MoatazSec Professional is a modular, comprehensive penetration testing framework that integrates Kali Linux tools with enterprise-grade automation. Designed for security professionals, red teams, and penetration testers, it delivers professional security assessments with detailed reporting capabilities. This framework streamlines the reconnaissance, vulnerability assessment, and reporting phases of a penetration test, providing actionable insights and a clear overview of an organization's security posture.
- Modular Architecture: Easily extendable with new tools and assessment phases.
- Comprehensive Assessment Phases: Covers OSINT, Active Reconnaissance, Port Scanning, Web Application Assessment, and Vulnerability Scanning.
- Interactive Installation: Guided setup for dependencies and security tools.
- Professional Reporting: Generates executive summaries, HTML reports, and JSON exports.
- Automated Workflows: Integrates popular Kali Linux tools for efficient scanning and analysis.
- Customizable Scans: Supports full penetration tests, OSINT-only scans, and custom output directories.
- Primary Language: Python 3.x
- Operating System: Kali Linux, Parrot OS
- Key Tools Integrated: Nmap, Masscan, Nuclei, Nikto, Amass, Subfinder, Assetfinder, DNSrecon, HTTPX, Subjack, GoBuster, Waybackurls, testssl.sh.
- Diagramming: Mermaid.js for architectural visualizations.
- A Linux-based penetration testing distribution (e.g., Kali Linux, Parrot OS).
- Python 3.10+.
- Internet connectivity for tool downloads and updates.
- Clone the repository:
git clone https://github.com/MOATAZQ24/moatazsec-security-snapshot.git cd moatazsec-security-snapshot - Run interactive installation (recommended):
Alternatively, for a minimal setup:
chmod +x install/install_dependencies.sh ./install/install_dependencies.sh
chmod +x install/install_minimal.sh ./install/install_minimal.sh
- Full penetration test:
python3 src/moatazsec_pro.py --target example.com --full-scan --verbose
- OSINT reconnaissance only:
python3 src/moatazsec_pro.py --target example.com --osint-only
- Custom output directory:
python3 src/moatazsec_pro.py --target example.com --full-scan --output my_reports
- High-thread scanning:
python3 src/moatazsec_pro.py --target example.com --full-scan --threads 100 --verbose
- Continuous monitoring setup:
while true; do python3 src/moatazsec_pro.py --target example.com --osint-only sleep 86400 # 24 hours done
(Placeholder for future screenshots or GIFs demonstrating the framework in action.)
This framework integrates and leverages several powerful open-source tools. We extend our gratitude to the developers and communities behind these projects:
- Nmap (nmap.org): Used for comprehensive port scanning and service detection. Included for its industry-standard capabilities in network discovery.
- Nuclei (projectdiscovery.io/nuclei/): Utilized for fast and customizable vulnerability scanning. Chosen for its flexible templating and active community.
- Amass (github.com/owasp-amass/amass): Integrated for extensive attack surface mapping and subdomain enumeration. Valued for its deep reconnaissance capabilities.
This project adheres to the licenses of all integrated tools. Specific license information can be found in their respective repositories.
- Ensure all dependencies are installed before running the framework.
- Always use this tool responsibly and only on systems you have explicit permission to test.
- Regularly update the framework and its integrated tools to benefit from the latest features and security patches.
This project is licensed under the MIT License.