v1.9.0 — 500 tests · 21 improvements

Break
Barriers.
Not Laws.

Windows-native penetration testing toolkit. 125+ security tools, triple interface, zero configuration. No Kali VM needed.

Download .exe Source Code
0
Security Tools
0
Categories
0
Tests Passing
0
Languages
Capabilities

Full Attack
Lifecycle Coverage

From reconnaissance to reporting. Every tool you need, running natively on Windows.

🔍
Recon & OSINT
Port scanning, DNS resolution, WHOIS, subdomain enumeration, GitHub dorking, certificate transparency monitoring.
12 tools · async support
🕸️
Web Security
SQLi, XSS, SSRF, XXE, LFI, CRLF, SSTI across 10 template engines, directory brute-forcing, WAF detection.
18 tools · deep scanning
🔑
Auth & Crypto
Password cracking, hash identification, JWT decode/brute/none-attack/key-confusion, RSA analysis, OAuth2 testing.
14 tools · jwt suite
☁️
Cloud & Infra
S3 bucket enum, Azure Blob, Firebase, LDAP, SMB, Kerberos, SNMP walk, DNS rebinding, virtual host discovery.
11 tools · multi-cloud
📡
Network & Payload
TCP/UDP/IPv6 scanning, banner grabbing, TLS analysis, reverse/bind shell generation, 8-format payload encoding.
15 tools · shell gen
🛡️
Defense & Compliance
Honeypot detection, YARA scanning, PCI-DSS checks, CIS benchmarks, log analysis, baseline comparison.
9 tools · audit ready
Automation
Attack chaining, scan profiles (quick/standard/deep), auto risk correlation, CVSS v3.1 calculator.
8 tools · chain engine
📊
Reporting
SARIF v2.1.0 export, Burp Suite export, executive reports with risk matrices and remediation guidance.
4 formats · ci/cd ready
🔌
Plugin System
Drop any .py file into plugins/ and it's automatically loaded. Define fields, category, and a run() function.
hot reload · extensible
Triple Interface

Your Workflow,
Your Way

Three interfaces, one engine. Pick what fits your workflow — or use all three.

01 — GUI
Dark GUI
Modern, sleek interface built with CustomTkinter. Dark-mode optimized with real-time output and session persistence.
  • 22 organized tool categories
  • Real-time scan output
  • Session save/restore
  • 5 languages (EN/FR/ZH/ES/DE)
  • Standalone .exe (48 MB)
02 — CLI
Rich CLI
Beautiful terminal interface powered by Rich. Tables, progress bars, and colored output for the command-line purist.
  • Formatted tables and trees
  • Progress bars for long scans
  • Piping and scripting friendly
  • Same engine, same results
03 — API
REST API
FastAPI-powered headless interface. 43 endpoints with OpenAPI docs, perfect for CI/CD pipelines and automation.
  • 43 endpoints with auth
  • SSRF protection built-in
  • Rate limiting & request tracing
  • Docker ready
Get Started

Up and Running
in Seconds

Download the standalone exe or build from source. No Python environment required for the binary.

Standalone Binary
Single .exe file. No dependencies. Just download and double-click.
# Download from GitHub Releases
$ curl -LO https://github.com/Oli97430/PENETRATOR/releases/latest/download/PENETRATOR.exe

# Run it
$ ./PENETRATOR.exe
From Source
For developers wanting to customize the engine or contribute.
$ git clone https://github.com/Oli97430/PENETRATOR.git
$ cd PENETRATOR
$ pip install -r requirements.txt

# GUI / CLI / API
$ python penetrator.py
$ python penetrator_cli.py
$ uvicorn penetrator_api:app
REST API

43 Endpoints.
Full Power.

Headless scanning for CI/CD pipelines, automation, and remote testing workflows.

Method Endpoint Description
GET /health Health check (no auth required)
POST /scan/ports TCP port scanning
POST /scan/subdomains Subdomain enumeration
POST /scan/sqli SQL injection detection
POST /scan/xss-probe Reflected XSS scanner
POST /scan/ssti Server-side template injection
POST /jwt/none-attack JWT none-algorithm attack
POST /tools/attack-chain Automated attack chaining
POST /report/sarif SARIF v2.1.0 export

+ 34 more endpoints — full docs at localhost:8000/docs