渗透测试框架 —— PTF
项目地址:https://github.com/pikpikcu/Pentest-Tools-FrameworkPTF 的选项:
-------------------------------------------------------------------------------------
| Global Option |
-------------------------------------------------------------------------------------
|Command Description |
|-----------------------------------------------------------------------------------|
| show modules |Look this modules |
| show options |Show Current Options Of Selected Module |
| ipconfig |Network Informasion |
| shell |Execution Command Shell >|
| use |Select Tipe Module For Use |
| set |Select Modules For Use |
| run |Excute modules |
| update |Update Pentest Framework |
| banner |PTF Banner |
| about |Informasion Tools |
| credits |Credits && Thanks |
| clear |Clean Pentest input/output |
| exit |Exit the progam |
-------------------------------------------------------------------------------------
模块:
+-----------------------------------------------------------------------------------------------------------------------------------+
| EXPLOITS |
-------------------------------------------------------------------------------------------------------------------------------------
| COMMANDS Rank Description |
-------------------------------------------------------------------------------------------------------------------------------------
| exploit/abrt_privilege_escalation | normal | ABRT - sosreport Privilege Escalation |
| exploit/web_delivery | good | Script Web Delivery |
| exploit/apache | good | Apache exploit |
| exploit/shellshock | good | cgi-bin/vulnerable shellshock |
| exploit/davtest | good | Testing tool for webdav server |
| exploit/auto_sql | good | auto with sqlmap |
| exploit/ldap_buffer_overflow | normal | Apache module mod_rewrite LDAP protocol Buffer Overflow |
| exploit/vbulletin_rce | good | vBulletin 5.x 0day pre-quth RCE exploit |
| exploit/cmsms_showtime2_rce | normal | CMS Made Simple (CMSMS) Showtime2 File Upload RCE |
| exploit/awind_snmp_exec | good | AwindInc SNMP Service Command Injection |
| exploit/webmin_packageup_rce | excellent | Webmin Package Updates Remote Command Execution |
| exploit/samsung_knox_smdm_url | good | Samsung Galaxy KNOX Android Browser RCE |
| exploit/cisco_dcnm_upload_2019 | excellent | Cisco Data Center Network Manager Unauthenticated Remote Code Execution|
| exploit/zenworks_configuration | excellent | Novell ZENworks Configuration Management Arbitrary File Upload |
| exploit/cisco_ucs_rce | excellent | Cisco UCS Director Unauthenticated Remote Code Execution |
| exploit/sonicwall | normal | Sonicwall SRA <= v8.1.0.2-14sv remote exploit |
| exploit/bluekeep | good | cve 2019 0708 bluekeep rce |
| exploit/eternalblue | good | MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption |
| exploit/inject_html | normal | Inject Html code in all visited webpage |
| exploit/robots | normal | robots.txt Detected |
| exploit/jenkins_script_console | good | Jenkins-CI Script-Console Java Execution |
| exploit/php_thumb_shell_upload | good | php shell uploads |
| exploit/cpanel_bruteforce | normal | cpanel bruteforce |
| exploit/cms_rce | normal | CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution |
| exploit/joomla_com_hdflayer | manual | joomla exploit hdflayer |
| exploit/wp_symposium_shell_upload | good | symposium shell upload |
| exploit/joomla0day_com_myngallery | good | exploits com myngallery |
| exploit/jm_auto_change_pswd | normal | vulnerability |
| exploit/android_remote_access | expert | Remote Acces Administrator (RAT) |
| exploit/power_dos | manual | Denial Of Service |
| exploit/tp_link_dos | normal | TP_LINK DOS, 150M Wireless Lite N Router, Model No. TL-WR740N |
| exploit/joomla_com_foxcontact | high | joomla foxcontact |
| exploit/joomla_simple_shell | high | joomla simple shell |
| exploit/joomla_comfields_sqli_rce | high | Joomla Component Fields SQLi Remote Code Execution |
| exploit/inject_javascript | normal | Inject Javascript code in all visited webpage |
| exploit/dns_bruteforce | high | Dns Bruteforce with nmap |
| exploit/dos_attack | normal | hping3 dos attack |
| exploit/shakescreen | high | Shaking Web Browser content |
| exploit/bypass_waf | normal | bypass WAf |
| exploit/enumeration | high | simple enumeration |
