Pentest Collaboration Framework - an opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!
Explore the docs »

Links
📖Installation Guide
🌐Wiki
🚀Releases
💬Telegram
🕹️Demo

Structure
:family_mmb: Teams Work team Personal team ⛑ Pentest projects 🖥️ Hosts ip-address hostnames operation system open ports tester notes 🐞 Issues Proof of concept 🌐 Networks 🔑 Found credentials 📝 Notes 💬 Chats 📊 Report generation plaintext docx zip 📁 Files 🛠 Tools

• 🔬 You can create private or team projects!
• 💼 Team moderation.
• 🛠 Multiple tools integration support! Such as Nmap/Masscan, Nikto, Nessus and Acunetix!
• 🖥️ Cross-platform, opensource & free!
• ☁ Cloud deployment support.

• 📖 Fast Installation Guide
  • 💻 Standalone
  • ☁️ Heroku
  • ☁️ AWS
  • 🐋 Docker Usage
• 🦜 Telegram
• 🤸 Usage
• 🖼️ Gallery
• ⚠️ WARNING
• 🎪 Community
• 📝 TODO
• 🎁 Presentations
• 🏢 Companies
• ❤️ Contribute

You need only Python3.

Download project:

git clone https://gitlab.com/invuls/pentest-projects/pcf.git

Go to folder:

cd pcf

Install deps (for unix-based systems):

pip3 install -r requirements_unix.txt

or windows:

pip.exe install -r requirements_windows.txt

Run initiation script:

python3 new_initiation.py

or windows

python.exe new_initiation.py

Edit configuration:

nano configuration/settings.ini

Run:

old version: python3 app.py
new version: python3 run.py

or windows

old version: python.exe app.py
new version: python.exe run.py

⚠️ From november 2022 Heroku free tier does not include PostgreSQL. So, you will be able to use it only at paid account⚠️

Deploy from our github repository:

Careful: Check github repo last push version!

You can check 😓Harder and 💀Impossible ways at 🌐wiki page!

You can just follow the link and install PCF from AWS marketplace:

Will be added later!

Clone repository

git clone https://gitlab.com/invuls/pentest-projects/pcf.git

Go to folder:

cd pcf

Run docker-compose:

docker-compose up

and go to URL

http://127.0.0.1:5000/

Default port (check config): 5000 Default ip (if run at localhost): 127.0.0.1

1. Register at http(s)://<ip>:<port>/register

2. Login at http(s)://<ip>:<port>/login

3. Create team (if need) at http(s)://<ip>:<port>/create_team

4. Create project at http(s)://<ip>:<port>/new_project

5. Enjoy your hacking process!

API information: https://gitlab.com/invuls/pentest-projects/pcf/-/wikis/API%20documentation

Team information	Projects list
Project: issues	Project: host page
Project: hosts	Project:services
Project: issue info	Project: issue info (PoC)
Project: networks	Project: files
Project: tools (may be changed)	Project: found credentials
Project: testing notes	Project: chats
Project: settings	Project: reports

This program, by default, uses 5000 port and allows everyone to register and use it, so you need to set correct firewall & network rules.

Careful with new_initiation script! It makes some important changes with filesystem:

1. Renames database /configuration/database.sqlite3
2. Regenerates SSL certificates
3. Regenerates session key.
4. Creates new empty /configuration/database.sqlite3 database
5. Creates /tmp_storage/ folder

If you have any feature suggestions or bugs, leave a GitLab issue. We welcome any and all support :D

We communicate over Telegram. Click here to join our Telegram community!

• Team config storage
• Team report templates storage
• Automatic database backup
• Share Issues with non-registered users
• Report generation
• Fast popular password bruteforce check (top-10k)
• REST-API
• Network graph
• Hash fast export/import
• Add another databases
• Add .doc report generation support
• Issue templates
• Backup/Restore from backup projects/teams

• HTTP-sniffer
• NetNTLM smb sniffer
• Custom tool txt report upload support (added notes to hosts)
• Hash fast check top-10k passwords
• Export projects from Faraday/Dradis
• Metasploit/Cobalt Strike integration

• Vue.js
• Websockets
• Push messages (updates)
• Database rebuild (objects)
• hosts -> interfaces -> ports
• hosts -> hostnames
• Project file manager
• Port -> Protocol:Software:Version
• User-defined host marks (mark all hosts with open port)
• TODO marks button every page
• Dublicate hosts (join them?)
• host MAC/AD domain/Forest

• Black Hat:

  • Asia : 2021

  Europe 2021

• MIPHI : 2021

• Defcon-NN : 2021

• DC7495 : 2021

• H@cktivityCon🌐: 2021

• Standoff : 2021

• PHDays 2022

There will be companies list which use Pentest Collaboration Framework.

If you want to add your company, then read next topic :)

If you want to help to project or encourage PCF developers, you can do any of the following:

• Mention PCF at your presentations/research articles/forum topics/other information resources.
• Advise it to you friends/collegues.
• "Star" this repository
• Don't forget about PCF telegram chat https://t.me/PentestCollaborationFramework
• Create more feature/bug requests at gitlab issues page https://gitlab.com/invuls/pentest-projects/pcf/-/issues
• If you use it at work, you can ask @drakylar (Telegram) to add your work icon + link at "Companies" topic at README.md
• You can create more template examples for PCF and send them to me (@drakylar Telegram), so I will add them to template examples folder at main repository
• We have not too much Youtube tutorials, so, you can create one :)
• Also you can create more nmap scripts plugins and also send them to @drakylar. More info here: https://gitlab.com/invuls/pentest-projects/pcf/-/issues/34 https://gitlab.com/invuls/pentest-projects/pcf/-/blob/master/routes/ui/tools_addons/nmap_scripts/nmap_example.py

There was some frequent question:

How to donate money to the project?

No way. I do not guarantee that I will not abandon this project after a while, so the best "donation" will be a contribution to the development and distribution of the utility.

How to make a merge requests to this repository?

Again, no way. To develop PCF faster, I need to know all of its code, so just create an issue at gitlab with bug/feature request and some code example, which I may use to fix it.