Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/leoanggal1/P-SAK

Pentester Swiss Army Knife is a Docker Image with a suite of the most used tools for Hacking and Pentesting.
https://github.com/leoanggal1/P-SAK

hacking hacking-tools pentest pentesting pentesting-tools

Last synced: 3 months ago
JSON representation

Pentester Swiss Army Knife is a Docker Image with a suite of the most used tools for Hacking and Pentesting.

Host: GitHub
URL: https://github.com/leoanggal1/P-SAK
Owner: leoanggal1
Created: 2020-12-03T10:47:34.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2020-12-21T16:55:16.000Z (almost 4 years ago)
Last Synced: 2024-05-15T13:24:02.233Z (6 months ago)
Topics: hacking, hacking-tools, pentest, pentesting, pentesting-tools
Language: Shell
Homepage:
Size: 175 KB
Stars: 60
Watchers: 2
Forks: 8
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Pentesting Swiss Army Knife (P-SAK)

## What is P-SAK?

Pentesting Swiss Army Knife (P-SAK) is a Docker Image with the **eleven** ( four optional ) most used tools for Hacking and Pentesting. It allows you to use these tools easily and quickly on your Pentest from any OS supporting the Docker Engine. It has been developed using [bitnami-docker-python](https://github.com/bitnami/bitnami-docker-python) as the base image and installing the following tools:
* [NMAP](https://nmap.org/) - Utility for network , ports and service discovery in addition to security auditing.
* [Metasploit](https://github.com/rapid7/metasploit-framework) - Most used penetration testing framework.
* [Commix](https://github.com/commixproject/commix) - Automated tool to test web-based applications with the view to find vulnerabilities related to command injection.
* [Reconspider](https://github.com/bhavsec/reconspider) - OSINT Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources.
* [Wfuzz](https://github.com/xmendez/wfuzz) - It replaces any web reference to the FUZZ keyword by the value of a given payload.
* [John the Ripper](https://www.openwall.com/john/) - Password cracking software tool.
* [Tcpdump](https://www.tcpdump.org/manpages/tcpdump.1.html) - Data-network packet analyzer

Optional tools:
* [SQLMAP](https://github.com/Xayias/https-github.com-sqlmapproject-sqlmap) - Tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
* [Nikto](https://github.com/sullo/nikto) - Web server vulnerabilities scanner.
* [Hydra](https://github.com/vanhauser-thc/thc-hydra) - Password brute force cracking tools.
* [Aircrack-ng](https://www.aircrack-ng.org/) - Complete suite of tools to assess WiFi network security.

## Building

You can build P-SAK using the following command:

```console
$ git clone https://github.com/leoanggal1/P-SAK.git
$ cd P-SAK
$ docker build -t .
```

#### Environment variables

You can build the image along with other optional tools using the environment variables in the Dockerfile.

| Tool | Environment Variable | Default Value |
| ----------- | ---------------------- | ------------- |
| SQLMAP | `SQLMAP_INSTALL` | `no` |
| Nikto | `NIKTO_INSTALL` | `no` |
| Hydra | `HYDRA_INSTALL` | `no` |
| Aircrack-ng | `AIRCRACK_INSTALL` | `no` |

To enable these tools you have to change the default value of environment variables to `yes`.
For example, if you need Aircrack-ng and Nikto for your Pentest you must change the `Dockerfile` like this:

```console
ENV SQLMAP_INSTALL="no" \
NIKTO_INSTALL="yes" \
HYDRA_INSTALL="no" \
AIRCRACK_INSTALL="yes"
```

#### Non-root user

P-SAK has been developed to be a **non-root** image, following security best practises. The user `psak` has the UID `1001`.
If you need root privileges execute the image like the following:

```console
$ docker run --user 0
```

## Usage

#### Bash mode

You can run the image in interactive mode with the command:

```console
$ docker run --rm -it bash
```

#### As a tool

If you only need to run one P-SAK tool, you can use the following command:

```console
$ docker run -ti
```

For example, to run a port scan using NMAP, use the following command:

```console
$ docker run -it nmap -sV --min-rate 5000
```

The output obtained:

## Contributing

Want to contribute? Great!! You can request new features or create PR, we love contributions!

## Contact Developer

* Email: [email protected]
* LinkedIn: [Leopoldo Angulo Gallego](https://www.linkedin.com/in/leopoldo-angulo-gallego-66b957195)

## Legal Disclaimer

> Usage of P-SAK image for attacking targets without prior mutual consent is illegal.
> It is the end user's responsibility to obey all applicable local, state and federal laws.
> Developers assume no liability and are not responsible for any misuse or damage caused by this image.

## Help us

Found this project useful? If you want, you might donate.

* For donate BTC : **12DuuMYdEHpANfWRZMxKcswftSuEpTj8Em**

* For donate ETH : **0x23d1d8ccf69d4d634d25aaf01fe409f1ac4a7bce**