WeaponizedVSCode
July 22, 2025 ยท View on GitHub
A lightweight penetration testing environment management tool based on Visual Studio Code, designed for cybersecurity professionals and penetration testers.
๐ฏ Project Goals
WeaponizedVSCode aims to solve the following problems in traditional penetration testing:
- Difficult Environment Switching - Frequent switching between different project environment configurations
- Chaotic Tool Management - Tools and payloads scattered across different directories
- Repetitive Configuration - Each project requires reconfiguring Metasploit, reverse shells, etc.
- Scattered Records - Credentials, notes, and files stored dispersedly
- Low Efficiency - Lack of mechanisms for rapid payload generation
โจ Core Features
๐ Project Environment Management
- One-Click Project Environment Creation - Use
createhack <project-name>to quickly create pre-configured penetration testing projects - Smart Environment Switching - Seamless switching between different projects with automatic configuration loading
- Template-Based Configuration - Pre-configured VSCode settings, tasks, and extension configurations
๐ ๏ธ Integrated Tool Support
- 300+ Security Tool Integration - Pre-configured command completion for common penetration testing tools
- Smart Command History - Tool index-based command history and auto-completion
- Environment Variable Management - Automatic detection and management of tool-dependent environment variables
๐ฎ Multi-Mode Terminals
- Standard Shell - Enhanced Zsh terminal with status display
- Meterpreter Handler - Auto-configured Metasploit listener
- MSF Console - Pre-configured Metasploit console
- Netcat Handler - Reverse shell handling terminal
- Web Delivery - HTTP server mode for file transfer
- Kali OrbStack - Virtual machine integration support (macOS)
๐ Project Organization Features
- Structured Directories - Automatically create hosts, users, credentials directories
- File Management - Convenient project file and web transfer file management
- Note System - Integrated Foam extension with bidirectional linked notes
- Credential Management - Centralized management of discovered user credentials
โก Quick Operations
- Payload Generation - VSCode task integration for rapid Msfvenom payload generation
- Automated Scanning - Integration of RustScan, Nmap, and other scanning tools
- Proxy Management - Convenient proxy switching and configuration
- Host Management - Automatic /etc/hosts file updates
๐ง System Requirements
Supported Platforms
- Linux (Recommended)
- macOS
- Windows (Partial functionality, not fully supported)
Required Dependencies
# Core Tools
zsh # Shell environment
code # Visual Studio Code
python3 # Python runtime
vim # Editor
# Network Tools
nc # Netcat
rlwrap # Command line wrapper
# Parsing Tools
awk, sed, grep, tr # Text processing tools
yq # YAML processor
# Security Tools
msfvenom # Metasploit payload generator
rustscan # Port scanner
wfuzz # Web fuzzing tool
hashcat # Password cracking tool
Recommended Tools
simplehttpserver # Enhanced HTTP server
uv # Python package manager (performance optimization)
๐ Installation Guide
1. Clone Repository
git clone https://github.com/Esonhugh/WeaponizedVSCode.git
cd WeaponizedVSCode
2. Build Project
# Build using Make (recommended)
make build
# Or build manually
uv run ./craft.py
uv run ./completion_creator.py
3. Install to System
# Default installation (installs to ~/.local/weapon)
./installer.sh
# Custom installation location
WEAPON_LOCATION=/your/custom/path ./installer.sh
# Force reinstallation
./installer.sh --force-install
# Enable performance tracing mode
./installer.sh --trace-mode
4. Verify Installation
# Check script integrity
python3 verify.py createhackenv.sh
# Reload shell configuration
source ~/.zshrc
๐ Usage
Create New Project
# Create new penetration testing project
createhack my-project
# Or use alias
createhackenv my-project
Environment Variable Configuration
Set environment variables in the project's .vscode/env.zsh file:
export RHOST="10.10.10.1"
export RPORT="4444"
export LHOST="10.10.14.1"
export LPORT="9001"
export DOMAIN="target.com"
Terminal Mode Usage
1. Standard Shell Mode
- Automatically load project environment variables
- Display current status information
- Support all tool command completion
2. Meterpreter Handler Mode
# Select "meterpreter-handler" terminal profile in VSCode
# Automatically start configured Metasploit listener
3. Web Delivery Mode
# Select "web-delivery" terminal profile in VSCode
# Automatically switch to $PROJECT_WEB_DELIVERY directory and start HTTP server
Common Command Examples
# Host Management
set_current_host 10.10.10.1
dump_hosts | sudo tee -a /etc/hosts
# User Management
set_current_user administrator
update_user_cred_to_env
# Scanning Operations
rustscan -a $RHOST --ulimit 5000 -- -A --script=vuln
nmap -sC -sV -p 139,445,80,21 $RHOST
# Proxy Management
proxys on
proxys set http://127.0.0.1:8080
# File Operations
cp payload.exe $PROJECT_WEB_DELIVERY/
๐๏ธ Project Structure
WeaponizedVSCode/
โโโ craft.py # Environment build script
โโโ completion_creator.py # Command completion generator
โโโ installer.sh # Installation script
โโโ verify.py # Script verification tool
โโโ launch_helper.zsh # Shell launch helper
โโโ Makefile # Build configuration
โโโ .vscode/ # VSCode template configuration
โ โโโ settings.json # Editor settings
โ โโโ tasks.json # Task configuration
โ โโโ extensions.json # Recommended extensions
โ โโโ env.zsh # Environment variables
โ โโโ metasploit_handler.rc # MSF configuration
โ โโโ source_*.zsh # Mode launch scripts
โโโ completion_indexer/ # Tool command index
โ โโโ nmap # Nmap command set
โ โโโ burpsuite # Burp Suite command set
โ โโโ metasploit # Metasploit command set
โ โโโ _weapon # Built-in tool commands
โ โโโ ... # 300+ tool command sets
โโโ documents/ # Project documentation
โโโ USE.md # Usage instructions
โโโ CUSTOM.md # Customization guide
โโโ DEMO.md # Demo documentation
Created Project Structure
my-project/
โโโ .vscode/ # VSCode configuration
โ โโโ .zshrc # Shell configuration
โ โโโ env.zsh # Environment variables
โ โโโ ... # Other configuration files
โโโ hosts/ # Host information
โโโ users/ # User information
โโโ credentials/ # Credential information
โโโ web-delivery/ # Web transfer files
๐จ Custom Configuration
Modify Templates
- Edit configuration files in the
.vscode/directory - Run
python3 craft.pyto regenerate installation script - Commit changes to Git repository
Add New Tools
- Create new tool command files in the
completion_indexer/directory - Run
python3 completion_creator.pyto update command index - Rebuild and install
Environment Variable Check
# Check all used environment variables
python3 completion_creator.py
๐ Troubleshooting
Common Issues
1. Command Completion Not Working
# Check if zsh_history file exists
ls -la ~/.local/weapon/zsh_history
# Regenerate command index
python3 completion_creator.py
2. Metasploit Mode Cannot Start
# Check if Metasploit is properly installed
which msfconsole
msfconsole --version
# Check RC file
cat .vscode/metasploit_handler.rc
3. Environment Variables Not Loading Correctly
# Check project environment variable file
source .vscode/env.zsh
echo $PROJECT_FOLDER
๐ค Contributing
- Fork this repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Create a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Acknowledgments
- Inspired by Cobalt Strike's environment management concepts
- Thanks to all security tool developers for their contributions
- Thanks to the VSCode community for providing a powerful extension ecosystem
๐ Support
- GitHub Issues: Report Issues
- Author: Esonhugh weapon_vscode@eson.ninja
Happy Hacking! ๐ฏ