The PenTesters Framework (PTF) 1.0 Released

The PenTesters Framework (PTF) version 1.0 stable has been released. If you are new to PTF, it is a framework that is designed to keep all of your penetration testing tools up-to-date (README. PTF is a modular framework with similar syntax to the Metasploit framework. A language and format was created behind PTF to take only a couple of minutes to add a new tool to the framework.

This version adds new modules, automatically updates Metasploit, installs Metasploit, and maintains gem upgrades amongst other features. PTF currently has a total of 50 tools built into it including obscure tools and others.

To get PTF simply type:

git clone https://github.com/trustedsec/ptf

Move into the PTF directory (cd ptf), and run ./ptf.

If you want to install all of your tools, do a search for update:

ptf> search update
[*] Search results below:
modules/install_update_all
ptf> use modules/install_update_all
[*] You are about to install/update everything. Proceed? [yes/no]:

Hit yes, and PTF will install all of your tools in the /pentest directory and broken out based on the Penetration Testing Execution Standard (PTES) – for example /pentest/exploitation/metasploit. Additionally, for most tools, a launcher is automatically created so you can use the tool anywhere.

Example:

root@stronghold:/# cd /root
root@stronghold:~# msfconsole
                                                  
  +-------------------------------------------------------+
  |  METASPLOIT by Rapid7                                 |
  +---------------------------+---------------------------+

If you want to update your system and your tools, simply get back into PTF and run the modules/install_update_all again, and it will cycle through and ensure you are running the latest and greatest tools.

If you want to just install a single tool, no problem:

ptf> search setoolkit
[*] Search results below:
modules/exploitation/setoolkit
ptf> use modules/exploitation/setoolkit
ptf:(modules/exploitation/setoolkit)>run

Module Author:         David Kennedy (ReL1K)
Module Description:    This module will install/update the Social-Engineer Toolkit (SET)
-------------------------------------------------------------------------------------
INSTALL_TYPE:           GIT
REPOSITORY_LOCATION:    https://github.com/trustedsec/social-engineer-toolkit/
INSTALL_LOCATION:       /pentest/exploitation/setoolkit/
-------------------------------------------------------------------------------------
[*] Detected installation already. Going to upgrade for you.
[*] Updating the tool, be patient while git pull is initiated.
Updating 341066d..cb8f318
Fast-forward
 src/html/Signed_Update.jar.orig | Bin 5236 -> 5223 bytes
 src/html/unsigned/unsigned.jar  | Bin 3941 -> 3928 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
[*] Finished Installing! Enjoy the tool installed under: /pentest/exploitation/setoolkit/
ptf:(modules/exploitation/setoolkit)>

If you want to create your own module, read the README.md on github. It’s extremely simple and we always take additions!

This version also adds an automatic launcher for you. When you run PTF the first time, it will create a ptf launcher in /usr/local/bin. Simply type ptf anywhere in your nix system and you are ready to go.

There’s also no need to ever update PTF. When you launch PTF it will automatically update itself and you will be running the latest version.

Enjoy this release of PTF – where you can keep your tools truly up-to-date realtime.

Full Changelog:

~~~~~~~~~~~~~~~~~
version 1.0
~~~~~~~~~~~~~~~~~

* added automatic updates to gems when updating Metasploit
* fixed ffi bundle install error when building gems for Metasploit – missing libgmp-dev
* re-added launchers to /usr/local/bin/for metasploit
* fixed multiple modules using commas (wasn’t a problem, just for consistency)
* added stub in src/framework.py for Metasploit to update gem installers on update
* fixed malingo module to properly copy and remove old files
* added automatic creation of ptf launcher – you can now run ptf from any directory
* added a check for a stale directory – if the directory doesn’t fully download or is empty, it will automatically purge the directory and re-install
* removed after commands for smbexec, deletes directory afterwards

David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.