Share
## https://sploitus.com/exploit?id=C9630E62-98D9-5582-A1CA-033A27C6BB44
# Pentest Scripts - Unified Security Testing Framework

## ๐ŸŽฏ Quick Start - Interactive Console

The framework provides an **interactive console interface** for easy testing:

```bash
# Start interactive framework
python start.py
```

### Interactive Console Commands:

Once started, you'll see an interactive menu:

```
pentest> set https://target.example.com    # Set target URL
pentest> help                               # Show all modules help
pentest> help cloud-crypto                  # Show specific module help
pentest> 1                                  # Run cloud-crypto test
pentest> owasp-test                         # Run OWASP testing
pentest> exit                               # Exit framework
```

### Available Tests (Interactive Menu):

1. **cloud-crypto** - Infrastructure & Cloud Security Testing
2. **owasp-test** - OWASP Top 10 Complete Testing
3. **owasp-exploit** - OWASP Exploitation Attempts
4. **aggressive** - Aggressive Penetration Testing
5. **web-scan** - Advanced Web Application Testing
6. **exploit-found** - Exploit Found Vulnerabilities
7. **owasp-suite** - Combined OWASP Suite (All Tests)

### Alternative: Direct Command Line

You can also run tests directly without interactive mode:

```bash
python pentest.py cloud-crypto --url https://target.example.com
python pentest.py owasp-test
python pentest.py aggressive
```

## ๐Ÿ“‹ Available Test Modules

### ๐ŸŒ Infrastructure & Cloud Security (`cloud-crypto`)
- **DNS reconnaissance** - Subdomain discovery, DNS records
- **TLS/HTTPS analysis** - Certificate validation, cipher suites
- **Port scanning** - Open ports, service enumeration
- **HTTP security headers** - CSP, HSTS, X-Frame-Options
- **External tool integration** - Nikto, Nmap (optional with `--extra`)

### ๐Ÿ›ก๏ธ OWASP Top 10 Testing (`owasp-test`)
- **A01: Broken Access Control** - IDOR, privilege escalation
- **A02: Cryptographic Failures** - Weak encryption, sensitive data
- **A03: Injection** - SQLi, XSS, command injection
- **A04: Insecure Design** - Business logic flaws
- **A05: Security Misconfiguration** - Debug endpoints, default credentials
- **A06: Vulnerable Components** - Outdated libraries
- **A07: Authentication Failures** - Weak auth mechanisms
- **A08: Software Integrity** - Insecure deserialization
- **A09: Logging Failures** - Insufficient monitoring
- **A10: Server-Side Request Forgery** - SSRF vulnerabilities

### โšก OWASP Exploitation (`owasp-exploit`)
- **Active exploitation attempts** of discovered vulnerabilities
- **SQL injection payloads** with automated testing
- **Cross-site scripting** proof-of-concepts
- **Authentication bypass** techniques
- **Privilege escalation** attempts

### ๐Ÿ”ฅ Aggressive Pentesting (`aggressive`)
- **OTP brute force** with intelligent patterns
- **Account enumeration** via timing attacks
- **Session hijacking** analysis
- **Clickjacking** vulnerability checks
- **CSRF** protection testing
- **Race condition** exploitation
- **Information disclosure** discovery
- **JWT token** security analysis

### ๐Ÿ•ต๏ธ Advanced Web Testing (`web-scan`)
- **Content analysis** and information gathering
- **Cookie security** assessment
- **CORS misconfiguration** detection
- **XSS vulnerability** scanning
- **SQL injection** testing
- **Directory enumeration** 
- **Rate limiting** analysis
- **Open redirect** detection

### ๐Ÿ”“ Vulnerability Exploitation (`exploit-found`)
- **Refresh token theft** attempts
- **Session fixation** attacks
- **Token replay** vulnerabilities
- **CSRF exploitation** with generated PoCs

### ๐ŸŽช JWT Security Testing
- **Algorithm confusion** attacks
- **None algorithm** exploitation
- **Weak secret** brute force
- **Claim manipulation** attempts

### ๐Ÿ‘จโ€๐Ÿ’ผ Professional Multi-Tool Pentesting
- **Nmap integration** for port scanning
- **Nikto web scanning**
- **SQLMap injection testing**
- **Directory enumeration** tools
- **Fuzzing** attacks
- **SSL/TLS configuration** analysis

## โš™๏ธ Configuration

### Environment Variables
```bash
# Set target URLs (optional, defaults to example.com)
export PENTEST_BASE_URL="https://target.example.com"
export PENTEST_BACKEND_API="https://api.example.com"
```

### Authentication
Place authentication tokens in:
- `saved_cookies.json` - Session cookies for authenticated testing
- `saved_storage.json` - Local storage data

## ๐Ÿ“Š Reporting

All modules generate detailed JSON reports with:
- **Timestamped findings** with severity levels
- **Vulnerability details** and proof-of-concepts
- **Remediation recommendations**
- **PoC files** for exploits (saved to `/tmp/`)

Example report location: `cloud_crypto_results.json`

## ๐Ÿš€ Usage Examples

### Interactive Console Workflow (Recommended)

```bash
# Start interactive framework
python start.py

# In the interactive console:
pentest> set https://your-target.com        # Set target
pentest> help                                # View all available tests
pentest> help cloud-crypto                   # Get detailed info about specific test
pentest> 1                                   # Run infrastructure testing (cloud-crypto)
pentest> 2                                   # Run OWASP Top 10 testing
pentest> 7                                   # Run complete OWASP suite
pentest> exit                                # Exit when done
```

