An advanced web application security testing tool written in Node.js. This tool provides comprehensive security testing capabilities for ethical hackers and security professionals.
The tool includes over 40 different security tests:
- Port and service scanning
- Banner grabbing
- Service version detection
- Network resource enumeration
- Ping scanning
- HTTP header analysis
- SSL/TLS vulnerability scanning
- Directory brute-forcing
- API endpoint discovery
- Web cache testing
- HTTP/2 vulnerability testing
- Host header injection testing
- WebSocket security testing
- SQL injections
- NoSQL injections
- Command injections
- XML injections
- XXE (XML External Entity) testing
- Server-side template injections
- HTTP parameter pollution
- JWT token analysis
- OAuth vulnerability testing
- Session security testing
- Cookie analysis
- CSRF (Cross-Site Request Forgery) testing
- Authentication bypass testing
- DNS reconnaissance
- Zone transfer testing
- Subdomain takeover checks
- WAF (Web Application Firewall) detection and testing
- CORS (Cross-Origin Resource Sharing) misconfiguration testing
- SSH brute force
- FTP brute force
- Directory brute force
- API endpoint brute force
- GraphQL endpoint testing
- WebSocket security analysis
- Race condition testing
- Deserialization testing
- SSRF (Server-Side Request Forgery) testing
- JavaScript analysis
- HTTP Request Smuggling
- Web cache poisoning
- Node.js 14+
- npm or yarn
- Git (for installation)
- Linux/macOS/Windows with WSL (recommended)
-
Clone the repository:
git clone https://github.com/satory33/pentest-tool.git -
Navigate to the project directory:
cd advanced-pentest-tool -
Install dependencies:
npm installor, if you're using yarn:
yarn install
To run the tool:
-
Port Scanning:
Enter '1' and provide host, start port, and end port when prompted -
DNS Lookup:
Enter '2' and provide domain name when prompted -
HTTP Headers Check:
Enter '3' and provide URL when prompted -
Vulnerability Scanning:
Enter '4' and provide target URL when prompted -
Whois Lookup:
Enter '5' and provide domain name when prompted -
Ping Sweep:
Enter '6' and provide subnet (e.g. 192.168.1) when prompted -
SSH Bruteforce:
Enter '7' and provide host, username and password wordlist when prompted -
FTP Bruteforce:
Enter '8' and provide host, username and password wordlist when prompted -
SQL Injection Testing:
Enter '9' and provide target URL when prompted
The tool provides an interactive menu interface. Simply run:
- Always obtain proper authorization before testing any systems or networks you do not own.
- Use this tool responsibly and ethically.
- The developers are not responsible for any misuse or damage caused by this tool.
- Some tests may be considered illegal if used without permission. Always check local laws and regulations.
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE.md file for details.
If you encounter any problems or have any questions, please open an issue in the GitHub repository.
- Thanks to all the open-source projects that made this tool possible.
- Special thanks to the cybersecurity community for their continuous efforts in improving web security.
Remember to use this tool responsibly and always obtain proper authorization before testing any systems or networks!