Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them.
- Written in python 3
- Provides a modelisation of “pentest objects” : Scope, Hosts, Ports, Commands, Tools etc.
- Tools/scripts are separated into 4 categories : wave, Network/domain, IP, Port
- Objects are stored in a NoSQL DB (Mongo)
- Keep links between them to allow queries
- Objects can be created through parsers / manual input
- Business logic can be implemented (auto vuln referencing, item triggers, etc.)
- Many tools/scripts launch conditions are availiable to avoid overloading the target or the scanner.
- A GUI based on tcl/tk
Register your own tools
- Add command line options in your database.
- Create your own light plugin to parse your tool output.
- Use the objects Models to add, update or delete objects to the pentest inside plugins.
- Limit the number of parallel execution of noisy/heavy tools
Define a recon/fingerprinting procedure with custom tools
- Choose a period to start and stop the tools
- Define your scope with domains and network IP ranges.
- Custom settings to include new hosts in the scope
- Keep results of all files generated through tools executions
- Start the given docker to implement numerous tools for LAN and Web pentest
- Split the work between your machines by starting one worker by computer you want to use.
- Tags ip or tools to show your team mates that you powned it.
- Take notes on every object to keep trace of your discoveries
- Follow tools status live
- Search in all your objects properties with the fitler bar.
- have a quick summary of all hosts and their open ports and check if some are powned.
- Create security defects on IPs and ports
- Make your plugins create defects directly so you don’t have to
- Generate a Word report of security defects found. You can use your own template with extra work.
- Generate a Powerpoint report of security defects found. You can use your own template with extra work.
Currently integrated tools
- IP / port recon : Nmap (Quick nmaps followed by thorough scan)
- Domain enumeration : Knockpy, Sublist3r, dig reverse, crtsh
- Web : WhatWeb, Nikto, http methods, Dirsearch
- LAN : Crackmapexec, eternalblue and bluekeep scan, smbmap, anonymous ftp, enum4linux
- Unknown ports : amap, nmap scripts
- Misc : ikescan, ssh_scan, openrelay
- Change the architecture to an API based one
- Get rid of Celery
- Add flexibity for commands
- Improve UX
- Add more plugin and improve existing ones
- Add real support for users / authenticated commands