Check your website ( or any other website ) for common vulnerabilities.
Install
yarn global add pentest-tool-lite
# of if you use npm
npm i -g pentest-tool-lite
Basic
pentest-tool-lite <URL> # http(s)://....
pentest-tool-lite https://juffalow.com
Available options:
$ pentest-tool-lite --help
Grep is checking every test if it contains any string from the grep argument.
To check just https and hsts type:
pentest-tool-lite https://juffalow.com --grep https,hsts
To list all available tests:
pentest-tool-lite tests
If you do not want to run specific tests, you can ignore them with exclude
argument.
To exclude javascript, css and image tests:
pentest-tool-lite https://juffalow.com --exclude javascript,css,image
Default report is short, which will show just test titles. If you want to see also description, change it to FULL
report with:
pentest-tool-lite https://juffalow.com --reportType FULL
pentest-tool-lite https://juffalow.com --reportFormat JSON
List all URLs in sitemap. If it is sitemap index (sitemap that contains URLs to other sitemaps) it loads every sitemap and shows URLs from all of them.
pentest-tool-lite sitemap https://example.com/sitemap.xml
Reads from standard input and outputs lines based on some probability. This can be used for testing just random urls. For example, you can run sitemap
sub-command, but you don't want to run the pentest on all of listed urls, so you can use pipes and pick random urls.
pentest-tool-lite sitemap https://example.com/sitemap.xml | pentest-tool-lite random | xargs -n1 pentest-tool-lite
Use GitHub issues if you have suggestion for new check(s) or you found a bug in existing one.
And I'll be thankful for every pull request ;-)
# install node modules
yarn
# run
yarn start https://juffalow.com
# or if you use npm
# install node modules
npm i
# run
npm start -- https://juffalow.com
Log everything:
pentest-tool-lite https://juffalow.com --logger=DEBUG
Log everything that has at least WARNING level:
pentest-tool-lite https://juffalow.com --logger=WARNING
npm test