Pentest Collaboration Framework v1.1 releases: opensource, cross-platform and portable toolkit for automating routine processes
Pentest Collaboration Framework
Pentest Collaboration Framework – an open-source, cross-platform, and portable toolkit for automating routine processes when carrying out various works for testing!
Features
Structure | |
---|---|
|
- 🔬 You can create private or team projects!
- 💼 Team moderation.
- 🛠 Multiple tools integration support! Such as Nmap/Masscan, Nikto, Nessus and Acunetix!
- 🖥️ Cross-platform, open source & free!
- ☁ Cloud deployment support.
📊 PCF vs analogues
Name | PCF | Lair | Dradis | Faraday | AttackForge | PenTest.WS | Hive |
---|---|---|---|---|---|---|---|
Portable | ✅ | ❌ | ❌ | ❌ | ❌ | ✅💲 | ❌ |
Cross-platform | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
Free | ✅ | ✅ | ❌✅ | ❌✅ | ❌✅ | ❌✅ | ❌✅ |
NOT deprecated! | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
Data export | ✅ | ❌✅ | ✅ | ✅ | ✅ | ❌✅ | ✅ |
Chat | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |
Made for sec specialists, not managers | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌✅ |
Report generation | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
API | ✅ | ❌✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Issue templates | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ |
🛠 Supported tools
Tool name | Integration type | Description |
---|---|---|
Nmap | Import | Import XML results (ip, port, service type, service version, hostnames, os). Supported plugins: vulners |
Nessus | Import | Import .nessus results (ip, port, service type, security issues, os) |
Qualys | Import | Import .xml results (ip, port, service type, security issues) |
Masscan | Import | Import XML results (ip, port) |
Nikto | Import | Import XML, CSV, JSON results (issue, ip, port) |
Acunetix | Import | Import XML results (ip, port, issue) |
Burp Suite Enterprise | Import | Import HTML results (ip, port, hostname, issue, poc) |
kube-hunter | Import | Import JSON result (ip, port, service, issue) |
Checkmarx SAST | Import | Import XML/CSV results (code info, issue) |
Dependency-check | Import | Import XML results (code issues) |
OpenVAS/GVM | Import | Import XML results (ip, port, hostname, issue) |
NetSparker | Import | Import XML results (ip, port, hostname, issue) |
BurpSuite | Import/Extention | Extention for fast issue send from burpsuite. |
ipwhois | Scan | Scan hosts(s)/network(s) and save whois data |
shodan | Scan | Scan hosts and save info (ip, port, service). |
HTTP-Sniffer | Additional | Create multiple http-sniffers for any project. |
WPScan | Import | Import JSON results (ip, port, hostname, issue) |
DNSrecon | Import | Import JSON/CSV/XML results (ip, port, hostname) |
theHarvester | Import | Import XML results (ip, hostname) |
Metasploit | Import | Import XML project (ip, port, hostname, issue) |
Nuclei | Import | Import JSON results (ip, hostname, port, issue) |
Changelog v1.1
🐞Fixed
- CSRF problems with notes edition
- Icons bug
- Bug with mounted filesystems
- Bug with issue hosts selection x2
- Bug with requirements_unix.txt
- Bug with session/CSRF timeline
- Several SQL bugs
- IPv6 addresses bug
- Issue styles bug
- Database thread-locks (SQLite3 only)
- Issue templates button bug
⭐Added
- ✔️Double click host copy at creds/network/issue pages
- ✔️Contribution topic
- ✔️Config session_lifetime & csrf_lifetime params
- ✔️Issue interactive metrics tab with CVSS & OWASP Risk
- ✔️format_date template functions
- ✔️New structure of template functions
- ✔️DNSrecon integration
- ✔️theHarvester integration
- ✔️Metasploit integration
- ✔️Nuclei integration
- ✔️Notes variables for report templates
Install & Use
Copyright (c) 2021 Invuls / Pentest projects