Skip to content

moetazbrayekbackup/ULTIMATE-PENTEST-SCANNER

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
readme.md
readme.md
Β 
Β 
ultimate-pentest-scanner.py
ultimate-pentest-scanner.py
Β 
Β 

Repository files navigation

πŸš€ Ultimate Pentest Scanner v2.0

Python Version License Platform Maintenance

The Ultimate Penetration Testing Scanner is a comprehensive, professional-grade security assessment framework designed for ethical hackers, penetration testers, and security professionals. This tool combines multiple reconnaissance techniques, vulnerability assessment, and advanced reporting into a single, powerful platform.

⚑ Features

πŸ” Network Reconnaissance

  • Multi-threaded Port Scanning with customizable ranges and speed
  • Service Detection & Banner Grabbing for version identification
  • Comprehensive Service Analysis covering 20+ common services
  • Intelligent Vulnerability Assessment based on discovered services

🌍 Advanced Subdomain Enumeration

  • Certificate Transparency Log Mining for passive reconnaissance
  • DNS Brute Force Attack with extensive wordlists (100+ subdomains)
  • HTTP Validation of discovered subdomains
  • Multi-source Discovery combining passive and active techniques

πŸ” Web Application Security Testing

  • Advanced Directory/File Discovery (100+ common paths)
  • Security Leak Detection (.env, .git, config files, backups)
  • SQLMap Integration with automatic fallback to manual testing
  • SSL/TLS Certificate Analysis and validation
  • HTTP Security Headers Assessment
  • Sensitive Content Pattern Matching

πŸ’‰ Vulnerability Assessment

  • SQL Injection Testing with SQLMap integration
  • Configuration Exposure Detection
  • Version Control System Leaks (.git, .svn directories)
  • Backup File Discovery (SQL dumps, archives)
  • Development File Exposure (phpinfo, test files)

πŸ“Š Professional Reporting

  • Beautiful Terminal Output with colors and progress indicators
  • Executive Summary Reports with key metrics
  • Detailed Security Findings with severity classifications
  • JSON Export for integration with other tools
  • Security Recommendations based on findings

πŸ› οΈ External Tool Integration

  • SQLMap - Advanced SQL injection testing
  • Nmap - Enhanced port scanning (future)
  • Nikto - Web vulnerability scanning (future)
  • Custom API Integration for extended functionality

πŸ“¦ Installation

Prerequisites

  • Python 3.8+ (Python 3.12+ recommended)
  • pip package manager

Quick Install

# Clone the repository
git clone https://github.com/moetazbrayekbackup/ULTIMATE-PENTEST-SCANNER.git
cd ultimate-pentest-scanner

# Install required dependencies
pip install -r requirements.txt

# Verify installation
python pentest_scanner.py --check-deps

Manual Installation

# Core dependencies (required)
pip install requests urllib3

# Optional dependencies for enhanced features
pip install dnspython  # Enhanced DNS enumeration

External Tools (Optional but Recommended)

# Linux/Debian
sudo apt-get install sqlmap nmap nikto dirb gobuster

# macOS
brew install sqlmap nmap nikto dirb gobuster

# Windows - Download from official websites

🎯 Usage

Basic Usage

# Comprehensive scan of a target
python pentest_scanner.py example.com

# Quick reconnaissance scan
python pentest_scanner.py target.com --fast

# Deep scan with full port range
python pentest_scanner.py target.com -p 1-65535

Advanced Usage

# High-performance scan with custom threads
python pentest_scanner.py target.com -t 500 -p 1-10000

# Network-only assessment (skip web testing)
python pentest_scanner.py target.com --no-web

# Skip subdomain enumeration for faster scanning
python pentest_scanner.py target.com --no-subdomains

# Save results to custom file
python pentest_scanner.py target.com -o my_assessment.json

Command Line Options

usage: pentest_scanner.py [-h] [-p PORTS] [-t THREADS] [--no-web] 
                         [--no-subdomains] [--fast] [--check-deps] 
                         [--output OUTPUT] target

positional arguments:
  target                Target IP address or hostname

optional arguments:
  -h, --help           show this help message and exit
  -p PORTS, --ports PORTS
                       Port range to scan (default: 1-1000)
  -t THREADS, --threads THREADS
                       Number of threads (default: 100)
  --no-web            Skip web application scanning
  --no-subdomains     Skip subdomain enumeration
  --fast              Fast scan mode (reduced port range)
  --check-deps        Check dependencies and external tools
  --output OUTPUT, -o OUTPUT
                       Output file for JSON report

