Share
## https://sploitus.com/exploit?id=45278946-60E0-56C2-8748-1A76267E4BC6
# NightOwl

**Advanced Penetration Testing Framework**

A modular, async Python pentesting bot with CLI + web dashboard. Built for CTFs, professional engagements, internal audits, and learning.

![Python](https://img.shields.io/badge/Python-3.11+-blue?logo=python)
![License](https://img.shields.io/badge/License-MIT-green)
![Status](https://img.shields.io/badge/Status-Beta-orange)

---

## Features

- **37 built-in scanner modules** across 6 stages
- **3 automation modes**: Full Auto, Semi-Auto (confirm before exploit), Manual
- **CLI interface** with Rich terminal UI (tables, progress bars, color-coded output)
- **Web dashboard** with FastAPI + HTMX + Tailwind (real-time scan monitoring)
- **Plugin system** for custom scanner modules
- **Report generation** in HTML, PDF, and Markdown
- **SQLite database** for persistent scan history
- **Rate limiting** with token bucket algorithm
- **Scope management** to stay within authorized boundaries
- **Docker support** with optional vulnerable test targets

## Scanner Modules

### Reconnaissance (7 modules)
| Module | Description |
|--------|-------------|
| `dns-enum` | DNS record enumeration (A, MX, NS, TXT, zone transfer) |
| `subdomain-enum` | Subdomain discovery via DNS bruteforce |
| `port-scanner` | TCP/UDP port scanning via nmap |
| `service-fingerprint` | Banner grabbing and service identification |
| `whois-lookup` | WHOIS domain registration info |
| `tech-detect` | Web technology detection (CMS, frameworks, libraries) |
| `web-spider` | Web crawler for links, forms, and parameters |

### Web Security (11 modules - OWASP Top 10)
| Module | Description | OWASP |
|--------|-------------|-------|
| `header-analyzer` | Security headers audit | A05 |
| `sqli-scanner` | SQL injection (error-based, blind, time-based) | A03 |
| `xss-scanner` | Reflected Cross-Site Scripting | A03 |
| `csrf-scanner` | CSRF token detection | A08 |
| `ssrf-scanner` | Server-Side Request Forgery | A10 |
| `path-traversal` | Local File Inclusion / directory traversal | A01 |
| `dir-bruteforce` | Hidden directory/file discovery | A05 |
| `ssl-analyzer` | TLS/SSL configuration audit | A02 |
| `cors-checker` | CORS misconfiguration detection | A05 |
| `auth-tester` | Default credential testing | A07 |
| `api-scanner` | API endpoint discovery (REST, GraphQL, Swagger) | A01 |

### Network (7 modules)
| Module | Description |
|--------|-------------|
| `deep-port-scan` | Deep port scan with nmap scripts |
| `vuln-matcher` | CVE matching by service/version |
| `smb-enum` | SMB share enumeration + null sessions |
| `snmp-scanner` | SNMP community string testing |
| `ssh-audit` | SSH algorithm and cipher audit |
| `ftp-scanner` | Anonymous FTP access testing |
| `network-map` | Host discovery / ping sweep |

### Active Directory (4 modules)
| Module | Description |
|--------|-------------|
| `ldap-enum` | LDAP user/group/OU enumeration |
| `kerberos-scanner` | AS-REP Roasting, Kerberoasting |
| `password-spray` | Rate-limited password spraying |
| `ad-recon` | Domain info, password policy, trusts |

### Exploitation (3 modules)
| Module | Description |
|--------|-------------|
| `msf-bridge` | Metasploit Framework RPC integration |
| `exploit-db` | CVE-to-exploit matching (local DB) |
| `auto-exploit` | Automatic exploit selection by CVSS |

### Post-Exploitation (4 modules)
| Module | Description |
|--------|-------------|
| `privesc-check` | Privilege escalation vectors (Linux/Windows) |
| `file-enum` | Sensitive file discovery |
| `credential-dump` | Credential storage detection |
| `lateral-movement` | Lateral movement opportunity identification |

---

## Installation

```bash
# Clone
git clone https://github.com/YOUR_USERNAME/NightOwl.git
cd NightOwl

# Basic install
pip install -e .

# Full install (all optional deps)
pip install -e ".[full]"

# Development
pip install -e ".[dev,full]"
```

