Dharma is a modular, safe-handoff red team toolkit designed for controlled enumeration, bruteforcing, exploitation, and shell delivery. Built for offensive security professionals who need surgical control and audit-friendly workflows.
- 🔍 Passive and active recon modules
- 🔐 HTTP brute-forcing with layered wordlist support
- 🧪 Curated and custom NSE scripts (SMB, HTTP, FTP)
- 📦 Payloads for Linux and Windows
- 🧠 Safe-handoff orchestration via
dharma.py - 📂 Organized loot collection with JSON output
- 💻 Interactive CLI with subcommands for recon, NSE, exploit, loot, and payloads
- 🧰 Designed for extensibility and ethical automation
pip install -r requirements.txtdharma-tools/ ├── dharma.py # 🔱 Orchestrator script (safe handoffs) ├── utils/ │ ├── recon/ # Passive recon (http_recon.py) │ ├── bruteforce/ # Brute-force modules (http_brute.py) │ ├── auto-nse.py # NSE launcher with script args │ └── auto-exploit.py # Exploit launcher (manual approval) ├── nse/ # Custom NSE scripts (SMB, HTTP, FTP) ├── wordlists/ # Usernames, passwords, combo lists ├── payloads/ # Shells, droppers, macros (Linux/Win) ├── test-targets/ # Local Docker targets for testing ├── loot/ # JSON loot from recon/brute modules ├── LICENSE └── README.md
The dharma.py orchestrator provides an interactive CLI.
python3 dharma.py recon --target <IP>Other subcommands include auto-nse, auto-exploit, loot, and payloads. The flags --quiet, --verbose, --loot-dir, and --payload-dir control verbosity and directories.
You will be prompted to:
- 🔍 Run recon (e.g. find login forms)
- 🔐 Review loot and optionally brute-force creds
- 📜 Launch NSE scripts based on findings
- 💥 Trigger safe exploit modules
All actions require human confirmation — no blind execution.
- Scans for login paths
- Parses login fields
- Saves loot for chaining into brute-force
- Supports
--level fast|full|breach - Accepts custom user/password lists
- Handles
formorjsonlogin types
- Runs targeted Nmap scripts
- Automatically loads correct NSEs for protocols (SMB, HTTP, FTP)
- Interactive or guided use of found CVEs or service-level exploits
Dharma will never:
- Automatically exploit targets without consent
- Deliver shells blindly
- Skip user review of loot or prompts
It enforces red team rules of engagement and supports auditability.
Stored in payloads/ and include:
linux/bash_reverse.shlinux/payload_root.cwindows/powershell_reverse.ps1windows/dns_exfil.ps1- Obfuscated macros, shellcode launchers
Included in wordlists/:
usernames.txtpasswords.txt(top 10k)passwords-big.txt(RockYou-style)ftp-users.txt
💡 Compatible with --userdb, --passdb on brute modules.
Stored in nse/, including:
http-json-brute.nseftp-user-enum.nsesmb-anon-hunter.nse
Use with:
nmap -p 21 --script ./nse/ftp-user-enum.nse --script-args userdb=wordlists/ftp-users.txt📌 Status Module Status http_recon.py ✅ Stable http_brute.py ✅ Stable dharma.py ✅ Safe Orchestration NSE scripts ✅ Curated & custom Auto NSE/Exploit ⚙️ Extensible Payloads ✅ Verified Shell catching 🔜 Manual
🔭 Coming Soon 🧪 verify_creds.py
📊 loot_report.py HTML/Markdown generator
☁️ Remote test lab bootstrapping (via Docker)
👁️ Visual recon diff (compare scans over time)
📜 License MIT License. Use responsibly, for ethical purposes, and only where authorized.
🧠 Author Braxton Bailey (@Jimi421) Built with 🔱 for red teamers, by a red teamer.