public/subjects/cybersecurity/pentest-kit/README.md

## Pentest-kit

<center>
<img src="./resources/pentest-meme.jpg?raw=true" style = "width: 700px !important; height: 464px !important;"/>
</center>

### Introduction:

Penetration testing (Pentesting) is a critical process in cybersecurity, involving the use of specialized tools to identify and exploit vulnerabilities in systems and networks. Pentest tools are essential for conducting thorough security assessments, helping to safeguard against potential threats.

### Objective:

Using a programming language from your choice you will create a multi-functional tool for penetration testing, similar to popular security tools like `Nmap`, and `Dirsearch`. This project aims to give hands-on experience in understanding and developing security tools and building a practical toolkit for various Pentesting tasks.

By completing this project, You will:

- Gain practical experience in developing custom pentesting tools.
- Understand the core functionalities of port scanning, directory brute-forcing, network mapping, and HTTP header analysis.
- Learn how to build a cohesive set of utilities for penetration testing.
- Enhance your understanding of ethical considerations in cybersecurity.

### Resources

Some useful resources:

- [Penetration testing](https://en.wikipedia.org/wiki/Penetration_test)
- [Dirsearch](https://www.kali.org/tools/dirsearch/)
- [Port Scanning](https://en.wikipedia.org/wiki/Port_scanner)
- [HTTP headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)

Before asking for help, ask yourself if you have really thought about all the possibilities.

### Role play

To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project. This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to use pentesting tools to a team or stakeholder.

The goal of the role play question session is to:

- Assess your understanding of pentesting tools and techniques.
- Test your ability to communicate effectively and explain security measures related to this project.
- Challenge you to think critically about the importance of penetration testing and consider alternative approaches.

Prepare for a role play question session in the audit.

### Project Requirements

#### Tool Development:

You will develop the following tools:

1. **TinyScanner (Simple Port Scanner):**

   - Create a tool that checks for open, closed, or filtered ports on a target host.
   - The tool should support TCP scanning and the ability to scan a range of ports.

2. **DirFinder (Small Dirsearch):**

   - Develop a tool to discover hidden directories and files on a web server by brute-forcing common paths using a wordlist.

3. **HostMapper:**

   - Build a tool to perform a ping sweep to identify live hosts on a subnet.

4. **HeaderGrabber:**
   - Implement a tool that retrieves and analyzes HTTP headers from a web server.

> All the tools must be built from scratch. Calling existing or external CLI will not be considered a valid solution in the audit!

#### Input Handling:

Each tool should accept the relevant input parameters, such as IP addresses, URLs, and port ranges.

#### Output Management:

Store the results in a well-organized file format.

### Usage Examples

#### Command Line Interface:

```sh
$> pentestkit --help

Welcome to PentestKit

OPTIONS:

   -t  TinyScanner   Run the simple port scanner.
                     Use this option to specify the target IP address and the ports you wish to scan.
                     Example: -t 192.168.1.1 -p 22,80,443

   -d  DirFinder     Run the directory brute-forcer.
                     Use this option to specify the target URL and the path to a wordlist for discovering hidden directories.
                     Example: -d http://example.com -w /path/to/wordlist.txt

   -h  HostMapper    Run the network host mapper.
                     Use this option to perform a ping sweep on a specified subnet to identify live hosts.
                     Example: -h 192.168.1.0/24

   -g  HeaderGrabber Run the HTTP header analyzer.
                     Use this option to retrieve and analyze HTTP headers from a specified URL, useful for identifying security headers.
                     Example: -g http://example.com

   -o  "FileName"    File name to save output.
                     Use this option to specify the file name where the results of the scan or analysis will be saved.
                     Example: -o result.txt
```

#### Example Outputs:

1. **TinyScanner (Simple Port Scanner):**

```sh
$> pentestkit -t 192.168.1.1 -p 22,80,443 -o result1.txt
Port 22 is open (SSH)
Port 80 is open (HTTP)
Port 443 is closed
Data Saved in result1.txt
```

2. **DirFinder (Small Dirsearch):**

```sh
$> pentestkit -d http://example.com -w /path/to/wordlist.txt -o result2.txt
/admin            [Status: 200]
/uploads          [Status: 403]
/login            [Status: 200]
Data Saved in result2.txt
```

