https://github.com/slayingripper/octapusprime
OctapusPrime One‐Touch Pentest Suite
https://github.com/slayingripper/octapusprime
cybersecurity cybersecurity-tools raspberry-pi
Last synced: 5 months ago
JSON representation
OctapusPrime One‐Touch Pentest Suite
- Host: GitHub
- URL: https://github.com/slayingripper/octapusprime
- Owner: Slayingripper
- License: mit
- Created: 2025-05-31T20:36:38.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2025-07-07T12:02:15.000Z (7 months ago)
- Last Synced: 2025-07-07T13:22:38.780Z (7 months ago)
- Topics: cybersecurity, cybersecurity-tools, raspberry-pi
- Language: JavaScript
- Homepage:
- Size: 16 MB
- Stars: 7
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# OctapusPrime One‐Touch Pentest Suite
**OctapusPrime** is a headless pentesting appliance designed to run on a small ARM‐based board (e.g., Neo Pi running DietPi or Debian). It combines a comprehensive suite of proven CLI tools with an advanced **IFTTT (If-This-Then-That) scenario builder** featuring intelligent conditional execution, dynamic variable extraction, and real-time automation.
**Enhanced Features:**
- **40+ Security Tools** organized by category (Network Discovery, Web Testing, Vulnerability Scanning, etc.)
- **Advanced IFTTT Scenario Builder** with conditional logic and variable extraction
- **Dynamic Variable System** with regex-based data extraction and substitution
- **Enhanced Web Interface** with real-time scenario execution monitoring
- **Example Scenarios Library** with pre-built penetration testing workflows
- **Physical GPIO trigger** (push-button + LED) for remote scan execution
- **Professional dark-mode interface** with octopus-themed design
With OctapusPrime, you can create sophisticated adaptive penetration testing workflows that intelligently respond to scan results and automatically adjust their behavior based on discovered services, open ports, and extracted data.
---
## 🎥 Visual Feature Overview
### Main Landing Page
*landing page with navigation to all features and modern octopus-themed design*
### Enhanced Dashboard
*Access to 40+ categorized security tools with real-time execution monitoring*
### Advanced IFTTT Scenario Builder
*Visual workflow creation with conditional logic, variable extraction, and intelligent automation*
### System Settings & Configuration
*GPIO configuration, network settings, and platform-specific hardware setup*
### Real-time Execution Logs
*Watch tool execution in real-time with variable extraction and conditional logic decisions*
---
## Table of Contents
- [OctapusPrime One‐Touch Pentest Suite](#octapusprime-onetouch-pentest-suite)
- [🎥 Visual Feature Overview](#-visual-feature-overview)
- [Main Landing Page](#main-landing-page)
- [Enhanced Dashboard](#enhanced-dashboard)
- [Advanced IFTTT Scenario Builder](#advanced-ifttt-scenario-builder)
- [System Settings \& Configuration](#system-settings--configuration)
- [Real-time Execution Logs](#real-time-execution-logs)
- [Table of Contents](#table-of-contents)
- [Features](#features)
- [Architecture Overview](#architecture-overview)
- [Key Components:](#key-components)
- [Prerequisites](#prerequisites)
- [1. Operating System](#1-operating-system)
- [2. Complete Security Tools Installation](#2-complete-security-tools-installation)
- [3. GPIO Libraries (for physical button - optional)](#3-gpio-libraries-for-physical-button---optional)
- [4. ZeroTier (for remote access - optional)](#4-zerotier-for-remote-access---optional)
- [5. Python Dependencies](#5-python-dependencies)
- [6. Network Configuration](#6-network-configuration)
- [Installation](#installation)
