{"id":21983035,"url":"https://github.com/arsho/cbpen","last_synced_at":"2026-05-06T18:35:44.189Z","repository":{"id":79174093,"uuid":"415792055","full_name":"arsho/CBPen","owner":"arsho","description":"Cloud Blazers Penetration Testing Tool","archived":false,"fork":false,"pushed_at":"2022-11-08T17:36:38.000Z","size":21711,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-29T21:05:31.579Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arsho.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-11T05:38:59.000Z","updated_at":"2022-08-17T12:47:16.000Z","dependencies_parsed_at":"2023-03-15T08:30:17.318Z","dependency_job_id":null,"html_url":"https://github.com/arsho/CBPen","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/arsho/CBPen","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arsho%2FCBPen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arsho%2FCBPen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arsho%2FCBPen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arsho%2FCBPen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arsho","download_url":"https://codeload.github.com/arsho/CBPen/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arsho%2FCBPen/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267858795,"owners_count":24155963,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-29T17:34:13.985Z","updated_at":"2026-05-06T18:35:44.162Z","avatar_url":"https://github.com/arsho.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CBPen\n\nCloud Blazers Penetration Testing Tool\n\n![App demo](screenshots/service_scan_report.png)\n\n### Project checklist\n\n\u0026check; Must provide a web based or mobile app based interface.\n\n\u0026check; User enters a range of IP addresses to scan, and selects from many different scanning options.\n\n\u0026check; The cloud based server/monitor then splits the IP address ranges and distributes the task across multiple (at\nleast 3) virtual machines, SQS can be used to send the tasks to the scanner virtual machines.\n\n\u0026check; Each of the scanner virtual machines performs a scan for the range of IP addresses given and sends the scan\nresult back to the monitor.\n\n\u0026check; The monitor combines reports from multiple scanners and prepares a central report.\n\n\u0026check; Must support multiple concurrent users and require user authentication.\n\n### Features\n\n- Scan top ports\n- Scan services\n- Scan operating systems\n- List subdomains\n- Scan SSL certificates\n- Expose vulnerabilities associated with the network (ports, OS, etc)\n- Mitigation tool for developers to slow down the attacker\n- Utilize multiple VMs in parallel reducing scan time and analysis\n- Analytics report of all the scanning events\n- Require authentication using cloud database technologies\n\n### Demonstration video\n[![Video demo](screenshots/video_title.png)](https://docs.google.com/file/d/1MhJ2E8Q6y1K7hurqOsNAEy6C-UldAVgR/preview)\n\n### Presentation\n\n[Powerpoint presentation of CBPen](https://arshovon.com/presentations/CBPen.pdf)\n\n### Execution time comparison\n\nComparison between parallel and nonparallel execution time. The time is measured in seconds.\n\n| Scan type | Number of sites | Parallel execution time | Nonparallel execution time |\n| --- | --- | --- | --- |\n| Port | 6 | 3.29 | 11.93 |\n| Services and operating systems | 6 | 39.88 | 161.02 |\n| Subdomains and SSL certificates | 6 | 30.27 | 87.58 |\n\n### System design:\n- Scanning tool:\n  - Nmap - \"Network Mapper\" open source tool for network discovery \u0026 security auditing​\n  - Sublist3r - Subdomain listing tool\n  - SSLyze - SSL/TLS scanning tool\n  - TLS-Parser - Parse TLS information\n  - Requests - Gather metadata from the hosts\n\n- Web application:\n  - Python \u0026 Flask - Provides REST APIs for concurrent scanning from multiple VMs\n  - SQLAlchemy - SQL Object Relational Mapper\n  - Cryptography - Used for cryptographic algorithms and encryptions/decryptions\n  - Dotenv - Sets environment variables based on the development or production environment\n  - Bootstrap \u0026 jQuery - Used for developing responsive frontend\n  - Docker with docker-compose - Creates docker containers for OS independent execution\n\n- Cloud architecture:\n\n![Cloud demo](screenshots/cloud.png)\n\n## Local Setup\n\n### Requirements\n\n- Python 3\n- Pip\n- nmap:\n  Windows users should download and\n  install [latest stable release self-installer nmap-7.92-setup.exe](https://nmap.org/dist/nmap-7.92-setup.exe)\n- Internet connection\n\n### Install dependencies\n\n- Clone the repository.\n- Open a terminal / powershell in the cloned repository.\n- Create a virtual environment and activate it. If you are using Linux / Mac.