Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool

By: Unknown


                                   /\               
                               _  / |               
                              / \ |  \              
                             |  |\|  |              
                             |  | | /               
                             | /| |/                
                             |/ |/                  
                        ,/;  ;  ;                   
                     ,'/|; ,/,/,                    
                   ,'/ |;/,/,/,/|                   
                ,/;  |;|/,/,/,/,/|                  
              ,/';   |;|,/,/,/,/,/|                 
            ,/';     |;|/,/,/,/,/,/|,              
           /  ;      |;|,/,/,/,/,/,/|              
          / ,';      |;|/,/,/,/,/,/,/|             
         /,/';       |;|,/,/,/,/,/,/,/|            
        /;/ ';       |;|/,/,/,/,/,/,/,/|           

     ██████╗ ███████╗ ██████╗  █████╗ ███████╗██╗   ██╗███████╗
     ██╔══██╗██╔════╝██╔════╝ ██╔══██╗██╔════╝██║   ██║██╔════╝
     ██████╔╝█████╗  ██║  ███╗███████║███████╗██║   ██║███████╗
     ██╔═══╝ ██╔══╝  ██║   ██║██╔══██║╚════██║██║   ██║╚════██║
     ██║     ███████╗╚██████╔╝██║  ██║███████║╚██████╔╝███████║
     ╚═╝     ╚══════╝ ╚═════╝ ╚═╝  ╚═╝╚══════╝ ╚═════╝ ╚══════╝
                    P E N T E S T   A R S E N A L

A comprehensive web application security testing toolkit that combines 10 powerful penetration testing features into one tool.

Author

Letda Kes Dr. Sobri, S.Kom
GitHub: sobri3195
Email: muhammadsobrimaulana31@gmail.com

Features

Subdomain + Curl HTTP Scanner
Discovers subdomains using a wordlist
Checks HTTP status and security headers
Identifies potential security Misconfigurations" title="Misconfigurations">misconfigurations
JWT Token Inspector
Analyzes JWT token structure and claims
Identifies security issues in token configuration
Detects common JWT vulnerabilities
Parameter Pollution Finder
Tests for HTTP Parameter Pollution (HPP)
Identifies vulnerable parameters
Detects server-side parameter handling issues
CORS Misconfiguration Scanner
Tests for CORS policy misconfigurations
Identifies dangerous wildcard policies
Detects credential exposure risks
Upload Bypass Tester
Tests file upload restrictions
Attempts various bypass techniques
Identifies dangerous file type handling
Exposed .git Directory Finder
Scans for exposed version control files
Identifies leaked Git repositories
Tests for sensitive information disclosure
SSRF (Server Side Request Forgery) Detector
Tests for SSRF vulnerabilities
Identifies vulnerable parameters
Includes cloud metadata endpoint tests
Blind SQL Injection Time Delay Detector
Tests for time-based SQL injection
Supports multiple database types
Identifies injectable parameters
Local File Inclusion (LFI) Mapper
Tests for LFI vulnerabilities
Includes path traversal detection
Supports various encoding bypasses
Web Application Firewall (WAF) Fingerprinter
- Identifies WAF presence
- Detects WAF vendor/type
- Tests WAF effectiveness

Installation

Clone the repository:

git clone https://github.com/sobri3195/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal

Create a virtual environment (recommended):

python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

Install dependencies:

pip install -r requirements.txt

Usage

Run the main script:

python pegasus_pentest.py

Select a tool from the menu (1-10)
Follow the prompts to enter target information
Review the results

Requirements

Python 3.8+
Required packages (see requirements.txt):
requests
httpx
urllib3
colorama
pyjwt
beautifulsoup4

Security Considerations

This tool is for educational and authorized testing purposes only
Always obtain proper authorization before testing any target
Some features may trigger security alerts or be blocked by security controls
Use responsibly and ethically

Contributing

Fork the repository
Create a feature branch
Commit your changes
Push to the branch
Create a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Disclaimer

This tool is provided for educational and authorized testing purposes only. Users are responsible for obtaining proper authorization before testing any target. The authors are not responsible for any misuse or damage caused by this tool.

Download Pegasus-Pentest-Arsenal

PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More

By: Unknown

                              ____                                  _   _ 
                             |  _ \ ___  __ _  __ _ ___ _   _ ___| \ | |
                             | |_) / _ \/ _` |/ _` / __| | | / __|  \| |
                             |  __/  __/ (_| | (_| \__ \ |_| \__ \ |\  |
                             |_|   \___|\__, |\__,_|___/\__,_|___/_| \_|
                                       |___/                             
                                 ███▄    █ ▓█████  ▒█████  
                                 ██ ▀█   █ ▓█   ▀ ▒██▒  ██▒
                                ▓██  ▀█ ██▒▒███   ▒██░  ██▒
                                ▓██▒  ▐▌██▒▒▓█  ▄ ▒██   ██░
                                ▒██░   ▓██░░▒████▒░ ████▓▒░
                                ░ ▒░   ▒ ▒ ░░ ▒░ ░░ ▒░▒░▒░ 
                                ░ ░░   ░ ▒░ ░ ░  ░  ░ ▒ ▒░ 
                                   ░   ░ ░    ░   ░ ░ ░ ▒  
                                         ░    ░  ░    ░ ░

PEGASUS-NEO Penetration Testing Framework

🛡️ Description

PEGASUS-NEO is a comprehensive penetration testing framework designed for security professionals and ethical hackers. It combines multiple security tools and custom modules for reconnaissance, exploitation, wireless attacks, web hacking, and more.