- [1. System-Level Dependencies](#1-system-level-dependencies)
- [2. Complete Security Tools Installation](#2-complete-security-tools-installation-1)
- [3. Specialized Tools Installation](#3-specialized-tools-installation)
- [4. Cloning \& Directory Layout](#4-cloning--directory-layout)
- [5. Python Virtual Environment \& Packages](#5-python-virtual-environment--packages)
- [6. Systemd Services](#6-systemd-services)
- [Usage](#usage)
- [Enhanced Scenario Builder](#enhanced-scenario-builder)
- [IFTTT Logic System](#ifttt-logic-system)
- [Variable System](#variable-system)
- [Physical Button Mode](#physical-button-mode)
- [Web UI Mode](#web-ui-mode)
- [Dashboard Features:](#dashboard-features)
- [Interactive Features:](#interactive-features)
- [Viewing Logs \& Outputs](#viewing-logs--outputs)
- [Folder Structure](#folder-structure)
- [Security Tools Reference](#security-tools-reference)
- [Customizing \& Troubleshooting](#customizing--troubleshooting)
- [Adding New Tools](#adding-new-tools)
- [Common Issues](#common-issues)
- [Performance Tuning](#performance-tuning)
- [Debugging](#debugging)
- [Contributing](#contributing)
- [License](#license)
- [Disclaimer](#disclaimer)
---
## Features
- **Comprehensive 40+ Security Tools Suite**
- **Network Discovery:** Nmap, Masscan, Zmap, Amass, Subfinder
- **Web Application Testing:** Gobuster, FFuF, Feroxbuster, Nikto, WhatWeb, SQLMap, Nuclei
- **Vulnerability Scanning:** Nuclei, Trivy, TestSSL
- **Credential Attacks:** Hydra, John the Ripper, Hashcat
- **Information Gathering:** TheHarvester, Amass, Subfinder, Shodan
- **Enumeration:** Enum4linux, NBTScan, LDAP Search, SNMP Check, SMB Client
- **Specialized Tools:** EyeWitness, GitLeaks, and more
- **Advanced IFTTT Scenario Builder**
- **Conditional Logic:** IF-THEN execution based on previous step results
- **Variable Extraction:** Regex-based data capture from tool outputs
- **Dynamic Substitution:** Real-time variable replacement in arguments
- **Example Scenarios:** Pre-built workflows for common penetration testing methodologies
- **Scenario Management:** Save, load, and share complex testing workflows
- **Validation System:** Real-time argument and variable validation
*Create intelligent workflows that adapt based on scan results*
- **Enhanced Web Interface**
- **Modern Dark Theme:** Professional security-focused design
- **Tool Categories:** Organized tool selection with descriptions
- **Real-time Execution:** Live progress monitoring and log streaming
- **Variable Picker:** Visual variable selection and management
- **Keyboard Shortcuts:** Productivity enhancements for power users
- **Responsive Design:** Works on desktop, tablet, and mobile devices
*Comprehensive tool dashboard with categorized security tools*
- **Professional Backend Architecture**
- **Thread-safe Execution:** Parallel tool execution with proper resource management
- **WebSocket Communication:** Real-time bidirectional communication
- **RESTful API:** Complete API for automation and integration
- **Error Handling:** Comprehensive error recovery and reporting
- **Logging System:** Detailed execution logs and debugging information
*Watch execution progress with real-time variable extraction and logging*
---
## Architecture Overview
```
┌──────────────┐ ┌───────────────────────┐ ┌──────────────────┐
│ Physical │ │ │ │ 40+ CLI Tools │
│ Button │── GPIO ─▶│ Enhanced Controller │── Thread ▶│ Network Discovery│
│ (GPIO 17) │ │ & IFTTT Engine │ │ Web Testing │
└──────────────┘ │ │ │ Vuln Scanning │
│ Variable Extraction │ │ Credential Attacks│
│ Conditional Logic │ │ Info Gathering │
└─────────┬─────────────┘ │ Enumeration │
