{"id":13843145,"url":"https://github.com/orleven/Tentacle","last_synced_at":"2025-07-11T18:30:31.041Z","repository":{"id":34230194,"uuid":"85373049","full_name":"orleven/Tentacle","owner":"orleven","description":"Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.","archived":false,"fork":false,"pushed_at":"2024-03-06T06:57:37.000Z","size":354,"stargazers_count":373,"open_issues_count":4,"forks_count":114,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-05-25T07:06:38.997Z","etag":null,"topics":["exploit-framework","fofa","poc","poc-script","poc-vulnerability-verification","shodan","tentacle"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/orleven.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-18T03:27:59.000Z","updated_at":"2025-05-21T11:32:26.000Z","dependencies_parsed_at":"2022-08-17T22:35:23.385Z","dependency_job_id":"124c0f35-cb70-4e44-a544-947688b437b7","html_url":"https://github.com/orleven/Tentacle","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/orleven/Tentacle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FTentacle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FTentacle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FTentacle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FTentacle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/orleven","download_url":"https://codeload.github.com/orleven/Tentacle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FTentacle/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264869909,"owners_count":23676127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit-framework","fofa","poc","poc-script","poc-vulnerability-verification","shodan","tentacle"],"created_at":"2024-08-04T17:01:56.141Z","updated_at":"2025-07-11T18:30:30.624Z","avatar_url":"https://github.com/orleven.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)","Exploit Automation Tools"],"sub_categories":[],"readme":"# Tentacle\n\n```\n.___________. _______ .__   __. .___________.    ___       ______  __       _______\n|           ||   ____||  \\ |  | |           |   /   \\     /      ||  |     |   ____| {1.0.0#stable}\n`---|  |----`|  |__   |   \\|  | `---|  |----`  /  ^  \\   |  ,----'|  |     |  |__\n    |  |     |   __|  |  . `  |     |  |      /  /_\\  \\  |  |     |  |     |   __|\n    |  |     |  |____ |  |\\   |     |  |     /  _____  \\ |  `----.|  `----.|  |____\n    |__|     |_______||__| \\__|     |__|    /__/     \\__\\ \\______||_______||_______| http://www.orleven.com\n\n\n```\n\nTentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. (Still in DEV...)\n\n[![Python 3.9](https://img.shields.io/badge/python-3.9-yellow.svg)](https://www.python.org/)\n[![SQLite 3.37](https://img.shields.io/badge/sqlite-3.37-yellow.svg)](https://www.sqlite.org/)\n\n![show](show/test.png)\n\n### Install\n\n```\npip3 install -r requestment.txt\n```\n\n### Usage\n\nWhen you run it for the first time, the configuration file `conf/tentacle.conf` will be generated automatically.\n\n```\n# Show help for tentacle.\npython3 tentacle.py --help\n\n# Show all modules, and you can see it in `script` path.\npython3 tentacle.py --show\n\n# Load target by iS/iN/iF/iT/iX/iE/gg/sd/ze/ff.\n# Scan port and then it will try to send the poc.\npython3 tentacle.py -m script/vul/web/web_status -iS www.examples.com         # Load target by url or host \npython3 tentacle.py -m script/vul/web/web_status -iF target.txt               # Load target by file\npython3 tentacle.py -m script/vul/web/web_status -iT dcc54c3e1cc2c2e1         # Load target by recode's target\npython3 tentacle.py -m script/vul/web/web_status -iX nmap_xml.xml             # Load target by nmap.xml\npython3 tentacle.py -m script/vul/web/web_status -iE \"powered by discuz\"      # Load target by baidu/bing/360so\npython3 tentacle.py -m script/vul/web/web_status -gg 'intextdiscuz'           # Load target by google api\npython3 tentacle.py -m script/vul/web/web_status -sd 'apache'                 # Load target by shodan api\npython3 tentacle.py -m script/vul/web/web_status -ze 'app:weblogic'           # Load target by zoomeye api\npython3 tentacle.py -m script/vul/web/web_status -ff 'domain=\"example.com\"'   # Load target by fofa api\n\n# Load modules by -m (e.g. script/vul/web/web_status,@web)\npython3 tentacle.py -iS 127.0.0.1 -m script/vul/web/web_status                # Load web_status module\npython3 tentacle.py -iS 127.0.0.1 -m @web                                     # Load all module of web path\npython3 tentacle.py -iS 127.0.0.1 -m script/vul/web/web_status,@web           # Load all module of web path and web_status module\npython3 tentacle.py -iS 127.0.0.1 -m \"*\"                                      # Load all module of script path\npython3 tentacle.py -iS 127.0.0.1 -m \"*\" -e @web                              # Load all module of script path, exclude all module of web path\n\n# Set port scan scope\npython3 tentacle.py -iS 127.0.0.1 -m script/vul/web/web_status                # Scan top 150 ports and then perform bulk vulnerability verification for multiple targets.\npython3 tentacle.py -iS 127.0.0.1 -m script/vul/web/web_status -sB            # Skip port scan and then it will try the default port number server\npython3 tentacle.py -iS 127.0.0.1 -m script/vul/web/web_status -lP 80-90,443  # Scan 80-90 ports and 443 port and then perform bulk vulnerability verification for multiple targets.\n\n# Use function of modules by -m and -f  (e.g. -m web_status -f prove), and you should make sure the function of module is exist.\npython3 tentacle.py -m script/vul/web/web_status -f prove\n\n# Show task's result by -tS \npython3 tentacle.py -tS 8d4b37597aaec25e\n\n# Export task's result by -tS to test.xlsx\npython3 tentacle.py -tS 8d4b37597aaec25e  -o test\n\n# Export task's result by -tS to test.json\npython3 tentacle.py -tS 8d4b37597aaec25e  -oJ test\n\n# Update by git\npython3 tentacle.py --update\n```\n\n### Thanks\n\n1. [Sqlmap](https://github.com/sqlmapproject/sqlmap)\n2. [POC-T](https://github.com/Xyntax/POC-T)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forleven%2FTentacle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Forleven%2FTentacle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forleven%2FTentacle/lists"}