← Back

Poor Man's Pentest

Dec 1, 2024 1 min read

Overview

Poor Man’s Pentest is a modular Python toolkit designed to automate the repetitive parts of penetration testing — reconnaissance, port scanning, directory enumeration, and vulnerability checks — all from a single command-line interface.

Motivation

During my internships at JPMorgan and Deloitte, I found myself repeating the same initial recon steps on every engagement. This toolkit was born from the need to standardise and accelerate that process without relying on heavy commercial frameworks.

Features

  • Modular architecture — each scanning technique is a separate module that plugs into the core engine
  • Automated Nmap scanning — configurable scan profiles (quick, full, stealth)
  • Directory enumeration — integrated Gobuster wrapper with custom wordlists
  • HTTP header analysis — checks for security headers and misconfigurations
  • Report generation — outputs findings in HTML and Markdown with CVSS scoring
  • Configurable — YAML-based configuration for scan profiles and output preferences

Usage

1

python3 main.py --target 10.10.10.1 --profile full --output report.html

Architecture

1
2
3
4
5

core/scanner.py     - Base scanner class with common methods
core/reporter.py    - Jinja2-based report generation engine
modules/nmap_scan.py - Nmap wrapper with output parsing
modules/dir_bust.py  - Directory enumeration module
modules/header_check.py - HTTP security header checker

Each module inherits from the base Scanner class and implements run() and parse_output() methods, making it simple to add new scanning capabilities.

Roadmap

  • Nessus API integration for vulnerability correlation
  • Concurrent multi-target scanning
  • Interactive TUI dashboard
  • Integration with Burp Suite API for web app testing