EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation

Last update: Dec 25, 2022

Related tags

Learning resource EasyPen

Overview

EasyPen Alpha 1.0.5

Do not use EasyPen for illegal purposes, this tool is for research only

查看中文

EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation.

It has over 100 built-in scan scripts which covers most common vulnerabilities, you can easily write your own scan script and map the scan for thousands of targets.

User Manual： https://easypen.lijiejie.com/

Change Log

2022-09-21: Bug Fix: Terminate all child processes immediately after STOP click.
2022-09-16: Bug Fix: Targets input missing is_http.
2022-09-15: Bug Fix: DNS log monitor object overwrite, brute job shouldn't create dns log monitor.
2022-09-13: Bug fix: hydra plugin works with a hard code timeout.
2022-09-12: important bug fix, asyncio timeout failed to gather returned vulnerabilities.

Install

Microsoft Windows users can download zipped file and run EasyPen.exe : https://github.com/lijiejie/EasyPen/releases

Users who are familiar with python can install via pip3

pip3 install -r requirements.txt

At present this project is developed and tested under Python3.8, please use Python3.8 to run this app

Ubuntu User

apt install masscan nmap hydra medusa nfs-common ipmitool rsync -y

CentOS User

yum install masscan nmap nfs-utils ipmitool rsync -y

Install hydra: https://github.com/vanhauser-thc/thc-hydra
Or Install medusa: https://github.com/jmk-foofus/medusa

Feathers

Discover: Domain / IP / Port / Services discovery, build assert databases
Vulnerability Scan：Single thread scan framework works with AsyncIO, with over 100 built-in plugins, can driven Hydra/Medusa/Ncrack to brute weak passwords
Incident Response：Whenever a critical vulnerability was disclosed, based on the assert db created by the discover module and the scan framework, in most cases, users only need to write very few lines of code to implement the vulnerability check. After that you can map the scan script to thousands of targets and finish the scan in serveral minutes.
Exploitation: Provides you some exploit tools

Scan Panel Screenshot

Tools Panel Screenshot

Develop Plans

Alpha 1.0 was released, includes some basic modules. Please create issues if any bugs found.

Adapt more DNSLog APIs，includes Antenna漏洞验证平台
Web fingerprints and live preview
scan plugin profiles
Support the execution of other open source projects' scan plugins: python / YAML
Plugin live edit and debug
Vulnerabilities one click recheck
Brute function optimization
Integrate with BBScan
Better scan performance and algorithm
Better code construction, more friendly for other users to contribute plugin & tools

Invadium runs exploit playbooks against vulnerable target applications in an intuitive, reproducible, and well-defined manner.

Invadium Invadium runs exploits against one or more target applications in an intuitive, reproducable, and well-defined manner. It focuses on bridging

Nov 6, 2022

Init a target by promise only once.

once-init 🗼 Let Promise Function Executed Only Once. The Promise will be executed when the attribute target is called for the first time, and the Pro

Dec 26, 2022

CLI tool to update caniuse-lite to refresh target browsers from Browserslist config

Update Browserslist DB CLI tool to update caniuse-lite with browsers DB from Browserslist config. Some queries like last 2 version or 1% depends on a

Dec 30, 2022

Building #dotnet code to target WASM in the browser

WASM Running .NET in a Browser This solution shows you can compile .NET to target a WASM app bundle that can be used independently of a dotnet applica

Oct 14, 2022

375 DSA Tracker helps you build your confidence in solving any coding related question and helps you prepare for your placements. It is your personal web-based progress tracker based on 375 DSA Sheet by Aman Dhattarwal & Shradha Didi

375-DSA Tracker 👨‍💻 Me and my friend Abhilash Jena made a 375 DSA Tracker website based on 375 DSA Sheet by Aman Dhattarwal & Shradha Didi which hel

Nov 11, 2022

An app to manage tasks. A user can add, delete and edit a task and mark it as completed, It uses simple GUI and relies on DOM manipulation in pure JS and using local storage.

Aug 20, 2022

Digispark Overmaster : free IDE TOOL allows to create and edit Digispark Scripts by the drag and drop technique,with cool GUI and easy to use it

Digispark_Overmaster Digispark Overmaster : free IDE TOOL allows to create and edit Digispark Scripts by the drag and drop technique,with cool GUI and

Nov 14, 2022

A new generation GUI automation framework for Web and Desktop Application Testing and Automation.

