https://github.com/therealilyas/pentest-toolkit

bash-scripts bug-bounty-tools ctf-tools cybersecurity-tools ethical-hacking free-hacking-tools kali-linux metasploit-alternative network-recon network-security offensive-security penetration-testing pentesting python-pentesting python-security red-team security-automation security-scanner vulnerability-assessment web-security

Last synced: 27 days ago
JSON representation

Host: GitHub
URL: https://github.com/therealilyas/pentest-toolkit
Owner: therealilyas
License: mit
Created: 2025-11-01T14:48:13.000Z (7 months ago)
Default Branch: main
Last Pushed: 2025-11-21T13:31:33.000Z (7 months ago)
Last Synced: 2025-11-21T15:27:09.649Z (7 months ago)
Topics: bash-scripts, bug-bounty-tools, ctf-tools, cybersecurity-tools, ethical-hacking, free-hacking-tools, kali-linux, metasploit-alternative, network-recon, network-security, offensive-security, penetration-testing, pentesting, python-pentesting, python-security, red-team, security-automation, security-scanner, vulnerability-assessment, web-security
Language: Python
Homepage: https://github.com/therealilyas/pentest-toolkit
Size: 1.17 MB
Stars: 18
Watchers: 0
Forks: 5
Open Issues: 2
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

# Penetration Testing Toolkit - Professional Security Assessment Suite

[![Python 3.8+](https://img.shields.io/badge/Python-3.8%2B-blue.svg)](https://www.python.org/)
[![Bash](https://img.shields.io/badge/Bash-5.0%2B-green.svg)](https://www.gnu.org/software/bash/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![GitHub Stars](https://img.shields.io/github/stars/therealilyas/pentest-toolkit?style=social)](https://github.com/therealilyas/pentest-toolkit/stargazers)

[![Star History Chart](https://api.star-history.com/svg?repos=therealilyas/pentest-toolkit&type=Date)](https://star-history.com/#therealilyas/pentest-toolkit&Date)

```
██████╗ ███████╗███╗ ██╗████████╗███████╗███████╗████████╗██╗ ██╗██╗████████╗
██╔══██╗██╔════╝████╗ ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██║ ██╔╝██║╚══██╔══╝
██████╔╝█████╗ ██╔██╗ ██║ ██║ █████╗ ███████╗ ██║ █████╔╝ ██║ ██║
██╔═══╝ ██╔══╝ ██║╚██╗██║ ██║ ██╔══╝ ╚════██║ ██║ ██╔═██╗ ██║ ██║
██║ ███████╗██║ ╚████║ ██║ ███████╗███████║ ██║ ██║ ██╗██║ ██║
╚═╝ ╚══════╝╚═╝ ╚═══╝ ╚═╝ ╚══════╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝
```

**Advanced Penetration Testing Toolkit · Python & Bash · Built for the field**

[![Python 3.8+](https://img.shields.io/badge/Python-3.8%2B-blue?style=flat-square&logo=python)](https://www.python.org/)
[![Bash 5.0+](https://img.shields.io/badge/Bash-5.0%2B-green?style=flat-square&logo=gnu-bash)](https://www.gnu.org/software/bash/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow?style=flat-square)](LICENSE)
[![GitHub Stars](https://img.shields.io/github/stars/therealilyas/pentest-toolkit?style=flat-square&logo=github)](https://github.com/therealilyas/pentest-toolkit/stargazers)
[![Version](https://img.shields.io/badge/Version-3.2.1-red?style=flat-square)](https://github.com/therealilyas/pentest-toolkit/releases)
[![Maintained](https://img.shields.io/badge/Maintained-Yes-brightgreen?style=flat-square)](https://github.com/therealilyas/pentest-toolkit/commits/main)

*One toolkit. Every phase. From recon to report.*

---

## 🔍 What is PentestKit?

PentestKit is a battle-tested, all-in-one penetration testing framework designed for security professionals who need results fast. It wraps 100+ industry tools into two clean interfaces — a Python suite for automation and reporting, and a Bash menu for hands-on interactive use.

Whether you're doing a quick bug bounty recon or a full-scope red team engagement, PentestKit covers you from initial reconnaissance through to professional report delivery.