πŸ“‹ Examples

Website Security Assessment

# Complete security assessment of a web application
python pentest_scanner.py mywebsite.com

# Expected findings:
# βœ… Open ports (80, 443)
# 🌍 Subdomains (www, api, admin)
# πŸ”₯ Exposed configuration files
# πŸ’‰ SQL injection vulnerabilities
# πŸ”’ SSL certificate analysis

Server Hardening Verification

# Verify server security configuration
python pentest_scanner.py myserver.com -p 1-3000

# Check for:
# ⚠️  Unnecessary open services
# πŸ”₯ Configuration leaks
# πŸ”’ Outdated SSL/TLS configuration

Bug Bounty Reconnaissance

# Comprehensive target reconnaissance
python pentest_scanner.py target.com -t 300 -o recon_report.json

# Automated discovery of:
# 🎯 Attack surface mapping
# 🌍 Subdomain enumeration
# πŸ” Hidden directories and files
# πŸ’Ύ Sensitive data exposure

πŸ–ΌοΈ Sample Output

πŸš€ ULTIMATE PENTEST SCANNER v2.0
╔══════════════════════════════════════════════════════════════════════════╗
β•‘                       πŸš€ ULTIMATE PENTEST SCANNER v2.0                   β•‘
β•‘           Advanced Security Testing Framework with Integration            β•‘
β•‘                          Professional Edition                            β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

πŸ” PHASE 1: NETWORK RECONNAISSANCE
════════════════════════════════════════════════════════════════════════════
[βœ“] Target resolved: example.com -> 93.184.216.34
[βœ“] Port 80 (HTTP) is open
[βœ“] Port 443 (HTTPS) is open
[β„Ή] Scan complete. Found 2 open ports

🌍 PHASE 2: SUBDOMAIN ENUMERATION
════════════════════════════════════════════════════════════════════════════
[🎯] Subdomain found via CT logs: www.example.com
[🎯] Subdomain found via DNS: api.example.com
[βœ“] Subdomain enumeration complete. Found 5 subdomains

🌐 PHASE 3: WEB APPLICATION SECURITY
════════════════════════════════════════════════════════════════════════════
[🎯] Directory found: /admin (Status: 403)
[πŸ”₯] SECURITY LEAK: /.env exposed - Contains sensitive keywords!
[⚠] SQLMap not found - using basic SQL injection tests

πŸ“Š FINAL SECURITY ASSESSMENT REPORT
════════════════════════════════════════════════════════════════════════════

╔══════════════════════════════════════════════════════════════════════════╗
β•‘                              EXECUTIVE SUMMARY                           β•‘
╠══════════════════════════════════════════════════════════════════════════╣
β•‘  🎯 Target: example.com                                                  β•‘
β•‘  πŸ•’ Scan Time: 2024-01-15T10:30:45                                      β•‘
β•‘  πŸ” Scan Type: Comprehensive Security Assessment                         β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

πŸ›‘οΈ Security Features

What the Scanner Detects

Category Detection Capabilities
Network Services FTP, SSH, Telnet, HTTP/HTTPS, SMTP, DNS, SMB, RDP, Databases
Web Vulnerabilities SQL Injection, XSS, Directory Traversal, File Inclusion
Information Disclosure .env files, .git directories, config files, backups
SSL/TLS Issues Certificate validation, weak ciphers, expired certificates
Development Artifacts Test files, debug pages, API documentation
Access Controls Directory listings, authentication bypasses

Security Patterns Detected

  • Environment Files: .env, .env.local, .env.production
  • Version Control: .git/, .svn/, .hg/
  • Configuration Files: config.php, wp-config.php, database.yml
  • Backup Files: *.sql, *.tar.gz, *.zip, dump.*
  • Development Files: phpinfo.php, test.php, readme.txt
  • Sensitive Keywords: passwords, API keys, secrets, tokens

πŸ”§ Configuration

Custom Wordlists

The scanner includes comprehensive built-in wordlists, but you can extend them by modifying the source code:

# In SubdomainEnumerator class
def get_common_subdomains(self):
    return [
        'www', 'api', 'admin', 'dev', 'staging',
        # Add your custom subdomains here
    ]

# In WebVulnScanner class  
def advanced_directory_scan(self):
    wordlist = [
        'admin', 'config', 'backup', 'api',
        # Add your custom directories/files here
    ]

Performance Tuning

Scenario Recommended Settings
Fast Network -t 500 -p 1-10000
Slow Network -t 10 --fast
Stealth Mode -t 5 -p 80,443,8080
Comprehensive -t 300 -p 1-65535

🚨 Legal Disclaimer

⚠️ IMPORTANT: This tool is for authorized security testing only!

