Pentest-Machine – Automates Some Pentest Jobs Via Nmap Xml File

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.HTTPwhatwebWPScan (only if whatweb returns a WordPress result)EyeWitness with active login attemptslight dirb directory bruteforceDNSnmap NSE dns-zone-transfer and dns-recursionMySQLlight patator bruteforcePostgreSQLlight patator bruteforceMSSQLlight patator bruteforceSMTPnmap NSE smtp-enum-users and smtp-open-relaySNMPlight patador bruteforcesnmpcheck (if patador successfully finds a string)SMBenum4linux -anmap NSE smb-enum-shares, smb-vuln-ms08-067, smb-vuln-ms17-010SIPnmap NSE sip-enum-users and sip-methodssvmapRPCshowmount -eNTPnmap NSE ntp-monlistFTPlight patator bruteforceTelnetlight patator bruteforceSSHlight patator bruteforceWordpress 4.7XSS content uploadingTo add:IPMI hash disclosureike-scan (can’t run ike-scans in parallel)Installation./setup.shsource pm/bin/activateUsageRead from Nmap XML filesudo ./pentest-machine -x nmapfile.xmlPerform an Nmap scan with a hostlist then use those results The Nmap scan will do the top 1000 TCP ports and the top 100 UDP ports along with service enumeration It will save as pm-nmap.[xml/nmap/gnmap] in the current working directorysudo ./pentest-machine -l hostlist.txtSkip the patator bruteforcing and all SIP and HTTP commands -s parameter can skip both command names as well as protocol namessudo ./pentest-machine -s patator,sip,http -x nmapfile.xmlDownload Pentest-Machine

Link: http://feedproxy.google.com/~r/PentestTools/~3/vKRHSjniJOo/pentest-machine-automates-some-pentest.html