EasyPen is a security scanning tool written in Python + wxPython, which provides a simple graphical interface and supports cross-platform. It can be used for internal and external network inspections, emergency response, and continuous testing of various SRCs by white hat hackers.
It has built-in over 100 vulnerability detection plugins, and users can write their own plugins and quickly apply them to a wide range of scans.
Core Features#
Asset discovery: Discovering domains, IP addresses, ports, and services to build an asset library for subsequent scans.
Vulnerability scanning: A scanning framework based on AsyncIO, with over 100 built-in vulnerability detection plugins. It supports scheduling Hydra/Medusa/Ncrack scans for common weak passwords.
Emergency response: After a high-risk vulnerability outbreak, relying on the framework and existing asset libraries, usually only a few lines of detection logic code need to be written to complete scans of thousands of targets in a few minutes.
Vulnerability exploitation: Integrating multiple vulnerability exploitation tools.
Tool installation
Windows users can download and run the generated executable file. After extracting, run EasyPen.exe.
Users familiar with Python can use pip3 to install:
pip3 install -r requirements.txt
Note: This tool is mainly developed and tested using Python 3.8. Please use Python 3.8 to install and run this program.
Ubuntu users can install dependency tools:
apt install masscan nmap hydra medusa nfs-common ipmitool rsync -y
CentOS users can install dependency tools:
yum install masscan nmap nfs-utils ipmitool rsync -y
Install Hydra: https://github.com/vanhauser-thc/thc-hydra
Or install Medusa: https://github.com/jmk-foofus/medusa