🎉 Your OPSEC companion. Run witchcraft help or witchcraft manual (for the complete manual) 🎉
witchcraft - A versatile toolkit for cybersecurity.
witchcraft [MODULE_NAME] [OPTION]... [FILE]... [IP]...
WITCHCRAFT is a powerful cybersecurity toolkit providing tools for forensic analysis, OSINT, scanning, backups, data copying, and penetration testing for applications and APIs. Its flexibility makes it suitable for a wide range of security tasks.
-
witchcraft map.local
Map all open local connections. -
witchcraft search.meta --keyword user_name
Search for theuser_name
keyword across over 1000 sites. -
witchcraft map.default --target example.com
Perform a default port scan on the specified target.
The project initially includes a set of default files created using advanced data analysis techniques. Final versions are merged into the main project.
-
GitHub Installation:
Visit witchcraft GitHub repository.
Go to releases, download the latest version, unzip the file, and locateinstaller.sh
anduninstall.sh
.sudo bash installer.sh
-
Snap Package Installation:
snap install witchcraft-cybersecurity
-
Build from Source:
git clone https://github.com/cosmic-zip/witchcraft cd witchcraft sudo bash build-devel.sh
Locate the
dist
folder, unzip the file, and useinstaller.sh
anduninstall.sh
.The script prompts for root access, creates a
release
folder, and places built executables inside. It also provides options for downloading archives for OSINT and wordlists required for IP lookup operations.
- Unique Wordlists: moth (16GB) and ladybug (1GB)
- Default Credentials Database
- IP Geolocation and Reputation/Score
- Social Media Pages for Evil Twin Attacks
- General Wordlists for Directories and Subdomains
- MAC Address Vendor Database
- Usernames Wordlist
- XSS Wordlist
- And more!
These files (700MB) can be downloaded using:
git clone https://github.com/cosmic-zip/witchcraft-wordlists /var/spellbook/
Clone pages into /var/spellbook/evilpages
using the SingleFile extension or similar tools. Example:
witchcraft server.eviltwin --address 127.0.0.1:9000 --path foo/bar/index.html
To log interactions, create .witchrc
in your home folder and add:
path_log_file=~/my_frog.jsonl
Replace ~/
with a specific path if desired.
Standard Command-Line Flags (SCLF) include:
account
: Arguments for account info or token.address
: IPv4/IPv6 or domain name.ip
: IPv4/IPv6 address.device
: Virtual/physical device (e.g., HDD, SSD).dns/domain
: Domain name.database_name
: Name of the database.data
: Input data (e.g., "some data here!").file
: File location.folder
: Path to a folder.host
: Hostname or IP address.image
: Image file location.interface
: Network device.keyspace_name
: Cassandra keyspace name.message
: Message string.output
: Output file path.overwrite
: Overwrite existing files.password
: Plaintext password.path
: File path.port
: Port number.protocol
: Communication protocol.recursive
: Enable recursive mode.secret
: File (data) to be hidden.share
: Shared resource (e.g., folder, file, printer).snapshot_name
: Name of the snapshot.table_name
: Database table name.target
: IPv4/IPv6 or domain name.timeout
: Timeout duration.url
: Full URL path with http/https.username
: Username setup.wait
: Delay duration in seconds.verbose
: Enable verbose mode.wordlist
: Path to a wordlist.
Witchcraft supports extensions via static files, Rust code, and db.json
. This file allows integration of terminal-based operations. Example:
Custom Command in Terminal:
mycommand --flag value --key value --some foo
Entry in db.json
:
{
"name": "mycommand",
"description": "My command does something cool",
"command": "mycommand --flag @@flag --key @@some_name_for_the_key"
}
Final Command in Witchcraft:
mycommand --flag foo --some_name_for_the_key bar
You can assign any name to a flag. Note that flags are not positional. Repeating a flag will not create a list of values. If a flag is repeated, only the first occurrence will be accepted. This design covers 98% of CLI interactions. Edge cases are not supported.
This project is licensed under the GNU General Public License v3.0.
WITCHCRAFT includes IP2Proxy® LITE and cinsscore® databases.