{"id":13540027,"url":"https://github.com/danmcinerney/pentest-machine","last_synced_at":"2025-04-09T08:08:22.390Z","repository":{"id":27903490,"uuid":"31395190","full_name":"DanMcInerney/pentest-machine","owner":"DanMcInerney","description":"Automates some pentest jobs via nmap xml file","archived":false,"fork":false,"pushed_at":"2018-09-07T20:01:41.000Z","size":320,"stargazers_count":323,"open_issues_count":1,"forks_count":99,"subscribers_count":36,"default_branch":"master","last_synced_at":"2025-04-02T06:54:20.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DanMcInerney.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-02-26T23:57:21.000Z","updated_at":"2025-02-21T15:47:40.000Z","dependencies_parsed_at":"2022-09-04T08:51:22.582Z","dependency_job_id":null,"html_url":"https://github.com/DanMcInerney/pentest-machine","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanMcInerney%2Fpentest-machine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanMcInerney%2Fpentest-machine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanMcInerney%2Fpentest-machine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanMcInerney%2Fpentest-machine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DanMcInerney","download_url":"https://codeload.github.com/DanMcInerney/pentest-machine/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247999860,"owners_count":21031046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:37.879Z","updated_at":"2025-04-09T08:08:22.371Z","avatar_url":"https://github.com/DanMcInerney.png","language":"Ruby","funding_links":[],"categories":["\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"94c01f488096fafc194b9a07f065594c\"\u003e\u003c/a\u003enmap"],"readme":"pentest-machine\n------\nAutomates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.\n\n* HTTP\n  * whatweb\n    * WPScan (only if whatweb returns a WordPress result)\n  * EyeWitness with active login attempts\n  * light dirb directory bruteforce\n* DNS\n  * nmap NSE dns-zone-transfer and dns-recursion\n* MySQL\n  * light patator bruteforce\n* PostgreSQL\n  * light patator bruteforce\n* MSSQL\n  * light patator bruteforce\n* SMTP\n  * nmap NSE smtp-enum-users and smtp-open-relay\n* SNMP\n  * light patador bruteforce\n    * snmpcheck (if patador successfully finds a string)\n* SMB\n  * enum4linux -a\n  * nmap NSE smb-enum-shares, smb-vuln-ms08-067, smb-vuln-ms17-010\n* SIP\n  * nmap NSE sip-enum-users and sip-methods\n  * svmap\n* RPC\n  * showmount -e\n* NTP\n  * nmap NSE ntp-monlist\n* FTP\n  * light patator bruteforce\n* Telnet\n  * light patator bruteforce\n* SSH\n  * light patator bruteforce\n* Wordpress 4.7\n  * XSS content uploading\n* To add:\n* IPMI hash disclosure\n* ike-scan (can't run ike-scans in parallel)\n\n\n\n#### Installation\n```\n./setup.sh\nsource pm/bin/activate\n```\n\n#### Usage\nRead from Nmap XML file\n\n```sudo ./pentest-machine -x nmapfile.xml```\n\n\nPerform an Nmap scan with a hostlist then use those results\nThe Nmap scan will do the top 1000 TCP ports and the top 100 UDP ports along with service enumeration\nIt will save as pm-nmap.[xml/nmap/gnmap] in the current working directory\n\n```sudo ./pentest-machine -l hostlist.txt```\n\n\nSkip the patator bruteforcing and all SIP and HTTP commands\n-s parameter can skip both command names as well as protocol names\n\n```sudo ./pentest-machine -s patator,sip,http -x nmapfile.xml```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanmcinerney%2Fpentest-machine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanmcinerney%2Fpentest-machine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanmcinerney%2Fpentest-machine/lists"}