A Proof-Of-Concept for a colaborative Pentest framework.
Hades is an web-based application designed to centralize all information gathered during security penetration testing. It employs Nodes to represent hosts, services and vulnerabilities, all interconnected by edges. The primary objective is to create a real-time collaborative platform akin to Miro, enabling Pentesters to initiate shared sessions and seamlessly store valuable data concerning the infrastructure, network, services, and vulnerabilities.
This repo contains a Proof-Of-Concept (PoC) to the backend Hades server.
- Start the Neo4J with docker:
docker run -p 7474:7474 -p 7687:7687 neo4j:latest-
Access the web interface and login with
neo4j:neo4j. The server will ask for a new password. -
Create a virtual environment:
mkdir Hades && cd Hades
python3 -m venv .- Clone this repository
git clone https://github.com/entr0pie/Hades src && cd src- Create a new .env file. Insert the password you provided earlier:
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=<YOUR-NEW-PASSWORD-HERE>
NEO4J_ADDRESS=localhost
NEO4J_BOLT_PORT=7687
- Install the requirements:
pip install -r requirements.txt- Login as root and activate the virtual env:
su root
source ../bin/activate- Finally, start the server:
python3 hades.pyTo scan the local network, just request the /netscan route:
curl http://localhost:8000/netscanResult in Neo4J:
To search for services on a machine, request the /portscan/tcp/syn route:
curl http://localhost:8000/portscan/tcp/syn/10.10.11.208Result in Neo4J:
This project is under MIT License.