\n- Based on your version of python you may have use the command py in place of python3 or python in the following\n  commands:\n\n```commandline\npython3 -m venv venv\nsource venv/bin/activate\n```\n\nCreate and activate `venv` in Windows (Tested in Windows 10):\n\n```commandline\npython -m venv venv\nSet-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser\n.\\venv\\Scripts\\Activate.ps1\n```\n\nAfter activate the terminal / powershell will have `(venv)` added to the prompt.\n\n- Check `pip` version:\n\n```commandline\npip --version\n```\n\nIt should point to the `pip` in the activated `venv`.\n\n- Install required packages:\n\n```commandline\npip install -r requirements.txt\n```\n\n### Run the project\n\n- Activate the `venv` if not activated:\n  Linux / Mac:\n\n```commandline\nsource venv/bin/activate\n```\n\nWindows:\n\n```commandline\n.\\venv\\Scripts\\Activate.ps1\n```\n\n- To run the project call `flask run` command. It will invoke the environment variables which are set\n  in [.flaskenv](./.flaskenv) file:\n\n```commandline\nflask run\n```\n\n- Look for localhost url and paste into any internet browser:\n\n![image](https://user-images.githubusercontent.com/92561241/140677370-e82cd9a9-4937-4424-86b4-5fdaf18ff5f7.png)\n\n## Docker Setup\n\n### Requirements\n\n- Docker\n- Docker compose\n\n### Run the project\n\n- Run the project using the following command:\n\n```commandline\ndocker-compose build --no-cache\ndocker-compose up --force-recreate\n```\n\n- Access the web application from: [http://localhost:5000/](http://localhost:5000/)\n- Down the project:\n\n```commandline\ndocker-compose down\n```\n\n### Clean docker\n\n- Check the running images:\n\n```commandline\ndocker ps -a\n```\n\n- Remove any stopped containers and all unused images:\n\n```commandline\ndocker system prune -a\n```\n\n### Clean package list\n\n- List currently installed packages in a file:\n\n```commandline\npip freeze \u003e uninstall.txt\n```\n\n- Uninstall everything recursively:\n\n```commandline\npip uninstall -r uninstall.txt -y\n```\n\n- Delete the uninstalled package list file:\n\n```commandline\nrm uninstall.txt\n```\n\n- Install everything recursively:\n\n```commandline\npip install -r requirements.txt\n```\n\n### Sample of getting JSON API response:\n\n- Get ports information of \"example.com\" or an IP:\n\n```commandline\nhttp://127.0.0.1:5000/portsjson?site=example.com\nhttp://127.0.0.1:5000/portsjson?site=93.184.216.34\n```\n\n- Get service information of \"example.com\" or an IP:\n\n```commandline\nhttp://127.0.0.1:5000/servicesjson?site=example.com\nhttp://127.0.0.1:5000/servicesjson?site=93.184.216.34\n```\n\n- Get subdomain and SSL information of \"example.com\" (No IP address is allowed):\n\n```commandline\nhttp://127.0.0.1:5000/subdomainsjson?site=example.com\n```\n\n### Developer notes\n\n- After adding a new model, create an instance in db:\n\n```commandline\nfrom app import db\ndb.create_all()\n```\n\n- Update the VM's address in [configuration.py](controller.py) file.\n\n## Cloud Blazers Team\n\n- William Austin\n- Andrew Balfour\n- Jeremy Crown\n- Trina Lin\n- Ahmedur Rahman Shovon\n\n### Reference\n\n- [Docker compose tutorial](https://docs.docker.com/compose/gettingstarted/)\n- [How To Remove Docker Images, Containers, and Volumes](https://www.digitalocean.com/community/tutorials/how-to-remove-docker-images-containers-and-volumes)\n- [Writing a Basic Port Scanner in Python](https://westoahu.hawaii.edu/cyber/forensics-weekly-executive-summmaries/writing-a-basic-port-scanner-in-python/)\n- [Icons class in template](https://icons.getbootstrap.com/)\n- [Virtual environments for Flask app](https://flask.palletsprojects.com/en/2.0.x/installation/#virtual-environments)\n- [Python3 nmap package](https://pypi.org/project/python3-nmap/)\n- [Python nmap package](https://pypi.org/project/python-nmap/)\n- [Latest stable release self-installer nmap-7.92-setup.exe](https://nmap.org/dist/nmap-7.92-setup.exe)\n- [Sublist3r package](https://github.com/aboul3la/Sublist3r)\n- [sslyze documentation](https://nabla-c0d3.github.io/sslyze/documentation/available-scan-commands.html#id15)\n- [Requests future package](https://pypi.org/project/requests-futures/)\n- [Jinja template documentation](https://jinja.palletsprojects.com/en/3.0.x/templates/#if-expression)\n- [Flask SQLAlchemy documentation](https://flask-sqlalchemy.palletsprojects.com/en/2.x/quickstart/#a-minimal-application)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farsho%2Fcbpen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farsho%2Fcbpen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farsho%2Fcbpen/lists"}