Share
## https://sploitus.com/exploit?id=F1CE2A81-BFB1-5B60-AEFB-35DC4D23F0F4
# ๐Ÿ–ค Shadow Pentest Framework v1.0

> Automated CVE Discovery & Exploit Validation โ€” Red Team Tool

**For authorized penetration testing engagements only.**

---

## Features

- **Full Recon** โ€” Port scan, service fingerprinting, OS detection, web tech detection, SSL analysis
- **CVE Lookup** โ€” NVD/NIST API v2, filtered by CVSS score, with public exploit detection
- **Exploit Validation** โ€” Real active testing: RCE, SQLi, XSS, LFI, Auth Bypass, Info Disclosure
- **Professional Reports** โ€” PDF + JSON, ready to hand to remediation teams
- **Cross-platform** โ€” Windows, Linux, macOS

---

## Installation

```bash
# 1. Install nmap (required)
# Linux:   sudo apt install nmap
# macOS:   brew install nmap
# Windows: https://nmap.org/download.html

# 2. Install Python dependencies
pip install -r requirements.txt
```

---

## Usage

```bash
# Basic scan
python main.py 

# With custom CVSS threshold (only HIGH+ vulnerabilities)
python main.py 192.168.1.1 --cvss 7.0

# Fast mode โ€” CVE list only, no exploit validation
python main.py example.com --skip-validate

# Full scan with custom output directory
python main.py 10.0.0.5 --cvss 6.0 --timeout 15 --output /tmp/reports

# Limit to top 10 CVEs by CVSS
python main.py target.com --top-cves 10
```

---

## Pipeline

```
[Target Input]
     โ”‚
     โ–ผ
[1] RECON
   โ”œโ”€โ”€ Nmap: ports, services, versions, OS
   โ”œโ”€โ”€ Web: server headers, technologies
   โ””โ”€โ”€ SSL: certificate info

     โ”‚
     โ–ผ
[2] CVE LOOKUP (NVD API v2)
   โ”œโ”€โ”€ Match service+version โ†’ CVEs
   โ”œโ”€โ”€ Filter by CVSS score
   โ””โ”€โ”€ Flag CVEs with public exploits

     โ”‚
     โ–ผ
[3] EXPLOIT VALIDATION
   โ”œโ”€โ”€ Fetch exploit (Exploit-DB / GitHub PoC)
   โ”œโ”€โ”€ Categorize: RCE / SQLi / XSS / LFI / Auth / Info
   โ””โ”€โ”€ Active test โ†’ VULNERABLE / NOT_VULNERABLE / UNVERIFIED

     โ”‚
     โ–ผ
[4] REPORT
   โ”œโ”€โ”€ PDF โ€” professional, ready for client delivery
   โ””โ”€โ”€ JSON โ€” machine-readable, SIEM integration
```

---

## Output Example

```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘     SHADOW PENTEST FRAMEWORK v1.0        โ•‘
โ•‘  Automated CVE Discovery & Validation    โ•‘
โ•‘     For Authorized Engagements Only      โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

โ”Œโ”€ PHASE 1: RECONNAISSANCE
[+] Resolved IP: 93.184.216.34
[Open Services Table]

โ”Œโ”€ PHASE 2: CVE LOOKUP
[CVE Findings Table โ€” 12 CVEs found]

โ”Œโ”€ PHASE 3: EXPLOIT VALIDATION
[VULNERABLE]  CVE-2021-44228 โ€” RCE confirmed via /api?cmd=...
[NOT_VULNERABLE] CVE-2022-1234 โ€” payload did not execute

โ”Œโ”€ PHASE 4: REPORT GENERATION
[+] PDF Report: ./reports/shadow_report_target_20250515_112800.pdf
[+] JSON Report: ./reports/shadow_report_target_20250515_112800.json
```

---

## Validation Types

| Type | Method |
|------|--------|
| RCE | Command injection payload reflection |
| SQLi | Boolean-based blind + error disclosure |
| XSS | Reflected payload in response |
| LFI | File content exposure (/etc/passwd) |
| Auth Bypass | Default creds + SQLi login bypass |
| Info Disclosure | Sensitive file exposure (.env, .git, etc.) |
| DoS | Safe: connectivity check only |

---

*Shadow Red Team โ€” Authorized use only*