Pentest Collaboration Framework - an opensource, cross-platform and portable toolkit for automating routine processes
when carrying out various works for testing!
Explore the docs ยป
| Links | |
|---|---|
| ๐Installation Guide |  |
| ๐Wiki | |
| ๐Releases | |
| ๐ฌTelegram | |
 
|
|
| ๐น๏ธDemo |
| Structure | |
|---|---|
|
 |
- ๐ฌ You can create private or team projects!
- ๐ผ Team moderation.
- ๐ Multiple tools integration support! Such as Nmap/Masscan, Nikto, Nessus and Acunetix!
- ๐ฅ๏ธ Cross-platform, opensource & free!
- โ Cloud deployment support.
| Name | PCF | Lair | Dradis | Faraday | AttackForge | PenTest.WS | Hive |
|---|---|---|---|---|---|---|---|
| Portable | โ | โ | โ | โ | โ | โ ๐ฒ | โ |
| Cross-platform | โ | โ | โ | โ | โ | โ | โ |
| Free | โ | โ | โโ | โโ | โโ | โโ | โโ |
| NOT deprecated! | โ | โ | โ | โ | โ | โ | โ |
| Data export | โ | โโ | โ | โ | โ | โโ | โ |
| Chat | โ | โ | โ | โ | โ | โ | โ |
| Made for sec specialists, not managers | โ | โ | โ | โ | โ | โ | โโ |
| Report generation | โ | โ | โ | โ | โ | โ | โ |
| API | โ | โโ | โ | โ | โ | โ | โ |
| Issue templates | โ | โ | โ | โ | โ | โ | โ |
| Tool name | Integration type | Description |
|---|---|---|
| Nmap | Import | Import XML results (ip, port, service type, service version, hostnames, os). Supported plugins: vulners |
| Nessus | Import | Import .nessus results (ip, port, service type, security issues, os) |
| Qualys | Import | Import .xml results (ip, port, service type, security issues) |
| Masscan | Import | Import XML results (ip, port) |
| Nikto | Import | Import XML, CSV, JSON results (issue, ip, port) |
| Acunetix | Import | Import XML results (ip, port, issue) |
| Burp Suite Enterprise | Import | Import HTML results (ip, port, hostname, issue, poc) |
| kube-hunter | Import | Import JSON result (ip, port, service, issue) |
| Checkmarx SAST | Import | Import XML/CSV results (code info, issue) |
| Dependency-check | Import | Import XML results (code issues) |
| OpenVAS/GVM | Import | Import XML results (ip, port, hostname, issue) |
| NetSparker | Import | Import XML results (ip, port, hostname, issue) |
| BurpSuite | Import/Extention | Extention for fast issue send from burpsuite. |
| ipwhois | Scan | Scan hosts(s)/network(s) and save whois data |
| shodan | Scan | Scan hosts ang save info (ip, port, service). |
| HTTP-Sniffer | Additional | Create multiple http-sniffers for any project. |
| WPScan | Import | Import JSON results (ip, port, hostname, issue) |
| DNSrecon | Import | Import JSON/CSV/XML results (ip, port, hostname) |
| theHarvester | Import | Import XML results (ip, hostname) |
| Metasploit | Import | Import XML project (ip, port, hostname, issue) |
| Nuclei | Import | Import JSON results (ip, hostname, port, issue) |
| PingCastle | Import | Import XML results (ip, issue) |
| MaxPatrol | Import | Import XML results (ip, port, issue) |
| Scanvus | Import | Import JSON report (issue) |
| Tenable.sc | Import | Import .nessus results (ip, port, service type, security issues, os) |
| aiodnsbrute | Import | Import JSON/CSV results (ip, hostname) |
| Advanced Port Scanner | Import | Import XML results (ip, hostname, port) |
| RedCheck | Import | Import CSV results (ip, port, security issues) |
- ๐ Fast Installation Guide
- ๐ป Standalone
- โ๏ธ Heroku
- โ๏ธ AWS
- ๐ Docker Usage
- ๐ฆ Telegram
- ๐คธ Usage
- ๐ผ๏ธ Gallery
โ ๏ธ WARNING- ๐ช Community
- ๐ TODO
- ๐ Presentations
- ๐ข Companies
- โค๏ธ Contribute
You need only Python3.
During this compilation it may require to install other system dependencies.
Download project:
git clone https://gitlab.com/invuls/pentest-projects/pcf.gitGo to folder:
cd pcfInstall deps (for unix-based systems):
pip3 install -r requirements_unix.txt
or windows:
pip.exe install -r requirements_windows.txt
Run initiation script:
(this script recreates database, but )
# !!! read the text and input "DELETE_ALL" string
python3 new_initiation.pyor windows
# !!! read the text and input "DELETE_ALL" string
python.exe new_initiation.pyEdit configuration:
nano configuration/settings.iniRun:
old version: python3 app.py
new version: python3 run.pyor windows
old version: python.exe app.py
new version: python.exe run.pyDeploy from our github repository:
Careful: Check github repo last push version!