3. **HostMapper:**

```sh
$> pentestkit -h 192.168.1.0/24 -o result3.txt
Live hosts found:
192.168.1.1
192.168.1.10
192.168.1.15
Data Saved in result3.txt
```

4. **HeaderGrabber:**

```sh
$> pentestkit -g http://example.com -o result4.txt
HTTP/1.1 200 OK
Date: Mon, 01 Jan 2022 12:00:00 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: PHP/7.4.3
Warning: Missing Security Headers - X-Content-Type-Options, X-Frame-Options
Data saved in result4.txt
```

### Bonus

If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:

- Adding a graphical user interface (GUI) for better user accessibility.
- Implementing advanced scanning techniques like SYN scans in TinyScanner.

Challenge yourself!

### Documentation

Create a `README.md` file that provides comprehensive documentation for your tools (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
Include clear guidelines and warnings about the ethical and legal use of the tools in your documentation.

### Ethical and Legal Considerations

- Get Permission: Always obtain explicit permission before scanning or testing any network or system.
- Respect Privacy: Collect only necessary data and store it securely.
- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
- Report Responsibly: Notify affected parties privately if you identify vulnerabilities.
- Educational Use Only: Use these tools solely for learning and improving security.

> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.

### Submission and Audit

Upon completing this project, you should submit the following:

- Your documentation in the `README.md` file.
- The source code for your tool.
- Any required files to run your tool.
-												CON-3103 feat(pentest-kit) add cyber security project

											
										
										
											3 months ago
+								## Pentest-kit
 								<center>
 								<img src="./resources/pentest-meme.jpg?raw=true" style = "width: 700px !important; height: 464px !important;"/>
 								</center>
 								### Introduction:
-												CON-3103 docs(pentest-kit) improve the subject quality

											
										
										
											3 months ago
+								Penetration testing (Pentesting) is a critical process in cybersecurity, involving the use of specialized tools to identify and exploit vulnerabilities in systems and networks. Pentest tools are essential for conducting thorough security assessments, helping to safeguard against potential threats.
-												CON-3103 feat(pentest-kit) add cyber security project

											
										
										
											3 months ago
 								### Objective:
-												CON-3103 docs(pentest-kit) improve the subject quality

											
										
										
											3 months ago
+								Using a programming language from your choice you will create a multi-functional tool for penetration testing, similar to popular security tools like `Nmap`, and `Dirsearch`. This project aims to give hands-on experience in understanding and developing security tools and building a practical toolkit for various Pentesting tasks.
-												CON-3103 feat(pentest-kit) add cyber security project

											
										
										
											3 months ago
 								By completing this project, You will:
 								- Gain practical experience in developing custom pentesting tools.
 								- Understand the core functionalities of port scanning, directory brute-forcing, network mapping, and HTTP header analysis.
 								- Learn how to build a cohesive set of utilities for penetration testing.
 								- Enhance your understanding of ethical considerations in cybersecurity.
 								### Resources
 								Some useful resources:
 								- [Penetration testing](https://en.wikipedia.org/wiki/Penetration_test)
 								- [Dirsearch](https://www.kali.org/tools/dirsearch/)
 								- [Port Scanning](https://en.wikipedia.org/wiki/Port_scanner)
 								- [HTTP headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)
 								Before asking for help, ask yourself if you have really thought about all the possibilities.
 								### Role play
 								To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project. This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to use pentesting tools to a team or stakeholder.
 								The goal of the role play question session is to:
 								- Assess your understanding of pentesting tools and techniques.
 								- Test your ability to communicate effectively and explain security measures related to this project.
 								- Challenge you to think critically about the importance of penetration testing and consider alternative approaches.
 								Prepare for a role play question session in the audit.
 								### Project Requirements
 								#### Tool Development:
 								You will develop the following tools:
 . **TinyScanner (Simple Port Scanner):**
 								   - Create a tool that checks for open, closed, or filtered ports on a target host.
 								   - The tool should support TCP scanning and the ability to scan a range of ports.
 . **DirFinder (Small Dirsearch):**
 								   - Develop a tool to discover hidden directories and files on a web server by brute-forcing common paths using a wordlist.
 . **HostMapper:**
 								   - Build a tool to perform a ping sweep to identify live hosts on a subnet.
 . **HeaderGrabber:**
 								   - Implement a tool that retrieves and analyzes HTTP headers from a web server.
-												CON-3103 docs(pentest-kit) improve the subject quality

