Pegasus-Pentest-Arsenal – A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool

                                   /\               
                               _  / |               
                              / \ |  \              
                             |  |\|  |              
                             |  | | /               
                             | /| |/                
                             |/ |/                  
                        ,/;  ;  ;                   
                     ,'/|; ,/,/,                    
                   ,'/ |;/,/,/,/|                   
                ,/;  |;|/,/,/,/,/|                  
              ,/';   |;|,/,/,/,/,/|                 
            ,/';     |;|/,/,/,/,/,/|,              
           /  ;      |;|,/,/,/,/,/,/|              
          / ,';      |;|/,/,/,/,/,/,/|             
         /,/';       |;|,/,/,/,/,/,/,/|            
        /;/ ';       |;|/,/,/,/,/,/,/,/|           

     ██████╗ ███████╗ ██████╗  █████╗ ███████╗██╗   ██╗███████╗
     ██╔══██╗██╔════╝██╔════╝ ██╔══██╗██╔════╝██║   ██║██╔════╝
     ██████╔╝█████╗  ██║  ███╗███████║███████╗██║   ██║███████╗
     ██╔═══╝ ██╔══╝  ██║   ██║██╔══██║╚════██║██║   ██║╚════██║
     ██║     ███████╗╚██████╔╝██║  ██║███████║╚██████╔╝███████║
     ╚═╝     ╚══════╝ ╚═════╝ ╚═╝  ╚═╝╚══════╝ ╚═════╝ ╚══════╝
                    P E N T E S T   A R S E N A L                

A comprehensive web application security testing toolkit that combines 10 powerful penetration testing features into one tool.

Author

• Letda Kes Dr. Sobri, S.Kom
• GitHub: sobri3195
• Email: [email protected]

Features

1. Subdomain + Curl HTTP Scanner
2. Discovers subdomains using a wordlist
3. Checks HTTP status and security headers

4. Identifies potential security Misconfigurations” title=”Misconfigurations”>misconfigurations

5. JWT Token Inspector

6. Analyzes JWT token structure and claims
7. Identifies security issues in token configuration

8. Detects common JWT vulnerabilities

9. Parameter Pollution Finder

10. Tests for HTTP Parameter Pollution (HPP)
11. Identifies vulnerable parameters

12. Detects server-side parameter handling issues

13. CORS Misconfiguration Scanner

14. Tests for CORS policy misconfigurations
15. Identifies dangerous wildcard policies

16. Detects credential exposure risks

17. Upload Bypass Tester

18. Tests file upload restrictions
19. Attempts various bypass techniques

20. Identifies dangerous file type handling

21. Exposed .git Directory Finder

22. Scans for exposed version control files
23. Identifies leaked Git repositories

24. Tests for sensitive information disclosure

25. SSRF (Server Side Request Forgery) Detector

26. Tests for SSRF vulnerabilities
27. Identifies vulnerable parameters

28. Includes cloud metadata endpoint tests

29. Blind SQL Injection Time Delay Detector

30. Tests for time-based SQL injection
31. Supports multiple database types

32. Identifies injectable parameters

33. Local File Inclusion (LFI) Mapper

34. Tests for LFI vulnerabilities
35. Includes path traversal detection

36. Supports various encoding bypasses

37. Web Application Firewall (WAF) Fingerprinter

    • Identifies WAF presence
    • Detects WAF vendor/type
    • Tests WAF effectiveness

Installation

1. Clone the repository:

git clone https://github.com/sobri3195/pegasus-pentest-arsenal.git
cd pegasus-pentest-arsenal

1. Create a virtual environment (recommended):

python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

1. Install dependencies:

pip install -r requirements.txt

Usage

1. Run the main script:

python pegasus_pentest.py

1. Select a tool from the menu (1-10)
2. Follow the prompts to enter target information
3. Review the results

Requirements

• Python 3.8+
• Required packages (see requirements.txt):
• requests
• httpx
• urllib3
• colorama
• pyjwt
• beautifulsoup4

Security Considerations

• This tool is for educational and authorized testing purposes only
• Always obtain proper authorization before testing any target
• Some features may trigger security alerts or be blocked by security controls
• Use responsibly and ethically

Contributing

1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Create a Pull Request

License

This project is licensed under the MIT License – see the LICENSE file for details.

Disclaimer

This tool is provided for educational and authorized testing purposes only. Users are responsible for obtaining proper authorization before testing any target. The authors are not responsible for any misuse or damage caused by this tool.

Original Source: kitploit.com