You can check ๐Harder and ๐Impossible ways at ๐wiki page!
You can just follow the link and install PCF from AWS marketplace:
Will be added later!
Clone repository
git clone https://gitlab.com/invuls/pentest-projects/pcf.gitGo to folder:
cd pcfRun docker-compose:
# if it clean installation run this:
# rm ./configuration/database.sqlite3
docker-compose upand go to URL
http://127.0.0.1:5000/Default port (check config): 5000 Default ip (if run at localhost): 127.0.0.1
-
Register at http(s)://<ip>:<port>/register
-
Login at http(s)://<ip>:<port>/login
-
Create team (if need) at http(s)://<ip>:<port>/create_team
-
Create project at http(s)://<ip>:<port>/new_project
-
Enjoy your hacking process!
API information: https://gitlab.com/invuls/pentest-projects/pcf/-/wikis/API%20documentation
 |
 |
| Team information | Projects list |
 |
 |
| Project: issues | Project: host page |
 |
 |
| Project: hosts | Project:services |
 |
 |
| Project: issue info | Project: issue info (PoC) |
 |
 |
| Project: networks | Project: files |
 |
 |
| Project: tools (may be changed) | Project: found credentials |
 |
 |
| Project: testing notes | Project: chats |
 |
 |
| Project: settings | Project: reports |
This program, by default, uses 5000 port and allows everyone to register and use it, so you need to set correct firewall & network rules.
Careful with new_initiation script! It makes some important changes with filesystem:
- Renames database /configuration/database.sqlite3
- Regenerates SSL certificates
- Regenerates session key.
- Creates new empty /configuration/database.sqlite3 database
- Creates /tmp_storage/ folder
If you have any feature suggestions or bugs, leave a GitLab issue. We welcome any and all support :D
We communicate over Telegram. Click here to join our Telegram community!
- Team config storage
- Team report templates storage
- Automatic database backup
- Share Issues with non-registered users
- Report generation
- Fast popular password bruteforce check (top-10k)
- REST-API
- Network graph
- Hash fast export/import
- Add another databases
- Add .doc report generation support
- Issue templates
- Backup/Restore from backup projects/teams
- HTTP-sniffer
- NetNTLM smb sniffer
- Custom tool txt report upload support (added notes to hosts)
- Hash fast check top-10k passwords
- Export projects from Faraday/Dradis
- Metasploit/Cobalt Strike integration
- Vue.js
- Websockets
- Push messages (updates)
- Database rebuild (objects)
- hosts -> interfaces -> ports
- hosts -> hostnames
- Project file manager
- Port -> Protocol:Software:Version
- User-defined host marks (mark all hosts with open port)
- TODO marks button every page
- Dublicate hosts (join them?)
- host MAC/AD domain/Forest
-
Black Hat:
- Asia
: 2021
Europe
2021
- Asia
-
MIPHI
: 2021
-
Defcon-NN
-
DC7495
-
H@cktivityCon๐: 2021
-
Standoff
-
PHDays
There will be companies list which use Pentest Collaboration Framework.
If you want to add your company, then read next topic :)
If you want to help to project or encourage PCF developers, you can do any of the following:
- Mention PCF at your presentations/research articles/forum topics/other information resources.
- Advise it to you friends/collegues.
- "Star" this repository
- Don't forget about PCF telegram chat https://t.me/PentestCollaborationFramework
- Create more feature/bug requests at gitlab issues page https://gitlab.com/invuls/pentest-projects/pcf/-/issues
- If you use it at work, you can ask @drakylar (Telegram) to add your work icon + link at "Companies" topic at README.md
- You can create more template examples for PCF and send them to me (@drakylar Telegram), so I will add them to template examples folder at main repository
- We have not too much Youtube tutorials, so, you can create one :)
- Also you can create more nmap scripts plugins and also send them to @drakylar. More info here: https://gitlab.com/invuls/pentest-projects/pcf/-/issues/34 https://gitlab.com/invuls/pentest-projects/pcf/-/blob/master/routes/ui/tools_addons/nmap_scripts/nmap_example.py
There was some frequent question:
How to donate money to the project?
No way. I do not guarantee that I will not abandon this project after a while, so the best "donation" will be a contribution to the development and distribution of the utility.
How to make a merge requests to this repository?
Again, no way. To develop PCF faster, I need to know all of its code, so just create an issue at gitlab with bug/feature request and some code example, which I may use to fix it.