Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.
- HTTP
- whatweb
- WPScan (only if whatweb returns a WordPress result)
- nikto
- Page screenshot
- light dirb directory bruteforce
- whatweb
- MySQL
- light patator bruteforce
- PostgreSQL
- light patator bruteforce
- MSSQL
- patator bruteforce on user "sa"
- ISAKMP
- ike-scan
- SMTP
- nmap NSE smtp-enum-users and smtp-open-relay
- SNMP
- snmpcheck with strings 'public', 'private', and 'cisco'
- SMB
- enum4linux -a
- nmap NSE smb-check-vulns, smb-enum-shares
- RPC
- showmount -e
- NTP
- nmap NSE ntp-monlist
- FTP
- light patator bruteforce
- Telnet
- light patator bruteforce
- SSH
- light patator bruteforce
apt-get install libssl-dev python-dev patator python-pip
pip install -r requirements.txt
PhantomJS installation in Kali 64bit for taking screenshots:
wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2
tar xvf phantomjs-1.9.8-linux-x86_64.tar.bz2 && mv phantomjs-1.9.8-linux-x86_64 /usr/local/share/phantomjs-1.9.8/
sudo ln -s /usr/local/share/phantomjs-1.9.8/bin/phantomjs /usr/local/bin/phantomjs
Read from Nmap XML file
sudo ./pentest-machine -x nmapfile.xml
Perform an Nmap scan with a hostlist then use those results
sudo ./pentest-machine -l hostlist.txt
Skip the patator/dirb bruteforcing
sudo ./pentest-machine --no-brute -x nmapfile.xml