Skip to content

README.md

Latest commit

 

History

History
106 lines (78 loc) · 3.08 KB

README.md

File metadata and controls

106 lines (78 loc) · 3.08 KB

PentesterPro

PentesterPro is an Automated Penetration Testing System leveraging Large Language Models (LLMs) and Playwright for intelligent web exploration and vulnerability scanning. It combines autonomous crawling with AI-driven decision making to identify security flaws in web applications.

Features

  • Autonomous Exploration: Intelligent crawling using Playwright to navigate complex web apps.
  • AI-Driven Logic: Uses Gemini/OpenAI models to reason about application state and potential vulnerabilities.
  • Reporting: Generates findings sorted by severity.
  • Dual Interface:
    • Web UI: Modern, cyberpunk-themed dashboard for managing scans.
    • CLI: headless mode for automation and batch processing.

Prerequisites

Before running the application, ensure you have the following installed:

  • Python 3.10+
  • PostgreSQL (Recommended for robust persistence) or SQLite (for development).
  • ffuf (Optional): Required for directory brute-forcing features.

Installation

  1. Clone the Repository:

    git clone https://github.com/Hellsender01/PentesterPro.git
cd PentesterPro

  2. Set Up Virtual Environment:

    python3 -m venv venv
source venv/bin/activate

  3. Install Python Dependencies:

    pip install -r requirements.txt

  4. Install Playwright Browsers:

    [!IMPORTANT] This step is critical for the crawler to function.

    playwright install

  5. Configure Environment: Copy the example environment file and update it with your keys:

    cp .env.example .env

    Edit .env to set your DATABASE_URL and API keys (GEMINI_API_KEY or OPENAI_API_KEY).

  6. Initialize Database:

    flask db upgrade

Usage

Web Interface

Start the Flask application server:

flask run

Access the dashboard at http://127.0.0.1:5000 to start new scans and view results.

CLI Mode

Run autonomous scans directly from the command line:

python main_scan.py <url> [options]

Options:

  • url: The target URL to scan (default: https://secladder.com)
  • --brute: Enable brute-force directory enumeration (requires ffuf).
  • --scan-id: Specify a unique ID for the scan run.
  • --output-dir: Directory to save artifacts.

Example:

python main_scan.py https://example.com --brute

Documentation

Comprehensive documentation is available in the docs/ directory:

Contributing

We welcome contributions! Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.