first commit

README.md

@@ -0,0 +1,108 @@
+# Pocket Pentester
+
+> Offensive security toolkit for Android. Pure Rust + Tauri + Vue.
+> 21 modules. Offline-first. No root required.
+
+<p align="center">
+  <img src="docs/screenshots/arsenal.png" width="280" alt="arsenal" />
+</p>
+
+---
+
+## Modules
+
+### ◉ Recon
+| # | Tool | What it does |
+|---|---|---|
+| 01 | **port-scan** | Async TCP port discovery with service hints |
+| 02 | **subdomain** | 16 passive sources (crt.sh, certspotter, c99, VT, ...) + brute |
+| 03 | **http-probe** | Fingerprint live hosts, status, title, tech stack |
+| 21 | **domain-grab** | Bulk harvest domains by TLD from web sources + IANA catalog |
+
+### ⚔ Exploitation
+| # | Tool | What it does |
+|---|---|---|
+| 04 | **takeover** | Subdomain takeover — 18 service fingerprints (S3/GH/Heroku/Azure/+) |
+| 05 | **sqli** | sqlmap-style: error + boolean-blind + union + time-blind + auto-extract |
+| 06 | **xss** | Context-aware reflection: HTML/attr/JS/URL payloads with canary |
+| 07 | **jwt** | alg:none + kid injection + HMAC weak-secret brute + admin forgery |
+| 08 | **xploiter** | YAML template engine — variables, payloads, matchers, chains |
+| 09 | **auto-pwn** | Full chain: recon → probe → exploit, one-button pipeline |
+| 12 | **dir-fuzz** | Content discovery with recursion + wildcard calibration |
+| 14 | **admin-finder** | 320+ admin paths, CMS fingerprint, login form detect |
+| 15 | **form-brute** | Login bruteforce: CSRF aware, regex match, baseline delta |
+
+### ✎ Manual
+| # | Tool | What it does |
+|---|---|---|
+| 11 | **repeater** | Burp-lite: method/URL/headers/body editor + preview + curl export |
+
+### ≋ Network
+| # | Tool | What it does |
+|---|---|---|
+| 10 | **lan-map** | Discover LAN devices: TCP sweep + mDNS + SSDP/UPnP |
+| 16 | **dns** | A/AAAA/MX/TXT/NS/CNAME/SOA/CAA/SRV + AXFR + DNSSEC |
+| 17 | **ssl-scan** | TLS cert chain, SANs, expiry, weak sig, version audit |
+| 18 | **banner-grab** | TCP banner + service fingerprint (SSH/SMTP/FTP/HTTP/Redis/MySQL) |
+
+### ⚙ Utility
+| # | Tool | What it does |
+|---|---|---|
+| 13 | **payload-gen** | 50+ reverse/bind shells + webshells + msfvenom + encoders |
+| 19 | **encoder** | Chainable b64/url/hex/html/rot13/morse/jwt pipeline |
+| 20 | **hash-tools** | Identify 28+ hash types + compute MD5/SHA/CRC32 |
+
+---
+
+## Screenshots
+
+<table>
+  <tr>
+    <td align="center"><img src="docs/screenshots/splash.png" width="220" /><br/><sub>splash</sub></td>
+    <td align="center"><img src="docs/screenshots/arsenal.png" width="220" /><br/><sub>arsenal</sub></td>
+    <td align="center"><img src="docs/screenshots/autopwn.png" width="220" /><br/><sub>auto-pwn</sub></td>
+  </tr>
+  <tr>
+    <td align="center"><img src="docs/screenshots/sqli.png" width="220" /><br/><sub>sqli</sub></td>
+    <td align="center"><img src="docs/screenshots/xploiter.png" width="220" /><br/><sub>xploiter</sub></td>
+    <td align="center"><img src="docs/screenshots/repeater.png" width="220" /><br/><sub>repeater</sub></td>
+  </tr>
+  <tr>
+    <td align="center"><img src="docs/screenshots/domgrab.png" width="220" /><br/><sub>domain-grab</sub></td>
+    <td align="center"><img src="docs/screenshots/ssl.png" width="220" /><br/><sub>ssl-scan</sub></td>
+    <td align="center"><img src="docs/screenshots/payloadgen.png" width="220" /><br/><sub>payload-gen</sub></td>
+  </tr>
+</table>
+
+---
+
+## Quick start
+
+```bash
+# install
+pnpm install
+
+# dev (desktop)
+pnpm tauri dev
+
+# dev (android — usb debug)
+pnpm tauri android dev
+
+# build apk
+pnpm tauri android build --apk --split-per-abi
+# → src-tauri/gen/android/app/build/outputs/apk/arm64/release/
+```
+
+---
+
+## Stack
+
+- **Frontend** — Vue 3 + TypeScript + Vite
+- **Backend** — Rust + Tauri 2
+- **Async** — tokio + reqwest + hickory-dns + rustls
+
+---
+
+## Credits
+
+Created by [imtaqin](https://github.com/imtaqin) · Powered by [Tegal 1337](https://tegalsec.com)