Skip to content
P

psak

PSAK

N|Solid PSAK GitHub forks Github issues Python 3.6 License

PSAK Framework

PSAK is simple to intergrate with, provided a intermediate understanding of software develpment and Python 3.

PSAK Package Description
psak_src holds the psak project
exploit_modules holds each psak exploit module package
setup.py psak installation file

Adding modules to psak

  1. All code must closely follow the Google Python style at guide https://google.github.io/styleguide/pyguide.html
  2. Always add a init.py file to python packages or they will not be added to the project installation package list
  3. Specify a class for your exploit. This allows for a more dynamic system and adheres to the psak framework
  4. Place your module package in psak_src.modules
  5. Do not add if __name__ == '__main__': main() to your module. That is solely for the main module located in psak_src.psak.py
  6. In psak_src.psak add the following in terms of sudo code to append to psak's arguments
 if sys.argv[1] == '--your-module'
    from modules.your_packages.your_core.your_module import YourClass
    yourObject = yourObject()
    yourObject.main_function()
  1. Use parser.add_argument('--your-module', help='help message') to add a quick help message for your module

Project intergration list

Some of the tools that PSAK will implement will come from broken repositories. Before each tool is added, a stable fork of each individual tool will be required. The majority of revisions will involve simple code such as updating shebangs and octal notation (Python).

  • DHCPTakeover: a python module that sets up a dhcp server using Scapy
  • MitmAP: a python program to create a fake AP and sniff data
  • SSH-mitm SSH man-in-the-middle tool
  • TLS Prober: a toolfor identifying the implementation in use by SSL/TLS servers
  • Tplmap: exploit Code Injection and Server-Side Template Injection vulnerabilities
  • WAFW00F: identifies and fingerprints Web Application Firewall (WAF) products.
  • Finmap: find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs within webapps in python
  • NoSQLMap: audit as well as automate injection attacks while exploiting default configuration weaknesses in NoSQL databases and web applications using NoSQL
  • Webscreenshot: A simple script to screenshot a list of websites, based on the url-to-image phantomjs script.
  • Slowloris: an HTTP Denial of Service attack that affects threaded servers (Completed)
  • DHCP-Starvation: DHCP starvation attack
  • Scapy-Attacks: scapy based attack research (Intergration in progress)
  • Ddos database: Ddos knowledge database ((Intergration in progress))

Project payload list

A list of frameworks to use to design deliverable payloads for penetration testers.

  • PowerSploit: PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
  • Offensive-Security Exploit database: an official repository of The Exploit Database, a project sponsored by Offensive Security
  • DHCPig: initiates an advanced DHCP exhaustion attack