Pentest-Tools-Framework

2020年4月23日10:49:05 评论 1,043

Pentest-Tools-Framework

Pentest-Tools-Framework是一个专为渗透测试设计的框架,其中包含了大量漏洞利用脚本、漏洞扫描器以及渗透测试工具。它是一款功能十分强大的框架,并给广大渗透测试初学者们提供了大量的工具,它甚至还可以帮助我们成功利用各种内核漏洞以及网络漏洞。

Pentest-Tools-Framework是一款免费的软件,并且非常适合渗透测试初学者使用。除此之外,该工具还提供了UX/UI接口,易于使用且方便管理。

工具安装

广大研究人员可以使用下列命令完成Pentest-Tools-Framework的下载、安装和配置:

root@kali~# git clone https://github.com/pikpikcu/Pentest-Tools-Framework.git

root@kali~# cd Pentest-Tools-Framework

root@kali~# pip install -r requirements.txt

root@kali~# python install.py

root@kali~# PTF

渗透模块

漏洞利用:

利用软件中的漏洞对计算机系统进行攻击的计算机程序、代码或命令序列。攻击的目的可以是夺取对系统的控制权,并破坏其功能!

漏洞扫描:

扫描指定的Internet资源、存档或网站的程序。网络扫描器还可以扫描打开的端口或您的本地网络和IP!

Pentest-Tools-Framework选项

        -------------------------------------------------------------------------------------

        |                                  Global Option                                    |

        -------------------------------------------------------------------------------------

        |  Command                                      Description                         |

        |-----------------------------------------------------------------------------------|

        | show modules                    |  查看模块                              |

        | show options                    |  显示当前模块信息       |

        | ipconfig                        |  网络配置信息                           |

        | shell                           |  执行命令行Shell >[ctrl+C 退出shell ]  |

        | use                             |  选择需要使用的Tipe模块                   |

        | set                             |  选择需要使用的                      |

        | run                             |  执行模块                              |

        | update                          |  更新工具                     |

        | banner                          |  PTF Banner                                     |

        | about                           |  关于工具                             |

        | credits                         |  Credits && 鸣谢                             |

        | clear                           |  清除输入/输出                     |

        | exit                            |  退出程序                              |

        -------------------------------------------------------------------------------------

功能模块

漏洞利用/46

        +-----------------------------------------------------------------------------------------------------------------------------------+

        | EXPLOITS                                                                                                                          |

        -------------------------------------------------------------------------------------------------------------------------------------

        |     COMMANDS                                 Rank                                   Description                                   |

        -------------------------------------------------------------------------------------------------------------------------------------

        | exploit/abrt_privilege_escalation        | normal    |   ABRT提权                                    |

        | exploit/web_delivery                     | good      |   Web Delivery脚本                                                     |

        | exploit/apache                           | good      |   Apache漏洞利用                                                           |

        | exploit/shellshock                       | good      |   cgi-bin/漏洞shellshock                                            |

        | exploit/davtest                          | good      |   webdav 服务器测试                                           |

        | exploit/auto_sql                         | good      |   自动化sqlmap                                                         |

        | exploit/ldap_buffer_overflow             | normal    |   Apache模块mod_rewrite LDAP协议缓冲区溢出                  |

        | exploit/vbulletin_rce                    | good      |   vBulletin 5.x 0day pre-quth RCE 漏洞利用                                 |

        | exploit/cmsms_showtime2_rce              | normal    |   CMS Made Simple (CMSMS) Showtime2 文件上传RCE                        |

        | exploit/awind_snmp_exec                  | good      |   AwindInc SNMP 服务命令注入                                |

        | exploit/webmin_packageup_rce             | excellent |   Webmin Package更新远程命令执行                          |

        | exploit/samsung_knox_smdm_url            | good      |   Samsung Galaxy KNOX Android 浏览器远程命令执行                                  |

        | exploit/cisco_dcnm_upload_2019           | excellent |   Cisco数据中心网络管理器未认证远程代码执行  |

        | exploit/zenworks_configuration           | excellent |   Novell ZENworks 配置管理任意文件上传          |

        | exploit/cisco_ucs_rce                    | excellent |   Cisco UCS Director 未验证的远程代码执行                 |