│ └──────────────────┘
│ WebSocket + REST API
▼
┌───────────────────────┐ ┌─────────────────────┐
│ Enhanced Server │◀───┐ │ Enhanced Web UI │
│ (Flask + SocketIO) │ │ │ ┌─────────────────┐ │
│ Scenario Builder │ │ │ │ IFTTT Builder │ │
│ Variable System │ │ │ │ Variable System │ │
│ Example Library │ │ │ └─────────────────┘ │
│ Real-time Execution │ │ │ ┌─────────────────┐ │
│ /api/run_scenario │ └──▶ │ Live Monitoring │ │
│ /load_scenario │ │ │ Progress Tracking│ │
│ /list_scenarios │ │ └─────────────────┘ │
└───────────────────────┘ └─────────────────────┘
```
### Key Components:
1. **Enhanced Scenario Builder**
- IFTTT conditional logic system
- Variable extraction with regex patterns
- Tool templates and argument validation
- Example scenario library
2. **Variable System**
- Dynamic parameter substitution
- Regex-based data extraction
- Built-in and custom variables
- Real-time variable validation
3. **Advanced Tool Integration**
- 40+ categorized security tools
- Tool-specific templates and examples
- Intelligent argument completion
- Performance optimization
---
## Prerequisites
Before installing OctapusPrime, ensure your system meets the following requirements:
### 1. Operating System
- **DietPi (Debian-based)**, **Debian 12**, **Ubuntu 22.04/24.04**, or **Kali Linux**
- Root/sudo privileges for package installation and systemd configuration
- At least 4GB RAM recommended for large scans
- 20GB+ storage for tools and scan results
### 2. Complete Security Tools Installation
**Core System Packages:**
```bash
sudo apt update && sudo apt upgrade -y
sudo apt install -y \
python3 \
python3-pip \
python3-venv \
python3-dev \
git \
curl \
wget \
build-essential \
libssl-dev \
libffi-dev \
software-properties-common \
apt-transport-https \
ca-certificates \
gnupg \
lsb-release
```
### 3. GPIO Libraries (for physical button - optional)
```bash
# For Raspberry Pi/compatible boards
sudo apt install -y python3-rpi.gpio python3-gpiozero
# Alternative GPIO libraries
sudo apt install -y python3-lgpio
```
### 4. ZeroTier (for remote access - optional)
```bash
curl -s https://install.zerotier.com | sudo bash
sudo zerotier-cli join
```
### 5. Python Dependencies
Will be installed in virtual environment during setup:
```bash
# Core requirements (from requirements.txt)
Flask
Flask-SocketIO
eventlet
python-socketio
python-engineio
aiohttp
gpiozero
lgpio
requests
```
### 6. Network Configuration
- Static IP or discoverable hostname recommended
- Port 8080 accessible for web interface
- GPIO pins 17 (button) and 27 (LED) available if using hardware features
- Internet access for tool updates and vulnerability databases
---
## Installation
### 1. System-Level Dependencies
```bash
# Update system and install core packages
sudo apt update && sudo apt upgrade -y
# Install essential build tools and libraries
sudo apt install -y \
python3 python3-pip python3-venv python3-dev \
git curl wget build-essential \
libssl-dev libffi-dev libxml2-dev libxslt1-dev \
zlib1g-dev libjpeg-dev libpng-dev \
software-properties-common apt-transport-https \
ca-certificates gnupg lsb-release
```
### 2. Complete Security Tools Installation
**Network Discovery & Scanning:**
```bash
# Core network tools
sudo apt install -y nmap masscan zmap
# Advanced discovery tools
sudo apt install -y amass subfinder theharvester
# DNS enumeration
sudo apt install -y dnsutils dnsenum fierce
```
**Web Application Testing:**
```bash
# Directory/file enumeration
sudo apt install -y gobuster dirb dirsearch
# Web fuzzers
sudo apt install -y ffuf feroxbuster
# Web vulnerability scanners
sudo apt install -y nikto whatweb sqlmap
