A comprehensive automated security testing tool that helps identify potential security vulnerabilities and misconfigurations in web applications.
# Clone the repository
git clone https://github.com/narasimhauppala/automate-pentesting-app.git
# Navigate to directory
cd pentest-assistant
# Install requirements
pip install -r requirements.txt
# Run the tool
python pentest_assistant.py -t example.com-
Subdomain Enumeration
- DNS bruteforce with multiple resolvers
- Zone transfer checks
- Certificate Transparency logs
- Search engine discovery
- Wildcard detection
- CNAME chain following
- Multiple data sources (VirusTotal, ThreatCrowd, DNSDumpster)
-
Port Scanning
- Service detection
- Version identification
- Common port checks
- SYN scan support
- Banner grabbing
-
DNS Analysis
- Record enumeration (A, AAAA, MX, TXT, etc.)
- Zone transfer attempts
- SPF and DMARC validation
- DNS security checks
-
WHOIS Information
- Registration details
- Nameservers
- Contact information
- Expiration dates
-
Employee Information
- LinkedIn profile discovery
- Email pattern identification
- Job titles and roles
- Social media presence
-
Technology Detection
- Web technologies
- Framework identification
- CMS detection
- Server software
- Cloud services (AWS, Azure, GCP)
-
Header Analysis
- Security header checks
- Information disclosure
- Cookie security
- Server fingerprinting
-
Directory Scanning
- Common directories
- Backup files
- Sensitive files
- Configuration files
-
Security Headers
- HSTS
- CSP
- X-Frame-Options
- XSS Protection
- CORS policies
-
SSL/TLS Analysis
- Certificate validation
- Protocol versions
- Cipher suites
- Common vulnerabilities
-
WAF Detection
- Firewall fingerprinting
- Protection mechanisms
- Bypass possibilities
-
CORS Checks
- Misconfiguration detection
- Security policy assessment
- Origin validation
-
HTTP Methods
- Dangerous method detection
- Method enumeration
- Security impact assessment
-
Historical Data
- Wayback Machine integration
- Old content discovery
- Backup file finding
- Domain history
-
Screenshot Capture
- Visual site documentation
- Error page detection
- UI analysis
-
Email Security
- SPF record validation
- DMARC configuration
- Email pattern discovery
The tool uses a configuration file (modules/utils/config.py) for customizing:
- Scanning timeouts
- Thread counts
- Wordlists
- API keys (Shodan, VirusTotal)
- Request headers
- File patterns
- Security checks
- Color-coded findings by severity
- Progress bars for real-time status
- Organized results by category
- Detailed vulnerability descriptions
- Summary reports
- JSON export support
- python-whois
- shodan
- dnspython
- requests
- beautifulsoup4
- builtwith
- colorama
- python-nmap
- pyOpenSSL
- selenium
- webdriver-manager
- lxml
- tqdm
- waybackpy
- Always obtain proper authorization before scanning
- Some features may trigger security controls
- Use responsibly and ethically
- Follow local security testing regulations
- Some tests may be blocked by WAFs
- Rate limiting may apply to certain checks
- SSL certificate verification options
- Configurable timeouts
- Failed module isolation
- Detailed error messages
- Retry mechanisms
Contributions are welcome! Please feel free to submit a Pull Request.
- Follow PEP 8 style guide
- Add docstrings to new modules
- Include error handling
- Update the config file if needed
- Add tests for new features
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is for educational purposes only. Users are responsible for complying with applicable laws and regulations.