        | exploit/sonicwall                        | normal    |   Sonicwall SRA <= v8.1.0.2-14sv 远程漏洞利用                            |

        | exploit/bluekeep                         | good      |   cve 2019 0708 bluekeep远程代码执行                                               |

        | exploit/eternalblue                      | good      |   MS17-010 EternalBlue SMB 远程 Windows 内核池崩溃           |

        | exploit/inject_html                      | normal    |   向所有已访问页面注入HTML代码                                  |

        | exploit/robots                           | normal    |   robots.txt 检测                                                      |

        | exploit/jenkins_script_console           | good      |   Jenkins-CI Script-Console Java 执行                                 |

        | exploit/php_thumb_shell_upload           | good      |   php shell 上传                                                        |

        | exploit/cpanel_bruteforce                | normal    |   cpanel b爆破                                                        |

        | exploit/cms_rce                          | normal    |   CMS Made Simple 2.2.7 - (已验证) 远程代码执行            |

        | exploit/joomla_com_hdflayer              | manual    |   joomla漏洞利用                                                  |

        | exploit/wp_symposium_shell_upload        | good      |   symposium shell upload                                                   |

        | exploit/joomla0day_com_myngallery        | good      |   exploits com myngallery                                                  |

        | exploit/jm_auto_change_pswd              | normal    |   漏洞扫描                                                            |

        | exploit/android_remote_access            | expert    |   Remote Acces Administrator (RAT)                                         |

        | exploit/power_dos                        | manual    |   拒绝服务                                                        |

        | exploit/tp_link_dos                      | normal    |   TP_LINK DOS, 150M Wireless Lite N Router, Model No. TL-WR740N            |

        | exploit/joomla_com_foxcontact            | high      |   joomla foxcontact                                                        |

        | exploit/joomla_simple_shell              | high      |   joomla 简单 shell                                                      |

        | exploit/joomla_comfields_sqli_rce        | high      |   Joomla Component Fields SQLi 远程代码执行                       |

        | exploit/inject_javascript                | normal    |    向所有已访问页面注入JS代码                          |

        | exploit/dns_bruteforce                   | high      |    nmap DNS爆破                                                 |

        | exploit/dos_attack                       | normal    |   hping3 dos 攻击                                                        |

        | exploit/shakescreen                      | high      |   震动Web 浏览器内容                                              |

        | exploit/bypass_waf                       | normal    |   绕过WAF                                                              |

        | exploit/enumeration                      | high      |   简单枚举                                                       |

        | exploit/restrict_anonymous               | normal    |   凭证获取                                                       |

        | exploit/openssl_heartbleed               | high      |    导出 openssl_heartbleed                                                  |

        | exploit/samba                            | good      |   Samba 漏洞利用                                                           |

        | exploit/smb                              | good      |   lbitary samba exploit                                                   |

        | exploit/webview_addjavascriptinterface   | good      |   Android 浏览器和We                                                   |

        | exploit/webview_addjavascriptinterface   | good      |   Android 浏览器和WebView addJavascriptInterface代码执行        |

        -------------------------------------------------------------------------------------------------------------------------------------

扫描器/59

        +------------------------------------------------------------------------------------------------------------------------------------+

        | SCANNERS                                                                                                                           |

        --------------------------------------------------------------------------------------------------------------------------------------

        |     COMMANDS                                         Rank                                   Description                            |

        --------------------------------------------------------------------------------------------------------------------------------------

        | scanner/enumiax                                    | good   |       协议用户名枚举                              |

        | scanner/wordpress_user_dislosure                   | normal |       wordpress 5.3 用户披露                                  |

        | scanner/botnet_scanning                            | normal |       僵尸网络扫描                               |

        | scanner/check_ssl_certificate                      | normal |       SSL 证书                                                |

        | scanner/http_services                              | normal |        从HTTP服务收集页面标题                    |

        | scanner/dnsrecon                                   | normal |       记录枚举                                             |

        | scanner/sslscan                                    | normal |       SSL 扫描                                                    |

        | scanner/ssl_cert                                   | normal |       Nmap 脚本ssl-cert                                           |

        | scanner/dns_zone_transfer                          | normal |       Dns空间转移                                              |

