Pollenisator – Automating the use of some tools/scripts to assist pentesters and auditors

pollenisator

Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them.

  • Written in python 3
  • Provides a modelisation of “pentest objects” : Scope, Hosts, Ports, Commands, Tools etc.
  • Tools/scripts are separated into 4 categories : wave, Network/domain, IP, Port
  • Objects are stored in a NoSQL DB (Mongo)
  • Keep links between them to allow queries
  • Objects can be created through parsers / manual input
  • Business logic can be implemented (auto vuln referencing, item triggers, etc.)
  • Many tools/scripts launch conditions are availiable to avoid overloading the target or the scanner.
  • A GUI based on tcl/tk

Documentation

Everything is the wiki, including installation

Features

  • Register your own tools
    • Add command line options in your database.
    • Create your own light plugin to parse your tool output.
    • Use the objects Models to add, update or delete objects to the pentest inside plugins.
    • Limit the number of parallel execution of noisy/heavy tools
  • Define a recon/fingerprinting procedure with custom tools
    • Choose a period to start and stop the tools
    • Define your scope with domains and network IP ranges.
    • Custom settings to include new hosts in the scope
    • Keep results of all files generated through tools executions
    • Start the given docker to implement numerous tools for LAN and Web pentest
  • Collaborative pentests
    • Split the work between your machines by starting one worker by computer you want to use.
    • Tags ip or tools to show your team mates that you powned it.
    • Take notes on every object to keep trace of your discoveries
    • Follow tools status live
    • Search in all your objects properties with the fitler bar.
    • have a quick summary of all hosts and their open ports and check if some are powned.
  • Reporting
    • Create security defects on IPs and ports
    • Make your plugins create defects directly so you don’t have to
    • Generate a Word report of security defects found. You can use your own template with extra work.
    • Generate a Powerpoint report of security defects found. You can use your own template with extra work.
  • Currently integrated tools
    • IP / port recon : Nmap (Quick nmaps followed by thorough scan)
    • Domain enumeration : Knockpy, Sublist3r, dig reverse, crtsh
    • Web : WhatWeb, Nikto, http methods, Dirsearch
    • LAN : Crackmapexec, eternalblue and bluekeep scan, smbmap, anonymous ftp, enum4linux
    • Unknown ports : amap, nmap scripts
    • Misc : ikescan, ssh_scan, openrelay

Roadmap

  • Change the architecture to an API based one
  • Get rid of Celery
  • Add flexibity for commands
  • Improve UX
  • Add more plugin and improve existing ones
  • Add real support for users / authenticated commands
Please follow and like us: