Download the repo git clone https://github.com/its-a-feature/Mythic.git cd Mythic #Make the setup file sudo make Installing Docker sudo apt update sudo apt install -y docker.io sudo systemctl enable docker --now echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" | \ sudo tee /etc/apt/sources.list.d/docker.list curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg sudo apt update sudo apt install -y docker-ce docker-ce-cli containerd.io Log out of Kali Session and re-Login Running Mythic #Start Mythic - give it few mins to download and setup containers - first time only sudo ./mythic-cli start #on your browser - go to https://127.0.0.1:7443/new/login #Finding Creds default username is mythic_admin #Mythic Password - you can find it in .env file in Mythic Directory nano ./env ctrl+F --> MYTHIC_ADMIN_PASSWORD or sudo ./mythic-cli config | gr
Semgrep #Installation pip install semgrep==1.54.3 #Use below script to run it; update the paths in the script wget https://raw.githubusercontent.com/Bhanunamikaze/PenTest-Scripts/refs/heads/main/semgrep_runner.py #Download the rules git clone https://github.com/Bhanunamikaze/SemgrepRules-PHP.git PHP Code Snipper Download phpcs.phar file from PHP_CodeSniffer Releases sudo apt-get install php-tokenizer php-xml php phpcs.phar /path/to/PHP_Code Visual Code Grepper https://github.com/nccgroup/VCG/tree/master GitHub - tcosolutions/betterscan: Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan For NodeJS GitHub - insidersec/insider: Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (M