PenTestDB: What is it?
PenTestDB (PTDB for short) is a project that aims to save time on Penetration testing engagements and CTFs by automatically parsing data from common pentesting commands and adding it to an SQL database. I wrote this tool initially to make my own life easier, but when I realized it might help others too so I decided to write this blog post to introduces it :).
Index
- PenTestDB What is it?
- Who is PTDB For?
- Use case
- How does PTDB Work?
- Demo
- Advantages Over Alternatives
Who is PTDB For?
PenTestDB is designed for professional Penetration Testers, hobbyist CTF players, and Hackers.
Use Case
Any time where one needs to collect larges amounts of data about a target, PenTestDB is a huge time saver. The more targets – or more data – the more helpful PTDB will be.
How Does PTDB Work?
PTDB makes use of an old *NIX program called “script” to record all the output of all commands in a terminal session to a file. The content of this file gets piped into PTDB and parsed after every command finishes. The parsed data then gets sent to the database where it can be queried for later.
PTDB is configured in the ~/.config/ptdb/config.toml file. There you can set things like what parsers are used to parse what command, or what targets can be queried from using the CLI.
Demo
Note: Unfortunately the program I used to generate the GIF above, VHS, did not play nice with my nerd-font :(
In the above GIF we see the query ptdb query -g ip port state -f ports returning nothing as nothing has been added to the database, then an nmap scan followed by the same query again, this time returning the data from the nmap scan. PTDB in action!
Advantages Over Alternatives
The only tool I know of with a similar feature set is Metasploit. The similarities that Metasploit and PenTestDB share is that they both automatically store the results of programmatic scans in a database. The key difference however is that while Metasploit is an entire framework – a rather heavy one in fact – it doesn’t play nice with outside tools. What I mean by this is that, while one can use outside tools (nmap, john, gobuster, etc) in Metasploit, it won’t store the generated data in its database. PenTestDB, on the other hand, is designed from the ground up to work with outside tools. It in fact only works with outside tools - it has no scanning/hacking capabilities of its own. The intention behind this was to be inline with the UNIX philosophy of programs doing only one thing, and doing that one thing well. After all, why make yet another directory brute-forceing tool when we can make use of gobuster or feroxbuster? Why make yet another port scanning tool when we can make use of Nmap or RustScan? Why make yet another network authentication tool when we can make use of Hydra? Ultimately Metasploit and PTDB have different goals and are designed for different workflows.
So really, the only true alternative to PTDB is to painstakingly copy and paste all command output into your notes, which clutters up notes making them harder to read. While taking notes by hand should always be done in conjunction with PenTestDB, PTDB offers a convenient way to automate the storage of the output generated by some common pentesting tools. It does not replace taking good, descriptive notes and screenshots. It does, however, allow for automated collection and storage of large amounts of data, much of which might otherwise be lost or forgotten.
I look forward to seeing you in cyber-space,
Eoghan West (Calacuda)
References:
- PTDB GitHub repository for ptdb.
- Wiki for PTDB.
- VHS, used to generating GIFs of the terminal.
- Script records all text from a terminal session.
- Nmap classic port scanner.
- Metasploit a full pentesting framework.
- John the ripper password cracking utility.
- Gobuster brute-forcing/busting tool for Directories/Files, DNS entries and VHosts.
- UNIX philosophy a philosophy about program design and implementation.
- Feroxbuster tool to scan web servers for directories and files recursively.
- Hydra network protocol password authentication brute-forcing tool.