Pentest Tools Framework: Open-Source Exploit and Vulnerability Scanner for Web Security Experts and Beginners

Pentest Tools Framework: Open-Source Exploit and Vulnerability Scanner for Web Security Experts and Beginners

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

It is written in Python and uses some Perl, Ruby and PHP scripts.

It includes a variety of modules for network scanning, web application testing, vulnerability detection, and exploitation.

Key features include automated reconnaissance, password cracking, network sniffing, and exploit testing tools.

The framework simplifies the process of conducting security assessments by offering these tools in an organized and user-friendly interface, making it useful for security professionals looking to identify vulnerabilities across different attack surfaces.

Included Modules

Command Rank Description
exploit/webmin_packageup_rce excellent Webmin Package Updates Remote Command Execution
exploit/shellshock good cgi-bin/vulnerable shellshock
exploit/dns_bruteforce high DNS Bruteforce with nmap
exploit/jenkins_script_console good Jenkins-CI Script-Console Java Execution
exploit/cisco_ucs_rce excellent Cisco UCS Director Unauthenticated Remote Code Execution
exploit/eternalblue good MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
exploit/openssl_heartbleed high Dump OpenSSL Heartbleed
exploit/web_delivery good Script Web Delivery
exploit/inject_html normal Inject HTML code in all visited webpages
exploit/android_remote_access expert Remote Access Administrator (RAT)
exploit/auto_sql good Auto with SQLMap
exploit/restrict_anonymous normal Obtain credentials
exploit/abrt_privilege_escalation normal ABRT - sosreport Privilege Escalation
exploit/vbulletin_rce good vBulletin 5.x 0day pre-auth RCE exploit
exploit/smb good Arbitrary Samba exploit
exploit/cmsms_showtime2_rce normal CMS Made Simple Showtime2 File Upload RCE
exploit/tp_link_dos normal TP_LINK DOS, 150M Wireless Lite N Router, Model No. TL-WR740N
exploit/robots normal robots.txt Detected
exploit/cpanel_bruteforce normal cPanel Bruteforce
exploit/shakescreen high Shaking Web Browser content
exploit/php_thumb_shell_upload good PHP Shell Uploads
exploit/bluekeep good CVE-2019-0708 BlueKeep RCE
exploit/sonicwall normal Sonicwall SRA <= v8.1.0.2-14sv Remote Exploit
exploit/samba good Samba Exploits
exploit/cisco_dcnm_upload_2019 excellent Cisco Data Center Network Manager Unauthenticated Remote Code Execution
exploit/awind_snmp_exec good AwindInc SNMP Service Command Injection
exploit/enumeration high Simple Enumeration
exploit/dos_attack normal Hping3 DOS attack
exploit/wp_symposium_shell_upload good Symposium Shell Upload
exploit/joomla_com_hdflayer manual Joomla Exploit HDFlayer
exploit/joomla0day_com_myngallery good Exploits com Myngallery
exploit/inject_javascript normal Inject JavaScript code in all visited webpages
exploit/apache good Apache Exploit
exploit/davtest good Testing Tool for WebDAV Server
exploit/joomla_com_foxcontact high Joomla FoxContact
exploit/ldap_buffer_overflow normal Apache Module mod_rewrite LDAP Protocol Buffer Overflow
exploit/joomla_simple_shell high Joomla Simple Shell
exploit/bypass_waf normal Bypass WAF
exploit/cms_rce normal CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
exploit/joomla_comfields_sqli_rce high Joomla Component Fields SQLi Remote Code Execution
exploit/power_dos manual Denial of Service
exploit/zenworks_configuration excellent Novell ZENworks Configuration Management Arbitrary File Upload
exploit/samsung_knox_smdm_url good Samsung Galaxy KNOX Android Browser RCE

Included Security Scanners

Command Rank Description
scanner/enumiax good protocol username enumeration
scanner/wordpress_user_dislosure normal WordPress 5.3 User Disclosure
scanner/botnet_scanning normal Botnet Scanning, first need to find the botnet IP
scanner/check_ssl_certificate normal SSL Certificate Checker
scanner/http_services normal Gather page titles from HTTP services
scanner/dnsrecon normal DNS Record Enumeration
scanner/sslscan normal SSL Scanner
scanner/ssl_cert normal Nmap script ssl-cert
scanner/dns_zone_transfer normal DNS Zone Transfer
scanner/dns_bruteforce normal DNS Bruteforce
scanner/zone_walking normal Zone Walking
scanner/web_services normal Get HTTP headers of web services
scanner/http_enum normal Find web apps from known paths
scanner/ddos_reflectors normal Scan for UDP DDoS reflectors
scanner/grabbing_detection normal Light banner grabbing detection
scanner/discovery normal Scan selected ports - ignore discovery
scanner/bluekeep good CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check
scanner/drupal_scan good Drupal Scanner
scanner/eternalblue good SMB RCE Detection
scanner/header good Header Scanner with Nmap
scanner/firewalk good Firewalk
scanner/whois high Whois Information Gathering
scanner/dmitry good Information Gathering Tool
scanner/admin_finder normal Admin Finder
scanner/heartbleed normal Heartbleed Vulnerability Scanner
scanner/wordpress_scan normal WordPress Scanner
scanner/ssl_scanning good SSL Vulnerability Scanning
scanner/dns_bruteforce normal DNS Bruteforce
scanner/nmap_scanner normal Port Scanners Nmap
scanner/https_discover normal HTTPS Discover
scanner/smb_scanning good Scan Vulnerable SMB Server
scanner/joomla_vulnerability_scanners high Joomla Vulnerability Scanners
scanner/mysql_empty_password good MySQL Empty Password Detection
scanner/joomla_scanners_v.2 good Joomla Scanning
scanner/joomla_scanners_v3 normal Joomla Scanning
scanner/jomscan_v4 good Scan Joomla
scanner/webdav_scan normal WebDAV Scan Vulnerabilities
scanner/joomla_sqli_scanners high Joomla SQLi Vulnerability Scanners
scanner/lfi_scanners good Local File Inclusion (LFI) Bug Scanning
scanner/port_scanners manual Port Scan
scanner/dir_search high Directory Web Scanning
scanner/dir_bruteforce good Directory Scanning
scanner/wordpress_user_scan good Get WordPress Username
scanner/cms_war high Full Scan All Websites
scanner/usr_pro_wordpress_auto_find normal Find WordPress User Vulnerability
scanner/nmap_vuln normal Vulnerability Scanner
scanner/xss_scaner normal XSS Vulnerability Detection
scanner/spaghetti high Web Application Security Scanner
scanner/dnslookup normal DNS Lookup Scan
scanner/reverse_dns normal Reverse DNS Lookup
scanner/domain_map normal Domain Map Scanner
scanner/dns_report normal DNS Report
scanner/find_shared_dns normal Find Shared DNS Servers
scanner/golismero normal Vulnerability Scanning with Golismero
scanner/dns_propagation low DNS Propagation
scanner/find_records normal Find DNS Records
scanner/cloud_flare normal CloudFlare Scanner
scanner/extract_links normal Link Extractor
scanner/web_robot normal Web Robots Scanner
scanner/enumeration normal HTTP Enumeration
scanner/ip_locator good IP Locator

License

GPL-3.0 License

Resources & Download

GitHub - 3xploit-db/Pentest-Tools-Framework: Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerab…







Open-source Apps

9,500+

Medical Apps

500+

Lists

450+

Dev. Resources

900+

Read more