| exploit/restrict_anonymous | normal | obtain credentials |
| exploit/openssl_heartbleed | high | dump openssl_heartbleed |
| exploit/samba | good | Samba EXploits |
| exploit/smb | good | Albitary samba exploit |
| exploit/webview_addjavascriptinterface | good | Android Browser and WebView addJavascriptInterface Code Execution |
-------------------------------------------------------------------------------------------------------------------------------------
扫描器:
+------------------------------------------------------------------------------------------------------------------------------------+
| SCANNERS |
--------------------------------------------------------------------------------------------------------------------------------------
| COMMANDS Rank Description |
--------------------------------------------------------------------------------------------------------------------------------------
| scanner/enumiax | good | protocol username enumeration |
| scanner/wordpress_user_dislosure | normal | wordpress 5.3 User Disclosure |
| scanner/botnet_scanning | normal | Bootnet Scanning, first need to find the botnet IP |
| scanner/check_ssl_certificate | normal | SSL Certificate |
| scanner/http_services | normal | Gather page titles from HTTP services |
| scanner/dnsrecon | normal | Record enumeration |
| scanner/sslscan | normal | SSL Scanner |
| scanner/ssl_cert | normal | Nmap script ssl-cert |
| scanner/dns_zone_transfer | normal | Dns Zone transfer |
| scanner/dns_bruteforce | normal | Dns Bruteforce |
| scanner/zone_walking | normal | Zone walking |
| scanner/web_services | normal | Get HTTP headers of web services |
| scanner/http_enum | normal | Find web apps from known paths |
| scanner/ddos_reflectors | normal | Scan for UDP DDOS reflectors |
| scanner/grabbing_detection | normal | Lighter banner grabbing detection |
| scanner/discovery | normal | Scan selected ports - ignore discovery |
| scanner/bluekeep | good | CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check |
| scanner/drupal_scan | good | drupal scanner |
| scanner/eternalblue | good | SMB RCE Detection |
| scanner/header | good | header Scanner with nmap |
| scanner/firewalk | good | firewalk |
| scanner/whois | high | whois |
| scanner/dmitry | good | Information Gathering Tool |
| scanner/admin_finder | normal | Admin finder |
| scanner/heartbleed | normal | heartbleed scanner vulnerability |
| scanner/wordpress_scan | normal | wordpress scanner |
| scanner/ssl_scanning | good | SSL Vulnerability Scanning |
| scanner/dns_bruteforce | normal | dns bruteforce |
| scanner/nmap_scanner | normal | port scanners nmap |
| scanner/https_discover | normal | https discover |
| scanner/smb_scanning | good | scan vulnerable SMB server |
| scanner/joomla_vulnerability_scanners | high | vulnerability |
| scanner/mysql_empty_password | good | mysql empty password Detected |
| scanner/joomla_scanners_v.2 | good | joomla scaning |
| scanner/joomla_scanners_v3 | normal | joomla scaning |
| scanner/jomscan_v4 | good | scan joomla |
| scanner/webdav_scan | normal | webdav scan vulnerable |
| scanner/joomla_sqli_scanners | high | vulnerability scanners |
| scanner/lfi_scanners | good | lfi bug scan |
| scanner/port_scanners | manual | port scan |
| scanner/dir_search | high | directory webscan |
| scanner/dir_bruteforce | good | directory Scanning |
| scanner/wordpress_user_scan | good | get wordpress username |
| scanner/cms_war | high | FULL SCAN ALL WEBSITES |
| scanner/usr_pro_wordpress_auto_find | norma| find user vulnerability |
| scanner/nmap_vuln | normal | vulnerability Scanner |
| scanner/xss_scaner | normal | Detected vulnerability xss |
| scanner/spaghetti | high | Web Application Security Scanner |
| scanner/dnslookup | normal | dnslookup scan |
| scanner/reverse_dns | normal | Reverse Dns Lookup |
| scanner/domain_map | normal | scanner domain map |
| scanner/dns_report | normal | dns report |
| scanner/find_shared_dns | normal | find shared dns |
| scanner/golismero | normal | scan vulnerability with golismero |
| scanner/dns_propagation | low | dns propagation |
| scanner/find_records | normal | find records |
| scanner/cloud_flare | normal | cloud flare |
| scanner/extract_links | normal | links extract |
