Pentest Collaboration Framework
Pentest Collaboration Framework β an open-source, cross-platform, and portable toolkit for automating routine processes when carrying out various works for testing!
Features
| Structure | |
|---|---|
|
|
- π¬ You can create private or team projects!
- πΌ Team moderation.
- π Multiple tools integration support! Such as Nmap/Masscan, Nikto, Nessus and Acunetix!
- π₯οΈ Cross-platform, open source & free!
- β Cloud deployment support.
π PCF vs analogues
| Name | PCF | Lair | Dradis | Faraday | AttackForge | PenTest.WS | Hive |
|---|---|---|---|---|---|---|---|
| Portable | β | β | β | β | β | β π² | β |
| Cross-platform | β | β | β | β | β | β | β |
| Free | β | β | ββ | ββ | ββ | ββ | ββ |
| NOT deprecated! | β | β | β | β | β | β | β |
| Data export | β | ββ | β | β | β | ββ | β |
| Chat | β | β | β | β | β | β | β |
| Made for sec specialists, not managers | β | β | β | β | β | β | ββ |
| Report generation | β | β | β | β | β | β | β |
| API | β | ββ | β | β | β | β | β |
| Issue templates | β | β | β | β | β | β | β |
π Supported tools
| Tool name | Integration type | Description |
|---|---|---|
| Nmap | Import | Import XML results (ip, port, service type, service version, hostnames, os). Supported plugins: vulners |
| Nessus | Import | Import .nessus results (ip, port, service type, security issues, os) |
| Qualys | Import | Import .xml results (ip, port, service type, security issues) |
| Masscan | Import | Import XML results (ip, port) |
| Nikto | Import | Import XML, CSV, JSON results (issue, ip, port) |
| Acunetix | Import | Import XML results (ip, port, issue) |
| Burp Suite Enterprise | Import | Import HTML results (ip, port, hostname, issue, poc) |
| kube-hunter | Import | Import JSON result (ip, port, service, issue) |
| Checkmarx SAST | Import | Import XML/CSV results (code info, issue) |
| Dependency-check | Import | Import XML results (code issues) |
| OpenVAS/GVM | Import | Import XML results (ip, port, hostname, issue) |
| NetSparker | Import | Import XML results (ip, port, hostname, issue) |
| BurpSuite | Import/Extention | Extention for fast issue send from burpsuite. |
| ipwhois | Scan | Scan hosts(s)/network(s) and save whois data |
| shodan | Scan | Scan hosts and save info (ip, port, service). |
| HTTP-Sniffer | Additional | Create multiple http-sniffers for any project. |
| WPScan | Import | Import JSON results (ip, port, hostname, issue) |
| DNSrecon | Import | Import JSON/CSV/XML results (ip, port, hostname) |
| theHarvester | Import | Import XML results (ip, hostname) |
| Metasploit | Import | Import XML project (ip, port, hostname, issue) |
| Nuclei | Import | Import JSON results (ip, hostname, port, issue) |
Changelog v1.1
πFixed
- CSRF problems with notes edition
- Icons bug
- Bug with mounted filesystems
- Bug with issue hosts selection x2
- Bug with requirements_unix.txt
- Bug with session/CSRF timeline
- Several SQL bugs
- IPv6 addresses bug
- Issue styles bug
- Database thread-locks (SQLite3 only)
- Issue templates button bug
βAdded
- βοΈDouble click host copy at creds/network/issue pages
- βοΈContribution topic
- βοΈConfig session_lifetime & csrf_lifetime params
- βοΈIssue interactive metrics tab with CVSS & OWASP Risk
- βοΈformat_date template functions
- βοΈNew structure of template functions
- βοΈDNSrecon integration
- βοΈtheHarvester integration
- βοΈMetasploit integration
- βοΈNuclei integration
- βοΈNotes variables for report templates
Install & Use
Copyright (c) 2021 Invuls / Pentest projects
