New Tool: The PenTesters Framework (PTF) Released
来源:互联网 发布:淘宝首页导航栏代码 编辑:程序博客网 时间:2024/05/03 06:58
http://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
New Tool: The PenTesters Framework (PTF) Released
TrustedSec is proud to announce the release of the PenTesters Framework (PTF). PTF is a Python script designed for Debian/Ubuntu (plans on expanding to more) based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those “go to” tools that we use on a regular basis, and using the latest and greatest is important.
PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It’s all up to you.
The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It’s super simple to configure and add them and only takes a few minute.
To run PTF, first check out the config/ptf.config file which contains the base location of where to install everything. By default this will install in the /pentest directory. Once you have that configured, move to running PTF by typing ./ptf (or python ptf).
This will put you in a “Metasploitesk” type shell which has a similar look and feel for consistency. Show modules, use , etc. are all accepted commands. First things first, always type help or ? to see a full list of commands.
If you want to install and/or update everything, simply do the following:
This will install all of the tools inside of PTF. If they are already installed, this will iterate through and update everything for you automatically. You can also install or update each individual module separately just by use
You can also show options to change information about the modules. If you want to create your own module, its simple. First, head over to the modules/ directory, inside of there are sub directories based on the Penetration Testing Execution Standard (PTES) phases. Go into those phases and look at the different modules. As soon as you add a new one, for example testing.py, it will automatically be imported next time you launch PTF. There are a few key components when looking at a module that must be completed.
Below is a sample module:
Module Development:
All of the fields are pretty easy, on the repository locations, right now all thats supported is GIT. The plan in the next release is to expand to file downloader. This can still be accomplished through ‘After Commands‘ (explained later). Fill in the depends, and where you want the install location to be. PTF will take where the python file is located (for example exploitation) and move it to what you specify in the PTF config (located under config). By default it installs all tools to /pentest/
Note in modules, you can specify after commands {INSTALL_LOCATION}. This will append where you want the install location to go when using ‘After Commands‘.
After Commands:
‘After Commands‘ are commands that you can execute after an installation. This could be switching to a directory and kicking off additional commands to finish the installation. For example in the BeEF scenario, you need to run ruby install-beef afterwards. Below is an example of ‘After Commands‘ using the {INSTALL_LOCATION} flag.
For ‘After Commands‘ that do self install (don’t require user interaction) – place an exit after your commands so it exits the shell.
This is still an early release and a work in progress. The hope would be to get a lot of community support for additional module development and continue to add on.
In order to download PTF, head over to github or clone it.
git clone https://github.com/trustedsec/ptf
TODO:
* Add ability to support SVN, and FILE download.
* Support other operating systems aside from Kali, Ubuntu, Debian
- New Tool: The PenTesters Framework (PTF) Released
- new sample released when I am in the All-In-OneCode-Framework project
- The MS .NET Framework 3.0 has been released
- New HexorBase (The Database Hackers Tool )
- 212876 - The new archiving tool SAPCAR
- 212876 - The new archiving tool SAPCAR
- Eclipse Process Framework: a new tool for porject process management
- Nitro : new version released.
- New BOOT KIT Released
- New skills released!
- eXpressApp Framework 7.3.5 released on 20 Dec 2007 and What'a New
- eXpressApp Framework 8.1.3 released on 07 May 2008 and What'a New
- eXpressApp Framework 8.1.4 released on 30 May 2008 and What'a New
- eXpressApp Framework 8.1.5 released on 27 Jue 2008 and What'a New
- eXpressApp Framework 8.1.6 released on 03 Jul 2008 and What's New
- eXpressApp Framework 8.2.1 released on 25 Jul 2008 and What's New
- new sample released after I have left All-In-OneCode-Framework project 2012-02-18
- Performance Test Framework (PTF)是压力测试框架
- 随笔
- PAT 1011. World Cup Betting (20)
- oledump-py office ole dump
- Windows 操作系统(不管32bit还是64bit)是不支持oracle db的 db_32k_cache_size参数的。
- java之多态
- New Tool: The PenTesters Framework (PTF) Released
- ThreadLocal 学习资源
- poj-3041 Asteroids
- 我的第一篇博客
- textview数字英文在一起时自动换行
- android中三种onClick事件的实现,与对比
- 安卓服务——started service一个非绑定式服务
- 整理的小工具
- Lucene学习之拼写检查