Skip to content
master
Switch branches/tags
Go to file
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Pentest Tool LITE

License Lint and test codecov

Check your website ( or any other website ) for common vulnerabilities.

Usage

Install

yarn global add pentest-tool-lite

# of if you use npm

npm i -g pentest-tool-lite

Basic

pentest-tool-lite <URL> # http(s)://....

Example

pentest-tool-lite https://juffalow.com

pentest

Options

Available options:

  • -V, --version output the version number
  • --grep only run tests matching tests separated by comma
  • --exclude exclude tests matching tests separated by comma
  • --logger
  • --report
  • -h, --help output usage information

help

$ pentest-tool-lite --help

grep

Grep is checking every test if it contains any string from the grep argument.

To check just https and hsts type:

pentest-tool-lite https://juffalow.com --grep https,hsts

To list all available tests:

pentest-tool-lite tests

exclude

If you do not want to run specific tests, you can ignore them with exclude argument.

To exclude javascript, css and image tests:

pentest-tool-lite https://juffalow.com --exclude javascript,css,image

reportType

Default report is short, which will show just test titles. If you want to see also description, change it to FULL report with:

pentest-tool-lite https://juffalow.com --reportType FULL

reportFormat

pentest-tool-lite https://juffalow.com --reportFormat JSON

Sub Commands

Sitemap

List all URLs in sitemap. If it is sitemap index (sitemap that contains URLs to other sitemaps) it loads every sitemap and shows URLs from all of them.

pentest-tool-lite sitemap https://example.com/sitemap.xml

Random

Reads from standard input and outputs lines based on some probability. This can be used for testing just random urls. For example, you can run sitemap sub-command, but you don't want to run the pentest on all of listed urls, so you can use pipes and pick random urls.

pentest-tool-lite sitemap https://example.com/sitemap.xml | pentest-tool-lite random | xargs -n1 pentest-tool-lite

Contributing

Use GitHub issues if you have suggestion for new check(s) or you found a bug in existing one.

And I'll be thankful for every pull request ;-)

How to run project locally

# install node modules
yarn
# run
yarn start https://juffalow.com

# or if you use npm

# install node modules
npm i
# run
npm start -- https://juffalow.com

Debugging and Logging

Log everything:

pentest-tool-lite https://juffalow.com --logger=DEBUG

Log everything that has at least WARNING level:

pentest-tool-lite https://juffalow.com --logger=WARNING

Tests

npm test

License

MIT license