/
_ / |
/ |
| || |
| | | /
| /| |/
|/ |/
,/; ; ;
,'/|; ,/,/,
,'/ |;/,/,/,/|
,/; |;|/,/,/,/,/|
,/'; |;|,/,/,/,/,/|
,/'; |;|/,/,/,/,/,/|,
/ ; |;|,/,/,/,/,/,/|
/ ,'; |;|/,/,/,/,/,/,/|
/,/'; |;|,/,/,/,/,/,/,/|
/;/ '; |;|/,/,/,/,/,/,/,/| ██████╗ ███████╗ ██████╗ █████╗ ███████╗██╗ ██╗███████╗
██╔══██╗██╔════╝██╔════╝ ██╔══██╗██╔════╝██║ ██║██╔════╝
██████╔╝█████╗ ██║ ███╗███████║███████╗██║ ██║███████╗
██╔═══╝ ██╔══╝ ██║ ██║██╔══██║╚════██║██║ ██║╚════██║
██║ ███████╗╚██████╔╝██║ ██║███████║╚██████╔╝███████║
╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚══════╝
P E N T E S T A R S E N A L
A complete net software safety testing toolkit that mixes 10 highly effective penetration testing options into one instrument.
Creator
Options
- Subdomain + Curl HTTP Scanner
- Discovers subdomains utilizing a wordlist
- Checks HTTP standing and safety headers
-
Identifies potential safety Misconfigurations” title=”Misconfigurations”>misconfigurations
-
JWT Token Inspector
- Analyzes JWT token construction and claims
- Identifies safety points in token configuration
-
Detects frequent JWT vulnerabilities
-
Parameter Air pollution Finder
- Checks for HTTP Parameter Air pollution (HPP)
- Identifies susceptible parameters
-
Detects server-side parameter dealing with points
-
CORS Misconfiguration Scanner
- Checks for CORS coverage misconfigurations
- Identifies harmful wildcard insurance policies
-
Detects credential publicity dangers
-
Add Bypass Tester
- Checks file add restrictions
- Makes an attempt varied bypass methods
-
Identifies harmful file kind dealing with
-
Uncovered .git Listing Finder
- Scans for uncovered model management recordsdata
- Identifies leaked Git repositories
-
Checks for delicate info disclosure
-
SSRF (Server Aspect Request Forgery) Detector
- Checks for SSRF vulnerabilities
- Identifies susceptible parameters
-
Contains cloud metadata endpoint exams
-
Blind SQL Injection Time Delay Detector
- Checks for time-based SQL injection
- Helps a number of database sorts
-
Identifies injectable parameters
-
Native File Inclusion (LFI) Mapper
- Checks for LFI vulnerabilities
- Contains path traversal detection
-
Helps varied encoding bypasses
-
Internet Utility Firewall (WAF) Fingerprinter
- Identifies WAF presence
- Detects WAF vendor/kind
- Checks WAF effectiveness
Set up
- Clone the repository:
git clone https://github.com/sobri3195/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
- Create a digital surroundings (advisable):
python -m venv venv
supply venv/bin/activate # On Home windows: venvScriptsactivate
- Set up dependencies:
pip set up -r necessities.txt
Utilization
- Run the primary script:
python pegasus_pentest.py
- Choose a instrument from the menu (1-10)
- Comply with the prompts to enter goal info
- Assessment the outcomes
Necessities
- Python 3.8+
- Required packages (see necessities.txt):
- requests
- httpx
- urllib3
- colorama
- pyjwt
- beautifulsoup4
Safety Concerns
- This instrument is for instructional and licensed testing functions solely
- All the time acquire correct authorization earlier than testing any goal
- Some options might set off safety alerts or be blocked by safety controls
- Use responsibly and ethically
Contributing
- Fork the repository
- Create a function department
- Commit your modifications
- Push to the department
- Create a Pull Request
License
This venture is licensed below the MIT License – see the LICENSE file for particulars.
Disclaimer
This instrument is offered for instructional and licensed testing functions solely. Customers are accountable for acquiring correct authorization earlier than testing any goal. The authors are usually not accountable for any misuse or injury attributable to this instrument.
