penta (PENTest + semi-Automation tool)

Penta is is Pentest semi-automation tool using Python3. It provides advanced features to extract vuln info found on specific servers. I'm now developing a scanning system using vuln-db.

Installation

Install requirements

penta requires the following packages.

• Python3.7+
• pipenv

Resolve python package dependency.

$ pipenv install

If you dislike pipenv

$ pip install -r requirements.txt

Usage

$ pipenv run start <options>
OR
$ python penta/penta.py <options>

Usage: List options

$ pipenv run start -h
usage: penta.py [-h] [-v] [--proxy PROXY]

Penta is Pentest semi-automation tool

optional arguments:
  -h, --help     show this help message and exit
  -v, --verbose  Increase verbosity logging level
  --proxy PROXY  Proxy[IP:PORT]

Main menu

======= MAIN MENU ===========================================
 >  Menu list for IP-based scan
    Menu list for building VulnDB
    [Exit]

IP based scan menu

======= PENTEST MENU LIST ===================================
 >  Port scan
    Nmap & vuln scan
    Check HTTP option methods
    Grab DNS server info
    Shodan host search
    FTP connect with anonymous
    SSH connect with Brute Force
    Metasploit Frame Work
    Change target host
    [Return]

1. Port scanning
   Check the port status of the target host and identify the active service.

2. Nmap
   Check ports by additional means using Nmap.

3. Check HTTP option methods
   Check the methods (e.g. GET,POST) for a target host.

4. Grab DNS server info
   Displays and retrieves DNS whois information and useful records.

5. Shodan host search
   To collect host service info from Shodan.
   Request Shodan API key to enable the feature.

6. FTP connect with anonymous
   To check if it has anonymous access activated in port 21.
   FTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it. Anyone can log in to the server if the administrator has allowed an FTP connection with an anonymous login.

7. SSH connect with Brute Force
   To check ssh connection to scan with Brute Force.
   Dictionary data is in data/dict.

8. Metasploit Frame Work [Auto Scan is Future Work]
   To check useful msf modules from opened ports.
   Module DB is in data/msf/module_list.db.
   Now, I have built a module list DB, and I am moving to a method to use it.

VulnDB construction menu

======= REPORT MENU LIST ====================================
 >  Daily report: CVE,EDB,MSF...
    View  report
    Fetch CVEs
    Fetch Exploits
    Fetch Msf modules
    Menu list for DB
    [Return]

1. Generate a daily report
   Retrieves the changed CVE, Metasploit framework module, and the latest ExploitDB records via online and outputs the information to the terminal.

2. View a report
   The vulnerability information recorded in the local DB vuln_db.sqlite3 is output to the terminal, without retrieving the information.

3. Fetch CVEs
   Download the specified year's CVE from NVD Data Feeds and record it to the DB.

4. Fetch Exploits　(Experimental Features)
   Retrieves exploit information in ExploitDB from the online site.

5. Fetch Metasploit framework modules
   Each module of msf contains hardcoded CVE information and other information that is useful for scanning. This feature aggregates the information recorded in each module, both online and offline, and provides an association with CVE and EDB.

Wiki

In case you have more question about penta, the wiki is very detailed and explains penta in great detail.

License

Penta is released under the MIT License, see LICENSE.