Skip to content

montysecurity/pentest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
3dt
3dt
 
 
autowasp
autowasp
 
 
dropbox
dropbox
 
 
mysqlbrute
mysqlbrute
 
 
npk
npk
 
 
.apt-packages.txt
.apt-packages.txt
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 
install.sh
install.sh
 
 
pentest.sh
pentest.sh
 
 

Repository files navigation

pentest

Automating high-level network and web application analysis together.

Some portions of the tool have been re-purposed to work independently as well, check sub-directories.

  • 3dt - "Dangling DNS Discovery Tool"
  • autowasp - "Automated Web App Testing with ZAP"
  • npk - "Automate installing NPK from Coalfire Labs"

The setup scripts also install tools purely for ease of life in manual follow-up analysis.

disclaimer

Some of the tools within this repo can cause damage so a system. Do not use them against anything you are not authorized to test.

It is highly recommended that all users have a firm grasp of the tools listed below (especially in the ones in the "credit" section), understand the risks associated with each tool independently, and then realize this framework puts their main capabilities all in one package.

credit

Much of the credit goes to the developers of the follwoing tools, this script just puts them together.

  • device-pharmer
  • dirb
  • dnsenum
  • exploitdb
  • netcat
  • nikto
  • nmap
  • zap-cli
  • zaproxy

The device-pharmer package (Shodan API):

  1. Is simply not executed if you have not initialized your Shodan API key
  2. Does not use scan credits in any circumstance
  3. Will look in the home directory of the root account for the Shodan API key (/root/.shodan/api_key)

notes

The follwoing tools are not run within the pentest script but they are installed for ease of life.

  • awscli
  • crackmapexec
  • enum4linux
  • dnsutils
  • evil-winrm
  • exiftool
  • gobuster
  • jq
  • jsonnet
  • ldap-utils
  • locate
  • metasploit-framework
  • mlocate
  • npm
  • openvpn
  • powershell-empire
  • python3-pip
  • secure-delete
  • seclists
  • smbclient
  • spidy
  • sqlmap
  • tmux
  • vim
  • whatweb

installation

git clone https://github.com/montysecurity/pentest.git
cd pentest
sudo bash install.sh # Tested on GCP F1 Micro Instances (Debian GNU/Linux 10, Buster) and Raspberry Pi 3s
  • NOTE: The function for installing on a Raspberry Pi 3 will echo > /etc/apt/sources.list.d/vscode.list to nullify Microsofts code repo file

usage

Though it is not required, it is recommended to run as sudo or root.

pentest

sudo pentest target

3dt (included in pentest)

3dt target

autowasp (included in pentest) (requires root)

sudo autowasp target

target types supported

pentest

  • IPv4 - IP or CIDR
  • IPv6 - IP or CIDR
  • Domain - any number of levels >= 2

3dt

  • Domain - any number of levels >= 2

autowasp

  • IPv4 - IP
  • IPv6 - IP

About

Personal Pentesting Project

Topics

penetration-testing automated pentesting-tools webapp-pentesting network-pentesting

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages