Automating high-level network and web application analysis together.
Some portions of the tool have been re-purposed to work independently as well, check sub-directories.
- 3dt - "Dangling DNS Discovery Tool"
- autowasp - "Automated Web App Testing with ZAP"
- npk - "Automate installing NPK from Coalfire Labs"
The setup scripts also install tools purely for ease of life in manual follow-up analysis.
Some of the tools within this repo can cause damage so a system. Do not use them against anything you are not authorized to test.
It is highly recommended that all users have a firm grasp of the tools listed below (especially in the ones in the "credit" section), understand the risks associated with each tool independently, and then realize this framework puts their main capabilities all in one package.
Much of the credit goes to the developers of the follwoing tools, this script just puts them together.
- device-pharmer
- dirb
- dnsenum
- exploitdb
- netcat
- nikto
- nmap
- zap-cli
- zaproxy
The device-pharmer package (Shodan API):
- Is simply not executed if you have not initialized your Shodan API key
- Does not use scan credits in any circumstance
- Will look in the home directory of the root account for the Shodan API key (/root/.shodan/api_key)
The follwoing tools are not run within the pentest script but they are installed for ease of life.
- awscli
- crackmapexec
- enum4linux
- dnsutils
- evil-winrm
- exiftool
- gobuster
- jq
- jsonnet
- ldap-utils
- locate
- metasploit-framework
- mlocate
- npm
- openvpn
- powershell-empire
- python3-pip
- secure-delete
- seclists
- smbclient
- spidy
- sqlmap
- tmux
- vim
- whatweb
git clone https://github.com/montysecurity/pentest.git
cd pentest
sudo bash install.sh # Tested on GCP F1 Micro Instances (Debian GNU/Linux 10, Buster) and Raspberry Pi 3s
- NOTE: The function for installing on a Raspberry Pi 3 will
echo > /etc/apt/sources.list.d/vscode.listto nullify Microsofts code repo file
Though it is not required, it is recommended to run as sudo or root.
sudo pentest target
3dt target
sudo autowasp target
- IPv4 - IP or CIDR
- IPv6 - IP or CIDR
- Domain - any number of levels >= 2
- Domain - any number of levels >= 2
- IPv4 - IP
- IPv6 - IP
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent