A multifunctional penetration testing automation tool that performs admin discovery, API testing, crawling, brute forcing, and lightweight network scans.
# clone the repository
git clone https://github.com/hackerjoe69/pentest_bot.git
cd pentest_botpython3 pentest_pro_bot.py example.com -adpython3 pentest_pro_bot.py api.com -at -pc api.jsonpython3 pentest_pro_bot.py webapp.com -ad -bfpython3 pentest_pro_bot.py target.com -ad -at -bf -pc api.json -aw custom_wordlist.txt -i aggressive -vpython3 pentest_pro_bot.py 192.168.1.0/24 -st network port -i quickpython3 pentest_pro_bot.py webapp.com -cd 5 -mp 200 -cld 0.5 -v-o = --output # Output directory
-v = --verbose # Verbose output
-i = --intensity # Scan intensity (e.g. quick, normal, aggressive)
-t = --threads # Number of threads
-st = --scan-types # Scan types (e.g. network, port, web, all)
-cd = --crawl-depth # Crawl depth (integer)
-mp = --max-pages # Max pages to crawl (integer)
-cld = --crawl-delay # Crawl delay in seconds (float)
-ua = --user-agent # Custom User-Agent string
-pc = --postman-collection # Postman collection file (JSON)
-at = --api-test # Enable API testing
-ad = --admin-discovery # Enable admin discovery
-aw = --admin-wordlist # Custom admin wordlist file
-bf = --brute-force-admin # Enable brute force against admin endpoints
- Always have written permission before running pentests. Use this tool only on systems you are authorized to test.
- Run scans from an isolated environment or a machine you control to avoid collateral damage.
- Adjust intensity (
-i) and threads (-t) according to target stability and your available bandwidth. - Supply sufficiently large delays (
-cld) when crawling to reduce load on target servers. - If using Postman collections for API testing, validate the JSON file beforehand.
- If the script fails due to missing modules, run
pip installfor the missing packages. - If network scanning fails, check local firewall and routing, and ensure you have permission to scan the target network.