Pentest Collaboration Framework v1.1 releases: opensource, cross-platform and portable toolkit for automating routine processes
Pentest Collaboration Framework
Pentest Collaboration Framework – an open-source, cross-platform, and portable toolkit for automating routine processes when carrying out various works for testing!
Features
| Structure | |
|---|---|
|
 |
- 🔬 You can create private or team projects!
- 💼 Team moderation.
- 🛠 Multiple tools integration support! Such as Nmap/Masscan, Nikto, Nessus and Acunetix!
- 🖥️ Cross-platform, open source & free!
- ☁ Cloud deployment support.
📊 PCF vs analogues
| Name | PCF | Lair | Dradis | Faraday | AttackForge | PenTest.WS | Hive |
|---|---|---|---|---|---|---|---|
| Portable | ✅ | ❌ | ❌ | ❌ | ❌ | ✅💲 | ❌ |
| Cross-platform | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
| Free | ✅ | ✅ | ❌✅ | ❌✅ | ❌✅ | ❌✅ | ❌✅ |
| NOT deprecated! | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Data export | ✅ | ❌✅ | ✅ | ✅ | ✅ | ❌✅ | ✅ |
| Chat | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |
| Made for sec specialists, not managers | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌✅ |
| Report generation | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| API | ✅ | ❌✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Issue templates | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ |
🛠 Supported tools
| Tool name | Integration type | Description |
|---|---|---|
| Nmap | Import | Import XML results (ip, port, service type, service version, hostnames, os). Supported plugins: vulners |
| Nessus | Import | Import .nessus results (ip, port, service type, security issues, os) |
| Qualys | Import | Import .xml results (ip, port, service type, security issues) |
| Masscan | Import | Import XML results (ip, port) |
| Nikto | Import | Import XML, CSV, JSON results (issue, ip, port) |
| Acunetix | Import | Import XML results (ip, port, issue) |
| Burp Suite Enterprise | Import | Import HTML results (ip, port, hostname, issue, poc) |
| kube-hunter | Import | Import JSON result (ip, port, service, issue) |
| Checkmarx SAST | Import | Import XML/CSV results (code info, issue) |
| Dependency-check | Import | Import XML results (code issues) |
| OpenVAS/GVM | Import | Import XML results (ip, port, hostname, issue) |
| NetSparker | Import | Import XML results (ip, port, hostname, issue) |
| BurpSuite | Import/Extention | Extention for fast issue send from burpsuite. |
| ipwhois | Scan | Scan hosts(s)/network(s) and save whois data |
| shodan | Scan | Scan hosts and save info (ip, port, service). |
| HTTP-Sniffer | Additional | Create multiple http-sniffers for any project. |
| WPScan | Import | Import JSON results (ip, port, hostname, issue) |
| DNSrecon | Import | Import JSON/CSV/XML results (ip, port, hostname) |
| theHarvester | Import | Import XML results (ip, hostname) |
| Metasploit | Import | Import XML project (ip, port, hostname, issue) |
| Nuclei | Import | Import JSON results (ip, hostname, port, issue) |
Changelog v1.1
🐞Fixed
- CSRF problems with notes edition
- Icons bug
- Bug with mounted filesystems
- Bug with issue hosts selection x2
- Bug with requirements_unix.txt
- Bug with session/CSRF timeline
- Several SQL bugs
- IPv6 addresses bug
- Issue styles bug
- Database thread-locks (SQLite3 only)
- Issue templates button bug
⭐Added
- ✔️Double click host copy at creds/network/issue pages
- ✔️Contribution topic
- ✔️Config session_lifetime & csrf_lifetime params
- ✔️Issue interactive metrics tab with CVSS & OWASP Risk
- ✔️format_date template functions
- ✔️New structure of template functions
- ✔️DNSrecon integration
- ✔️theHarvester integration
- ✔️Metasploit integration
- ✔️Nuclei integration
- ✔️Notes variables for report templates
Install & Use
Copyright (c) 2021 Invuls / Pentest projects
