Light

securextools / pentest-machine Goto Github PK

View Code? Open in Web Editor NEW

This project forked from danmcinerney/pentest-machine

0.0 2.0 0.0 440 KB

Automates some pentest jobs via nmap xml file

Python 100.00%

pentest-machine's Introduction

pentest-machine

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.

HTTP
- whatweb
  - WPScan (only if whatweb returns a WordPress result)
- nikto
- Page screenshot
- light dirb directory bruteforce
MySQL
- light patator bruteforce
PostgreSQL
- light patator bruteforce
MSSQL
- light patator bruteforce
ISAKMP
- ike-scan
SMTP
- nmap NSE smtp-enum-users and smtp-open-relay
SNMP
- snmpcheck with strings 'public', 'private', and 'cisco'
SMB
- enum4linux -a
- nmap NSE smb-check-vulns, smb-enum-shares
RPC
- showmount -e
NTP
- nmap NSE ntp-monlist
FTP
- light patator bruteforce
Telnet
- light patator bruteforce
SSH
- light patator bruteforce

Requirements

apt-get install libssl-dev python-dev patator python-pip
pip install -r requirements.txt

PhantomJS installation in Kali 64bit for taking screenshots:

wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2
tar xvf phantomjs-1.9.8-linux-x86_64.tar.bz2 && mv phantomjs-1.9.8-linux-x86_64 /usr/local/share/phantomjs-1.9.8/
sudo ln -s /usr/local/share/phantomjs-1.9.8/bin/phantomjs /usr/local/bin/phantomjs

Usage

Read from Nmap XML file

sudo ./pentest-machine -x nmapfile.xml

Perform an Nmap scan with a hostlist then use those results

sudo ./pentest-machine -l hostlist.txt

Skip the patator/dirb bruteforcing

sudo ./pentest-machine --no-brute -x nmapfile.xml

pentest-machine's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.