Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/juffalow/pentest-tool-lite
Test your page against basic security, html, wordpress, ... check lists
https://github.com/juffalow/pentest-tool-lite
node pentest-tool pentesting typescript web-security
Last synced: 4 days ago
JSON representation
Test your page against basic security, html, wordpress, ... check lists
- Host: GitHub
- URL: https://github.com/juffalow/pentest-tool-lite
- Owner: juffalow
- License: mit
- Created: 2017-10-16T13:48:54.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2024-12-22T13:24:42.000Z (16 days ago)
- Last Synced: 2024-12-26T09:08:03.388Z (12 days ago)
- Topics: node, pentest-tool, pentesting, typescript, web-security
- Language: TypeScript
- Homepage: https://pentest-tool-lite.com/
- Size: 1.31 MB
- Stars: 27
- Watchers: 4
- Forks: 11
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Pentest Tool LITE
[](https://github.com/juffalow/pentest-tool-lite/blob/master/LICENSE)
[](https://github.com/juffalow/pentest-tool-lite/actions)
[](https://codecov.io/gh/juffalow/pentest-tool-lite)
Check your website ( or any other website ) for common vulnerabilities.
## Usage
Install
```bash
yarn global add pentest-tool-lite
# of if you use npm
npm i -g pentest-tool-lite
```
Basic
```bash
pentest-tool-lite # http(s)://....
```
### Example
```bash
pentest-tool-lite https://juffalow.com
```
### Options
Available options:
* -V, --version output the version number
* --grep only run tests matching tests separated by comma
* --exclude exclude tests matching tests separated by comma
* --logger
* --report
* -h, --help output usage information
#### help
```bash
$ pentest-tool-lite --help
```
#### grep
Grep is checking every test if it contains any string from the grep argument.
To check just *https* and *hsts* type:
```bash
pentest-tool-lite https://juffalow.com --grep https,hsts
```
To list all available tests:
```bash
pentest-tool-lite tests
```
#### exclude
If you do not want to run specific tests, you can ignore them with `exclude` argument.
To exclude javascript, css and image tests:
```bash
pentest-tool-lite https://juffalow.com --exclude javascript,css,image
```
#### reportType
Default report is short, which will show just test titles. If you want to see also description, change it to `FULL` report with:
```bash
pentest-tool-lite https://juffalow.com --reportType FULL
```
#### reportFormat
```bash
pentest-tool-lite https://juffalow.com --reportFormat JSON
```
## Sub Commands
#### Sitemap
List all URLs in sitemap. If it is sitemap index (sitemap that contains URLs to other sitemaps) it loads every sitemap and shows URLs from all of them.
```bash
pentest-tool-lite sitemap https://example.com/sitemap.xml
```
#### Random
Reads from standard input and outputs lines based on some probability. This can be used for testing just random urls. For example, you can run `sitemap` sub-command, but you don't want to run the pentest on all of listed urls, so you can use pipes and pick random urls.
```bash
pentest-tool-lite sitemap https://example.com/sitemap.xml | pentest-tool-lite random | xargs -n1 pentest-tool-lite
```
## Contributing
Use [GitHub issues](https://github.com/juffalow/pentest-tool-lite/issues) if you have suggestion for new check(s) or you found a bug in existing one.
And I'll be thankful for every pull request ;-)
### How to run project locally
```bash
# install node modules
yarn
# run
yarn start https://juffalow.com
# or if you use npm
# install node modules
npm i
# run
npm start -- https://juffalow.com
```
### Debugging and Logging
Log everything:
```bash
pentest-tool-lite https://juffalow.com --logger=DEBUG
```
Log everything that has at least WARNING level:
```bash
pentest-tool-lite https://juffalow.com --logger=WARNING
```
### Tests
```bash
npm test
```
## License
[MIT license](./LICENSE)