/pentest-machine

Automates some pentest jobs via nmap xml file

Primary LanguagePython

pentest-machine

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.

  • HTTP
    • whatweb
      • WPScan (only if whatweb returns a WordPress result)
    • nikto
    • Page screenshot
    • light dirb directory bruteforce
  • DNS
    • nmap NSE dns-zone-transfer
  • MySQL
    • light patator bruteforce
  • PostgreSQL
    • light patator bruteforce
  • MSSQL
    • light patator bruteforce
  • ISAKMP
    • ike-scan
  • SMTP
    • nmap NSE smtp-enum-users and smtp-open-relay
  • SNMP
    • patador bruteforce
      • snmpcheck (if patador successfully finds a string)
  • SMB
    • enum4linux -a
  • SIP
    • nmap NSE sip-enum-users and sip-methods
  • RPC
    • showmount -e
  • NTP
    • nmap NSE ntp-monlist
  • FTP
    • light patator bruteforce
  • Telnet
    • light patator bruteforce
  • SSH
    • light patator bruteforce

Requirements

apt-get install libssl-dev python-dev patator python-pip
pip install -r requirements.txt

PhantomJS installation in Kali 64bit for taking screenshots:

wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2
tar xvf phantomjs-1.9.8-linux-x86_64.tar.bz2 && mv phantomjs-1.9.8-linux-x86_64 /usr/local/share/phantomjs-1.9.8/
sudo ln -s /usr/local/share/phantomjs-1.9.8/bin/phantomjs /usr/local/bin/phantomjs

Usage

Read from Nmap XML file

sudo ./pentest-machine -x nmapfile.xml

Perform an Nmap scan with a hostlist then use those results

sudo ./pentest-machine -l hostlist.txt

Skip the patator/dirb bruteforcing

sudo ./pentest-machine --no-brute -x nmapfile.xml