# Template-based scanner
go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
```
**Vulnerability & SSL Testing:**
```bash
# SSL/TLS testing
sudo apt install -y testssl.sh sslscan
# Container vulnerability scanning
sudo apt install -y trivy
# General vulnerability scanning
sudo apt install -y openvas-scanner
```
**Credential Attacks:**
```bash
# Brute force tools
sudo apt install -y hydra medusa patator
# Password cracking
sudo apt install -y john hashcat
```
**Information Gathering:**
```bash
# OSINT tools
sudo apt install -y theharvester maltego-teeth
# Social engineering
sudo apt install -y set
# Shodan CLI
pip3 install shodan
```
**Enumeration Tools:**
```bash
# SMB/NetBIOS enumeration
sudo apt install -y enum4linux nbtscan smbclient
# LDAP enumeration
sudo apt install -y ldap-utils
# SNMP enumeration
sudo apt install -y snmp snmp-mibs-downloader
# Database tools
sudo apt install -y postgresql-client mysql-client
```
### 3. Specialized Tools Installation
**Go-based Tools:**
```bash
# Install Go if not present
sudo apt install -y golang-go
# Install Go-based security tools
go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
go install -v github.com/tomnomnom/gf@latest
go install -v github.com/tomnomnom/waybackurls@latest
# Add Go bin to PATH
echo 'export PATH=$PATH:~/go/bin' >> ~/.bashrc
source ~/.bashrc
```
**Python-based Tools:**
```bash
# Install additional Python tools
pip3 install --user \
shodan \
truffleHog \
gitpython \
requests \
beautifulsoup4 \
selenium \
pycryptodome
# EyeWitness dependencies
sudo apt install -y chromium-browser
git clone https://github.com/FortyNorthSecurity/EyeWitness.git /opt/EyeWitness
cd /opt/EyeWitness/Python/setup
sudo ./setup.sh
```
**Additional Specialized Tools:**
```bash
# GitLeaks for secret detection
sudo wget -O /usr/local/bin/gitleaks \
https://github.com/zricethezav/gitleaks/releases/latest/download/gitleaks_linux_amd64
sudo chmod +x /usr/local/bin/gitleaks
# Feroxbuster (if not in repos)
curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/master/install-nix.sh | bash
# Ensure all tools are in PATH
sudo ln -sf ~/go/bin/* /usr/local/bin/ 2>/dev/null || true
```
**Tool Verification:**
```bash
# Verify installation of key tools
echo "Verifying tool installation..."
for tool in nmap masscan gobuster ffuf nikto sqlmap hydra john hashcat \
amass subfinder nuclei testssl.sh trivy gitleaks feroxbuster \
enum4linux nbtscan theharvester whatweb; do
if command -v $tool >/dev/null 2>&1; then
echo "✓ $tool installed"
else
echo "✗ $tool missing"
fi
done
```
### 4. Cloning & Directory Layout
```bash
# Clone the repository
git clone https://github.com/slayingripper/OctapusPrime.git
cd OctapusPrime
# Create necessary directories
mkdir -p scenarios logs outputs
# Set appropriate permissions
chmod +x bin/octapus_controller.py
chmod +x bin/webapp/server.py
# Verify directory structure
ls -la
# Should show: bin/, scenarios/, logs/, README.md, requirements.txt, etc.
```
### 5. Python Virtual Environment & Packages
```bash
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Upgrade pip and install dependencies
pip install --upgrade pip
pip install -r requirements.txt
# Install additional packages for enhanced features
pip install \
jsonschema \
python-dateutil \
psutil \
netifaces
# If using GPIO features
pip install RPi.GPIO gpiozero lgpio
# Verify installation
python3 -c "
import flask, flask_socketio, requests
print('✓ Core dependencies installed successfully')
"
```
### 6. Systemd Services
```bash
# Create systemd service files
sudo tee /etc/systemd/system/octapus-controller.service > /dev/null < /dev/null <