Skip to content

Latest commit

 

History

History
413 lines (307 loc) · 20.2 KB

README.md

File metadata and controls

413 lines (307 loc) · 20.2 KB

Pentest Collaboration Framework

Pentest Collaboration Framework - an opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!
Explore the docs »

‼️ Important Links

Links
📖Installation Guide
🌐Wiki
🚀Releases
💬Telegram

🕹️Demo

✨ Features

Structure
  • :family_mmb: Teams
    • Work team
    • Personal team
  • ⛑ Pentest projects
    • 🖥️ Hosts
      • ip-address
      • hostnames
      • operation system
      • open ports
      • tester notes
    • 🐞 Issues
      • Proof of concept
    • 🌐 Networks
    • 🔑 Found credentials
    • 📝 Notes
    • 💬 Chats
    • 📊 Report generation
      • plaintext
      • docx
      • zip
    • 📁 Files
    • 🛠 Tools
image
  • 🔬 You can create private or team projects!
  • 💼 Team moderation.
  • 🛠 Multiple tools integration support! Such as Nmap/Masscan, Nikto, Nessus and Acunetix!
  • 🖥️ Cross-platform, opensource & free!
  • ☁ Cloud deployment support.

📊 PCF vs analogues

Name PCF Lair Dradis Faraday AttackForge PenTest.WS Hive
Portable ✅💲
Cross-platform
Free ❌✅ ❌✅ ❌✅ ❌✅ ❌✅
NOT deprecated!
Data export ❌✅ ❌✅
Chat
Made for sec specialists, not managers ❌✅
Report generation
API ❌✅
Issue templates

🛠 Supported tools

Tool name Integration type Description
Nmap Import Import XML results (ip, port, service type, service version, hostnames, os). Supported plugins: vulners
Nessus Import Import .nessus results (ip, port, service type, security issues, os)
Qualys Import Import .xml results (ip, port, service type, security issues)
Masscan Import Import XML results (ip, port)
Nikto Import Import XML, CSV, JSON results (issue, ip, port)
Acunetix Import Import XML results (ip, port, issue)
Burp Suite Enterprise Import Import HTML results (ip, port, hostname, issue, poc)
kube-hunter Import Import JSON result (ip, port, service, issue)
Checkmarx SAST Import Import XML/CSV results (code info, issue)
Dependency-check Import Import XML results (code issues)
OpenVAS/GVM Import Import XML results (ip, port, hostname, issue)
NetSparker Import Import XML results (ip, port, hostname, issue)
BurpSuite Import/Extention Extention for fast issue send from burpsuite.
ipwhois Scan Scan hosts(s)/network(s) and save whois data
shodan Scan Scan hosts ang save info (ip, port, service).
HTTP-Sniffer Additional Create multiple http-sniffers for any project.
WPScan Import Import JSON results (ip, port, hostname, issue)
DNSrecon Import Import JSON/CSV/XML results (ip, port, hostname)
theHarvester Import Import XML results (ip, hostname)
Metasploit Import Import XML project (ip, port, hostname, issue)
Nuclei Import Import JSON results (ip, hostname, port, issue)
PingCastle Import Import XML results (ip, issue)
MaxPatrol Import Import XML results (ip, port, issue)
Scanvus Import Import JSON report (issue)
Tenable.sc Import Import .nessus results (ip, port, service type, security issues, os)
aiodnsbrute Import Import JSON/CSV results (ip, hostname)

🙋 Table of Contents

📖 Fast Installation Guide

You need only Python3.

🖥️ Windows / Linux / MacOS

Download project:

git clone https://gitlab.com/invuls/pentest-projects/pcf.git

Go to folder:

cd pcf

Install deps (for unix-based systems):

pip3 install -r requirements_unix.txt

or windows:

pip.exe install -r requirements_windows.txt

Run initiation script:

python3 new_initiation.py

or windows

python.exe new_initiation.py

Edit configuration:

nano configuration/settings.ini

Run:

old version: python3 app.py
new version: python3 run.py

or windows

old version: python.exe app.py
new version: python.exe run.py

☁️ Heroku

⚠️ From november 2022 Heroku free tier does not include PostgreSQL. So, you will be able to use it only at paid account⚠️

👍 Easy way

Deploy from our github repository:

Deploy

Careful: Check github repo last push version!

