Tactical dashboard for Penetration Testers, Red Teamers and CTF Players. Guided workflow, automated command generation, and smart reporting in one centralized "Mission Control".
PentaFramework is not just a cheat sheet; it is a Context-Aware Orchestrator. Designed to bridge the gap between manual command-line hacking and automated scanning, it guides the operator through the entire lifecycle of an engagement: from Reconnaissance to Reporting.
It features a Dynamic Command Builder populated by a massive JSON database, a Visual Network Map to visualize the attack surface, and an Integrated Methodology Checklist (OWASP/PTES compliant).
- Digital Mentor: Parses output (e.g., Nmap results) and suggests the next logical attack vector (e.g., Found Port 88 -> Suggests Kerbrute).
- Time Saver: No more memorizing complex flags. Select options via GUI checkboxes and input fields.
- Professional Reporting: Generates HTML/Markdown reports with one click, including all executed commands and findings.
- Smart Parsing: Automatically detects open ports and services from pasted scanner output (Text & XML).
- Visual Mind Map: Interactive graph (powered by
vis.js) linking Target -> Ports -> Findings -> Credentials. - CVE Lookup: Instant vulnerability check via public APIs for detected services.
- Loot Locker: Securely stores credentials, hashes, and flags found during the engagement.
The framework is powered by tools.json, containing configurations for 50+ Industry Standard Tools across 9 categories:
- Reconnaissance: Nmap, Masscan, Rustscan, Wireshark, Tcpdump.
- Web Hacking: Burp Suite, Gobuster, FFUF, SQLMap, WPScan, Nikto.
- Active Directory: Impacket (Secretsdump, GetNPUsers), Bloodhound, Evil-WinRM, Kerbrute, CrackMapExec.
- Privilege Escalation: LinPEAS, WinPEAS, GTFOBins, PrintSpoofer, Mimikatz.
- Exploitation: Metasploit, Searchsploit, Hydra, Hashcat, John.
- Wireless: Aircrack-ng Suite (Airmon, Airodump, Aireplay), Wifite.
- Pivoting: Chisel, Ligolo-ng, SSH Tunneling.
- Forensics: Exiftool, Binwalk, Strings, Steghide.
- Utilities: Python HTTP Server, Netcat, Socat, Wget, Curl.
- Methodology Tracking: Integrated sidebar checklist to track progress (Recon -> Scan -> Vuln -> Exploit -> Post -> Report).
- Payload Generator: Instant generation of Reverse Shells (Bash, Python, PowerShell, Netcat) based on your LHOST/LPORT.
- Analytics Dashboard: Real-time graphs and stats on your current engagements.
PentaFramework runs locally to ensure Data Privacy during engagements. No data leaves your machine.
- Python 3.10+
- Linux/macOS/Windows (Kali Linux Recommended)
# 1. Clone the repository
git clone https://github.com/fede952/PentaFramework.git
cd PentaFramework
# 2. Create a Virtual Environment (Recommended)
python3 -m venv venv
source venv/bin/activate # On Windows use: venv\Scripts\activate
# 3. Install Dependencies
pip install -r requirements.txt
# 4. Launch the Framework
python app.pyAccess the Dashboard at: http://127.0.0.1:5000
⚙️ Customization
PentaFramework is designed to be extensible. You don't need to touch the Python code to add new tools. Simply edit the tools.json file: JSON
"new_tool": { "desc": "Description of the tool", "base_cmd": "tool_command", "flags": [ {"val": "-u", "label": "Target URL", "placeholder": "http://target", "checked": true, "adv": false}, {"val": "--fast", "label": "Fast Mode", "checked": false, "adv": true} ] }
placeholder: Creates a text input box for dynamic values.
checked: Selects the flag by default.
adv: Hides the flag under "Advanced Options".
🤝 Methodology
The framework follows a structured approach based on PTES (Penetration Testing Execution Standard):
Reconnaissance: OSINT & Network Scanning.
Scanning: Service identifying & Web Fuzzing.
Vulnerability Assessment: Identifying CVEs and Misconfigurations.
Exploitation: Gaining access (Reverse Shells, SQLi, RCE).
Post-Exploitation: Privilege Escalation, Looting, & Pivoting.
Reporting: Log analysis & Document generation.
Usage of PentaFramework for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
This project is for educational purposes and authorized security testing only.
📜 License
Distributed under the MIT License. See LICENSE for more information.