| scanner/web_robot | normal | web robots scanner |
| scanner/enumeration | normal | http-enumeration |
| scanner/ip_locator | good | ip Detected LOcator |
--------------------------------------------------------------------------------------------------------------------------------------
POST:
+----------------------------------------------------------------------------------------------------------+
| POST |
------------------------------------------------------------------------------------------------------------
| COMMANDS Rank Description |
------------------------------------------------------------------------------------------------------------
|post/enumeration | normal | http-enumeration |
|post/vbulletin | high | exploits |
|post/wordpress_user_scan | good | scanners |
|post/dir_search | high | scanners |
|post/cms_war | high | scanners |
|post/usr_pro_wordpress_auto_find | normal | scanners |
|post/android_remote_access | good | exploits |
|post/samba | good | exploits |
------------------------------------------------------------------------------------------------------------
Password:
+----------------------------------------------------------------------------------------------------------+
| PASSWORD |
------------------------------------------------------------------------------------------------------------
| COMMANDS Rank Description |
------------------------------------------------------------------------------------------------------------
| password/base64_decode | good| base64 decode |
| password/md5_decrypt | good| md5 decrypt |
| password/sha1_decrypt | good| sha1 decrypt |
| password/sha256_decrypt | good| sha256 decrypt |
| password/sha384_decrypt | good| sha384 decrypt |
| password/sha512_decrypt | good| sha512 decrypt |
| password/ssh_bruteforce | good| ssh password bruteforce |
------------------------------------------------------------------------------------------------------------
监听器:
+------------------------------------------------------------------------------------------------------------------------------------+
| LISTENERS MODULES |
--------------------------------------------------------------------------------------------------------------------------------------
| COMMANDS Rank Description |
--------------------------------------------------------------------------------------------------------------------------------------
|android_meterpreter_reverse_tcp | good| Android Meterpreter, Android Reverse TCP Stager |
|android_meterpreter_reverse_https | good| Android Meterpreter, Android Reverse HTTPS Stager |
|java_jsp_shell_reverse_tcp | good| Java JSP Command Shell, Reverse TCP Inline |
|linux_x64_meterpreter_reverse_https | good| linux/x64/meterpreter_reverse_https |
|linux_x64_meterpreter_reverse_tcp | good| Linux Meterpreter, Reverse TCP Inline |
|linux_x64_shell_reverse_tcp | good| Linux Command Shell, Reverse TCP Stager |
|osx_x64_meterpreter_reverse_https | good| OSX Meterpreter, Reverse HTTPS Inline |
|osx_x64_meterpreter_reverse_tcp | good| OSX Meterpreter, Reverse TCP Inline |
|php_meterpreter_reverse_tcp | good| PHP Meterpreter, PHP Reverse TCP Stager |
|python_meterpreter_reverse_https | good| Python Meterpreter Shell, Reverse HTTPS Inline |
|python_meterpreter_reverse_tcp | good| python/meterpreter_reverse_tcp |
|windows_x64_meterpreter_reverse_https | good| Windows Meterpreter Shell, Reverse HTTPS Inline (x64) |
|windows_x64_meterpreter_reverse_tcp | good| Windows Meterpreter Shell, Reverse TCP Inline x64 |
|cmd_windows_reverse_powershell | good| Windows Command Shell, Reverse TCP (via Powershell) |
+------------------------------------------------------------------------------------------------------------------------------------+
Pentest Tools Framework (PTF) 是一个漏洞数据库,扫描器和渗透测试工具。Pentest 是一个强大的框架包括很多适合初学者的工具。可以探索内核漏洞,网络漏洞。
如何安装 PTF
root@kali~# cd Pentest-Tools-Framework
root@kali~# pip install -r requirements.txt
root@kali~# python install.py
root@kali~# PTF
运行 install.py 后,应该选择你的 backbox/kali linux /parrot Os ,所有计算机操作系统
关于 PTF 模块
[*]Exploits:利用软件漏洞并用于对计算机系统进行攻击的计算机程序、代码片段或命令序列。攻击的目的可以是夺取对系统的控制,并破坏其功能!
[*]Scanners:扫描指定 Internet 资源、归档或网站的程序。网络扫描器还可以扫描开放端口或你的本地网络和 IP!
为什么选择 PTF
[*]PTF 是一个免费的框架
[*]对新人友好的 UI/UX 接口
[*]有许多为新手准备的工具
页:
[1]