PentesterPro

PentesterPro is an Automated Penetration Testing System leveraging Large Language Models (LLMs) and Playwright for intelligent web exploration and vulnerability scanning. It combines autonomous crawling with AI-driven decision making to identify security flaws in web applications.

Features

• Autonomous Exploration: Intelligent crawling using Playwright to navigate complex web apps.
• AI-Driven Logic: Uses Gemini/OpenAI models to reason about application state and potential vulnerabilities.
• Reporting: Generates findings sorted by severity.
• Dual Interface:
  • Web UI: Modern, cyberpunk-themed dashboard for managing scans.
  • CLI: headless mode for automation and batch processing.

Prerequisites

Before running the application, ensure you have the following installed:

• Python 3.10+
• PostgreSQL (Recommended for robust persistence) or SQLite (for development).
• ffuf (Optional): Required for directory brute-forcing features.

Installation

1. Clone the Repository:

   git clone https://github.com/Hellsender01/PentesterPro.git
   cd PentesterPro
   

2. Set Up Virtual Environment:

   python3 -m venv venv
   source venv/bin/activate
   

3. Install Python Dependencies:

   pip install -r requirements.txt
   

4. Install Playwright Browsers:

   [!IMPORTANT] This step is critical for the crawler to function.

   playwright install
   

5. Configure Environment: Copy the example environment file and update it with your keys:

   cp .env.example .env
   

   Edit .env to set your DATABASE_URL and API keys (GEMINI_API_KEY or OPENAI_API_KEY).

6. Initialize Database:

   flask db upgrade
   

Usage

Web Interface

Start the Flask application server:

flask run

Access the dashboard at http://127.0.0.1:5000 to start new scans and view results.

CLI Mode

Run autonomous scans directly from the command line:

python main_scan.py <url> [options]

Options:

• url: The target URL to scan (default: https://secladder.com)
• --brute: Enable brute-force directory enumeration (requires ffuf).
• --scan-id: Specify a unique ID for the scan run.
• --output-dir: Directory to save artifacts.

Example:

python main_scan.py https://example.com --brute

Documentation

Comprehensive documentation is available in the docs/ directory:

• Overview
• System Contracts
• Architecture
• Execution Model
• Data & Storage
• LLM & AI
• Testing & Validation
• Operations

Contributing

We welcome contributions! Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.