SkillAgentSearch skills...

Pinakastra

AI-powered pentesting framework with automated recon and exploitation. Multi-source subdomain discovery, active vuln testing (XSS/SQLi/SSRF/IDOR), AI-driven payload generation, local inference, structured reporting. For pentesters and bug bounty hunters.

GenerateConvertImprove

Install / Use

/learn @who0xac/Pinakastra
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

🔱 Pinakastra

AI-Powered Penetration Testing Framework with Automated Reconnaissance

Pinakastra is an advanced reconnaissance and exploitation tool that combines passive/active enumeration with AI-powered vulnerability detection and exploitation. Built for penetration testers and bug bounty hunters.

GitHub stars Version Go Version Platform

✨ What Does Pinakastra Do?

  1. Discovers subdomains - subfinder, findomain, assetfinder, sublist3r, chaos, crtsh, shodan, puredns
  2. Probes live hosts - httpx
  3. Resolves IPs - dnsx with ASN and geolocation
  4. Discovers URLs - Katana (crawler) + GAU (archive scraper)
  5. Scans ports - Nmap with AI-powered CVE detection
  6. Analyzes security - Headers, CORS, TLS, secrets, cloud assets, takeover
  7. Actively exploits - XSS, SQLi, SSRF, Open Redirect, Path Traversal, IDOR, JWT
  8. Generates reports - JSON, CSV, TXT formats

🚀 Features

🔍 Reconnaissance

  • Subdomain Discovery - 8 passive sources + DNS bruteforce
  • HTTP Probing - Live host detection with tech fingerprinting
  • IP Resolution - ASN lookups and geolocation
  • URL Discovery - Katana + GAU with smart filtering
  • Port Scanning - Nmap with service detection

Smart URL Filtering:

  • Removes static assets (images, CSS, fonts) while preserving sensitive files
  • Keeps .env, .sql, .bak, .config, .js files for security testing
  • Prioritizes API, admin, auth, and upload endpoints
  • Limits to 150 URLs/subdomain, 5 URLs/pattern (70% reduction)
  • Ensures no sensitive points are missed

🛡️ Security Analysis

  • Security Headers, TLS/SSL, CORS
  • Subdomain Takeover (50+ services)
  • Cloud Asset Discovery (S3, Azure, GCP)
  • Secret Detection (API keys, tokens)

🤖 AI-Powered Active Exploitation

Vulnerability Testing:

  • XSS, SQLi, SSRF, Open Redirect, Path Traversal, IDOR, JWT
  • 10 payloads per type: 7 hardcoded advanced + 3 AI-generated bypass
  • Model: deepseek-r1:7b (6-7GB RAM)

AI Features:

  • Port Scanning CVE Analysis
  • Adaptive Payload Generation
  • NVD Database CVE Verification
  • Sequential AI Generation (test while generating)
  • Smart Detection (reduces false positives)

📦 Installation

1. Check Required Tools

Required: subfinder, httpx, dnsx, katana, gau, puredns, findomain, assetfinder, chaos, nmap, sublist3r, crtsh, shodan

pinakastra check

2. Install Pinakastra

go install github.com/who0xac/pinakastra/cmd/pinakastra@main

3. Install AI

Install Ollama:

curl -fsSL https://ollama.com/install.sh | sh

Pull DeepSeek Model:

ollama pull deepseek-r1:7b

Start Ollama:

ollama serve

Verify:

curl http://localhost:11434/api/tags
ollama list

📖 Usage

# Basic scan with AI
pinakastra -d target.com --enable-ai

# With options
pinakastra -d target.com --enable-ai -o ./results --no-bruteforce --use-tor

Options:

  • -o - Custom output directory
  • --no-portscan - Skip port scanning
  • --no-bruteforce - Skip DNS bruteforce
  • --use-tor - Use TOR proxy

⚙️ Configuration

Pinakastra Config: ~/.config/pinakastra/

~/.config/pinakastra/
├── config.yaml              # API keys (Chaos, Shodan)
├── configs/
│   └── resolvers.txt        # DNS resolvers for puredns
└── wordlists/
    └── subdomains.txt       # Subdomain wordlist (auto-downloaded)

Config File: ~/.config/pinakastra/config.yaml

api_keys:
  chaos: "your-chaos-api-key"
  shodan: "your-shodan-api-key"

Subfinder Config: ~/.config/subfinder/provider-config.yaml

📤 Output

Results saved in: ./output/<domain>-<timestamp>/

subdomains.txt              # All discovered subdomains
live_hosts.txt              # Live HTTP/HTTPS hosts
resolved_ips.txt            # IPs with ASN and geolocation
urls.txt                    # All discovered URLs
open_ports.txt              # Open ports with services
vulnerabilities.json        # Exploitation results (JSON)
vulnerabilities.csv         # Exploitation results (CSV)
vulnerabilities.txt         # Exploitation results (TXT)
security_headers.txt        # Security header analysis
tls_analysis.txt            # TLS/SSL analysis
cors_issues.txt             # CORS misconfiguration
cloud_assets.txt            # Cloud storage buckets
secrets_found.txt           # API keys, tokens
subdomain_takeover.txt      # Takeover vulnerabilities

🎯 Active Exploitation

| Vulnerability | Hardcoded | AI | Total | Detection | |--------------|-----------|----|----|-----------| | XSS | 7 | 3 | 10 | Response reflection | | SQL Injection | 7 | 3 | 10 | Error messages + time-based | | SSRF | 7 | 3 | 10 | Cloud metadata detection | | Open Redirect | 7 | 3 | 10 | Location header validation | | Path Traversal | 7 | 3 | 10 | File signatures | | IDOR | 7 | 3 | 10 | Response differential | | JWT | - | Analysis | - | Token validation |

🤝 Contributing

Contributions welcome! Fork, create a feature branch, and submit a PR. Help us improve detection, add new modules, or optimize performance.

⚠️ Disclaimer

For authorized security testing only. Use only on systems you own or have explicit written permission to test. Owner is not responsible for misuse. Always follow responsible disclosure and comply with local laws.

Built with ❤️ by who0xac

who0xac

View profile

View on GitHub
GitHub Stars56
CategoryDevelopment
Updated24d ago
Forks7
who0xac/Pinakastra

Languages

Go

Security Score

85/100

Audited on Feb 28, 2026

No findings