Skip to content
/ python_pentest_application Public

A modular Python application designed to orchestrate and streamline common penetration testing tasks by integrating popular tools like Nmap, Nessus, OpenVAS, OWASP ZAP, and Metasploit.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

leosep/python_pentest_application

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
configs
configs
 
 
core
core
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Python Pentest Application

A modular Python application designed to orchestrate and streamline common penetration testing tasks by integrating popular tools like Nmap, Nessus, OpenVAS, OWASP ZAP, and Metasploit. It provides a menu-driven interface to guide security professionals through various phases of a pentest, from reconnaissance to exploitation and reporting.

Table of Contents

Features

  • Modular Design: Each pentesting tool's functionality is encapsulated in its own module, making the application easy to extend, maintain, and update.
  • Menu-Driven Interface: A simple command-line interface guides the user through available scanning and exploitation options.
  • Reconnaissance: Integrates Nmap for network scanning, port enumeration, OS detection, and service version detection.
  • Vulnerability Scanning: Orchestrates Nessus and OpenVAS for comprehensive vulnerability assessments.
  • Web Application Testing: Incorporates OWASP ZAP for automated passive and active web application security scans.
  • Exploitation: Provides integration with Metasploit for exploit searching and (simulated) execution.
  • Centralized Configuration: Tool paths, API keys, and other settings are managed in a single config.py file.
  • Logging: Application activities and errors are logged to dedicated files for auditing and debugging.
  • Consolidated Reporting: Gathers outputs from various scans into a single Markdown report for easier analysis.

Prerequisites

Before running this application, ensure you have the following installed and configured on your system:

  • Python 3.x: The application is built with Python 3.
  • Nmap: A network scanner for reconnaissance.
    Download Nmap
  • Nessus Professional/Essentials: A comprehensive vulnerability scanner.
    Tenable Nessus
  • OpenVAS (Greenbone Vulnerability Management - GVM): An open-source vulnerability management suite.
    Greenbone Community Edition
  • OWASP ZAP: An integrated penetration testing tool for finding vulnerabilities in web applications.
    OWASP ZAP Download
  • Metasploit Framework: A penetration testing framework for exploit development and execution.
    Metasploit Install Guide

Folder Structure

pentest_app/
├── main.py
├── core/
│   ├── __init__.py
│   ├── menu.py
│   └── utils.py
├── modules/
│   ├── __init__.py
│   ├── nmap_module.py
│   ├── nessus_module.py
│   ├── openvas_module.py
│   ├── zap_module.py
│   ├── metasploit_module.py
│   └── reporting_module.py
├── configs/
│   ├── __init__.py
│   └── config.py
├── reports/
│   └── (will contain generated consolidated reports)
└── logs/
    └── (will contain application logs and raw tool outputs)

Setup

  1. Clone the repository (or create manually):
git clone https://github.com/your-repo/pentest_app.git
cd pentest_app

  1. If not cloning, manually create the pentest_app directory and its subdirectories.

  2. Create __init__.py files in core/, modules/, and configs/.

  3. Place the source code in the appropriate files.

Configuration

Update configs/config.py with your tool paths and credentials:

NMAP_PATH = '/usr/bin/nmap'
MSFCONSOLE_PATH = '/usr/bin/msfconsole'

NESSUS_URL = 'https://your-nessus-server:8834'
NESSUS_API_KEY = 'YOUR_NESSUS_API_KEY'

OPENVAS_URL = 'https://your-openvas-server:9392'
OPENVAS_USERNAME = 'your_openvas_username'
OPENVAS_PASSWORD = 'your_openvas_password'

ZAP_API_KEY = 'YOUR_ZAP_API_KEY'
ZAP_PROXY_HOST = '127.0.0.1'
ZAP_PROXY_PORT = 8080

Installation of Python Dependencies

Use a virtual environment:

python3 -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate
pip install -r requirements.txt

Usage

Run the app from the pentest_app directory:

python main.py

Follow prompts to select tools and actions.

Example:

  1. Enter target IP.
  2. Choose Nmap.
  3. Run Nessus.
  4. Run ZAP.
  5. Generate report.

Tool Integration Notes

  • nmap_module.py and metasploit_module.py use subprocess.run.
  • nessus_module.py, openvas_module.py, and zap_module.py use their API clients.
  • Configuration in config.py is essential.

Reporting

  • Raw outputs in logs/
  • Reports in reports/ as Markdown files.

Contributing

Feel free to fork, submit PRs, or open issues.

Disclaimer

Use only for ethical hacking and with permission. Unauthorized use is illegal.

License

MIT License. See LICENSE file.

About

A modular Python application designed to orchestrate and streamline common penetration testing tasks by integrating popular tools like Nmap, Nessus, OpenVAS, OWASP ZAP, and Metasploit.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages