Skip to content

Pentest Creation

Jump to bottom
Liquiid edited this page Feb 5, 2024 · 2 revisions

The prerequisites are:

  1. Having a up and running pollenisator server listening (see https://github.com/fbarre96/Pollenisator)
  2. Installation of the PollenisatorGUI is already done

Run the pollenisator-gui command to start the pollenisator graphical Client. (If that's not the case, follow the instructions steps once again or refer to the troubleshoot section in the Installation section.)

Connection to your pollenisator server

Connection_dialog

A connection dialog will appear, asking you for:

  • host : the hostname or IP of the pre-installed pollenisator server (if not done yet, refer to https://github.com/fbarre96/Pollenisator).
  • port : the port of pollenisator on the server (default is 5000)
  • https : Switch it on if the pollenisator API is configured for https
  • login : Your login as communicated by the administrator. If the installation is fresh, use admin.
  • password : Your password. If the installation is fresh, use admin as password

Pentest Manager

Once logged in, the pentest manager opens automatically

pentest_manager

Here you can:

  • Create a new pentest / Duplicate an existing one
  • Connect to a pentest
  • Export/import a Pollenisator pentest

Create a pentest

To create a pentest you have to be in the pentest manager. If not open, Ctrl+O or File->Pentest Manager

Then click on Create new Pentest.

The following window opens:

create_pentest_filled

Here you can fill many information, here is what they are:

  • Pentest name : The pentest cosmetic name, it will appear on the Pentest manager list.

  • Mission name : It is only used as a data for the report generation, choose something generic

  • Client's name: It is only used as a data for the report generation

  • Report language: This is fully depending on the report templates that exists on the server. Only defects written in this language will be searched whenever a defect is searched.

  • Pentest type: The option available are editable in the global settings of pollenisator. It allows to restrict the defects and cheatsheets loaded.

  • Starting and Ending: the starting and ending date of the pentest engagement. This will limit scans only to this date time interval.

  • Scope: The initial scope of the pentest engagement. It should be IPs, hostnames or range of IPs in the X.X.X.X/YY format

  • Pentester search: Search for other collaborators on this pentest, only those selected here plus yourself and admins will have access to this pentest. You can add pentesters laters in the settings.

  • Settings (CAUTION): Those settings will expand the scope of the engagement automatically if selected.

    • Add domains whose IP are in scope : If selected, pollenisator will perform a DNS lookup on each domain name that will be added to the pentest (with nmap, Reverse DNS lookup, sub-domaine bruteforce etc.). If the DNS reply match a IP range scope, it will be added to the scope.
    • Add domains who have a parent domain in scope: If selected, all domains found will be checked against existing scope to see if there is a parent domain in scope. Exemple: if your scope is mydomain.com and you find the subdomain sub.mydomain.com with a subdomain bruteforcer, sub.mydomain.com will be added to the scope.
    • (WARNING) Add all domains found : If selected, all domains found though the engagement will be considered in scope.
Clone this wiki locally