        | scanner/dns_bruteforce                             | normal |       Dns 爆破                                                 |

        | scanner/zone_walking                               | normal |       Zone walking                                                   |

        | scanner/web_services                               | normal |       获取网站服务的HTTP头                             |

        | scanner/http_enum                                  | normal |       查找已知路径的Web应用                               |

        | scanner/ddos_reflectors                            | normal |       UDP DDOS 扫描                                   |

        | scanner/grabbing_detection                         | normal |       轻量级 banner 收集检测                              |

        | scanner/discovery                                  | normal |         端口扫描                                            |

        | scanner/bluekeep                                   | good   |       CVE-2019-0708 BlueKeep Microsoft 远程桌面 RCE 漏洞检测      |

        | scanner/drupal_scan                                | good   |       drupal 扫描                                                 |

        | scanner/eternalblue                                | good   |       SMB RCE 漏洞检测                                              |

        | scanner/header                                     | good   |       nmap header扫描                                      |

        | scanner/firewalk                                   | good   |       firewalk                                                       |

        | scanner/whois                                      | high   |       whois 查询                                                         |

        | scanner/dmitry                                     | good   |      信息收集                                     |

        | scanner/admin_finder                               | normal |       Admin 查询                                                  |

        | scanner/heartbleed                                 | normal |       heartbleed漏洞扫描                                |

        | scanner/wordpress_scan                             | normal |       wordpress漏洞扫描                                               |

        | scanner/ssl_scanning                               | good   |       SSL漏洞扫描                                     |

        | scanner/dns_bruteforce                             | normal |       dns 爆破                                                 |

        | scanner/nmap_scanner                               | normal |      nmap端口扫描                                             |

        | scanner/https_discover                             | normal |       https 扫描                                                 |

        | scanner/smb_scanning                               | good   |       SMB服务器漏洞扫描                                   |

        | scanner/joomla_vulnerability_scanners              | high   |       joomla漏洞扫描                                                 |

        | scanner/mysql_empty_password                       | good   |       mysql空密码检测                                  |

        | scanner/joomla_scanners_v.2                        | good   |       joomla漏洞扫描                                                 |

        | scanner/joomla_scanners_v3                         | normal |       joomla漏洞扫描                                                |

        | scanner/jomscan_v4                                 | good   |      扫描joomla                                                    |

        | scanner/webdav_scan                                | normal |       webdav漏洞扫描                                         |

        | scanner/joomla_sqli_scanners                       | high   |       joomla漏洞扫描                                         |

        | scanner/lfi_scanners                               | good   |       lfi漏洞扫描                                                   |

        | scanner/port_scanners                              | manual |       端口扫描                                                      |

        | scanner/dir_search                                 | high   |       目录扫描                                              |

        | scanner/dir_bruteforce                             | good   |       目录爆破                                            |

        | scanner/wordpress_user_scan                        | good   |      获取wordpress用户                                         |

        | scanner/cms_war                                    | high   |      网站完整扫描                                         |

        | scanner/usr_pro_wordpress_auto_find                | norma  |       查找用户漏洞                                        |

        | scanner/nmap_vuln                                  | normal |      nmap漏洞扫描器                                          |

        | scanner/xss_scaner                                 | normal |       xss漏洞检测                                     |

        | scanner/spaghetti                                  | high   |       Web 应用安全扫描器                               |

        | scanner/dnslookup                                  | normal |       dnslookup扫描                                                 |

        | scanner/reverse_dns                                | normal |       DNS反向查询                                             |

        | scanner/domain_map                                 | normal |      域名映射                                             |

        | scanner/dns_report                                 | normal |       dns 报告                                                     |

        | scanner/find_shared_dns                            | normal |       查找共享dns                                                |

        | scanner/golismero                                  | normal |       golismero扫描漏洞                              |

        | scanner/dns_propagation                            | low    |       dns 选举                                                |

        | scanner/find_records                               | normal |       查询记录                                                  |

        | scanner/cloud_flare                                | normal |       cloud flare                                                    |

        | scanner/extract_links                              | normal |       链接提取                                                 |

        | scanner/web_robot                                  | normal |       web robots扫描器                                             |

        | scanner/enumeration                                | normal |       http枚举                                               |

        | scanner/ip_locator                                 | good   |       ip Detected LOcator                                            |

