← Back to all products

Penetration Testing Toolkit

$49

Automated security testing scripts, vulnerability scanners, report templates, and methodology checklists.

📁 28 files
MarkdownShellJSONPythonYAMLAWS

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 28 files

penetration-testing-toolkit/ ├── LICENSE ├── README.md ├── docs/ │ ├── cvss-v3.1-scoring-guide.md │ ├── engagement-checklist.md │ ├── methodology.md │ ├── reporting-guide.md │ └── rules-of-engagement.md ├── examples/ │ ├── findings.example.json │ ├── sample-report.md │ └── scope.example.yaml ├── free-sample.zip ├── guide/ │ ├── 01-engagement-methodology.md │ ├── 02-scoping-checklist.md │ ├── 03-vulnerability-scoring.md │ ├── 04-reporting-findings.md │ └── 05-sample-report.md ├── index.html ├── scripts/ │ └── preflight_scope_check.sh ├── src/ │ ├── cvss.py │ ├── report_generator.py │ ├── scope_guard.py │ └── wrappers/ │ ├── common.py │ ├── nikto_wrapper.py │ ├── nmap_wrapper.py │ └── testssl_wrapper.py └── templates/ ├── findings-template.md ├── report-template.md └── rules-of-engagement-template.md

📖 Documentation Preview README excerpt

Penetration Testing Toolkit (Defensive / Professional)

A complete, authorization-first workflow for running professional security

assessments of systems you own or are contractually permitted to test. It

gives you the methodology, the safety guardrails, the scoring, and the reporting

to do the job like a consultancy — without shipping a single weaponized payload.

This toolkit is deliberately defensive. It contains **no exploits, no malware,

and no attack code**. What it provides instead:

  • A five-phase methodology (pre-engagement → recon → scan → analyze → report).
  • Scope-enforcing, dry-run-by-default wrappers around standard tools (nmap,

nikto, testssl.sh) that refuse to touch anything outside your written scope.

  • A correct, standalone CVSS v3.1 calculator so every finding is scored

consistently.

  • A report generator that turns a findings file into a clean Markdown report.
  • Ready-to-fill Rules of Engagement, findings, and report templates.
  • Engagement checklists that gate each phase.

Everything runs on Python 3.10+ standard library only — no pip install.


Table of Contents

1. [Who this is for](#who-this-is-for)

2. [The defensive promise](#the-defensive-promise)

3. [What's included](#whats-included)

4. [Quick start](#quick-start)

5. [The five-phase workflow](#the-five-phase-workflow)

6. [File-by-file guide](#file-by-file-guide)

7. [Safety & legal](#safety--legal)

8. [FAQ](#faq)

9. [License](#license)

10. [Support](#support)


Who this is for

  • Security engineers / consultants who want a repeatable, professional process.
  • Blue teams validating their own estate before an adversary does.
  • Engineering leads who need to commission or interpret a pentest.
  • Learners building disciplined, ethical testing habits with real artifacts.

Assumes comfort with the command line and basic networking. No prior offensive-

security experience required.


The defensive promise

This kit is safe to keep in a corporate repo. By design:

  • No exploit code ships here. Validation of findings is manual and minimal.
  • Scope is enforced in code. The wrappers call a scope guard

(src/scope_guard.py) and refuse to run against any target not listed in

your authorized scope file. "Deny wins."

  • Dry-run is the default. Wrappers print the exact command they would run

and exit, until you pass both --run and --i-am-authorized.

... continues with setup instructions, usage examples, and more.

📄 Code Sample .py preview

src/cvss.py #!/usr/bin/env python3 """CVSS v3.1 Base score calculator (standard library only). Implements the official CVSS v3.1 Base metric equations so that findings can be scored consistently and reproducibly during an engagement. Given a Base vector string it returns the 0.0-10.0 score and the qualitative severity rating. Reference: the CVSS v3.1 specification, section 7 (formulas) and section 5 (qualitative severity rating scale). This file contains no exploit code; it is a scoring utility used when writing up findings. Usage (CLI): python3 cvss.py "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" # 9.8 Critical python3 cvss.py "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" --verbose Usage (import): from cvss import base_score, severity_rating score, severity, _ = base_score("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") """ from __future__ import annotations import math import sys # --- Metric weight tables (verbatim from the CVSS v3.1 specification) --------- ATTACK_VECTOR = {"N": 0.85, "A": 0.62, "L": 0.55, "P": 0.20} ATTACK_COMPLEXITY = {"L": 0.77, "H": 0.44} # Privileges Required depends on Scope (changed scope makes low/high privileges # slightly more valuable to an attacker). PRIVILEGES_REQUIRED = { "U": {"N": 0.85, "L": 0.62, "H": 0.27}, # Scope Unchanged "C": {"N": 0.85, "L": 0.68, "H": 0.50}, # Scope Changed } USER_INTERACTION = {"N": 0.85, "R": 0.62} CIA_IMPACT = {"N": 0.0, "L": 0.22, "H": 0.56} # Order and allowed values of the eight Base metrics. BASE_METRICS = { "AV": set(ATTACK_VECTOR), "AC": set(ATTACK_COMPLEXITY), "PR": {"N", "L", "H"}, "UI": set(USER_INTERACTION), "S": {"U", "C"}, "C": set(CIA_IMPACT), "I": set(CIA_IMPACT), "A": set(CIA_IMPACT), } # ... 133 more lines ...
Buy Now — $49 Back to Products