A lightweight penetration testing environment management tool based on Visual Studio Code, designed for cybersecurity professionals and penetration testers.
WeaponizedVSCode aims to solve the following problems in traditional penetration testing:
- Difficult Environment Switching - Frequent switching between different project environment configurations
- Chaotic Tool Management - Tools and payloads scattered across different directories
- Repetitive Configuration - Each project requires reconfiguring Metasploit, reverse shells, etc.
- Scattered Records - Credentials, notes, and files stored dispersedly
- Low Efficiency - Lack of mechanisms for rapid payload generation
- One-Click Project Environment Creation - Use
createhack <project-name>to quickly create pre-configured penetration testing projects - Smart Environment Switching - Seamless switching between different projects with automatic configuration loading
- Template-Based Configuration - Pre-configured VSCode settings, tasks, and extension configurations
- 300+ Security Tool Integration - Pre-configured command completion for common penetration testing tools
- Smart Command History - Tool index-based command history and auto-completion
- Environment Variable Management - Automatic detection and management of tool-dependent environment variables
- Standard Shell - Enhanced Zsh terminal with status display
- Meterpreter Handler - Auto-configured Metasploit listener
- MSF Console - Pre-configured Metasploit console
- Netcat Handler - Reverse shell handling terminal
- Web Delivery - HTTP server mode for file transfer
- Kali OrbStack - Virtual machine integration support (macOS)
- Structured Directories - Automatically create hosts, users, credentials directories
- File Management - Convenient project file and web transfer file management
- Note System - Integrated Foam extension with bidirectional linked notes
- Credential Management - Centralized management of discovered user credentials
- Payload Generation - VSCode task integration for rapid Msfvenom payload generation
- Automated Scanning - Integration of RustScan, Nmap, and other scanning tools
- Proxy Management - Convenient proxy switching and configuration
- Host Management - Automatic /etc/hosts file updates
- Linux (Recommended)
- macOS
- Windows (Partial functionality, not fully supported)
# Core Tools
zsh # Shell environment
code # Visual Studio Code
python3 # Python runtime
vim # Editor
# Network Tools
nc # Netcat
rlwrap # Command line wrapper
# Parsing Tools
awk, sed, grep, tr # Text processing tools
yq # YAML processor
# Security Tools
msfvenom # Metasploit payload generator
rustscan # Port scanner
wfuzz # Web fuzzing tool
hashcat # Password cracking toolsimplehttpserver # Enhanced HTTP server
uv # Python package manager (performance optimization)git clone https://github.com/Esonhugh/WeaponizedVSCode.git
cd WeaponizedVSCode# Build using Make (recommended)
make build
# Or build manually
uv run ./craft.py
uv run ./completion_creator.py# Default installation (installs to ~/.local/weapon)
./installer.sh
# Custom installation location
WEAPON_LOCATION=/your/custom/path ./installer.sh
# Force reinstallation
./installer.sh --force-install
# Enable performance tracing mode
./installer.sh --trace-mode# Check script integrity
python3 verify.py createhackenv.sh
# Reload shell configuration
source ~/.zshrc# Create new penetration testing project
createhack my-project
# Or use alias
createhackenv my-projectSet environment variables in the project's .vscode/env.zsh file:
export RHOST="10.10.10.1"
export RPORT="4444"
export LHOST="10.10.14.1"
export LPORT="9001"
export DOMAIN="target.com"- Automatically load project environment variables
- Display current status information
- Support all tool command completion
# Select "meterpreter-handler" terminal profile in VSCode
# Automatically start configured Metasploit listener# Select "web-delivery" terminal profile in VSCode
# Automatically switch to $PROJECT_WEB_DELIVERY directory and start HTTP server# Host Management
set_current_host 10.10.10.1
dump_hosts | sudo tee -a /etc/hosts
# User Management
set_current_user administrator
update_user_cred_to_env
# Scanning Operations
rustscan -a $RHOST --ulimit 5000 -- -A --script=vuln
nmap -sC -sV -p 139,445,80,21 $RHOST
# Proxy Management
proxys on
proxys set http://127.0.0.1:8080
# File Operations
cp payload.exe $PROJECT_WEB_DELIVERY/WeaponizedVSCode/
├── craft.py # Environment build script
├── completion_creator.py # Command completion generator
├── installer.sh # Installation script
├── verify.py # Script verification tool
├── launch_helper.zsh # Shell launch helper
├── Makefile # Build configuration
├── .vscode/ # VSCode template configuration
│ ├── settings.json # Editor settings
│ ├── tasks.json # Task configuration
│ ├── extensions.json # Recommended extensions
│ ├── env.zsh # Environment variables
│ ├── metasploit_handler.rc # MSF configuration
│ └── source_*.zsh # Mode launch scripts
├── completion_indexer/ # Tool command index
│ ├── nmap # Nmap command set
│ ├── burpsuite # Burp Suite command set
│ ├── metasploit # Metasploit command set
│ ├── _weapon # Built-in tool commands
│ └── ... # 300+ tool command sets
└── documents/ # Project documentation
├── USE.md # Usage instructions
├── CUSTOM.md # Customization guide
└── DEMO.md # Demo documentation
my-project/
├── .vscode/ # VSCode configuration
│ ├── .zshrc # Shell configuration
│ ├── env.zsh # Environment variables
│ └── ... # Other configuration files
├── hosts/ # Host information
├── users/ # User information
├── credentials/ # Credential information
└── web-delivery/ # Web transfer files
- Edit configuration files in the
.vscode/directory - Run
python3 craft.pyto regenerate installation script - Commit changes to Git repository
- Create new tool command files in the
completion_indexer/directory - Run
python3 completion_creator.pyto update command index - Rebuild and install
# Check all used environment variables
python3 completion_creator.py# Check if zsh_history file exists
ls -la ~/.local/weapon/zsh_history
# Regenerate command index
python3 completion_creator.py# Check if Metasploit is properly installed
which msfconsole
msfconsole --version
# Check RC file
cat .vscode/metasploit_handler.rc# Check project environment variable file
source .vscode/env.zsh
echo $PROJECT_FOLDER- Fork this repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Inspired by Cobalt Strike's environment management concepts
- Thanks to all security tool developers for their contributions
- Thanks to the VSCode community for providing a powerful extension ecosystem
- GitHub Issues: Report Issues
- Author: Esonhugh [email protected]
Happy Hacking! 🎯