Comprehensive security tool installer with interactive menus, pre-built profiles, and distro-specific support.
- β Interactive 3-Level Menu System - Browse categories, select tools, install profiles
- β Pre-Built Profiles - Bug Bounty, CTF, Web App, Network, Full Pentest
- β Distro Detection - Kali, Debian, Ubuntu support with appropriate tool sets
- β No Root Requirement - Runs as user, uses sudo only when needed
- β Comprehensive Logging - Dual output (console + file)
- β Fresh Integration - Detects and recommends modern CLI tools
- β Modular Architecture - Clean, maintainable Python code
# Clone the repository
git clone https://github.com/rpriven/toolbelt.git
cd toolbelt
# Run toolbelt (no sudo needed!)
python3 toolbelt.pyImportant: Do NOT run as root/sudo. The script will use sudo for specific commands that require it.
Level 1 - Main Menu:
- Quick Install Profiles
- Browse & Select Categories
- Install Prerequisites (fresh)
- View Installed Tools
- Check for Tool Updates
- Manage Wordlists
Level 2 - Categories:
- π¦ APT Tools - Package manager tools
- π· Go Tools - Security tools written in Go
- π§ /opt Tools - Tools cloned to /opt
- π Python Tools - Tools via pip3
- π³ Docker Tools - Containerized tools
- π Useful Scripts - PEAS, PowerView, etc.
Level 3 - Tool Selection:
- Install all tools in category
- Individual tool selection (gum multi-select)
Tool Update Management:
- Check versions of installed tools
- Update all ProjectDiscovery tools (pdtm)
- Update all Go tools to @latest
- Select individual tools to update (gum multi-select)
Wordlist Management:
- Install SecLists (comprehensive wordlist collection)
- View installed wordlists and directory structure
- Update SecLists from GitHub
Bug Bounty Hunter - Web app testing and reconnaissance
- nmap, masscan, nikto, sqlmap, burpsuite
- nuclei, httpx, subfinder, katana, amass
- Sublist3r, wafw00f, XSStrike
- wfuzz, arjun, scripts collection
CTF Player - Capture The Flag tools
- nmap, burpsuite, sqlmap, wireshark
- Python tools: wfuzz, scrapy, requests
- Scripts collection
Web Application Testing - Web security focus
- nmap, nikto, sqlmap, burpsuite
- nuclei, httpx, katana
- wafw00f, XSStrike, Striker
- wfuzz, arjun, scrapy
Network Pentesting - Network recon and scanning
- nmap, masscan, wireshark
- naabu, amass, assetfinder, httprobe
- RustScan (Docker)
Full Pentesting Arsenal - Everything (5GB+)
- All APT tools
- All Go tools
- All /opt tools
- All Python tools
- All Docker tools
- All scripts
Kali Linux: nmap, masscan, naabu, nuclei, burpsuite, feroxbuster, nikto, gobuster, seclists, sqlmap, git, docker.io, docker-compose, golang-go, wireshark
Debian/Ubuntu: nmap, masscan, nikto, sqlmap, git, docker.io, docker-compose, golang-go, wireshark, burpsuite
naabu, nuclei, katana, httpx, subfinder, amass, assetfinder, httprobe, gowitness, subjack, hakrawler, webanalyze
All ProjectDiscovery tools included
- pimpmykali (Kali only) - Golang + Impacket setup
- xnLinkFinder - Link finder for bug bounty
- Knockpy - Subdomain enumeration
- Sublist3r - Subdomain discovery
- Striker - Web application scanner
- wafw00f - WAF detection
- waymore - Web archive scraper
- XSStrike - XSS detection suite
wfuzz, arjun, scrapy, tld, requests, fuzzywuzzy
RustScan - Fast port scanner
- Includes alias setup for shell
- linpeas.sh - Linux privilege escalation
- jaws-enum.ps1 - Windows enumeration
- LinEnum.sh - Linux enumeration
- winPEASany_ofs.exe - Windows privilege escalation
- php-reverse-shell.php - PHP reverse shell
- linux-exploit-suggester.sh - Linux exploit suggester
- PowerView.ps1 - PowerShell AD enumeration
- OS: Kali Linux, Debian, or Ubuntu
- Python: 3.6+
- Package Manager: apt
- Privileges: sudo access (script runs as user, not root)
- Optional: gum (for interactive multi-select) -
go install github.com/charmbracelet/gum@latest
python3 toolbelt.py
# Select: 1) Quick Install Profiles
# Choose: Bug Bounty Hunterpython3 toolbelt.py
# Select: 2) Browse & Select Categories
# Choose category (e.g., Go Tools)
# Option 1: Install all tools
# Option 2: Select specific tools (interactive multi-select with gum)With gum installed, you get beautiful interactive multi-select:
python3 toolbelt.py
# Select: 2) Browse & Select Categories
# Choose: Go Tools
# Select: 2) Select Specific Tools
# Use SPACE to toggle, ENTER when done
# Confirm selection and installWithout gum: The script will prompt you to install it or fall back to "Install All" option.
