Share
## https://sploitus.com/exploit?id=0340626A-E59F-5623-83E9-2C8BFC3CFF64
# SΓ©curitΓ© des RΓ©seaux Informatiques d'Entreprise - Projet
Python-based penetration testing framework developed for ethical hacking and network security labs, featuring reconnaissance, scanning, enumeration, vulnerability analysis, and exploitation modules.
## Overview
This project was developed as part of the *SΓ©curitΓ© des RΓ©seaux Informatiques dβEntreprise* course.
The goal of this project is to design and implement a modular penetration testing framework in Python while applying the concepts studied during ethical hacking labs.
The framework reproduces the main phases of a professional penetration test:
1. Reconnaissance / Footprinting
2. Network Scanning
3. Enumeration
4. Vulnerability Analysis
5. Gaining Access
The project also includes reporting and practical experimentation performed in a controlled lab environment using the VISMIN vulnerable virtual machine.
---
# Objectives
The main objectives of this project are:
- Understand penetration testing methodologies
- Learn how ethical hacking tools operate
- Automate common security testing tasks
- Practice network security analysis safely
- Develop maintainable and modular Python code
- Build a reusable cybersecurity framework
---
# Technologies Used
## Programming Language
- Python 3.x
## Main Tools
- Wireshark
- Nmap
- Nessus
- Ghidra
- Metasploit
- Social Engineering Toolkit (SET)
- DNSRecon
- DNSEnum
---
# Project Structure
```bash
pen_test_framework/
β
βββ main.py
β
βββ core/
β βββ menu.py
β βββ utils.py
β βββ config.py
β
βββ reconnaissance/
β βββ whois_lookup.py
β βββ shodan_search.py
β βββ osint_ghdb.py
β βββ phishing_simulation.py
β
βββ scanning/
β βββ ping_scan.py
β βββ nmap_scan.py
β βββ traceroute.py
β βββ port_scan.py
β
βββ enumeration/
β βββ banner_grab.py
β βββ os_enum.py
β βββ user_enum.py
β
βββ vulnerabilities/
β βββ vuln_scanner.py
β βββ nessus_parser.py
β
βββ exploitation/
β βββ ftp_exploit.py
β βββ ssh_bruteforce.py
β βββ metasploit_launcher.py
β
βββ reports/
β βββ report_generator.py
β
βββ requirements.txt
βββ README.md
```
---
# Installation
## Clone the Repository
```bash
git clone
cd pen_test_framework
```
## Create a Virtual Environment
```bash
python3 -m venv venv
source venv/bin/activate
```
## Install Dependencies
```bash
pip install -r requirements.txt
```
---
# Usage
Run the framework using:
```bash
python3 main.py
```
The framework provides a command-line interface allowing navigation through the different penetration testing modules.
---
# Features
## 1. Reconnaissance / Footprinting
- WHOIS lookup
- DNS reconnaissance
- Shodan search
- Google Hacking Database queries
- Social engineering simulations
Example:
```bash
python3 reconnaissance/whois_lookup.py example.com
```
---
## 2. Network Scanning
- Ping sweep
- Port scanning
- Traceroute
- Nmap automation
Example:
```bash
python3 scanning/nmap_scan.py 192.168.1.10
```
---
## 3. Enumeration
- Banner grabbing
- OS detection
- User enumeration
- Service fingerprinting
Example:
```bash
python3 enumeration/banner_grab.py 192.168.1.10 80
```
---
## 4. Vulnerability Analysis
- Nessus integration
- Vulnerability scanning
- CVE correlation
- Searchsploit integration
Example:
```bash
python3 vulnerabilities/vuln_scanner.py 192.168.1.10
```
---
## 5. Gaining Access
- FTP exploitation
- SSH brute force simulation
- Metasploit automation
- Exploit testing against VISMIN
Example:
```bash
python3 exploitation/ftp_exploit.py 192.168.1.10
```
---
# Reverse Engineering Challenge
This project also includes reverse engineering exercises using Ghidra.
Objectives include:
- Binary analysis
- Program behavior analysis
- Validation logic reconstruction
- Flag recovery
- Binary patching
---
# Virtual Lab Environment
The framework was tested in a controlled virtual environment composed of:
- A Linux attacker machine (Kali Linux or Ubuntu)
- The VISMIN vulnerable VM
## Recommended Configuration
- Host-Only network mode for isolated testing
- Bridged mode only in private networks
- Never expose VISMIN to the public Internet
---
# Ethical and Legal Notice
This framework was developed exclusively for educational purposes in a controlled laboratory environment.
Unauthorized scanning, exploitation, or access to systems without permission is illegal and unethical.
The authors assume no responsibility for misuse of this project.
---
# Software Engineering Practices
The project follows good development practices:
- Modular architecture
- Object-Oriented Programming (OOP)
- PEP 8 coding style
- Reusable components
- Structured CLI output
- Dependency management with `requirements.txt`
---
# Future Improvements
Possible future improvements include:
- Web interface
- Database integration
- PDF report generation
- Additional exploitation modules
- Real-time monitoring dashboards
---
# Authors
Developed as part of the *SΓ©curitΓ© des RΓ©seaux Informatiques dβEntreprise* course.
Lisa Marie DURIEUX : https://github.com/lmsnotes/
Nina PERRET : https://github.com/perretnina
---
# References
- https://www.python.org/doc/
- https://nmap.org/docs.html
- https://www.wireshark.org/docs/
- https://owasp.org/
- https://docs.metasploit.com/