### Full Pentest Session Example

```bash
$ python start.py

   ๐Ÿ”’ INTERACTIVE PENETRATION TESTING FRAMEWORK ๐Ÿ”’
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

Available Commands:

   1. cloud-crypto     - Infrastructure & Cloud Security Testing
   2. owasp-test       - OWASP Top 10 Complete Testing
   3. owasp-exploit    - OWASP Exploitation Attempts
   4. aggressive       - Aggressive Penetration Testing
   5. web-scan         - Advanced Web Application Testing
   6. exploit-found    - Exploit Found Vulnerabilities
   7. owasp-suite      - Combined OWASP Suite (All Tests)

   set            - Set target URL
   help                - Show detailed help for all modules
   help        - Show help for specific module
   clear               - Clear screen
   exit                - Exit framework

โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

pentest> set https://target.example.com
โœ… Target URL set to: https://target.example.com

pentest> help cloud-crypto
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
   ๐Ÿ“– Infrastructure & Cloud Security Testing
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
[Detailed module information displayed here]

pentest> 1
๐Ÿš€ Starting cloud-crypto against https://target.example.com...
[Test execution...]
โœ… Cloud/Crypto pentest finished. Report: cloud_crypto_results.json

pentest> owasp-test
๐Ÿš€ Starting owasp-test against https://target.example.com...
[Test execution...]
โœ… OWASP testing completed

pentest> exit
๐Ÿ‘‹ Exiting framework. Stay safe!
```

### Direct Command Line (Alternative)

```bash
# Quick single-test execution
python pentest.py cloud-crypto --url https://target.example.com
python pentest.py owasp-test
python pentest.py aggressive
```

## ๐Ÿ› ๏ธ Requirements

Install dependencies:
```bash
pip install -r requirements.txt
```

Optional external tools (for enhanced scanning):
```bash
# Install on Ubuntu/Debian
sudo apt-get install nmap nikto

# Install on macOS
brew install nmap nikto
```

## โš ๏ธ Important: Legal and Safety

**All personal data has been sanitized:**
- โœ… Tokens replaced with `[REDACTED_TOKEN]`
- โœ… IP addresses replaced with `[REDACTED_IP]`
- โœ… Domains replaced with `example.com`
- โœ… Phones replaced with `[REDACTED_PHONE]`
- โœ… Emails replaced with `[REDACTED_EMAIL]`

**Usage requirements:**
- โš ๏ธ **Only for legal testing of systems you own**
- โš ๏ธ **Requires explicit permission from system owner**
- โš ๏ธ **Unauthorized use is illegal and prosecutable**

## ๐Ÿ“ Project Structure

```
pentest/
โ”œโ”€โ”€ start.py                # ๐Ÿš€ Interactive console (MAIN ENTRY POINT)
โ”œโ”€โ”€ pentest.py              # Direct CLI (alternative interface)
โ”œโ”€โ”€ pentestkit/             # Configuration utilities
โ”‚   โ”œโ”€โ”€ config.py          # URL and token management
โ”‚   โ””โ”€โ”€ __init__.py        # Package exports
โ”œโ”€โ”€ pentest_cloud_crypto.py # Infrastructure security
โ”œโ”€โ”€ pentest_advanced.py     # Advanced web testing
โ”œโ”€โ”€ pentest_aggressive.py   # Aggressive pentesting
โ”œโ”€โ”€ owasp_suite.py          # Consolidated OWASP testing
โ”œโ”€โ”€ test_owasp_top10_complete.py # OWASP Top 10 tests
โ”œโ”€โ”€ exploit_all_owasp.py    # OWASP exploitation
โ”œโ”€โ”€ exploit_found_vulns.py  # Found vulnerability exploits
โ”œโ”€โ”€ jwt_exploitation_real.py # JWT security testing
โ””โ”€โ”€ professional_pentest_v2.py # Multi-tool pentesting
```

### Key Files:

- **`start.py`** - ๐ŸŽฏ **Interactive console interface** (recommended for users)
  - User-friendly menu-driven interface
  - Built-in help system for all modules
  - Interactive target URL configuration
  - Command shortcuts (1-7 for quick access)

- **`pentest.py`** - Direct command-line interface (for automation/scripts)
  - Accepts command-line arguments
  - Suitable for CI/CD integration
  
- **`pentestkit/config.py`** - Centralized configuration
  - Shared by all modules
  - Manages URLs and authentication tokens

## ๐ŸŽฏ Testing Workflow

### Recommended: Interactive Console Approach

```bash
# Step 1: Start interactive framework
python start.py

# Step 2: Set target URL
pentest> set https://target.example.com

# Step 3: Get help on available tests
pentest> help

# Step 4: Run infrastructure reconnaissance
pentest> cloud-crypto
# or
pentest> 1

# Step 5: Run web application testing
pentest> web-scan
# or
pentest> 5

# Step 6: Run comprehensive OWASP assessment
pentest> owasp-suite
# or
pentest> 7

# Step 7: Review results and exit
pentest> exit
```

### Alternative: Direct CLI for Automation

```bash
# Run tests via direct command line
python pentest.py cloud-crypto --url https://target.example.com
python pentest.py web-scan --url https://target.example.com
python pentest.py owasp-suite --url https://target.example.com
```

## ๐Ÿ“ˆ Module Integration

All modules share:
- **Centralized configuration** via `pentestkit.config`
- **Unified authentication** handling
- **Consistent reporting** format
- **Modular architecture** for easy extension