This script automates common tasks performed by penetration testers, such as port scanning, service enumeration, SSH brute-forcing, and web form brute-forcing. It provides a command-line interface for user interaction and streamlines the testing process.
- IP Validation: The script validates the target IP address before carrying out any operations.
- Port Scanning: Leverages
nmap
for scanning open ports on the target machine. - Service Enumeration: Uses
nmap
to enumerate services running on the open ports of the target. - Brute-Force Attack: Leverages
hydra
to conduct a brute-force attack against an ssh service on the target. A username and the path to a password list file need to be provided by the user. - Web Form Brute-Force Attack: Executes a brute-force attack on a web form on the target via
hydra
. The user needs to provide the form parameters along with a username and the path to a password list file.
This script has the following dependencies:
- Python 3.x
- Nmap
- Hydra
These tools must be installed and accessible from your system's PATH.
- Ensure you have Python installed on your system. The script is compatible with Python 3.
- Clone or download the repository to your local machine using the following command from GitHub:
git clone https://github.com/marat0s/Pentest-auto-script.git
- Open a terminal or command prompt and navigate to the directory where the pentest_auto.py script is located:
cd Pentest-auto-script
- Install the required dependencies. You can use pip to install the dependencies from the provided requirements.txt file:
pip install -r requirements.txt
- Open a terminal or command prompt and navigate to the directory where the pentest_auto.py script is located:
python pentest_auto.py
Make sure to provide the necessary command-line arguments or modify the script to suit your specific needs. 6. Follow the on-screen prompts and provide the required information, such as the target IP address or range, desired actions, etc.
The script includes basic error handling: It validates the target IP and checks the existence of the password list file. Any errors during command execution will be printed to the console.