### System Requirements

- Python 3.11+
- nmap (for port scanning)
- Optional: Metasploit Framework (for exploitation modules)

---

## Quick Start

```bash
# Reconnaissance
nightowl recon example.com --full

# Web vulnerability scan
nightowl scan web https://example.com --all

# Network scan
nightowl scan network 192.168.1.0/24 --vuln

# Active Directory
nightowl scan ad 10.0.0.1 --domain CORP.LOCAL --user admin --password pass

# Full pentest pipeline (semi-auto)
nightowl full example.com --mode semi

# Generate report
nightowl report  --format html

# Launch web dashboard
nightowl dashboard --port 8080
```

---

## Web Dashboard

Launch the dashboard to manage scans visually:

```bash
nightowl dashboard
```

Open `http://127.0.0.1:8080` - features include:
- Real-time scan monitoring
- Findings browser with severity filtering
- Report generation and download
- Severity distribution charts

---

## Configuration

```bash
# Create config
nightowl config --init

# Validate
nightowl config --validate
```

Example `nightowl.yaml`:
```yaml
mode: semi
threads: 10
timeout: 30

scope:
  allowed_hosts:
    - example.com
    - "*.example.com"
  allowed_networks:
    - 192.168.1.0/24
  excluded_hosts:
    - production.example.com

rate_limit:
  requests_per_second: 10
  burst: 20
```

---

## Custom Plugins

Create a file in `plugins/`:

```python
from nightowl.core.plugin_base import ScannerPlugin
from nightowl.models.finding import Finding, Severity
from nightowl.models.target import Target

class MyScanner(ScannerPlugin):
    name = "my-scanner"
    description = "Custom vulnerability scanner"
    stage = "scan"  # recon | scan | exploit | post

    async def run(self, target: Target, **kwargs) -> list[Finding]:
        findings = []
        # Your logic here
        return findings
```

---

## Docker

```bash
# NightOwl only
docker-compose -f docker/docker-compose.yml up

# With vulnerable test targets (DVWA + Juice Shop)
docker-compose -f docker/docker-compose.yml --profile targets up
```

---

## Project Structure

```
NightOwl/
โ”œโ”€โ”€ nightowl/
โ”‚   โ”œโ”€โ”€ core/           # Engine, pipeline, plugin system, events
โ”‚   โ”œโ”€โ”€ models/         # Pydantic models (Finding, Target, Scan, Config)
โ”‚   โ”œโ”€โ”€ config/         # YAML loader, defaults, scope manager
โ”‚   โ”œโ”€โ”€ db/             # SQLAlchemy + SQLite
โ”‚   โ”œโ”€โ”€ modules/        # 37 built-in scanner plugins
โ”‚   โ”‚   โ”œโ”€โ”€ recon/      # DNS, ports, subdomains, tech detection
โ”‚   โ”‚   โ”œโ”€โ”€ web/        # OWASP Top 10 scanners
โ”‚   โ”‚   โ”œโ”€โ”€ network/    # SMB, SNMP, SSH, FTP auditing
โ”‚   โ”‚   โ”œโ”€โ”€ ad/         # Active Directory attacks
โ”‚   โ”‚   โ”œโ”€โ”€ exploit/    # Metasploit bridge, auto-exploit
โ”‚   โ”‚   โ””โ”€โ”€ postexploit/# Privesc, creds, lateral movement
โ”‚   โ”œโ”€โ”€ cli/            # Click commands + Rich formatters
โ”‚   โ”œโ”€โ”€ web/            # FastAPI dashboard
โ”‚   โ”œโ”€โ”€ reporting/      # HTML/PDF/Markdown generation
โ”‚   โ””โ”€โ”€ utils/          # Logger, rate limiter, network helpers
โ”œโ”€โ”€ plugins/            # Custom user plugins
โ”œโ”€โ”€ configs/            # YAML configuration files
โ”œโ”€โ”€ docker/             # Dockerfile + docker-compose
โ”œโ”€โ”€ tests/              # Unit + integration tests
โ””โ”€โ”€ reports/            # Generated reports
```

---

## Legal Disclaimer

NightOwl is designed for **authorized security testing only**. Always obtain written permission before scanning any target. Unauthorized scanning is illegal and unethical. The authors are not responsible for any misuse of this tool.

---

## License

MIT License - see [LICENSE](LICENSE) for details.