Share
## https://sploitus.com/exploit?id=45278946-60E0-56C2-8748-1A76267E4BC6
# NightOwl
**Advanced Penetration Testing Framework**
A modular, async Python pentesting bot with CLI + web dashboard. Built for CTFs, professional engagements, internal audits, and learning.



---
## Features
- **37 built-in scanner modules** across 6 stages
- **3 automation modes**: Full Auto, Semi-Auto (confirm before exploit), Manual
- **CLI interface** with Rich terminal UI (tables, progress bars, color-coded output)
- **Web dashboard** with FastAPI + HTMX + Tailwind (real-time scan monitoring)
- **Plugin system** for custom scanner modules
- **Report generation** in HTML, PDF, and Markdown
- **SQLite database** for persistent scan history
- **Rate limiting** with token bucket algorithm
- **Scope management** to stay within authorized boundaries
- **Docker support** with optional vulnerable test targets
## Scanner Modules
### Reconnaissance (7 modules)
| Module | Description |
|--------|-------------|
| `dns-enum` | DNS record enumeration (A, MX, NS, TXT, zone transfer) |
| `subdomain-enum` | Subdomain discovery via DNS bruteforce |
| `port-scanner` | TCP/UDP port scanning via nmap |
| `service-fingerprint` | Banner grabbing and service identification |
| `whois-lookup` | WHOIS domain registration info |
| `tech-detect` | Web technology detection (CMS, frameworks, libraries) |
| `web-spider` | Web crawler for links, forms, and parameters |
### Web Security (11 modules - OWASP Top 10)
| Module | Description | OWASP |
|--------|-------------|-------|
| `header-analyzer` | Security headers audit | A05 |
| `sqli-scanner` | SQL injection (error-based, blind, time-based) | A03 |
| `xss-scanner` | Reflected Cross-Site Scripting | A03 |
| `csrf-scanner` | CSRF token detection | A08 |
| `ssrf-scanner` | Server-Side Request Forgery | A10 |
| `path-traversal` | Local File Inclusion / directory traversal | A01 |
| `dir-bruteforce` | Hidden directory/file discovery | A05 |
| `ssl-analyzer` | TLS/SSL configuration audit | A02 |
| `cors-checker` | CORS misconfiguration detection | A05 |
| `auth-tester` | Default credential testing | A07 |
| `api-scanner` | API endpoint discovery (REST, GraphQL, Swagger) | A01 |
### Network (7 modules)
| Module | Description |
|--------|-------------|
| `deep-port-scan` | Deep port scan with nmap scripts |
| `vuln-matcher` | CVE matching by service/version |
| `smb-enum` | SMB share enumeration + null sessions |
| `snmp-scanner` | SNMP community string testing |
| `ssh-audit` | SSH algorithm and cipher audit |
| `ftp-scanner` | Anonymous FTP access testing |
| `network-map` | Host discovery / ping sweep |
### Active Directory (4 modules)
| Module | Description |
|--------|-------------|
| `ldap-enum` | LDAP user/group/OU enumeration |
| `kerberos-scanner` | AS-REP Roasting, Kerberoasting |
| `password-spray` | Rate-limited password spraying |
| `ad-recon` | Domain info, password policy, trusts |
### Exploitation (3 modules)
| Module | Description |
|--------|-------------|
| `msf-bridge` | Metasploit Framework RPC integration |
| `exploit-db` | CVE-to-exploit matching (local DB) |
| `auto-exploit` | Automatic exploit selection by CVSS |
### Post-Exploitation (4 modules)
| Module | Description |
|--------|-------------|
| `privesc-check` | Privilege escalation vectors (Linux/Windows) |
| `file-enum` | Sensitive file discovery |
| `credential-dump` | Credential storage detection |
| `lateral-movement` | Lateral movement opportunity identification |
---
## Installation
```bash
# Clone
git clone https://github.com/YOUR_USERNAME/NightOwl.git
cd NightOwl
# Basic install
pip install -e .
# Full install (all optional deps)
pip install -e ".[full]"
# Development
pip install -e ".[dev,full]"
```
### System Requirements
- Python 3.11+
- nmap (for port scanning)
- Optional: Metasploit Framework (for exploitation modules)
---
## Quick Start
```bash
# Reconnaissance
nightowl recon example.com --full
# Web vulnerability scan
nightowl scan web https://example.com --all
# Network scan
nightowl scan network 192.168.1.0/24 --vuln
# Active Directory
nightowl scan ad 10.0.0.1 --domain CORP.LOCAL --user admin --password pass
# Full pentest pipeline (semi-auto)
nightowl full example.com --mode semi
# Generate report
nightowl report --format html
# Launch web dashboard
nightowl dashboard --port 8080
```
---
## Web Dashboard
Launch the dashboard to manage scans visually:
```bash
nightowl dashboard
```
Open `http://127.0.0.1:8080` - features include:
- Real-time scan monitoring
- Findings browser with severity filtering
- Report generation and download
- Severity distribution charts
---
## Configuration
```bash
# Create config
nightowl config --init
# Validate
nightowl config --validate
```
Example `nightowl.yaml`:
```yaml
mode: semi
threads: 10
timeout: 30
scope:
allowed_hosts:
- example.com
- "*.example.com"
allowed_networks:
- 192.168.1.0/24
excluded_hosts:
- production.example.com
rate_limit:
requests_per_second: 10
burst: 20
```
---
## Custom Plugins
Create a file in `plugins/`:
```python
from nightowl.core.plugin_base import ScannerPlugin
from nightowl.models.finding import Finding, Severity
from nightowl.models.target import Target
class MyScanner(ScannerPlugin):
name = "my-scanner"
description = "Custom vulnerability scanner"
stage = "scan" # recon | scan | exploit | post
async def run(self, target: Target, **kwargs) -> list[Finding]:
findings = []
# Your logic here
return findings
```
---
## Docker
```bash
# NightOwl only
docker-compose -f docker/docker-compose.yml up
# With vulnerable test targets (DVWA + Juice Shop)
docker-compose -f docker/docker-compose.yml --profile targets up
```
---
## Project Structure
```
NightOwl/
โโโ nightowl/
โ โโโ core/ # Engine, pipeline, plugin system, events
โ โโโ models/ # Pydantic models (Finding, Target, Scan, Config)
โ โโโ config/ # YAML loader, defaults, scope manager
โ โโโ db/ # SQLAlchemy + SQLite
โ โโโ modules/ # 37 built-in scanner plugins
โ โ โโโ recon/ # DNS, ports, subdomains, tech detection
โ โ โโโ web/ # OWASP Top 10 scanners
โ โ โโโ network/ # SMB, SNMP, SSH, FTP auditing
โ โ โโโ ad/ # Active Directory attacks
โ โ โโโ exploit/ # Metasploit bridge, auto-exploit
โ โ โโโ postexploit/# Privesc, creds, lateral movement
โ โโโ cli/ # Click commands + Rich formatters
โ โโโ web/ # FastAPI dashboard
โ โโโ reporting/ # HTML/PDF/Markdown generation
โ โโโ utils/ # Logger, rate limiter, network helpers
โโโ plugins/ # Custom user plugins
โโโ configs/ # YAML configuration files
โโโ docker/ # Dockerfile + docker-compose
โโโ tests/ # Unit + integration tests
โโโ reports/ # Generated reports
```
---
## Legal Disclaimer
NightOwl is designed for **authorized security testing only**. Always obtain written permission before scanning any target. Unauthorized scanning is illegal and unethical. The authors are not responsible for any misuse of this tool.
---
## License
MIT License - see [LICENSE](LICENSE) for details.