Pentest.sh is a bash script designed to automate the process of penetration testing for web applications. It performs various tests and assessments on subdomains of a given domain to identify vulnerabilities and security issues.
- Subdomain enumeration using Subfinder
- Subdomain takeover check using Subjack
- Vulnerability assessment with Nmap
- Cross-Site Scripting (XSS) attack using XSSer
- SQL injection testing with SQLmap
- Directory and file enumeration with Dirb
- Network traffic analysis with Tcpdump
- Linux operating system
- Bash shell
- Required tools: Subfinder, Subjack, Nmap, XSSer, SQLmap, Dirb, Tcpdump
- Clone the repository or download the
pentest.shfile. - Make the script executable:
chmod +x pentest.sh. - Run the script with the domain as the argument:
./pentest.sh <domain>. Example:./pentest.sh example.com.
Note: Ensure that the required tools are installed before running the script.
-h: Display the help message and usage information.
The script creates a directory named pentest_results in the current working directory. Inside this directory, a folder is created with the name of the provided domain. All the results, including subdomain takeover, vulnerability assessment, XSS attack, SQL injection testing, directory, and file enumeration, as well as network traffic analysis, are saved in this folder.
Contributions to this project are welcome! Feel free to open issues or submit pull requests for any improvements or bug fixes.
This script is released under the MIT License.