🎉 Your OPSEC companion. Run witchcraft help or witchcraft manual (for the complete manual) 🎉
witchcraft - A versatile toolkit for cybersecurity.
witchcraft [MODULE_NAME] [OPTION]... [FILE]... [IP]...
WITCHCRAFT is a powerful cybersecurity toolkit providing tools for forensic analysis, OSINT, scanning, backups, data copying, and penetration testing for applications and APIs. Its flexibility makes it suitable for a wide range of security tasks.
-
witchcraft map.local
Map all open local connections. -
witchcraft search.meta --keyword user_name
Search for theuser_namekeyword across over 1000 sites. -
witchcraft map.default --target example.com
Perform a default port scan on the specified target.
The project initially includes a set of default files created using advanced data analysis techniques. Final versions are merged into the main project.
-
GitHub Installation:
Visit witchcraft GitHub repository.
Go to releases, download the latest version, unzip the file, and locateinstaller.shanduninstall.sh.sudo bash installer.sh
-
Snap Package Installation:
snap install witchcraft-cybersecurity
-
Build from Source:
git clone https://github.com/cosmic-zip/witchcraft cd witchcraft sudo bash build-devel.shLocate the
distfolder, unzip the file, and useinstaller.shanduninstall.sh.The script prompts for root access, creates a
releasefolder, and places built executables inside. It also provides options for downloading archives for OSINT and wordlists required for IP lookup operations.
- Unique Wordlists: moth (16GB) and ladybug (1GB)
- Default Credentials Database
- IP Geolocation and Reputation/Score
- Social Media Pages for Evil Twin Attacks
- General Wordlists for Directories and Subdomains
- MAC Address Vendor Database
- Usernames Wordlist
- XSS Wordlist
- And more!
These files (700MB) can be downloaded using:
git clone https://github.com/cosmic-zip/witchcraft-wordlists /var/spellbook/Clone pages into /var/spellbook/evilpages using the SingleFile extension or similar tools. Example:
witchcraft server.eviltwin --address 127.0.0.1:9000 --path foo/bar/index.htmlTo log interactions, create .witchrc in your home folder and add:
path_log_file=~/my_frog.jsonl
Replace ~/ with a specific path if desired.
Standard Command-Line Flags (SCLF) include:
account: Arguments for account info or token.address: IPv4/IPv6 or domain name.ip: IPv4/IPv6 address.device: Virtual/physical device (e.g., HDD, SSD).dns/domain: Domain name.database_name: Name of the database.data: Input data (e.g., "some data here!").file: File location.folder: Path to a folder.host: Hostname or IP address.image: Image file location.interface: Network device.keyspace_name: Cassandra keyspace name.message: Message string.output: Output file path.overwrite: Overwrite existing files.password: Plaintext password.path: File path.port: Port number.protocol: Communication protocol.recursive: Enable recursive mode.secret: File (data) to be hidden.share: Shared resource (e.g., folder, file, printer).snapshot_name: Name of the snapshot.table_name: Database table name.target: IPv4/IPv6 or domain name.timeout: Timeout duration.url: Full URL path with http/https.username: Username setup.wait: Delay duration in seconds.verbose: Enable verbose mode.wordlist: Path to a wordlist.
Witchcraft supports extensions via static files, Rust code, and db.json. This file allows integration of terminal-based operations. Example:
Custom Command in Terminal:
mycommand --flag value --key value --some fooEntry in db.json:
{
"name": "mycommand",
"description": "My command does something cool",
"command": "mycommand --flag @@flag --key @@some_name_for_the_key"
}Final Command in Witchcraft:
mycommand --flag foo --some_name_for_the_key barYou can assign any name to a flag. Note that flags are not positional. Repeating a flag will not create a list of values. If a flag is repeated, only the first occurrence will be accepted. This design covers 98% of CLI interactions. Edge cases are not supported.
This project is licensed under the GNU General Public License v3.0.
WITCHCRAFT includes IP2Proxy® LITE and cinsscore® databases.