Skip to content

All-in-one Python script that automates the employment of multiple types of penetration tests and security assessment tasks onto a target website, such as information gathering, vulnerability scanning and more.

License

Notifications You must be signed in to change notification settings

Sharma-IT/penetration-testing-toolkit

Repository files navigation

Penetration Testing Toolkit

The Penetration Testing Toolkit is a robust Python-based tool that combines various techniques and tools to perform thorough security assessments on web applications. From information gathering to vulnerability scanning and manual testing, this toolkit provides a structured and automated approach to identifying vulnerabilities and helping secure digital assets.

Table of Contents

  1. Features
  2. Prerequisites
  3. Usage
  4. Project Structure
  5. Security Considerations
  6. Disclaimer
  7. Contributing
  8. Contact
  9. License

Features

  • Information gathering using DNS lookup, Whois lookup, and HTTP header retrieval.
  • Vulnerability scanning for SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
  • Manual testing for insecure file upload and misconfigured access controls.
  • Exploitation for SQL injection and Cross-Site Scripting (XSS).
  • Post-exploitation tasks for collecting credentials and sensitive data.
  • Report generation in HTML and JSON formats, including detailed findings and vulnerability distribution graphs.

Prerequisites

  • Python 3.x
  • Required Python libraries (install using pip):
    • requests
    • beautifulsoup4
    • jinja2
    • matplotlib

Usage

  1. Clone this repository:
git clone https://github.com/Sharma-IT/penetration-testing-toolkit.git
cd penetration-testing-toolkit
  1. Install the required Python libraries:
pip install -r requirements.txt
  1. Run the script:
python main.py
  1. Follow the prompts and menu options to perform various security assessment tasks.

Project Structure

  • main.py: The main Python script that orchestrates the penetration testing tasks.
  • templates/: Folder containing HTML template files for report generation.
  • reports/: Folder where generated reports will be stored.
  • payload.php: PHP payload for exploitation. Ensure proper usage and security measures.
  • database.db: SQLite database for storing results and report details.

Security Considerations

  • Use this toolkit responsibly and only on systems you have explicit permission to assess.
  • Always follow ethical hacking guidelines and obtain proper authorisation before conducting any penetration testing.
  • Securely store sensitive data and credentials used for testing.
  • Regularly update and patch your testing environment to prevent unintended consequences.

Disclaimer

This toolkit is provided for educational and ethical purposes only. I am are not responsible for any misuse or damage caused by its use.

Contributing

Pull requests are welcomed. For major changes, please open an issue first to discuss what you would like to change.

Contact

Shubham Sharma - My LinkedIn - [email protected].

License

This project is licensed under the GPL 3.0 License - see the LICENSE file for details.

About

All-in-one Python script that automates the employment of multiple types of penetration tests and security assessment tasks onto a target website, such as information gathering, vulnerability scanning and more.

Topics

Resources

License

Stars

Watchers

Forks