											
										
										
											3 months ago
+								> All the tools must be built from scratch. Calling existing or external CLI will not be considered a valid solution in the audit!
-												CON-3103 feat(pentest-kit) add cyber security project

											
										
										
											3 months ago
+								#### Input Handling:
 								Each tool should accept the relevant input parameters, such as IP addresses, URLs, and port ranges.
 								#### Output Management:
 								Store the results in a well-organized file format.
 								### Usage Examples
 								#### Command Line Interface:
 								```sh
 								$> pentestkit --help
 								Welcome to PentestKit
 								OPTIONS:
 								   -t  TinyScanner   Run the simple port scanner.
 								                     Use this option to specify the target IP address and the ports you wish to scan.
 								                     Example: -t 192.168.1.1 -p 22,80,443
 								   -d  DirFinder     Run the directory brute-forcer.
 								                     Use this option to specify the target URL and the path to a wordlist for discovering hidden directories.
 								                     Example: -d http://example.com -w /path/to/wordlist.txt
 								   -h  HostMapper    Run the network host mapper.
 								                     Use this option to perform a ping sweep on a specified subnet to identify live hosts.
 								                     Example: -h 192.168.1.0/24
 								   -g  HeaderGrabber Run the HTTP header analyzer.
 								                     Use this option to retrieve and analyze HTTP headers from a specified URL, useful for identifying security headers.
 								                     Example: -g http://example.com
 								   -o  "FileName"    File name to save output.
 								                     Use this option to specify the file name where the results of the scan or analysis will be saved.
 								                     Example: -o result.txt
 								```
 								#### Example Outputs:
 . **TinyScanner (Simple Port Scanner):**
 								```sh
 								$> pentestkit -t 192.168.1.1 -p 22,80,443 -o result1.txt
 								Port 22 is open (SSH)
 								Port 80 is open (HTTP)
 								Port 443 is closed
 								Data Saved in result1.txt
 								```
 . **DirFinder (Small Dirsearch):**
 								```sh
 								$> pentestkit -d http://example.com -w /path/to/wordlist.txt -o result2.txt
 								/admin            [Status: 200]
 								/uploads          [Status: 403]
 								/login            [Status: 200]
 								Data Saved in result2.txt
 								```
 . **HostMapper:**
 								```sh
 								$> pentestkit -h 192.168.1.0/24 -o result3.txt
 								Live hosts found:
 .168.1.1
 .168.1.10
 .168.1.15
 								Data Saved in result3.txt
 								```
 . **HeaderGrabber:**
 								```sh
 								$> pentestkit -g http://example.com -o result4.txt
 								HTTP/1.1 200 OK
 								Date: Mon, 01 Jan 2022 12:00:00 GMT
 								Server: Apache/2.4.41 (Ubuntu)
 								X-Powered-By: PHP/7.4.3
 								Warning: Missing Security Headers - X-Content-Type-Options, X-Frame-Options
 								Data saved in result4.txt
 								```
 								### Bonus
 								If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
 								- Adding a graphical user interface (GUI) for better user accessibility.
 								- Implementing advanced scanning techniques like SYN scans in TinyScanner.
 								Challenge yourself!
 								### Documentation
 								Create a `README.md` file that provides comprehensive documentation for your tools (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
 								Include clear guidelines and warnings about the ethical and legal use of the tools in your documentation.
 								### Ethical and Legal Considerations
 								- Get Permission: Always obtain explicit permission before scanning or testing any network or system.
 								- Respect Privacy: Collect only necessary data and store it securely.
 								- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
 								- Report Responsibly: Notify affected parties privately if you identify vulnerabilities.
 								- Educational Use Only: Use these tools solely for learning and improving security.
 								> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
 								### Submission and Audit
 								Upon completing this project, you should submit the following:
 								- Your documentation in the `README.md` file.
 								- The source code for your tool.
 								- Any required files to run your tool.