← Back to all products

Pentest Helper

$29

Penetration testing toolkit for testing your own apps with request fuzzing and injection detection.

📁 10 files
JSONMarkdownPython

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 10 files

pentest-helper/ ├── LICENSE ├── README.md ├── examples/ │ └── pentest_config.json ├── free-sample.zip ├── guide/ │ ├── 01_features.md │ ├── 02_quick-start.md │ ├── 03_configuration-reference.md │ └── 04_license.md ├── index.html └── src/ └── pentest_helper.py

📖 Documentation Preview README excerpt

Pentest Helper

A lightweight penetration testing toolkit for testing YOUR OWN applications. Request fuzzing, SQL injection detection, and XSS scanning in a single Python script.

Disclaimer: Only use this tool against systems you own or have explicit written authorization to test. Unauthorized penetration testing is illegal in most jurisdictions.

Features

  • Request fuzzer — sends common payload patterns to discover unexpected behavior
  • SQL injection tester — error-based and blind injection pattern detection
  • XSS scanner — reflected XSS detection with encoding bypass checks
  • Multiple test modes — run fuzz, sqli, xss, or all in one pass
  • Configurable endpoints — test multiple URLs and HTTP methods from a config file
  • Rate limiting — built-in delays to avoid overwhelming targets
  • Severity-rated findings — each vulnerability tagged with risk level
  • JSON report output — structured results for tracking and remediation

Requirements

  • Python 3.10+
  • No external dependencies (stdlib only)

Quick Start


# Fuzz an endpoint
python src/pentest_helper.py --target https://app.example.com --mode fuzz

# Test for SQL injection
python src/pentest_helper.py --target https://example.com --mode sqli

# Test for XSS
python src/pentest_helper.py --target https://example.com --mode xss

# Run all tests with JSON output
python src/pentest_helper.py --target https://example.com --mode all --output report.json

Output

Console output shows each test with pass/fail status and severity. JSON output provides full request/response details for each finding, suitable for security reports or ticketing systems.

Configuration Reference

Use a config file for batch testing (see examples/pentest_config.json):


{
    "target": "https://app.example.com",
    "modes": ["sqli", "xss", "fuzz"],
    "endpoints": [
        {"url": "https://app.example.com/search?q=test", "method": "GET"},
        {"url": "https://app.example.com/login", "method": "POST"}
    ],
    "rate_limit_ms": 500,
    "timeout_seconds": 10
}

| Field | Type | Description |

... continues with setup instructions, usage examples, and more.

📄 Code Sample .py preview

src/pentest_helper.py #!/usr/bin/env python3 """ Pentest Helper — Security Kit (DataNest) A lightweight penetration testing toolkit for testing YOUR OWN applications. Includes request fuzzing, SQL injection pattern testing, and XSS detection. ⚠️ IMPORTANT: Only use this tool against systems you own or have explicit written permission to test. Unauthorized testing is illegal. Usage: python pentest_helper.py --target https://api.example.com --mode fuzz python pentest_helper.py --target https://example.com --mode sqli python pentest_helper.py --target https://example.com --mode xss python pentest_helper.py --target https://example.com --mode all --output report.json Dependencies: Python 3.10+ stdlib only (no pip packages) License: MIT """ from __future__ import annotations import argparse import html import json import logging import re import sys import urllib.error import urllib.parse import urllib.request from dataclasses import dataclass, field, asdict from datetime import datetime, timezone from pathlib import Path from typing import Any # --------------------------------------------------------------------------- # Constants # --------------------------------------------------------------------------- logger = logging.getLogger("pentest_helper") HTTP_TIMEOUT = 10 USER_AGENT = "SecurityKit-PentestHelper/1.0" # SQL injection test payloads — classic error-based patterns # Why these: They trigger database errors if input is unsanitized, # revealing SQL injection vulnerabilities without causing damage. SQLI_PAYLOADS: list[dict[str, str]] = [ {"payload": "'", "name": "single-quote", "type": "error-based"}, # ... 467 more lines ...
Buy Now — $29 Back to Products