⚠️ Legal Disclaimer

This tool is provided for educational and ethical testing purposes only. Usage of PEGASUS-NEO for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws.

Developers assume no liability and are not responsible for any misuse or damage caused by this program.

🔒 Copyright Notice

PEGASUS-NEO - Advanced Penetration Testing Framework
Copyright (C) 2024 Letda Kes dr. Sobri. All rights reserved.

This software is proprietary and confidential. Unauthorized copying, transfer, or
reproduction of this software, via any medium is strictly prohibited.

Written by Letda Kes dr. Sobri <muhammadsobrimaulana31@gmail.com>, January 2024

🌟 Features

Password: Sobri

Reconnaissance & OSINT
Network scanning
Email harvesting
Domain enumeration
Social media tracking
Exploitation & Pentesting
Automated exploitation
Password attacks
SQL injection
Custom payload generation
Wireless Attacks
WiFi cracking
Evil twin attacks
WPS exploitation
Web Attacks
Directory scanning
XSS detection
SQL injection
CMS scanning
Social Engineering
Phishing templates
Email spoofing
Credential harvesting
Tracking & Analysis
IP geolocation
Phone number tracking
Email analysis
Social media hunting

🔧 Installation

# Clone the repository
git clone https://github.com/sobri3195/pegasus-neo.git

# Change directory
cd pegasus-neo

# Install dependencies
sudo python3 -m pip install -r requirements.txt

# Run the tool
sudo python3 pegasus_neo.py

📋 Requirements

Python 3.8+
Linux Operating System (Kali/Ubuntu recommended)
Root privileges
Internet connection

🚀 Usage

Start the tool:

sudo python3 pegasus_neo.py

Enter authentication password
Select category from main menu
Choose specific tool or module
Follow on-screen instructions

🔐 Security Features

Source code protection
Integrity checking
Anti-tampering mechanisms
Encrypted storage
Authentication system

🛠️ Supported Tools

Reconnaissance & OSINT

Nmap
Wireshark
Maltego
Shodan
theHarvester
Recon-ng
SpiderFoot
FOCA
Metagoofil

Exploitation & Pentesting

Metasploit
SQLmap
Commix
BeEF
SET
Hydra
John the Ripper
Hashcat

Wireless Hacking

Aircrack-ng
Kismet
WiFite
Fern Wifi Cracker
Reaver
Wifiphisher
Cowpatty
Fluxion

Web Hacking

Burp Suite
OWASP ZAP
Nikto
XSStrike
Wapiti
Sublist3r
DirBuster
WPScan

📝 Version History

v1.0.0 (2024-01) - Initial release
v1.1.0 (2024-02) - Added tracking modules
v1.2.0 (2024-03) - Added tool installer

👥 Contributing

This is a proprietary project and contributions are not accepted at this time.

🤝 Support

For support, please email muhammadsobrimaulana31@gmail.com atau https://lynk.id/muhsobrimaulana

⚖️ License

This project is protected under proprietary license. See the LICENSE file for details.

Made with ❤️ by Letda Kes dr. Sobri

Download Pegasus-Neo

The Hacker News
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp
March 2^nd 2024 at 06:23

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

By: Newsroom

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to

The Hacker News
U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance
February 6^th 2024 at 05:00

U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

By: Newsroom

The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony Blinken said. "Such targeting has been

The Hacker News
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone
January 17^th 2024 at 10:22

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

By: Newsroom

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file

The Hacker News
Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature
December 28^th 2023 at 11:19

Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

By: Newsroom

The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as

The Hacker News
Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware
December 21^st 2023 at 16:48

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

By: Newsroom

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor

The Hacker News
Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware
September 14^th 2023 at 08:51

Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware

By: THN

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is the executive editor and owner of Meduza, an independent news publication

🏷️ My labels
- ❌
Article tags
September 14^th 2023 at 08:51

The Hacker News
Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
September 8^th 2023 at 03:11

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

By: THN

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

Naked Security
S3 Ep140: So you think you know ransomware?
June 22^nd 2023 at 16:48

S3 Ep140: So you think you know ransomware?

By: Paul Ducklin

Lots to learn this week - listen now! (Full transcript inside.)

Naked Security
ASUS warns router customers: Patch now, or block all inbound requests
June 20^th 2023 at 16:14

ASUS warns router customers: Patch now, or block all inbound requests

By: Paul Ducklin

"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.