Pollenisator – Collaborative Pentest Tool With Highly Customizable Tools

Click the icon to Follow me:- twitterTelegramRedditDiscord

Pollenisator 1 pollenisator flat 783276


Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them.

  • Written in python 3
  • Provides a modelisation of “pentest objects” : Scope, Hosts, Ports, Commands, Tools etc.
  • Tools/scripts are separated into 4 categories : wave, Network/domain, IP, Port
  • Objects are stored in a NoSQL DB (Mongo)
  • Keep links between them to allow queries
  • Objects can be created through parsers / manual input
  • Business logic can be implemented (auto vuln referencing, item triggers, etc.)
  • Many tools/scripts launch conditions are availiable to avoid overloading the target or the scanner.
  • A GUI based on tcl/tk

Documentation

Everything is the wiki, including installation

Features

  • Register your own tools

    • Add command line options in your database.
    • Create your own light plugin to parse your tool output.
    • Use the objects Models to add, update or delete objects to the pentest inside plugins.
    • Limit the number of parallel execution of noisy/heavy tools
  • Define a recon/fingerprinting procedure with custom tools

    • Choose a period to start and stop the tools
    • Define your scope with domains and network IP ranges.
    • Custom settings to include new hosts in the scope
    • Keep results of all files generated through tools executions
    • Start the given docker to implement numerous tools for LAN and Web pentest
  • Collaborative pentests

    • Split the work between your machines by starting one worker by computer you want to use.
    • Tags ip or tools to show your team mates that you powned it.
    • Take notes on every object to keep trace of your discoveries
    • Follow tools status live
    • Search in all your objects properties with the fitler bar.
    • have a quick summary of all hosts and their open ports and check if some are powned.
  • Reporting

    • Create security defects on IPs and ports
    • Make your plugins create defects directly so you don’t have to
    • Generate a Word report of security defects found. You can use your own template with extra work.
    • Generate a Powerpoint report of security defects found. You can use your own template with extra work.
  • Currently integrated tools

    • IP / port recon : Nmap (Quick nmaps followed by thorough scan)
    • Domain enumeration : Knockpy, Sublist3r, dig reverse, crtsh
    • Web : WhatWeb, Nikto, http methods, Dirsearch
    • LAN : Crackmapexec, eternalblue and bluekeep scan, smbmap, anonymous ftp, enum4linux
    • Unknown ports : amap, nmap scripts
    • Misc : ikescan, ssh_scan, openrelay

Roadmap

  • Change the architecture to an API based one
  • Get rid of Celery
  • Add flexibity for commands
  • Improve UX
  • Add more plugin and improve existing ones
  • Add real support for users / authenticated commands
Download Pollenisator

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Available for Amazon Prime