who0xac/Pinakastra

GitHub: who0xac/Pinakastra

一款基于 AI 的渗透测试框架，集成自动化侦察、漏洞探测与智能利用以提升安全评估效率。

Stars: 57 | Forks: 7

# 🔱 Pinakastra **AI-Powered Penetration Testing Framework with Automated Reconnaissance** Pinakastra is an advanced reconnaissance and exploitation tool that combines passive/active enumeration with AI-powered vulnerability detection and exploitation. Built for penetration testers and bug bounty hunters. [![GitHub stars](https://img.shields.io/github/stars/who0xac/Pinakastra?style=flat-square&logo=github)](https://github.com/who0xac/Pinakastra/stargazers) [![Version](https://img.shields.io/badge/version-v1.0-brightgreen.svg)](https://github.com/who0xac/Pinakastra/releases) [![Go Version](https://img.shields.io/badge/go-1.21+-00ADD8.svg)](https://go.dev) [![Platform](https://img.shields.io/badge/platform-Linux-green.svg)](https://www.linux.org) ## ✨ What Does Pinakastra Do? 1. **Discovers subdomains** - subfinder, findomain, assetfinder, sublist3r, chaos, crtsh, shodan, puredns 2. **Probes live hosts** - httpx 3. **Resolves IPs** - dnsx with ASN and geolocation 4. **Discovers URLs** - Katana (crawler) + GAU (archive scraper) 5. **Scans ports** - Nmap with AI-powered CVE detection 6. **Analyzes security** - Headers, CORS, TLS, secrets, cloud assets, takeover 7. **Actively exploits** - XSS, SQLi, SSRF, Open Redirect, Path Traversal, IDOR, JWT 8. **Generates reports** - JSON, CSV, TXT formats ## 🚀 Features ### 🔍 Reconnaissance - **Subdomain Discovery** - 8 passive sources + DNS bruteforce - **HTTP Probing** - Live host detection with tech fingerprinting - **IP Resolution** - ASN lookups and geolocation - **URL Discovery** - Katana + GAU with smart filtering - **Port Scanning** - Nmap with service detection **Smart URL Filtering:** - Removes static assets (images, CSS, fonts) while preserving sensitive files - Keeps .env, .sql, .bak, .config, .js files for security testing - Prioritizes API, admin, auth, and upload endpoints - Limits to 150 URLs/subdomain, 5 URLs/pattern (70% reduction) - Ensures no sensitive points are missed ### 🛡️ Security Analysis - Security Headers, TLS/SSL, CORS - Subdomain Takeover (50+ services) - Cloud Asset Discovery (S3, Azure, GCP) - Secret Detection (API keys, tokens) ### 🤖 AI-Powered Active Exploitation **Vulnerability Testing:** - **XSS, SQLi, SSRF, Open Redirect, Path Traversal, IDOR, JWT** - **10 payloads per type**: 7 hardcoded advanced + 3 AI-generated bypass - **Model**: deepseek-r1:7b (6-7GB RAM) **AI Features:** - Port Scanning CVE Analysis - Adaptive Payload Generation - NVD Database CVE Verification - Sequential AI Generation (test while generating) - Smart Detection (reduces false positives) ## 📦 Installation ### 1. Check Required Tools **Required:** subfinder, httpx, dnsx, katana, gau, puredns, findomain, assetfinder, chaos, nmap, sublist3r, crtsh, shodan ``` pinakastra check ``` ### 2. Install Pinakastra ``` go install github.com/who0xac/pinakastra/cmd/pinakastra@main ``` ### 3. Install AI **Install Ollama:** ``` curl -fsSL https://ollama.com/install.sh | sh ``` **Pull DeepSeek Model:** ``` ollama pull deepseek-r1:7b ``` **Start Ollama:** ``` ollama serve ``` **Verify:** ``` curl http://localhost:11434/api/tags ollama list ``` ## 📖 Usage ``` # Basic scan with AI pinakastra -d target.com --enable-ai # With options pinakastra -d target.com --enable-ai -o ./results --no-bruteforce --use-tor ``` **Options:** - `-o` - Custom output directory - `--no-portscan` - Skip port scanning - `--no-bruteforce` - Skip DNS bruteforce - `--use-tor` - Use TOR proxy ## ⚙️ Configuration **Pinakastra Config:** `~/.config/pinakastra/` ``` ~/.config/pinakastra/ ├── config.yaml # API keys (Chaos, Shodan) ├── configs/ │ └── resolvers.txt # DNS resolvers for puredns └── wordlists/ └── subdomains.txt # Subdomain wordlist (auto-downloaded) ``` **Config File:** `~/.config/pinakastra/config.yaml` ``` api_keys: chaos: "your-chaos-api-key" shodan: "your-shodan-api-key" ``` **Subfinder Config:** `~/.config/subfinder/provider-config.yaml` ## 📤 Output Results saved in: `./output/-/` ``` subdomains.txt # All discovered subdomains live_hosts.txt # Live HTTP/HTTPS hosts resolved_ips.txt # IPs with ASN and geolocation urls.txt # All discovered URLs open_ports.txt # Open ports with services vulnerabilities.json # Exploitation results (JSON) vulnerabilities.csv # Exploitation results (CSV) vulnerabilities.txt # Exploitation results (TXT) security_headers.txt # Security header analysis tls_analysis.txt # TLS/SSL analysis cors_issues.txt # CORS misconfiguration cloud_assets.txt # Cloud storage buckets secrets_found.txt # API keys, tokens subdomain_takeover.txt # Takeover vulnerabilities ``` ## 🎯 Active Exploitation | Vulnerability | Hardcoded | AI | Total | Detection | |--------------|-----------|----|----|-----------| | XSS | 7 | 3 | 10 | Response reflection | | SQL Injection | 7 | 3 | 10 | Error messages + time-based | | SSRF | 7 | 3 | 10 | Cloud metadata detection | | Open Redirect | 7 | 3 | 10 | Location header validation | | Path Traversal | 7 | 3 | 10 | File signatures | | IDOR | 7 | 3 | 10 | Response differential | | JWT | - | Analysis | - | Token validation | ## ⚠️ Disclaimer **For authorized security testing only.** Use only on systems you own or have explicit written permission to test. Owner is not responsible for misuse. Always follow responsible disclosure and comply with local laws. **Built with ❤️ by who0xac**

标签：AI 渗透测试, AI生成Payload, Bug Bounty, CISA项目, CTI, EVTX分析, Go语言, HTTP探测, IDOR, Nmap, PE 加载器, SEO渗透测试, SSRF, XSS, 动态插桩, 可自定义解析器, 开源安全工具, 数据统计, 无线安全, 日志审计, 本地推理, 渗透测试框架, 漏洞情报, 程序破解, 端口扫描, 结构化报告, 网络安全审计, 自动化侦察, 虚拟驱动器, 逆向工具, 逆向工程平台, 防御