Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!
Features
- You can create private or team projects!
- Team moderation.
- Multiple tools integration support! Such as Nmap/Masscan, Nikto, Nessus and Acunetix!
- Super-User-Friendly design.
- Cross-platform, opensource & free!
- Cloud deployment support.
PCF vs analogues
| Name | PCF | Lair | Dradis | Faraday | AttackForge | PenTest.WS |
|---|---|---|---|---|---|---|
| Portable | ✅ | ❌ | ❌ | ❌ | ❌ | ✅💲 |
| Cross-platform | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
| Free | ✅ | ✅ | ❌✅ | ❌✅ | ❌✅ | ❌✅ |
| NOT deprecated! | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ |
| Data export | ✅ | ❌✅ | ✅ | ✅ | ✅ | ❌✅ |
| Chat | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ |
| Made for sec specialists, not managers | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
| Report generation | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ |
| API | ✅ | ❌✅ | ✅ | ✅ | ✅ | ✅ |
Supported tools
| Tool name | Integration type | Description |
|---|---|---|
| Nmap | Import | Import XML results (ip, port, service type, service version, hostnames, os). Supported plugins: vulners |
| Nessus | Import | Import .nessus results (ip, port, service type, security issues, os) |
| Masscan | Import | Import XML results (ip, port) |
| Nikto | Import | Import XML, CSV, JSON results (issue, ip, port) |
| Acunetix | Import | Import XML results (ip, port, issue) |
| Checkmarx SAST | Import | Import XML/CSV results (code info, issue) |
| Dependency-check | Import | Import XML result (code issues) |
| BurpSuite | Import/Extention | Extention for fast issue send from burpsuite. |
| ipwhois | Scan | Scan hosts(s)/network(s) and save whois data |
| shodan | Scan | Scan hosts ang save info (ip, port, service). |
| HTTP-Sniffer | Additional | Create multiple http-sniffers for any project. |
Fast Installation Guide
Windows / Linux / MacOS
- Download project:
git clone https://gitlab.com/invuls/pentest-projects/pcf/- Go to folder:
cd pcf- Install deps (for unix-based systems):
pip3 install -r requirements_unix.txt- or windows:
pip.exe install -r requirements_windows.txt- Run initiation script:
python3 new_initiation.py- Edit configuration:
nano configuration/settings.ini- Run
python3 app.pyHeroku
Deploy from our github repository: here
"
"
Docker
Build by yourself
- Clone repository
git clone https://gitlab.com/invuls/pentest-projects/pcf- Go to folder:
cd pcf- Run docker-compose:
docker-compose up- and go to URL
http://127.0.0.1:5000/Usage
Default port (check config): 5000 Default ip (if run at localhost): 127.0.0.1
- Register at http(s)://<ip>:<port>/register
- Login at http(s)://<ip>:<port>/login
- Create team (if need) at http(s)://<ip>:<port>/create_team
- Create project at http(s)://<ip>:<port>/new_project
- Enjoy your hacking process!
API information: here
Gallery
WARNING
Default settings
This program, by default, uses 5000 port and allows everyone to register and use it, so you need to set correct firewall & network rules.
Initiation logic
Careful with new_initiation script! It makes some important changes with filesystem:
- Renames database /configuration/database.sqlite3
- Regenerates SSL certificates
- Regenerates session key.
- Creates new empty /configuration/database.sqlite3 database
- Creates /tmp_storage/ folder
If you have any feature suggestions or bugs, leave a GitLab issue.
"
"