: Path to a wordlist.
Witchcraft supports extensions via static files, Rust code, and db.json. This file allows integration of terminal-based operations. Example:
Custom Command in Terminal:
mycommand --flag value --key value --some fooEntry in db.json:
{
"name": "mycommand",
"description": "My command does something cool",
"command": "mycommand --flag @@flag --key @@some_name_for_the_key"
}Final Command in Witchcraft:
mycommand --flag foo --some_name_for_the_key barYou can assign any name to a flag. Note that flags are not positional. Repeating a flag will not create a list of values. If a flag is repeated, only the first occurrence will be accepted. This design covers 98% of CLI interactions. Edge cases are not supported.
This project is licensed under the GNU General Public License v3.0. WITCHCRAFT includes IP2Proxy® LITE and cinsscore® databases.