---

## ⚡ Features at a Glance

| Module | What It Does |
|---|---|
| 🔭 **Reconnaissance** | Subdomain enumeration, DNS analysis, WHOIS, port scanning |
| 🕷️ **Web Security** | SQL injection, XSS, directory fuzzing, API endpoint discovery |
| 🔒 **SSL/TLS Analysis** | Certificate checks, cipher auditing, protocol downgrade detection |
| 📡 **Network Assessment** | Service fingerprinting, OS detection, banner grabbing |
| 📋 **Reporting** | Auto-generated HTML/PDF/JSON reports with CVSS scoring |
| 🤖 **Automation** | Chain scans, schedule jobs, output to structured formats |

---

## 🚀 Getting Started

### One-liner Install

```bash
git clone https://github.com/therealilyas/pentest-toolkit.git && cd pentest-toolkit && sudo bash install.sh
```

### Manual Setup

```bash
# Clone the repo
git clone https://github.com/therealilyas/pentest-toolkit.git
cd pentest-toolkit

# Install system dependencies
sudo apt update && sudo apt install -y python3 nmap nikto sqlmap gobuster

# Install Python packages
pip3 install -r requirements.txt
```

---

## 🐍 Python Version — Automated Pipeline

The Python script is built for automation. Feed it a target, get back a full report.

```bash
# Basic scan
python3 pentestkit.py https://target.com

# Custom output directory
python3 pentestkit.py https://target.com -o ./results

# Verbose output
python3 pentestkit.py https://target.com -v

# Generate PDF report
python3 pentestkit.py https://target.com --report pdf
```

---

## 💻 Bash Version — Interactive Menu

Prefer clicking through a menu? The Bash version has you covered with guided scan profiles.

```bash
sudo ./pentestkit.sh
```

```
╔══════════════════════════════════╗
║ PentestKit v3.2.1 ║
║ Select your scan profile: ║
║ ║
║ [1] Quick Scan ~5 min ║
║ [2] Normal Scan ~15 min ║
║ [3] Deep Scan ~45 min ║
║ [4] Custom Scan ║
║ [5] View Last Report ║
║ [0] Exit ║
╚══════════════════════════════════╝
```

---

## 🗂️ Project Structure

```
pentest-toolkit/
├── pentestkit.py # Main Python entry point
├── pentestkit.sh # Interactive Bash menu
├── install.sh # One-command installer
├── python/ # Python modules
│ ├── recon.py
│ ├── web_scan.py
│ ├── vuln_scan.py
│ └── reporter.py
├── bash/ # Bash modules & helpers
├── archive/ # Legacy scripts & experiments
└── media/screenshots/ # Tool screenshots & demos
```

---

## 🎯 Who Is This For?

- **Bug Bounty Hunters** — Automate your recon workflow, find more targets, faster
- **Pentesters** — Comprehensive assessment suite from recon to report
- **Red Team Operators** — Simulate real-world attacker TTPs
- **CTF Players** — Fast enumeration and exploitation in competition scenarios
- **Students** — Learn offensive security with real, working tools

---

## 🖥️ Supported Platforms

| Platform | Python | Bash |
|---|:---:|:---:|
| Kali Linux | ✅ | ✅ |
| Parrot OS | ✅ | ✅ |
| Ubuntu 20.04+ | ✅ | ✅ |
| Debian 10+ | ✅ | ✅ |
| macOS | ✅ | ⚠️ |
| Windows (WSL2) | ✅ | ✅ |

---

## 🗺️ Roadmap

- [ ] 🤖 AI-powered vulnerability triage
- [ ] 🐳 Official Docker image
- [ ] 🔌 Metasploit integration module
- [ ] 📦 WordPress / CMS-specific scan profiles
- [ ] 🔔 Real-time Slack/Discord notifications
- [ ] 🧪 Headless browser support for modern SPAs

---

## 🤝 Contributing

Got an improvement? Found a bug? PRs are welcome.

```bash
# Fork → Clone → Branch → PR
git checkout -b feature/your-cool-idea
```

See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

---

## ⚠️ Legal Disclaimer

This toolkit is intended **strictly for authorized security testing**. Only use it against systems you own or have explicit written permission to test. Unauthorized access to computer systems is a criminal offense in most jurisdictions. The authors accept no liability for misuse.

**Always hack ethically. Always hack legally.**

---

Built by security researchers, for security researchers.

If this tool saved you time, drop a ⭐ — it means a lot.

[Issues](https://github.com/therealilyas/pentest-toolkit/issues) · [Discussions](https://github.com/therealilyas/pentest-toolkit/discussions) · [Releases](https://github.com/therealilyas/pentest-toolkit/releases)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/therealilyas/pentest-toolkit

Awesome Lists containing this project

README