        --------------------------------------------------------------------------------------------------------------------------------------

POST/8

        +----------------------------------------------------------------------------------------------------------+

        | POST                                                                                                     |

        ------------------------------------------------------------------------------------------------------------

        |     COMMANDS                                        Rank                 Description                     |

        ------------------------------------------------------------------------------------------------------------

        |  post/enumeration                                 | normal |     http枚举                        |

        |  post/vbulletin                                   | high   |     漏洞利用                                |

        |  post/wordpress_user_scan                         | good   |     扫描器                                |

        |  post/dir_search                                  | high   |     扫描器                                |

        |  post/cms_war                                     | high   |     扫描器                                |

        |  post/usr_pro_wordpress_auto_find                 | normal |     扫描器                                |

        |  post/android_remote_access                       | good   |     漏洞利用                                |

        |  post/samba                                       | good   |     漏洞利用                                |

        ------------------------------------------------------------------------------------------------------------

密码/7

        +----------------------------------------------------------------------------------------------------------+

        | PASSWORD                                                                                                 |

        ------------------------------------------------------------------------------------------------------------

        |     COMMANDS                                        Rank                 Description                     |

        ------------------------------------------------------------------------------------------------------------

        | password/base64_decode                            | good  |      base64解码                          |

        | password/md5_decrypt                              | good  |      md5解密                             |

        | password/sha1_decrypt                             | good  |      sha1解密                            |

        | password/sha256_decrypt                           | good  |      sha256解密                          |

        | password/sha384_decrypt                           | good  |      sha384解密                          |

        | password/sha512_decrypt                           | good  |      sha512解密                          |

        | password/ssh_bruteforce                           | good  |      ssh密码爆破                 |

        ------------------------------------------------------------------------------------------------------------

监听器/14

        +------------------------------------------------------------------------------------------------------------------------------------+

        | LISTENERS MODULES                                                                                                      |

        --------------------------------------------------------------------------------------------------------------------------------------

        |     COMMANDS                                         Rank                                   Description                |

        --------------------------------------------------------------------------------------------------------------------------------------

        |  android_meterpreter_reverse_tcp                    | good  |      Android Meterpreter, Android Reverse TCP Stager                 |

        |  android_meterpreter_reverse_https                  | good  |      Android Meterpreter, Android Reverse HTTPS Stager               |

        |  java_jsp_shell_reverse_tcp                         | good  |      Java JSP Command Shell, Reverse TCP Inline                      |

        |  linux_x64_meterpreter_reverse_https                | good  |      linux/x64/meterpreter_reverse_https                             |

        |  linux_x64_meterpreter_reverse_tcp                  | good  |      Linux Meterpreter, Reverse TCP Inline                           |

        |  linux_x64_shell_reverse_tcp                        | good  |      Linux Command Shell, Reverse TCP Stager                         |

        |  osx_x64_meterpreter_reverse_https                  | good  |      OSX Meterpreter, Reverse HTTPS Inline                           |

        |  osx_x64_meterpreter_reverse_tcp                    | good  |      OSX Meterpreter, Reverse TCP Inline                             |

        |  php_meterpreter_reverse_tcp                        | good  |      PHP Meterpreter, PHP Reverse TCP Stager                         |

        |  python_meterpreter_reverse_https                   | good  |      Python Meterpreter Shell, Reverse HTTPS Inline                  |

        |  python_meterpreter_reverse_tcp                     | good  |      python/meterpreter_reverse_tcp                                  |

        |  windows_x64_meterpreter_reverse_https              | good  |      Windows Meterpreter Shell, Reverse HTTPS Inline (x64)           |

        |  windows_x64_meterpreter_reverse_tcp                | good  |      Windows Meterpreter Shell, Reverse TCP Inline x64               |

        |  cmd_windows_reverse_powershell                     | good  |      Windows Command Shell, Reverse TCP (Powershell)             |

        +------------------------------------------------------------------------------------------------------------------------------------+

工具运行截图

查看帮助信息:

扫描器:

渗透模块:

项目地址

Pentest-Tools-Framework:【GitHub传送门

https://www.freebuf.com/sectool/231606.html

高性能云服务器2折起

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: