Author Topic: Hcon Security Testing Framework (HconSTF) v0.5 - Codename 'Prime'  (Read 4224 times)


  • Newbie
  • *
  • Posts: 9
    • View Profile
Most of the part of HconSTF is semi-automated but you still need your brain to work it out.
It can be use in all kind of security testing stages, it has tools for conducting tasks like,
         -Web Penetration Testing
         -Web Exploits Development
         -Web Malware Analysis
         -Open Source Intelligence ( Cyber Spying & Doxing )

Hacker Friendly:

Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use interface, small in size and light on resources. contains hundreds of features for :

    -Web Penetration Testing
    -Web Exploits Development
    -Web Malware Analysis
    -OSINT & Cyber spying

Exploitation ready:

Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development.


HconSTF contains blend of online and offline tools for Pentesting called 'WebUI'.
includes scanners, encoders, and much more


IDB is Integrated database with huge amount of Web payloads like :

    -Command execution

Osint Ready:

Helps in many Open source intelligence based tasks like

    -Passive Web & Network Reconnaissance
    -Cyber Spying
    -Hash cracking

Huge amount of Plugins more than 165

Obfuscation Ready:

Encoding / Decoding & hashing Features and tools, supports wide variety of formats, character set and algorithms for making payloads undetectable.

Decoy Ready:

Darknets and proxies integrated, Spoofing tools. supports integration with many decoy options, includes many tools for proxies and anonymizing networks
readily configured for :

    -Https, Socks 4 / 5

Enhanced Reporting:

Contains many integrated useful reporting features like :

    -Note taking
    -Session saving & exporting
    -Custom Url Logging
    -Automated Request logging

Hacker Helper:

Includes Hackery-Hybrid, collection of huge amount of learning bookmarks for learning any techniques, tools.

Categories of tools :

    -Recon / Mapping
    -Editors / Debuggers
    -Exploitation / Audit
    -Scripting / Automation
    -Network Utilities

Please add this tool!! As i think its the great tool for pentesters!! :)
I dont own this project but this project is completely done by a single guy! The one who owns it! He is Mr.Ashish Mistry!
Would love to see this tool in backbox JAN release! It'be more powerfull!

What do u think Zerof about this to add?? :)

Official Site: [nofollow]
Downloads: [nofollow] [nofollow]
« Last Edit: November 15, 2013, 08:48:27 AM by Bhashit »


  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #1 on: November 10, 2013, 07:52:57 PM

One more framework, i don't know man. This need to be tested for some time. Personally i like to watch if developer make updates, if yes, we can think about making BackBox package.

Looks nice, let's see how is working in box.

« Last Edit: November 11, 2013, 09:31:39 PM by ostendali »

Don't ask, read :
or just run sudo rm -rf /*


  • Newbie
  • *
  • Posts: 5
    • View Profile
    • Tickr News
Reply #2 on: November 24, 2013, 05:58:40 AM
Status: Downloading...
Comment: */ Sounds Interesting :) */ Thanks for letting us know.. !

Kanthala Raghu


  • Newbie
  • *
  • Posts: 9
    • View Profile
Reply #3 on: November 24, 2013, 02:57:37 PM
My pleasure!  :)