.___________. _______ .__ __. .___________. ___ ______ __ _______
| || ____|| \ | | | | / \ / || | | ____| {1.0.0#stable}
`---| |----`| |__ | \| | `---| |----` / ^ \ | ,----'| | | |__
| | | __| | . ` | | | / /_\ \ | | | | | __|
| | | |____ | |\ | | | / _____ \ | `----.| `----.| |____
|__| |_______||__| \__| |__| /__/ \__\ \______||_______||_______| http://www.orleven.com
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. (Still in DEV...)
pip3 install -r requestment.txt
# Show help for tentacle.
python3 tentacle.py --help
# Show all modual, and you can see it in `script` path.
python3 tentacle.py --show
# Load modual by -m (e.g. script/info/web_status,@web)
python3 tentacle.py -m script/web/web_status # Load web_status module
python3 tentacle.py -m @web # Load all module of web path
python3 tentacle.py -m script/web/web_status,@web # Load all module of web path and web_status module
python3 tentacle.py -m "*" # Load all module of script path
# Load target by iS/iN/iF/iT/iX/iE/gg/sd/ze/ff.
# Scan port and then it will try to send the poc.
python3 tentacle.py -m script/web/web_status -iS www.examples.com # Load target by url or host
python3 tentacle.py -m script/web/web_status -iN 192.168.111.0/24 # Load target by network
python3 tentacle.py -m script/web/web_status -iF target.txt # Load target by file
python3 tentacle.py -m script/web/web_status -iT dcc54c3e1cc2c2e1 # Load target by recode's target
python3 tentacle.py -m script/web/web_status -iX nmap_xml.xml # Load target by nmap.xml
python3 tentacle.py -m script/web/web_status -iE "powered by discuz" # Load target by baidu/bing/360so
python3 tentacle.py -m script/web/web_status -gg 'intext:powered by discuz' # Load target by google api
python3 tentacle.py -m script/web/web_status -sd 'apache' # Load target by shodan api
python3 tentacle.py -m script/web/web_status -ze 'app:weblogic' # Load target by zoomeye api
python3 tentacle.py -m script/web/web_status -ff 'domain="example.com"' # Load target by fofa api
python3 tentacle.py -m script/web/web_status -fft # Load target by fofa today api
# Show all function of module by -f show or -f help
python3 tentacle.py -m script/web/web_status -f show
python3 tentacle.py -m script/web/web_status -f help
# Skil the port scan, and then it will try the default port number by server_type.
# If you don't enter the target port, then it will try the default port number by server_type.
python3 tentacle.py -m script/web/web_status -iS www.examples.com -n
# Use function of modual by -m and -f (e.g. -m web_status -f prove), and you should make sure the function of module is exist.
python3 tentacle.py -m script/web/web_status -f prove
# Show task's result by -tS
python3 tentacle.py -tS 8d4b37597aaec25e
# Export task's result by -tS to test.xlsx
python3 tentacle.py -tS 8d4b37597aaec25e -o test
# Update by git
python3 tentacle.py --update
- [2018-11-15] Code refactoring and fix bug.
- [2019-04-24] Fix bug and add script.
- [2019-06-08] Code refactoring and add port scan.