Share
## https://sploitus.com/exploit?id=E834820B-9821-5C48-ADF1-0663BF7FA8E7
# Penetration Testing Framework
[](https://opensource.org/licenses/MIT)
[](https://owasp.org/)
[](http://www.pentest-standard.org/)
[](https://owasp.org/www-project-web-security-testing-guide/)
[](https://github.com/)
[](https://www.gnu.org/software/bash/)
A modular penetration testing framework providing scripts, methodologies, and documentation for security assessments across OSINT, network reconnaissance, exploitation, and web application testing phases.
## Overview
This framework provides a structured approach to penetration testing with reusable scripts, detailed methodology documentation, and practical examples. It follows industry-standard methodologies including PTES, NIST SP 800-115, and OWASP WSTG.
**Note**: All examples use anonymized data. IP addresses, domain names, and credentials shown are either fictional or from intentionally vulnerable applications (OWASP Juice Shop).
## Project Structure
```
.
โโโ osint/ # Passive reconnaissance (OSINT)
โ โโโ scripts/ # Automation scripts for OSINT
โ โโโ wordlists/ # Generated wordlists from reconnaissance
โ โโโ README.md # OSINT methodology documentation
โ
โโโ active-recon/ # Active reconnaissance phase
โ โโโ scripts/ # Network scanning and enumeration scripts
โ โโโ examples/ # Sample outputs and reports
โ โโโ README.md # Active recon methodology
โ
โโโ exploitation/ # Controlled exploitation phase
โ โโโ elasticsearch/ # Elasticsearch security assessment
โ โโโ scripts/ # Exploitation PoC scripts
โ โโโ README.md # Exploitation methodology
โ
โโโ juice-shop/ # Grey box web application testing
โ โโโ vulnerabilities/ # Detailed vulnerability writeups
โ โโโ http-requests/ # HTTP request examples (Burp-style)
โ โโโ README.md # Web app testing methodology
โ
โโโ docs/ # Additional documentation
โ โโโ METHODOLOGY.md # Full testing methodology
โ โโโ ATTACK_SURFACE.md # Attack surface mapping template
โ โโโ REMEDIATION.md # Remediation planning guide
โ
โโโ DISCLAIMER.md # Legal disclaimer
โโโ LICENSE # MIT License
โโโ README.md # This file
```
## Methodologies & Frameworks
- **PTES** (Penetration Testing Execution Standard)
- **NIST SP 800-115** (Technical Guide to Information Security Testing)
- **OWASP WSTG** (Web Security Testing Guide)
- **OWASP Top 10 2021**
## Phases Covered
### 1. Passive Reconnaissance (OSINT)
- Google Dorks automation
- Wayback Machine analysis
- Certificate Transparency (CT) log enumeration
- Shodan/Censys queries
- LinkedIn username enumeration
### 2. Active Reconnaissance
- Host discovery (nmap, arp-scan)
- Service enumeration
- Banner grabbing
- Middleware probing (Redis, Elasticsearch)
### 3. Controlled Exploitation
- Elasticsearch CVE-2015-1427, CVE-2015-5531
- AJP Ghostcat (CVE-2020-1938)
- Jenkins CLI vulnerabilities
- ActiveMQ CVE-2023-46604, CVE-2016-3088
- Weak credential discovery
### 4. Web Application Testing (Grey Box)
- Authentication bypass (SQL Injection)
- Broken Access Control (IDOR/BOLA)
- Cross-Site Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- Insecure Direct Object References
- JWT session management flaws
- File upload vulnerabilities
- Mass assignment / privilege escalation
## Key Findings Summary
| Category | Critical | High | Medium | Low |
|----------|----------|------|--------|-----|
| Infrastructure | 5 | 7 | 3 | 1 |
| Web Application | 2 | 9 | 4 | 1 |
| **Total** | **7** | **16** | **7** | **2** |
## Tools Used
### Reconnaissance
- nmap, masscan
- Burp Suite
- curl, wget
- Shodan, Censys
- crt.sh, Wayback Machine
### Exploitation
- Nuclei
- Custom Python/Bash scripts
- Native clients (redis-cli, mysql, curl)
### Web Testing
- Burp Suite (Proxy, Repeater, Intruder)
- Browser DevTools
- Custom HTTP requests
## Features
- **Modular Architecture**: Independent modules for each testing phase
- **Reusable Scripts**: Production-ready Bash scripts with error handling
- **Comprehensive Documentation**: Detailed methodology guides and templates
- **Practical Examples**: Real-world vulnerability writeups and HTTP requests
- **Standards Compliant**: Follows PTES, NIST SP 800-115, OWASP WSTG
- **Remediation Guidance**: Prioritized fix recommendations with code examples
## Quick Start
```bash
# Clone the repository
git clone https://github.com/LaurentGiovannoni/penetration-testing-framework.git
cd penetration-testing-framework
# Make scripts executable
chmod +x osint/scripts/*.sh
chmod +x active-recon/scripts/*.sh
chmod +x exploitation/scripts/*.sh
chmod +x exploitation/elasticsearch/*.sh
# Run OSINT on a target domain
./osint/scripts/ct_enum.sh example.com
# Run active reconnaissance
./active-recon/scripts/port_scan.sh 192.168.1.0/24 quick
# Check Elasticsearch security
./exploitation/elasticsearch/es_check.sh 192.168.1.10:9200
```
## Disclaimer
This framework is for **authorized security testing and educational purposes only**.
- Only use on systems you own or have explicit written permission to test
- The authors are not responsible for misuse or damage caused by this framework
- All examples use intentionally vulnerable applications (OWASP Juice Shop) or fictional data
See [DISCLAIMER.md](DISCLAIMER.md) for full legal notice.
## Author
**Laurent Giovannoni**
- GitHub: [@LaurentGiovannoni](https://github.com/LaurentGiovannoni)
## Contributing
Contributions are welcome! Feel free to:
- Submit bug reports and feature requests via [Issues](../../issues)
- Fork the repository and submit Pull Requests
- Improve documentation or add new modules
## License
This project is licensed under the MIT License - see [LICENSE](LICENSE) for details.
---
**References**:
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
- [PTES Standard](http://www.pentest-standard.org/)
- [NIST SP 800-115](https://csrc.nist.gov/publications/detail/sp/800-115/final)
- [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)