PCWT: easy to run your pentest and bug bounty projects

bug bounty projects

PCWT

A web application that makes it easy to run your pentest and bug bounty projects.

Description

The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan, and subdomain search.

Main page

 

Project settings

 

Domains dashboard

 

Port scan

You can scan ports using nmap or masscan. The nmap is started with the following arguments:

nmap --top-ports 10000 -sV -Pn --min-rate 300 --max-retries 2 [ip]

The masscan is started with the following arguments:

masscan -p 1-65535 --rate 2000

Subdomain search

Amass and findomain are used to find subdomains.

Features

  • Leave notes to host, port, or domain.
  • Mark host or domain with tags.
  • Search by any field related to host, port, or domain (tags and notes are included). Regexp is available.
  • Different types of sorting are available on almost all dashboards.
  • Run the port scan for all hosts, hosts without port scan, or custom list.
  • Create tasks for subdomains search (every 2 hours, every 5 hours, every day, or every week). You can also disable and enable them on-demand using the Subdomain tasks dashboard.
  • Different types of export are available.
  • Notifications about the start and end of the scan, as well as about newfound domains can be sent to Telegram. Update the config.py with your chat id and token.

Install

NOTE 1: Change the paths for amass, findomain, nmap, and masscan in config.py before running commands. NOTE 2: The app must be started as root if you want masscan to work.

apt install python3 python-venv python3-pip

git clone https://github.com/ascr0b/PCWT
cd PCWT

python3 -m venv env
source env/bin/activate
pip3 install -r requirements.txt

flask init-db
flask crontab add

export FLASK_APP=app
flask run