The NULLSEC framework now includes a powerful command execution system that allows you to run any external script or application directly from within the nullsec console, with automatic dependency checking and installation capabilities.
Access via [E] Execute from the main menu
The command console provides:
- Shell command execution
- External script runner
- Automatic dependency checking
- On-demand package installation
- Command history tracking
- Multi-interpreter support
When you attempt to run a command or script that requires a tool not installed on your system, NULLSEC will:
- Detect the missing dependency
- Identify the correct package name
- Prompt you to install it
- Handle installation via appropriate package manager
- Retry the command after installation
NULLSEC supports installation via:
- apt - Debian/Ubuntu packages
- pip/pip3 - Python packages
- npm - Node.js packages
- snap - Snap packages
- gem - Ruby gems
From the main NULLSEC menu, press [E] to enter the Execute console.
Execute any shell command within the nullsec environment.
Examples:
exec nmap -sV 192.168.1.1
exec aircrack-ng -w /usr/share/wordlists/rockyou.txt capture.cap
exec hydra -L users.txt -P passwords.txt ssh://192.168.1.100
exec sqlmap -u "http://target.com/page?id=1" --dbsRun an external script with automatic interpreter detection.
Supported Script Types:
.sh- Bash scripts.py- Python scripts.pl- Perl scripts.rb- Ruby scripts.js- Node.js scripts
Examples:
run /tmp/custom-exploit.py
run ./wifi-attack.sh
run ~/Desktop/scanner.pl
run /opt/tools/enumeration.rbThe system automatically:
- Detects the script type by extension
- Makes the script executable
- Selects the appropriate interpreter
- Handles shebang lines
- Installs missing interpreters
Manually install a package.
Examples:
install nmap
install metasploit-framework
install shodan pip
install eslint npm
install code snapCheck if a command/tool is available on the system.
Examples:
check nmap
check wireshark
check python3
check msfconsoleOutput shows installation status and full path if installed.
Display the last 20 executed commands.
Clear the console screen.
Display command reference.
Return to the main NULLSEC menu.
NULLSEC maintains an internal mapping of common security tools to their package names:
| Command | Package | Installer |
|---|---|---|
| nmap | nmap | apt |
| wireshark | wireshark | apt |
| aircrack-ng | aircrack-ng | apt |
| hashcat | hashcat | apt |
| hydra | hydra | apt |
| john | john | apt |
| msfconsole | metasploit-framework | apt |
| ettercap | ettercap-text-only | apt |
| sqlmap | sqlmap | apt |
| burpsuite | burpsuite | apt |
| zaproxy | zaproxy | apt |
| ghidra | ghidra | apt |
| gobuster | gobuster | apt |
| ffuf | ffuf | apt |
| netcat | netcat-traditional | apt |
| hping3 | hping3 | apt |
| masscan | masscan | apt |
| proxychains | proxychains | apt |
| tor | tor | apt |
| openvpn | openvpn | apt |
...and 30+ more security tools!
All NULLSEC modules can now source the dependency checker:
#!/bin/bash
source "$(dirname "$0")/dep-check.sh"
# Check if nmap is installed, offer to install if not
smart_install nmap
# Check multiple dependencies
check_dependencies nmap wireshark tcpdump
# Manual check and install
check_and_install "hashcat" "hashcat" "apt"The Python launcher includes built-in execution functions:
from nullsec_launcher import execute_external_command, run_external_script
# Execute a command with auto-dependency checking
execute_external_command("nmap -sV 192.168.1.1", "Scanning network")
# Run a script
run_external_script("/tmp/exploit.py")nullsec@exec > exec nmap -sV scanme.nmap.org
[*] Executing command
Command: nmap -sV scanme.nmap.org
Starting Nmap 7.94 ( https://nmap.org )
Nmap scan report for scanme.nmap.org (45.33.32.156)
...
[β] Command completed successfully
nullsec@exec > exec hashcat -m 0 hashes.txt wordlist.txt
[!] hashcat is not installed
[?] Would you like to install it? (y/n): y
[*] Installing hashcat...
Reading package lists... Done
...
[β] hashcat installed successfully
[*] Executing command
hashcat (v6.2.5) starting...
nullsec@exec > run /tmp/exploit.py
[*] Running external script: exploit.py
[!] python3 not found
[?] Would you like to install it? (y/n): y
[*] Installing python3...
[β] python3 installed successfully
[*] Executing: python3 /tmp/exploit.py
...
[β] Script completed successfully
nullsec@exec > check wireshark
[β] wireshark is installed: /usr/bin/wireshark
nullsec@exec > check msfconsole
[β] msfconsole not found
nullsec@exec > install metasploit-framework
[*] Installing metasploit-framework...
...
[β] metasploit-framework installed successfully
run /opt/scanner.py --target 192.168.1.0/24 --ports 1-1000exec nmap -sn 192.168.1.0/24 | grep "Nmap scan report"exec TARGET=192.168.1.1 PORT=22 /tmp/exploit.shFor long-running tasks, use & or run in a separate terminal:
exec aircrack-ng -w wordlist.txt capture.cap &Some tools require root access. The system will:
- Detect when sudo is needed
- Prompt for password if necessary
- Execute with appropriate privileges
All commands are validated before execution to prevent:
- Empty commands
- Malformed syntax
- Path injection attempts
- Package names are validated
- Official repositories are used
- User confirmation required before installation
- Refresh your PATH:
exec hash -r - Check installation:
check <command> - Manual verification:
exec which <command>
- Run with sudo:
exec sudo <command> - Check file permissions:
exec ls -la script.sh - Make executable:
exec chmod +x script.sh
- Verify shebang line in script
- Manually specify interpreter:
runauto-detects by extension - Install interpreter:
install python3orinstall perl
- Update package lists:
install apt update - Check internet connection
- Verify package name: Try alternative package manager
- Manual install: Use system package manager outside NULLSEC
# Export target from Shodan search, then:
exec nmap -sV $(cat .shodan_target)Commands can prepare data for security tools:
exec echo "192.168.1.100" > .shodan_target
# Then launch Wireshark from Tools menuexec msfconsole -r /tmp/custom.rc-
Always check dependencies first
check nmap check wireshark
-
Use test mode for reconnaissance
exec nmap -sn 192.168.1.0/24 # Discovery only
-
Keep command history for auditing
history # Review recent commands
-
Install tools before operations
install metasploit-framework install aircrack-ng install hashcat
-
Verify script safety before running
exec cat suspicious-script.sh # Review first run suspicious-script.sh # Then execute
| Shortcut | Action |
|---|---|
| Ctrl+C | Interrupt current operation |
| Ctrl+D | Exit console (same as 'exit') |
| Up Arrow | Command history (if enabled) |
| Tab | Auto-completion (if enabled) |
Planned features for future releases:
- Command auto-completion
- Command history with up/down arrows
- Alias support for frequent commands
- Script templates library
- Integrated code editor
- Remote script execution
- Parallel command execution
- Output logging and export
NULLSEC COMMAND CONSOLE - QUICK REFERENCE
EXECUTION
exec <command> Run shell command
run <script> Execute script file
MANAGEMENT
install <pkg> [method] Install package
check <command> Check availability
NAVIGATION
history Show command log
clear Clear screen
help Show help
exit Return to menu
EXAMPLES
exec nmap -sV 192.168.1.1
run /tmp/exploit.py
install metasploit-framework
check wireshark
Developed by bad-antics | github.com/bad-antics