Pentest Tool Lite

Check your website ( or any other website ) for common vulnerabilities.

Installation

Yarn:

$ yarn global add pentest-tool-lite

Or if you use npm:

$ npm install -g pentest-tool-lite

Example

Let's test my own page:

$ pentest-tool-lite https://juffalow.com

Output:

                 HTTPS: HTTPS is set properly!
                 HSTS: HSTS has low max-age value!
                 Cookies: Cookies are set properly!
                    juffalow-81b41c....domain=juffalow.com; secure; HttpOnly
                    juffalow-81b41c....domain=juffalow.com; secure; HttpOnly
                 Fingerprint: At least one fingerprint header is present!
                 X-XSS-Protection: X-XSS-Protection header is set!
                 X-Frame-Options: X-Frame-Options header is set!
                 JavaScript: At least one JavaScript file is either not available or did not pass all tests!
                    https://juffalow.com/assets/11892cca09b9810f89fe6753812ef8dd.js
                       available
                       cache
                       x-content-type-options
                       console-logs
                       minify
                       uglify
                    https://juffalow.com/assets/880ea7df99a6f68e971472639ced69f4.js
                       available
                       cache
                       x-content-type-options
                       console-logs
                       minify
                       uglify
                 CSS: All CSS files are available and passed all tests!
                    https://juffalow.com/assets/e85a390b00a3bf3fb06dd2f229506dca.css
                       available
                       cache
                       x-content-type-options
                       minify
                 Images: All image files are available!
                    https://juffalow.com/user/themes/juffalow/images/english.png
                       available
                       cache
                       x-content-type-options
                    https://juffalow.com/user/themes/juffalow/images/slovak.png
                       available
                       cache
                       x-content-type-options
                    https://juffalow.com/user/pages/06.other/the-open-source-problem/source-code.png
                       available
                       cache
                       x-content-type-options
            

Options

Available options:

  • -V, --version output the version number
  • --grep only ren tests matching tests separated by comma
  • --exclude exclude tests matching tests separated by comma
  • -s, --silent failing tests will not cause the program to exit with error
  • -d, --debug debug mode
  • -v, --verbose be more verbose/talkative during the operation
  • -h, --help output usage information

grep

Grep is checking every test if it contains any string from the grep argument.

              # check just https and hsts headers
              $ pentest-tool-lite https://juffalow.com --grep https,hsts

              # run only security tests
              $ pentest-tool-lite https://juffalow.com --grep security

              # list of tests
              $ pentest-tool-lite tests
            

exclude

If you do not want to run specific tests, you can ignore them with exclude argument.

              # run every test except for security tests
              $ pentest-tool-lite https://juffalow.com --exclude security
            

silent

If any of the tests fails, the program will exit with error. To disable this, run program with silent argument.

              $ pentest-tool-lite https://juffalow.com --silent