Check your website ( or any other website ) for common vulnerabilities.
Install
yarn global add pentest-tool-lite
# of if you use npm
npm i -g pentest-tool-lite
Basic
pentest-tool-lite <URL> # http(s)://....
pentest-tool-lite https://juffalow.com
Available options:
- -V, --version output the version number
- --grep only run tests matching tests separated by comma
- --exclude exclude tests matching tests separated by comma
- --logger
- -h, --help output usage information
$ pentest-tool-lite --help
Grep is checking every test if it contains any string from the grep argument.
To check just https and hsts type:
pentest-tool-lite https://juffalow.com --grep https,hsts
To list all available tests:
pentest-tool-lite tests
If you do not want to run specific tests, you can ignore them with exclude
argument.
To exclude javascript, css and image tests:
pentest-tool-lite https://juffalow.com --exclude javascript,css,image
Log everything:
pentest-tool-lite https://juffalow.com --logger=DEBUG
Log everything that has at least WARNING level:
pentest-tool-lite https://juffalow.com --logger=WARNING
List all URLs in sitemap. If it is sitemap index (sitemap that contains URLs to other sitemaps) it loads every sitemap and shows URLs from all of them.
pentest-tool-lite sitemap https://example.com/sitemap.xml
Reads from standard input and outputs lines based on some probability. This can be used for testing just random urls. For example, you can run sitemap
sub-command, but you don't want to run the pentest on all of listed urls, so you can use pipes and pick random urls.
pentest-tool-lite sitemap https://example.com/sitemap.xml | pentest-tool-lite random | xargs -n1 pentest-tool-lite
Use GitHub issues if you have suggestion for new check(s) or you found a bug in existing one.
And I'll be thankful for every pull request ;-)
# install node modules
yarn
# run
yarn start https://juffalow.com
# or if you use npm
# install node modules
npm i
# run
npm start -- https://juffalow.com
npm test