  • βœ… Authorized Use: Use only on systems you own or have explicit written permission to test
  • βœ… Educational Purpose: Learning cybersecurity and ethical hacking techniques
  • βœ… Professional Testing: Authorized penetration testing and security assessments
  • ❌ Unauthorized Use: Scanning systems without permission is illegal and unethical

By using this tool, you agree to use it responsibly and in compliance with all applicable laws and regulations.

🀝 Contributing

We welcome contributions! Here's how you can help:

Ways to Contribute

  • πŸ› Bug Reports: Report issues via GitHub Issues
  • πŸ’‘ Feature Requests: Suggest new features or improvements
  • πŸ”§ Code Contributions: Submit pull requests with enhancements
  • πŸ“ Documentation: Improve documentation and examples
  • πŸ§ͺ Testing: Test the tool in different environments

Development Setup

# Fork the repository and clone your fork
git clone https://github.com/moetazbrayekbackup/ULTIMATE-PENTEST-SCANNER.git
cd ultimate-pentest-scanner

# Create a development branch
git checkout -b feature/your-feature-name

# Make your changes and test
python pentest_scanner.py --check-deps

# Submit a pull request

Code Style Guidelines

  • Follow PEP 8 Python style guidelines
  • Add docstrings to all functions and classes
  • Include error handling for network operations
  • Write clear commit messages

πŸ› Troubleshooting

Common Issues

Python 3.12+ Compatibility

# Error: ModuleNotFoundError: No module named 'imp'
# Solution: The tool is designed to work without problematic dependencies
pip install requests urllib3
python pentest_scanner.py --check-deps

DNS Resolution Issues

# If DNS enumeration fails
python pentest_scanner.py 8.8.8.8 --no-subdomains

Permission Denied Errors

# For privileged ports (Linux/macOS)
sudo python pentest_scanner.py target.com -p 1-1024

Rate Limiting / Getting Blocked

# Reduce scan speed
python pentest_scanner.py target.com -t 5 --fast

Getting Help

  • πŸ“– Documentation: Check this README and code comments
  • πŸ› Issues: Search existing GitHub Issues
  • πŸ’¬ Discussions: Use GitHub Discussions for questions
  • πŸ“§ Contact: Open an issue for direct support

πŸ“ˆ Roadmap

Version 2.1 (Upcoming)

  • Enhanced SQLMap Integration with custom payloads
  • Nmap Integration for advanced port scanning
  • Multi-target Support for batch scanning
  • Custom Wordlist Support via configuration files
  • API Endpoint Discovery for modern web applications

Version 2.2 (Future)

  • Machine Learning for anomaly detection
  • Cloud Service Detection (AWS, Azure, GCP)
  • Container Security scanning capabilities
  • Web GUI Interface for non-technical users
  • Integration APIs for CI/CD pipelines

Version 3.0 (Long-term)

  • Distributed Scanning across multiple hosts
  • Real-time Collaboration features
  • Advanced Exploit Modules
  • Compliance Reporting (OWASP, NIST)

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

MIT License

Copyright (c) 2024 Ultimate Pentest Scanner

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

πŸ™ Acknowledgments

  • Security Community: For continuous inspiration and knowledge sharing
  • Open Source Tools: SQLMap, Nmap, and other tools that inspire this project
  • Contributors: All developers who help improve this tool
  • Bug Hunters: Security researchers who test and provide feedback

πŸ“Š Statistics

GitHub stars GitHub forks GitHub issues GitHub pull requests

⭐ If you find this tool useful, please give it a star! ⭐

Made with ❀️ by the Security Community

Report Bug β€’ Request Feature β€’ Documentation

About

Advanced Security Testing Framework with Integration

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages