Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool

                                   /\               
                               _  / |               
                              / \ |  \              
                             |  |\|  |              
                             |  | | /               
                             | /| |/                
                             |/ |/                  
                        ,/;  ;  ;                   
                     ,'/|; ,/,/,                    
                   ,'/ |;/,/,/,/|                   
                ,/;  |;|/,/,/,/,/|                  
              ,/';   |;|,/,/,/,/,/|                 
            ,/';     |;|/,/,/,/,/,/|,              
           /  ;      |;|,/,/,/,/,/,/|              
          / ,';      |;|/,/,/,/,/,/,/|             
         /,/';       |;|,/,/,/,/,/,/,/|            
        /;/ ';       |;|/,/,/,/,/,/,/,/|           

     ██████╗ ███████╗ ██████╗  █████╗ ███████╗██╗   ██╗███████╗
     ██╔══██╗██╔════╝██╔════╝ ██╔══██╗██╔════╝██║   ██║██╔════╝
     ██████╔╝█████╗  ██║  ███╗███████║███████╗██║   ██║███████╗
     ██╔═══╝ ██╔══╝  ██║   ██║██╔══██║╚════██║██║   ██║╚════██║
     ██║     ███████╗╚██████╔╝██║  ██║███████║╚██████╔╝███████║
     ╚═╝     ╚══════╝ ╚═════╝ ╚═╝  ╚═╝╚══════╝ ╚═════╝ ╚══════╝
                    P E N T E S T   A R S E N A L                

A comprehensive web application security testing toolkit that combines 10 powerful penetration testing features into one tool.

Author

• Letda Kes Dr. Sobri, S.Kom
• GitHub: sobri3195
• Email: muhammadsobrimaulana31@gmail.com

Features

1. Subdomain + Curl HTTP Scanner
2. Discovers subdomains using a wordlist
3. Checks HTTP status and security headers

4. Identifies potential security Misconfigurations" title="Misconfigurations">misconfigurations

5. JWT Token Inspector

6. Analyzes JWT token structure and claims
7. Identifies security issues in token configuration

8. Detects common JWT vulnerabilities

9. Parameter Pollution Finder

10. Tests for HTTP Parameter Pollution (HPP)
11. Identifies vulnerable parameters

12. Detects server-side parameter handling issues

13. CORS Misconfiguration Scanner

14. Tests for CORS policy misconfigurations
15. Identifies dangerous wildcard policies

16. Detects credential exposure risks

17. Upload Bypass Tester

18. Tests file upload restrictions
19. Attempts various bypass techniques

20. Identifies dangerous file type handling

21. Exposed .git Directory Finder

22. Scans for exposed version control files
23. Identifies leaked Git repositories

24. Tests for sensitive information disclosure

25. SSRF (Server Side Request Forgery) Detector

26. Tests for SSRF vulnerabilities
27. Identifies vulnerable parameters

28. Includes cloud metadata endpoint tests

29. Blind SQL Injection Time Delay Detector

30. Tests for time-based SQL injection
31. Supports multiple database types

32. Identifies injectable parameters

33. Local File Inclusion (LFI) Mapper

34. Tests for LFI vulnerabilities
35. Includes path traversal detection

36. Supports various encoding bypasses

37. Web Application Firewall (WAF) Fingerprinter

    • Identifies WAF presence
    • Detects WAF vendor/type
    • Tests WAF effectiveness

Installation

1. Clone the repository:

git clone https://github.com/sobri3195/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal

1. Create a virtual environment (recommended):

python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

1. Install dependencies:

pip install -r requirements.txt

Usage

1. Run the main script:

python pegasus_pentest.py

1. Select a tool from the menu (1-10)
2. Follow the prompts to enter target information
3. Review the results

Requirements

• Python 3.8+
• Required packages (see requirements.txt):
• requests
• httpx
• urllib3
• colorama
• pyjwt
• beautifulsoup4

Security Considerations

• This tool is for educational and authorized testing purposes only
• Always obtain proper authorization before testing any target
• Some features may trigger security alerts or be blocked by security controls
• Use responsibly and ethically

Contributing

1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Create a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Disclaimer

This tool is provided for educational and authorized testing purposes only. Users are responsible for obtaining proper authorization before testing any target. The authors are not responsible for any misuse or damage caused by this tool.

Arsenal - Just A Quick Inventory And Launcher For Hacking Programs

Arsenal is just a quick inventory, reminder and launcher for pentest commands.
This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands

In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionality is independent of the shell used. Indeed arsenal emulates real user input (with TTY arguments and IOCTL) so arsenal works with all shells and your commands will be in the history.

You have to enter arguments if needed, but arsenal supports global variables.
For example, during a pentest we can set the variable ip to prefill all commands using an ip with the right one.

To do that you just have to enter the following command in arsenal:

>set ip=10.10.10.10

Authors:

• Guillaume Muh
• mayfly

This project is inspired by navi (https://github.com/denisidoro/navi) because the original version was in bash and too hard to understand to add features

Arsenal new features

• New colors
• Add tmux new pane support (with -t)
• Add default values in cheatsheets commands with <argument|default_value>
• Support description inside cheatsheets
• New categories and Tags
• New cheatsheets
• Add yml support (thx @0xswitch )
• Add fzf support with ctrl+t (thx @mgp25)

Install & Launch

• with pip :

python3 -m pip install arsenal-cli

• run (we also advice you to add this alias : alias a='arsenal')

arsenal

• manually:

git clone https://github.com/Orange-Cyberdefense/arsenal.git
cd arsenal
python3 -m pip install -r requirements.txt
./run

Inside your .bashrc or .zshrc add the path to run to help you do that you could launch the addalias.sh script

./addalias.sh

• Also if you are an Arch user you can install from the AUR:

git clone https://aur.archlinux.org/arsenal.git
cd arsenal 
makepkg -si

• Or with an AUR helper like yay:

yay -S arsenal

Launch in tmux mode

./run -t # if you launch arsenal in a tmux window with one pane, it will split the window and send the command to the otherpane without quitting arsenal
         # if the window is already splited the command will be send to the other pane without quitting arsenal
./run -t -e # just like the -t mode but with direct execution in the other pane without quitting arsenal

Add external cheatsheets

You could add your own cheatsheets insode the my_cheats folder or in the ~/.cheats folder.

You could also add additional paths to the file <arsenal_home>/arsenal/modules/config.py, arsenal reads .md (MarkDown) and .rst (RestructuredText).

Cheatsheets examples are in <arsenal_home>/cheats: README.md and README.rst

Troubleshooting

If you got on error on color init try :

export TERM='xterm-256color'

--

If you have the following exception when running Arsenal:

ImportError: cannot import name 'FullLoader'

First, check that requirements are installed:

pip install -r requirements.txt

If the exception is still there:

pip install -U PyYAML

Mindmap

• Active directory mindmap
  • Due to csp on github when you open the svg, we moved the AD mindmap and the source to this repository : https://github.com/Orange-Cyberdefense/ocd-mindmaps

https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg

• AD mindmap black version 

• Exchange Mindmap (thx to @snovvcrash) 

• Active directory ACE mindmap 

TODO cheatsheets

reverse shell

• msfvenom
• php
• python
• perl
• powershell
• java
• ruby

whitebox analysis grep regex

• php
• nodejs
• hash

Tools

smb

• enum4linux
• smbmap
• smbget
• rpcclient
• rpcinfo
• nbtscan
• impacket

kerberos & AD

• impacket
• bloodhound
• rubeus
• powerview
• shadow credentials attack
• samaccountname attack

MITM

• mitm6
• responder

Unserialize

• ysoserial
• ysoserial.net

bruteforce & pass cracking

• hydra
• hashcat
• john

scan

• nmap
• eyewitness
• gowitness

fuzz

• gobuster
• ffuf
• wfuzz

DNS

• dig
• dnsrecon
• dnsenum
• sublist3r

rpc

• rpcbind

netbios-ssn

• snmpwalk
• snmp-check
• onesixtyone

sql

• sqlmap

oracle

• oscanner
• sqlplus
• tnscmd10g

mysql

• mysql

nfs

• showmount

rdp

• xfreerdp
• rdesktop
• ncrack

mssql

• sqsh

winrm

• evilwinrm

redis

• redis-cli

postgres

• psql
• pgdump

vnc

• vncviewer

x11

• xspy
• xwd
• xwininfo

ldap

• ldapsearch

https

• sslscan

web

• burp
• nikto
• tplmap

app web

• drupwn
• wpscan
• nuclei

Download Arsenal