python3 toolbelt.py
# Select: 4) View Installed Toolspython3 toolbelt.py
# Select: 5) Check for Tool Updates
# Option 1: Check versions only (see what's outdated)
# Option 2: Update all ProjectDiscovery tools (pdtm -ua)
# Option 3: Update all Go tools to @latest
# Option 4: Select specific tools to update (gum multi-select)Update strategies:
- Fast PD Update: Option 2 uses
pdtmfor lightning-fast ProjectDiscovery tool updates - Comprehensive Update: Option 3 updates ALL Go tools (PD + non-PD)
- Selective Update: Option 4 lets you cherry-pick which tools to update
python3 toolbelt.py
# Select: 6) Manage Wordlists
# Option 1: Install SecLists (~500MB)
# Option 2: View installed wordlists and structure
# Option 3: Update SecLists from GitHubSecLists includes:
- Passwords: rockyou, common passwords, leaked databases
- Usernames: Common usernames and names
- Subdomains: DNS enumeration wordlists
- Directories: Web content discovery lists
- Fuzzing: XSS, SQLi, and other injection payloads
Installation locations:
- Kali default:
/usr/share/seclists(via apt package) - Custom install:
~/wordlists/SecLists/(via git clone) - Toolbelt automatically detects both locations
Toolbelt integrates with fresh for modern CLI productivity tools.
Recommended Setup:
- Install fresh first - Modern CLI foundation (fzf, ripgrep, bat, etc.)
- Install toolbelt - Security tools
- Install tmux-recon (optional) - Pentesting automation
Fresh provides essential CLI tools that enhance the security workflow. Toolbelt will detect if fresh is installed and prompt you to install it if missing.
toolbelt/
βββ toolbelt.py # Main entry point with interactive menus
βββ utils.py # Distro detection, logging, helpers
βββ config.py # Tool definitions, profiles, categories
βββ installer.py # Installation logic for each category
βββ toolbelt_old.py # Original v1.0 (reference)
βββ toolbelt.sh.old # Legacy bash version (archived)
Modular Design:
utils.py- System checks, logging setup, helper functionsconfig.py- Tool lists, profile definitions, category metadatainstaller.py- Installation functions for each tool categorytoolbelt.py- Interactive menu system and main flow
- No Root Execution: Script runs as regular user, uses sudo only for specific commands
- Logging: All operations logged to
~/toolbelt-install.log - Smart Detection: Skips already-installed tools
- Error Handling: Comprehensive error checking and reporting
- Individual tool selection menu (Level 3) coming in next update
- Custom profile saving/loading planned for future release
Contributions welcome! Please feel free to submit pull requests or open issues for:
- Additional tool suggestions
- New profiles
- Platform support improvements
- Bug fixes
v2.0.0 (2025-10-31)
- Complete rewrite with interactive menu system
- Pre-built profile support
- Distro detection (Kali, Debian, Ubuntu)
- Removed root requirement
- Added comprehensive logging
- Fresh integration
- Modular architecture
v1.0 (2023)
- Original automated installer
- Bash and Python versions
- Root required
- No menu system
This project is licensed under the MIT License - see the LICENSE file for details.
- Built for the pentesting and bug bounty community
- Integrates tools from ProjectDiscovery, OWASP, and many open source developers
- Inspired by the need for quick, consistent tool setup across environments
- Part of the Djedi security tooling ecosystem
Djedi Toolbelt - Because every pentester deserves a well-equipped toolbelt. π§