Loading repository data…
Loading repository data…
who0xac / repository
AI-powered pentesting framework with automated recon and exploitation. Multi-source subdomain discovery, active vuln testing (XSS/SQLi/SSRF/IDOR), AI-driven payload generation, local inference, structured reporting. For pentesters and bug bounty hunters.
AI-Powered Penetration Testing Framework with Automated Reconnaissance
Pinakastra is an advanced reconnaissance and exploitation tool that combines passive/active enumeration with AI-powered vulnerability detection and exploitation. Built for penetration testers and bug bounty hunters.
Smart URL Filtering:
Vulnerability Testing:
AI Features:
Required: subfinder, httpx, dnsx, katana, gau, puredns, findomain, assetfinder, chaos, nmap, sublist3r, crtsh, shodan
pinakastra check
go install github.com/who0xac/pinakastra/cmd/pinakastra@main
Install Ollama:
curl -fsSL https://ollama.com/install.sh | sh
Pull DeepSeek Model:
ollama pull deepseek-r1:7b
Start Ollama:
ollama serve
Verify:
curl http://localhost:11434/api/tags
ollama list
# Basic scan with AI
pinakastra -d target.com --enable-ai
# With options
pinakastra -d target.com --enable-ai -o ./results --no-bruteforce --use-tor
Options:
-o - Custom output directory--no-portscan - Skip port scanning--no-bruteforce - Skip DNS bruteforce--use-tor - Use TOR proxyPinakastra Config: ~/.config/pinakastra/
~/.config/pinakastra/
├── config.yaml # API keys (Chaos, Shodan)
├── configs/
│ └── resolvers.txt # DNS resolvers for puredns
└── wordlists/
└── subdomains.txt # Subdomain wordlist (auto-downloaded)
Config File: ~/.config/pinakastra/config.yaml
api_keys:
chaos: "your-chaos-api-key"
shodan: "your-shodan-api-key"
Subfinder Config: ~/.config/subfinder/provider-config.yaml
Results saved in: ./output/<domain>-<timestamp>/
subdomains.txt # All discovered subdomains
live_hosts.txt # Live HTTP/HTTPS hosts
resolved_ips.txt # IPs with ASN and geolocation
urls.txt # All discovered URLs
open_ports.txt # Open ports with services
vulnerabilities.json # Exploitation results (JSON)
vulnerabilities.csv # Exploitation results (CSV)
vulnerabilities.txt # Exploitation results (TXT)
security_headers.txt # Security header analysis
tls_analysis.txt # TLS/SSL analysis
cors_issues.txt # CORS misconfiguration
cloud_assets.txt # Cloud storage buckets
secrets_found.txt # API keys, tokens
subdomain_takeover.txt # Takeover vulnerabilities
| Vulnerability | Hardcoded | AI | Total | Detection |
|---|---|---|---|---|
| XSS | 7 | 3 | 10 | Response reflection |
| SQL Injection | 7 | 3 | 10 | Error messages + time-based |
| SSRF | 7 | 3 | 10 | Cloud metadata detection |
| Open Redirect | 7 | 3 | 10 | Location header validation |
| Path Traversal | 7 | 3 | 10 | File signatures |
| IDOR | 7 | 3 | 10 | Response differential |
| JWT | - | Analysis | - | Token validation |
Contributions welcome! Fork, create a feature branch, and submit a PR. Help us improve detection, add new modules, or optimize performance.
For authorized security testing only. Use only on systems you own or have explicit written permission to test. Owner is not responsible for misuse. Always follow responsible disclosure and comply with local laws.
Built with ❤️ by who0xac