Share
## https://sploitus.com/exploit?id=F1CE2A81-BFB1-5B60-AEFB-35DC4D23F0F4
# ๐ค Shadow Pentest Framework v1.0
> Automated CVE Discovery & Exploit Validation โ Red Team Tool
**For authorized penetration testing engagements only.**
---
## Features
- **Full Recon** โ Port scan, service fingerprinting, OS detection, web tech detection, SSL analysis
- **CVE Lookup** โ NVD/NIST API v2, filtered by CVSS score, with public exploit detection
- **Exploit Validation** โ Real active testing: RCE, SQLi, XSS, LFI, Auth Bypass, Info Disclosure
- **Professional Reports** โ PDF + JSON, ready to hand to remediation teams
- **Cross-platform** โ Windows, Linux, macOS
---
## Installation
```bash
# 1. Install nmap (required)
# Linux: sudo apt install nmap
# macOS: brew install nmap
# Windows: https://nmap.org/download.html
# 2. Install Python dependencies
pip install -r requirements.txt
```
---
## Usage
```bash
# Basic scan
python main.py
# With custom CVSS threshold (only HIGH+ vulnerabilities)
python main.py 192.168.1.1 --cvss 7.0
# Fast mode โ CVE list only, no exploit validation
python main.py example.com --skip-validate
# Full scan with custom output directory
python main.py 10.0.0.5 --cvss 6.0 --timeout 15 --output /tmp/reports
# Limit to top 10 CVEs by CVSS
python main.py target.com --top-cves 10
```
---
## Pipeline
```
[Target Input]
โ
โผ
[1] RECON
โโโ Nmap: ports, services, versions, OS
โโโ Web: server headers, technologies
โโโ SSL: certificate info
โ
โผ
[2] CVE LOOKUP (NVD API v2)
โโโ Match service+version โ CVEs
โโโ Filter by CVSS score
โโโ Flag CVEs with public exploits
โ
โผ
[3] EXPLOIT VALIDATION
โโโ Fetch exploit (Exploit-DB / GitHub PoC)
โโโ Categorize: RCE / SQLi / XSS / LFI / Auth / Info
โโโ Active test โ VULNERABLE / NOT_VULNERABLE / UNVERIFIED
โ
โผ
[4] REPORT
โโโ PDF โ professional, ready for client delivery
โโโ JSON โ machine-readable, SIEM integration
```
---
## Output Example
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SHADOW PENTEST FRAMEWORK v1.0 โ
โ Automated CVE Discovery & Validation โ
โ For Authorized Engagements Only โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ PHASE 1: RECONNAISSANCE
[+] Resolved IP: 93.184.216.34
[Open Services Table]
โโ PHASE 2: CVE LOOKUP
[CVE Findings Table โ 12 CVEs found]
โโ PHASE 3: EXPLOIT VALIDATION
[VULNERABLE] CVE-2021-44228 โ RCE confirmed via /api?cmd=...
[NOT_VULNERABLE] CVE-2022-1234 โ payload did not execute
โโ PHASE 4: REPORT GENERATION
[+] PDF Report: ./reports/shadow_report_target_20250515_112800.pdf
[+] JSON Report: ./reports/shadow_report_target_20250515_112800.json
```
---
## Validation Types
| Type | Method |
|------|--------|
| RCE | Command injection payload reflection |
| SQLi | Boolean-based blind + error disclosure |
| XSS | Reflected payload in response |
| LFI | File content exposure (/etc/passwd) |
| Auth Bypass | Default creds + SQLi login bypass |
| Info Disclosure | Sensitive file exposure (.env, .git, etc.) |
| DoS | Safe: connectivity check only |
---
*Shadow Red Team โ Authorized use only*