You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3.9 KiB

Python Penetration Testing Toolset

This is a Python based penetration testing toolset that provides the following features:

Simulation of ping tools based on icmp and tcp, web directory scanning, simple ssh blasting, super simple ddos attack, code obfuscation to generate exe, more features please look forward to the maintenance, if you have any comments on the project can contact us!

Getting Started

Installation

Before running this toolset, make sure the following dependencies are installed:

  • Python 3.x
  • requests
  • fire
  • yaml
  • pyinstaller

The following commands can be used to install the required dependencies:

pip install fire
pip install requests
pip install yaml
pip install pyinstaller

Usage

To use this shortcut command in the terminal, follow these steps:

  1. In the terminal, make sure you have installed Python and the necessary dependent libraries. If not, install it depending on your operating system and Python version.
  2. In the terminal, go to the directory where you saved the script file.
  3. Don't change the relative location of this directory, we used a relative path written to death, not an absolute path

The following are sample commands that use different features:

  • ICMP Ping

    python penetration_toolset.py PingTool -u 127.0.0.1 -t icmp
    

    This will perform an ICMP-based Ping command, setting the destination URL to 127.0.0.1.

  • TCP Ping

    python penetration_toolset.py PingTool -u 127.0.0.1 -t tcp -p 80
    

    This will execute a TCP-based Ping command, setting the destination URL to 127.0.0.1 and the port to 80.

  • Directory Scan

    python penetration_toolset.py searchpath -u www.baidu.com
    

    This will execute the directory scan command, setting the destination URL to example.com, selecting status codes of 200 and 404, using the dictionary file as dict.txt and the report file as report.txt.

  • Simple - Code Obfuscation

    python  penetration_toolset.py encryption --payload='aaaapayload123'
    

    This code is free of obfuscation and generates an exe file.

  • Ssh-BruteForce

    python penetration_toolset.py SSHBruteForce -U 127.0.0.1 -P 22 --u ./user_name.txt -p ./password.txt
    

    Blast the target machine's ssh account and password through your customized account and password dictionary

  • Simple-DDOS

    python penetration_toolset.py DDOSAttack -u http://127.0.0.1 -n 3 -p "192.168.1.1,192.168.1.2,192.168.1.3"
    

    Simple ddos attack

  • para_test

    python para_test.py -u http://www.baidu.com -d ./param.txt
    

    Using Dictionaries to Detect Website Parameters

  • exploit

    python penetration_toolset.py exploit -p /test.yml -u 192.168.6.4
    

    Used for directed exploitation of vulnerabilities , get shell and other operations , with scalable , support yaml configuration file to write poc for directed attack test .

Please modify the parameter values in the command according to the actual situation and requirements.

Caution

  • Please ensure that you have installed the required dependency libraries before using the toolset.
  • For the directory scanning feature, please use it with caution, comply with laws, regulations and ethical guidelines, and use it only for legitimate purposes and authorized testing.
  • Please pay attention to the legality and permissions of the target URL and avoid scanning or attacking addresses that you are not authorized to access.
  • Please note that we provide the Software to users for their personal or organizational use to the extent that it is lawful for them to do so. Users are responsible for determining the legality of their use of the Software in accordance with local laws and regulations and for assuming the corresponding legal responsibilities.