All-in-One Security Testing Solution โ 30 Modules, 17,000+ Lines of Python
Features โข Installation โข Workflow โข Architecture โข Plugins
AUTHORIZED SECURITY TESTING ONLY. The creator assumes NO responsibility for misuse. Only test systems you own or have written permission to test.
Menu organized by workflow phase โ follow top to bottom for a complete assessment.
| # | Module | Description |
|---|---|---|
| 1 | Project Workspace | Set target once, all modules auto-fill. Output consolidated. Switch/edit/deactivate/delete |
| 2 | Smart Recommendations | Finding-driven intelligence: 26 rules, target profiling, coverage tracking, direct navigation |
| 3 | Scope Validator | Define authorized domains/IPs/CIDRs. Auto-blocks out-of-scope scans |
| # | Module | Description |
|---|---|---|
| 4 | Reconnaissance | DNS (7 types, RFC 8482 compliant), Subdomain, Nmap, SSL, WHOIS |
| 5 | Recon Pipeline | Automated chain: Recon โ Subdomain โ Tech โ Vuln โ Config โ Report |
| 6 | Async Scanner | Parallel tools, 5 profiles with time estimates, task selection, terminal-safe |
| 7 | Web Tech Detector | Fingerprint CMS, framework, CDN, analytics, payment (60+ signatures) |
| 8 | OSINT Module | theHarvester, Sherlock, Sublist3r, h8mail, Photon, Exiftool |
| # | Module | Description |
|---|---|---|
| 9 | Vulnerability Scanner | SQLMap, Dalfox, FFuF, Gobuster, Nikto, Nuclei, WPScan, and more |
| 10 | Security Audit | Deep SSL/TLS (protocol/cipher enum, chain) + Config (CSP analysis, CORS+credentials, cookies, cache, CSRF, info leaks) |
| 11 | API Security Tester | Auto-discover endpoints (subdomain + path + JS + robots), auth bypass, CORS, rate limit |
| 12 | Email Security | SPF, DKIM (25+ selectors), DMARC, BIMI, MX. Spoofing risk score 0โ100 |
| 13 | Subdomain Takeover | 40+ service fingerprints (S3, Heroku, GitHub Pages, Azure, etc.) |
| 14 | Attack Module | Stress testing methods (authorized targets only) |
| 15 | Performance Testing | k6 (Quick/Standard/Spike/Soak) + Locust (Headless/Web UI) |
| # | Module | Description |
|---|---|---|
| 16 | Correlation Engine | SQLite DB (8 tables), cross-tool queries, project dashboard, export |
| 17 | Findings Manager | Deduplication, CVSS v3.1 scoring (auto + manual), Evidence Manager |
| 18 | Network Map | Mermaid diagrams + interactive HTML visualization |
| 19 | Web Screenshot | Multi-backend capture (cutycapt/wkhtmltoimage/Chrome/curl fallback) |
| 20 | Report Generator | Professional PDF/HTML, 8 parsers, risk scoring, recommendations |
| # | Module | Description |
|---|---|---|
| 21 | Wordlist Generator | CeWL-style scrape, company-based, username generator, mutations |
| 22 | Proxy Management | Load, test, convert proxy lists |
| 23 | Plugins | BasePlugin class, auto-discovery, template generator, hot-reload |
| 24 | Retry & Resume | Resume interrupted scans, retry failed tasks |
| 25 | Telegram Notifications | Bot alerts, per-severity, scan/vuln/report notifications |
| 26 | Monitoring | System resources, network, target status, logs |
| 27 | Configuration | Toolkit settings |
| 28 | Utilities | Cleanup (workspace/non-workspace separate), export, backup, reset |
git clone https://github.com/windantara/ultimate-pentest-toolkit.git
cd ultimate-pentest-toolkit
pip3 install --user --break-system-packages reportlab
python3 upt.py 1. Create Workspace โ set target, auto-creates scope + DB project
2. Recommendations โ what should I scan first? (updates after each scan)
4. Reconnaissance โ DNS, ports, WHOIS, SSL
7. Tech Detection โ identify CMS, framework, CDN
12. Email Security โ SPF, DKIM, DMARC audit
9. Vuln Scanner โ SQLi, XSS, Nuclei
10. Security Audit โ SSL/TLS + CSP + CORS + cookies deep analysis
11. API Tester โ auto-discover endpoints + test security
13. Subdomain Takeover โ check dangling CNAMEs
19. Screenshots โ visual evidence
8. OSINT โ passive intelligence
17. Findings Manager โ deduplicate, CVSS score, link evidence
2. Recommendations โ coverage 100%? โ "Generate Final Report"
20. Report Generator โ PDF/HTML with all findings
ultimate-pentest-toolkit/
โโโ upt.py # Entry point (30 options, grouped by workflow)
โโโ core/ # Framework (6 files)
โ โโโ config.py # Workspace-aware output routing
โ โโโ utils.py # get_target() with validation + auto-fill
โ โโโ logger.py, banner.py, dependencies.py
โโโ modules/ # 23 feature modules
โโโ plugins/ # User extensions (auto-discovered)
โโโ data/ # SQLite DB, evidence, scan states
Key design:
get_target()auto-fills from workspace, validates input (rejects menu numbers)- Config routes all output to workspace folder when active
- Smart Recommendations reads actual scan files, not manual records
- Every module screen shows description header
from modules.plugin_system import BasePlugin
class Plugin(BasePlugin):
name = "My Scanner"
category = "vuln"
def run(self, target, config, logger):
return {"status": "completed"}Putu Wind Antara โ Security Researcher & Developer | Bali, Indonesia ๐ฎ๐ฉ
MIT License. See LICENSE.
QUICKSTART โข CHANGELOG โข CONTRIBUTING โข SECURITY
Made with โค๏ธ in Indonesia ๐ฎ๐ฉ โ 42 files, 17,000+ lines of Python