Clicknium-docs Clicknium is a new generation GUI automation framework for all types of applications. It provides easy and smooth developer experience

Dec 19, 2022

🛠️ A simple GUI of Ethereum tools and utilities for debugging

Ethereum DevTools GUI A simple GUI of Ethereum tools and utilities for debugging Demo https://lab.miguelmota.com/ethereum-devtools Tools ABI viewer sh

Oct 31, 2022

Comments

Did you forget to call SetImages()?

python3.10 EasyPen.py 21:16:25: Debug: Adding duplicate image handler for 'Windows bitmap file' 21:16:25: Debug: Adding duplicate animation handler for '1' type 21:16:25: Debug: Adding duplicate animation handler for '2' type 21:16:28: Debug: Adding duplicate image handler for 'Windows bitmap file' 21:16:28: Debug: Adding duplicate animation handler for '1' type 21:16:28: Debug: Adding duplicate animation handler for '2' type 21:16:28: Debug: Adding duplicate image handler for 'Windows bitmap file' 21:16:28: Debug: Adding duplicate animation handler for '1' type 21:16:28: Debug: Adding duplicate animation handler for '2' type Traceback (most recent call last): File "/Users/aaa/tools/EasyPen/ui/frame_loading.py", line 48, in on_close frame = MainFrame(None, "EasyPen %s" % conf.app_ver) File "/Users/aaaa/tools/EasyPen/ui/frame_main.py", line 105, in init self.notebook.AddPage(discover_panel, "Discover", imageId=0) wx._core.wxAssertionError: C++ assertion ""Assert failure"" failed at /Users/robind/projects/bb2/dist-osx-py310/build/ext/wxWidgets/include/wx/withimages.h(195) in GetBitmapBundle(): Image index specified, but there are no images.

Did you forget to call SetImages()?

opened by nmweizi 5
EasyPen_alpha_1.0.7解压后运行报错

EasyPen_alpha_1.0.7解压后报 [2022-10-20 09:54:25,105] [log_output] [43] EasyPen alpha 1.0.7 start, wxpython version is 4.2.0 msw (phoenix) wxWidgets 3.2.0 [2022-10-20 09:54:32,215] [log_output] [43] Nmap missing, please install nmap or add it to $PATH [2022-10-20 09:55:57,707] [log_output] [43] Brute domain: 172.40.12.228, pid: 8116 但是运行电脑是安装了nmap的，是不是需要修改环境变量呢？

opened by lhl123github 9
Masscan test failed

当开启程序的时候报 Masscan test failed ,任意输入一个IP扫描没有任何结果

16:57:40: EasyPen alpha 1.0.5 start, wxpython version is 4.2.0 msw (phoenix) wxWidgets 3.2.0 16:57:41: Masscan test failed.

16:58:43: Vulnerability scan start, with 117 plugins enabled 16:58:43: Init port scan for 1 IP 16:58:44: Poc runner terminated. 16:58:44: Port scan finished. 16:58:44: Vulnerability scan finished.

opened by dark123y 3

Releases(alpha1.0.0)

alpha1.0.0(Sep 8, 2022)

This release is for windows user only. Unzip and run EasyPen.exe

Windows用户若没有Python环境，可直接下载该压缩包。打开运行 EasyPen.exe 即可
Source code(tar.gz)
Source code(zip)
EasyPen_alpha_1.0.7.zip(72.10 MB)

Owner

Just For Fun

GitHub

client-side prototype pullution vulnerability scanner

JSPanda JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyz

46 Dec 25, 2022

Sample AWS microservices app with service discovery defined using the CDK. Uses Docker + Fargate & ELB.

AWS Microservices Demo with CDK and Fargate About Simple AWS microservice-based app. Consists of two Spring Boot based services: Name Service GET /nam

7 Nov 23, 2022

A simple web server exposing Hetzner cloud instances for consumption by the Prometheus HTTP service discovery.

Prometheus: Hetzner Service Discovery A server to provide automatic node discovery for Hetzner Cloud to Prometheus via HTTP service discovery. In cont

1 Oct 10, 2022

A pure JavaScript Web Page to retrieve real-time OTP through a web page and generate/scan QR codes.

2FA-Solver A pure JavaScript Web Page to retrieve real-time OTP through a web page and generate/scan QR codes. It can be used as an offline web page b

8 Dec 7, 2022

LunaSec - Open Source Security Software built by Security Engineers. Scan your dependencies for Log4Shell, or add Data Tokenization to prevent data leaks. Try our live Tokenizer demo: https://app.lunasec.dev

Our Software We're a team of Security Engineers on a mission to make awesome Open Source Application Security tooling. It all lives in this repo. Here

1.2k Jan 7, 2023

Compact library for interacting with Ankr Scan Multichain API.

ankrscan.js Compact SDK for interacting with Ankr Scan MultiChain JSON-RPC API. SDK supports following MultiChain methods: getLogs - logs matching the

23 Jan 3, 2023

Program that helps you to be more lazy :)

IFL (I F#cking lazy) IFL - is a program build with electron & react. Main goal of this project is to help you be more productive with adding new songs

3 Aug 31, 2022

A simple calculator for how many units of insulin to take with a meal depending on current and target blood sugar levels.

Insulin-Calculator One of my first programs, made to try building javascript-read HTML forms. A simple calculator for how many units of insulin to tak

1 Dec 26, 2021

Based on Google Chrome recorder, implement UI interface capture and notify the result to the target mailbox

chrome-recoder-crawler README-CN Modify the .js file exported by Google Chrome recorder. By default, the innerText property of the node operated in th

4 Oct 18, 2022

Calculates dependencies for a Go build-target and submits the list to the Dependency Submission API

Go Dependency Submission This GitHub Action calculates dependencies for a Go build-target (a Go file with a main function) and submits the list to the

33 Dec 7, 2022