fdciabdul/PocketPentester
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5fdd214fdc9943a020a8a174109c9b7eca0d5761
PocketPentester/README.md
taqin 5fdd214fdc first commit
2026-04-19 21:10:28 +07:00

109 lines
3.8 KiB
Markdown
Raw Blame History

# Pocket Pentester
> Offensive security toolkit for Android. Pure Rust + Tauri + Vue.
> 21 modules. Offline-first. No root required.
<p align="center">
<img src="docs/screenshots/arsenal.png" width="280" alt="arsenal" />
</p>
---
## Modules
### ◉ Recon
| # | Tool | What it does |
|---|---|---|
| 01 | **port-scan** | Async TCP port discovery with service hints |
| 02 | **subdomain** | 16 passive sources (crt.sh, certspotter, c99, VT, ...) + brute |
| 03 | **http-probe** | Fingerprint live hosts, status, title, tech stack |
| 21 | **domain-grab** | Bulk harvest domains by TLD from web sources + IANA catalog |
### ⚔ Exploitation
| # | Tool | What it does |
|---|---|---|
| 04 | **takeover** | Subdomain takeover — 18 service fingerprints (S3/GH/Heroku/Azure/+) |
| 05 | **sqli** | sqlmap-style: error + boolean-blind + union + time-blind + auto-extract |
| 06 | **xss** | Context-aware reflection: HTML/attr/JS/URL payloads with canary |
| 07 | **jwt** | alg:none + kid injection + HMAC weak-secret brute + admin forgery |
| 08 | **xploiter** | YAML template engine — variables, payloads, matchers, chains |
| 09 | **auto-pwn** | Full chain: recon → probe → exploit, one-button pipeline |
| 12 | **dir-fuzz** | Content discovery with recursion + wildcard calibration |
| 14 | **admin-finder** | 320+ admin paths, CMS fingerprint, login form detect |
| 15 | **form-brute** | Login bruteforce: CSRF aware, regex match, baseline delta |
### ✎ Manual
| # | Tool | What it does |
|---|---|---|
| 11 | **repeater** | Burp-lite: method/URL/headers/body editor + preview + curl export |
### ≋ Network
| # | Tool | What it does |
|---|---|---|
| 10 | **lan-map** | Discover LAN devices: TCP sweep + mDNS + SSDP/UPnP |
| 16 | **dns** | A/AAAA/MX/TXT/NS/CNAME/SOA/CAA/SRV + AXFR + DNSSEC |
| 17 | **ssl-scan** | TLS cert chain, SANs, expiry, weak sig, version audit |
| 18 | **banner-grab** | TCP banner + service fingerprint (SSH/SMTP/FTP/HTTP/Redis/MySQL) |
### ⚙ Utility
| # | Tool | What it does |
|---|---|---|
| 13 | **payload-gen** | 50+ reverse/bind shells + webshells + msfvenom + encoders |
| 19 | **encoder** | Chainable b64/url/hex/html/rot13/morse/jwt pipeline |
| 20 | **hash-tools** | Identify 28+ hash types + compute MD5/SHA/CRC32 |
---
## Screenshots
<table>
<tr>
<td align="center"><img src="docs/screenshots/splash.png" width="220" /><br/><sub>splash</sub></td>
<td align="center"><img src="docs/screenshots/arsenal.png" width="220" /><br/><sub>arsenal</sub></td>
<td align="center"><img src="docs/screenshots/autopwn.png" width="220" /><br/><sub>auto-pwn</sub></td>
</tr>
<tr>
<td align="center"><img src="docs/screenshots/sqli.png" width="220" /><br/><sub>sqli</sub></td>
<td align="center"><img src="docs/screenshots/xploiter.png" width="220" /><br/><sub>xploiter</sub></td>
<td align="center"><img src="docs/screenshots/repeater.png" width="220" /><br/><sub>repeater</sub></td>
</tr>
<tr>
<td align="center"><img src="docs/screenshots/domgrab.png" width="220" /><br/><sub>domain-grab</sub></td>
<td align="center"><img src="docs/screenshots/ssl.png" width="220" /><br/><sub>ssl-scan</sub></td>
<td align="center"><img src="docs/screenshots/payloadgen.png" width="220" /><br/><sub>payload-gen</sub></td>
</tr>
</table>
---
## Quick start
```bash
# install
pnpm install
# dev (desktop)
pnpm tauri dev
# dev (android — usb debug)
pnpm tauri android dev
# build apk
pnpm tauri android build --apk --split-per-abi
# → src-tauri/gen/android/app/build/outputs/apk/arm64/release/
```
---
## Stack
- **Frontend** — Vue 3 + TypeScript + Vite
- **Backend** — Rust + Tauri 2
- **Async** — tokio + reqwest + hickory-dns + rustls
---
## Credits
Created by [imtaqin](https://github.com/imtaqin) · Powered by [Tegal 1337](https://tegalsec.com)
Reference in New Issue View Git Blame Copy Permalink