Do not use EasyPen for illegal purposes, this tool is for research only
EasyPen
is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation.
It has over 100 built-in scan scripts which covers most common vulnerabilities, you can easily write your own scan script and map the scan for thousands of targets.
User Manual: https://easypen.lijiejie.com/
- 2022-10-18: Bug Fix: Executable file path error when blank string appears in path.
- 2022-10-18: Bug Fix: Brute task access DNS log, weak passwords found not write to the result table as expected.
- 2022-09-21: Bug Fix: Terminate all child processes immediately after
STOP
click. - 2022-09-16: Bug Fix: Targets input missing
is_http
. - 2022-09-15: Bug Fix: DNS log monitor object overwrite, brute job shouldn't create dns log monitor.
- 2022-09-13: Bug fix: hydra plugin works with a hard code
timeout
. - 2022-09-12: important bug fix, asyncio timeout failed to gather returned vulnerabilities.
Microsoft Windows users can download zipped file and run EasyPen.exe
: https://github.com/lijiejie/EasyPen/releases
Users who are familiar with python can install via pip3
pip3 install -r requirements.txt
At present this project is developed and tested under Python3.8, please use Python3.8 to run this app
Ubuntu User
apt install masscan nmap hydra medusa nfs-common ipmitool rsync -y
CentOS User
yum install masscan nmap nfs-utils ipmitool rsync -y
Install hydra: https://github.com/vanhauser-thc/thc-hydra
Or Install medusa: https://github.com/jmk-foofus/medusa
- Discover: Domain / IP / Port / Services discovery, build assert databases
- Vulnerability Scan:Single thread scan framework works with AsyncIO, with over 100 built-in plugins, can driven Hydra/Medusa/Ncrack to brute weak passwords
- Incident Response:Whenever a critical vulnerability was disclosed, based on the assert db created by the discover module and the scan framework, in most cases, users only need to write very few lines of code to implement the vulnerability check. After that you can map the scan script to thousands of targets and finish the scan in serveral minutes.
- Exploitation: Provides you some exploit tools
Scan Panel Screenshot
Tools Panel Screenshot
Alpha 1.0 was released, includes some basic modules. Please create issues if any bugs found.
- Adapt more DNSLog APIs,includes Antenna漏洞验证平台
- Web fingerprints and live preview
- scan plugin profiles
- Support the execution of other open source projects' scan plugins: python / YAML
- Plugin live edit and debug
- Vulnerabilities one click recheck
- Brute function optimization
- Integrate with BBScan
- Better scan performance and algorithm
- Better code construction, more friendly for other users to contribute plugin & tools