Check your website ( or any other website ) for common vulnerabilities.

Install

yarn global add pentest-tool-lite

# of if you use npm

npm i -g pentest-tool-lite

Basic

pentest-tool-lite <URL> # http(s)://....

pentest-tool-lite https://juffalow.com

Available options:

• -V, --version output the version number
• --grep only run tests matching tests separated by comma
• --exclude exclude tests matching tests separated by comma
• --logger
• -h, --help output usage information

$ pentest-tool-lite --help

Grep is checking every test if it contains any string from the grep argument.

To check just https and hsts type:

pentest-tool-lite https://juffalow.com --grep https,hsts

To list all available tests:

pentest-tool-lite tests

If you do not want to run specific tests, you can ignore them with exclude argument.

To exclude javascript, css and image tests:

pentest-tool-lite https://juffalow.com --exclude javascript,css,image

Log everything:

pentest-tool-lite https://juffalow.com --logger=DEBUG

Log everything that has at least WARNING level:

pentest-tool-lite https://juffalow.com --logger=WARNING

List all URLs in sitemap. If it is sitemap index (sitemap that contains URLs to other sitemaps) it loads every sitemap and shows URLs from all of them.

pentest-tool-lite sitemap https://example.com/sitemap.xml

Reads from standard input and outputs lines based on some probability. This can be used for testing just random urls. For example, you can run sitemap sub-command, but you don't want to run the pentest on all of listed urls, so you can use pipes and pick random urls.

pentest-tool-lite sitemap https://example.com/sitemap.xml | pentest-tool-lite random | xargs -n1 pentest-tool-lite

Use GitHub issues if you have suggestion for new check(s) or you found a bug in existing one.

And I'll be thankful for every pull request ;-)

# install node modules
yarn
# run
yarn start https://juffalow.com

# or if you use npm

# install node modules
npm i
# run
npm start -- https://juffalow.com

npm test

MIT license