Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

badKarma – Advanced Network Reconnaissance Toolkit

It allow testers to save time by having point-and-click access to their toolkits, launch them against single or multiple targets and interacte with them through semplified GUIs or Terminals.

Every task’s output is logged under a session file in order to help during reporting phase or in a possible incident response scenario. It is also available a proxychains switch that let everything go through proxies, and last but not least, every command can be adjusted before the execution by disabling the “auto-execute” checkbox.

badKarma is licensed under GNU GPL version 3.


Session file

The Session file is just a sqlite database, it contains all the information gained during the activity, real-time updated it can be exported or/and imported from badKarma’s GUI. By default the database is located inside the “/tmp” directory, this means that you have to save it in a different location before rebooting your computer.

Inside the database there are four tables: hosts, ports, activity_log and notes.



It is possible to add targets and scan them with nmap and/or masscan from the GUI, some defaults scan profiles are already available as well. It is possible to import XML scanners result from the main menu.

There is also a shodan-api’s script ( that let the tester importing target’s data directly from shodan. It is located inside the scripts directory and it require a shodan api key inside conf/shodan.conf in order to work.

By default all the scan output are stored inside the “/tmp” directory , then the output is imported in the session file and deleted.



badKarma is modular, the extensions are full-interactive and they allow the penetration tester to tune tasks options, since output is logged under the session file, their output can be exported as a raw txt from the “Logs” tab.

Extensions can be found under the “extension” directory,current available extensions are:

  • Shell: this is the main module of the toolkit since it allow the tester to execute preconfigured shell tasks. Shell commands are located under the “conf” directory.
  • Bruter: as the name says, bruter is the brute-force extension. It allow the tester to send a target directly to Hydra and configure the parameters through a GUI. Default hydra parameters can be modified from conf/bruter.conf.
  • Screenshot: this extension allow the tester to take screenshots of possibile http,rdp,rtsp,vnc and x11 servers, screenshots will be stored in the session file as base64 and can be shown from badKarma.
  • Browser: just an “open in browser” for http menu item, take it as an example to build your own extensions.


Advanced Network Reconnaissance Toolkit: badKarma Download

Updated: September 17, 2018 — 3:07 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar