{"id":49453624,"url":"https://github.com/takuzoo3868/penta","last_synced_at":"2026-06-02T05:00:40.784Z","repository":{"id":44454092,"uuid":"194363794","full_name":"takuzoo3868/penta","owner":"takuzoo3868","description":"Open source all-in-one CLI tool to semi-automate pentesting.","archived":false,"fork":false,"pushed_at":"2020-05-21T06:44:52.000Z","size":3178,"stargazers_count":159,"open_issues_count":6,"forks_count":44,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-03-20T15:58:05.224Z","etag":null,"topics":["automation","metasploit","network","nmap","pentest","python3","scanner","security","security-automation","shodan"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/takuzoo3868.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-29T04:24:26.000Z","updated_at":"2024-03-20T12:24:22.000Z","dependencies_parsed_at":"2022-09-22T08:40:53.653Z","dependency_job_id":null,"html_url":"https://github.com/takuzoo3868/penta","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/takuzoo3868/penta","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuzoo3868%2Fpenta","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuzoo3868%2Fpenta/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuzoo3868%2Fpenta/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuzoo3868%2Fpenta/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/takuzoo3868","download_url":"https://codeload.github.com/takuzoo3868/penta/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuzoo3868%2Fpenta/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33806987,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","metasploit","network","nmap","pentest","python3","scanner","security","security-automation","shodan"],"created_at":"2026-04-30T04:01:03.702Z","updated_at":"2026-06-02T05:00:40.739Z","avatar_url":"https://github.com/takuzoo3868.png","language":"Python","funding_links":[],"categories":["📦 Legacy \u0026 Inactive Projects"],"sub_categories":[],"readme":"# penta (PENTest + semi-Automation tool) \n\nPenta is is Pentest semi-automation tool using Python3. It provides advanced features to extract vuln info found on specific servers. I'm now developing a scanning system using vuln-db.\n\n\u003cp\u003e\n\u003ca href=\"#\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/python-3.7+-blue\" alt=\"Python 3.7+\"\u003e\u003c/a\u003e\n\u003ca href=\"#\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/works%20on-Ubuntu%20%7C%20ArchLinux%20%7C%20MacOS-00AAD4\" alt=\"Platforms\"\u003e\u003c/a\u003e\n\u003c!-- \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/takuzoo3868/penta?include_prereleases\" alt=\"\u003crelease\u003e\"\u003e\u003c/a\u003e --\u003e\n\u003ca href=\"https://github.com/takuzoo3868/penta/blob/master/LICENSE\"\u003e\n\u003cimg src=\"https://img.shields.io/github/license/takuzoo3868/penta\" alt=\"License: MIT\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/takuzoo3868/penta/wiki\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/documentation-wiki-lightgray\" alt=\"Wiki\"\u003e\u003c/a\u003e\n\u003ca href=\"#\"\u003e\n\u003cimg src=\"https://img.shields.io/github/languages/code-size/takuzoo3868/penta?color=lightgray\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg width=40% src=\"https://raw.githubusercontent.com/wiki/takuzoo3868/penta/images/logo_penta.png\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/wiki/takuzoo3868/penta/images/demo.gif\" alt=\"demo\" title=\"IP based scan\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/wiki/takuzoo3868/penta/images/demo2.gif\" alt=\"demo\" title=\"VulnDB construction\"\u003e\u003c/p\u003e\n\n\n## Installation\n\n### Install requirements\n\npenta requires the following packages.\n\n- Python3.7+\n- pipenv\n\nResolve python package dependency.\n\n```\n$ pipenv install\n```\n\nIf you dislike pipenv\n\n```\n$ pip install -r requirements.txt\n```\n\n## Usage\n\n```\n$ pipenv run start \u003coptions\u003e\nOR\n$ python penta/penta.py \u003coptions\u003e\n```\n\n### Usage: List options\n\n```\n$ pipenv run start -h\nusage: penta.py [-h] [-v] [--proxy PROXY]\n\nPenta is Pentest semi-automation tool\n\noptional arguments:\n  -h, --help     show this help message and exit\n  -v, --verbose  Increase verbosity logging level\n  --proxy PROXY  Proxy[IP:PORT]\n```\n\n### Main menu\n\n```\n======= MAIN MENU ===========================================\n \u003e  Menu list for IP-based scan\n    Menu list for building VulnDB\n    [Exit]\n```\n\n### IP based scan menu\n\n```\n======= PENTEST MENU LIST ===================================\n \u003e  Port scan\n    Nmap \u0026 vuln scan\n    Check HTTP option methods\n    Grab DNS server info\n    Shodan host search\n    FTP connect with anonymous\n    SSH connect with Brute Force\n    Metasploit Frame Work\n    Change target host\n    [Return]\n```\n\n\n1. Port scanning  \nCheck the port status of the target host and identify the active service.\n\n2. Nmap  \nCheck ports by additional means using Nmap.\n\n1. Check HTTP option methods  \nCheck the methods (e.g. GET,POST) for a target host.\n\n1. Grab DNS server info  \nDisplays and retrieves DNS whois information and useful records.\n\n2. Shodan host search  \nTo collect host service info from Shodan.  \nRequest [Shodan API key](https://developer.shodan.io/) to enable the feature.\n\n1. FTP connect with anonymous  \nTo check if it has anonymous access activated in port 21.  \nFTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it. Anyone can log in to the server if the administrator has allowed an FTP connection with an anonymous login.\n\n1. SSH connect with Brute Force  \nTo check ssh connection to scan with Brute Force.  \nDictionary data is in `data/dict`.\n\n1. Metasploit Frame Work [Auto Scan is Future Work]  \nTo check useful msf modules from opened ports.  \nModule DB is in `data/msf/module_list.db`.  \nNow, I have built a module list DB, and I am moving to a method to use it.\n\n### VulnDB construction menu\n\n```\n======= REPORT MENU LIST ====================================\n \u003e  Daily report: CVE,EDB,MSF...\n    View  report\n    Fetch CVEs\n    Fetch Exploits\n    Fetch Msf modules\n    Menu list for DB\n    [Return]\n```\n\n1. Generate a daily report  \nRetrieves the changed CVE, Metasploit framework module, and the latest ExploitDB records via online and outputs the information to the terminal.\n\n1. View a report  \nThe vulnerability information recorded in the local DB `vuln_db.sqlite3` is output to the terminal, without retrieving the information.\n\n1. Fetch CVEs  \nDownload the specified year's CVE from [NVD Data Feeds](https://nvd.nist.gov/vuln/data-feeds) and record it to the DB.\n\n1. Fetch Exploits　(Experimental Features)  \nRetrieves exploit information in ExploitDB from the online site. \n\n1. Fetch Metasploit framework modules  \nEach module of msf contains hardcoded CVE information and other information that is useful for scanning. This feature aggregates the information recorded in each module, both online and offline, and provides an association with CVE and EDB.\n\n## Wiki  \nIn case you have more question about **penta**, the [wiki](https://github.com/takuzoo3868/penta/wiki/) is very detailed and explains **penta** in great detail.\n\n## License  \nPenta is released under the MIT License, see [LICENSE](https://github.com/takuzoo3868/penta/blob/master/LICENSE).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftakuzoo3868%2Fpenta","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftakuzoo3868%2Fpenta","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftakuzoo3868%2Fpenta/lists"}