You can check 😓Harder and 💀Impossible ways at 🌐wiki page!

☁️ AWS

You can just follow the link and install PCF from AWS marketplace:

Marketplace

🐳 Docker

One line install

Will be added later!

Build by yourself

Clone repository

git clone https://gitlab.com/invuls/pentest-projects/pcf.git

Go to folder:

cd pcf

Run docker-compose:

docker-compose up

and go to URL

http://127.0.0.1:5000/

🤸 Usage

Default port (check config): 5000 Default ip (if run at localhost): 127.0.0.1

  1. Register at http(s)://<ip>:<port>/register

  2. Login at http(s)://<ip>:<port>/login

  3. Create team (if need) at http(s)://<ip>:<port>/create_team

  4. Create project at http(s)://<ip>:<port>/new_project

  5. Enjoy your hacking process!

API information: https://gitlab.com/invuls/pentest-projects/pcf/-/wikis/API%20documentation

🖼️ Gallery

image image
Team information Projects list
image image
Project: issues Project: host page
image image
Project: hosts Project:services
image image
Project: issue info Project: issue info (PoC)
image image
Project: networks Project: files
image image
Project: tools (may be changed) Project: found credentials
image image
Project: testing notes Project: chats
image image
Project: settings Project: reports

⚠️ WARNING

🚨 Default settings

This program, by default, uses 5000 port and allows everyone to register and use it, so you need to set correct firewall & network rules.

🔌 Initiation logic

Careful with new_initiation script! It makes some important changes with filesystem:

  1. Renames database /configuration/database.sqlite3
  2. Regenerates SSL certificates
  3. Regenerates session key.
  4. Creates new empty /configuration/database.sqlite3 database
  5. Creates /tmp_storage/ folder

🎪 Community

If you have any feature suggestions or bugs, leave a GitLab issue. We welcome any and all support :D

We communicate over Telegram. Click here to join our Telegram community!

📝 TODO

General

  • Team config storage
  • Team report templates storage
  • Automatic database backup
  • Share Issues with non-registered users
  • Report generation
  • Fast popular password bruteforce check (top-10k)
  • REST-API
  • Network graph
  • Hash fast export/import
  • Add another databases
  • Add .doc report generation support
  • Issue templates
  • Backup/Restore from backup projects/teams

Tools

  • HTTP-sniffer
  • NetNTLM smb sniffer
  • Custom tool txt report upload support (added notes to hosts)
  • Hash fast check top-10k passwords
  • Export projects from Faraday/Dradis
  • Metasploit/Cobalt Strike integration

Version 2.0

  • Vue.js
  • Websockets
  • Push messages (updates)
  • Database rebuild (objects)
  • hosts -> interfaces -> ports
  • hosts -> hostnames
  • Project file manager
  • Port -> Protocol:Software:Version
  • User-defined host marks (mark all hosts with open port)
  • TODO marks button every page
  • Dublicate hosts (join them?)
  • host MAC/AD domain/Forest

🎁 Presentations

🏢 Companies

There will be companies list which use Pentest Collaboration Framework.

If you want to add your company, then read next topic :)

❤️ Contribute

If you want to help to project or encourage PCF developers, you can do any of the following:

There was some frequent question:

How to donate money to the project?

No way. I do not guarantee that I will not abandon this project after a while, so the best "donation" will be a contribution to the development and distribution of the utility.

How to make a merge requests to this repository?

Again, no way. To develop PCF faster, I need to know all of its code, so just create an issue at gitlab with bug/feature request and some code example, which I may use to fix it.