🔱 Pinakastra

AI-Powered Penetration Testing Framework with Automated Reconnaissance

Pinakastra is an advanced reconnaissance and exploitation tool that combines passive/active enumeration with AI-powered vulnerability detection and exploitation. Built for penetration testers and bug bounty hunters.

---

✨ What Does Pinakastra Do?

1. Discovers subdomains - subfinder, findomain, assetfinder, sublist3r, chaos, crtsh, shodan, puredns
2. Probes live hosts - httpx
3. Resolves IPs - dnsx with ASN and geolocation
4. Discovers URLs - Katana (crawler) + GAU (archive scraper)
5. Scans ports - Nmap with AI-powered CVE detection
6. Analyzes security - Headers, CORS, TLS, secrets, cloud assets, takeover
7. Actively exploits - XSS, SQLi, SSRF, Open Redirect, Path Traversal, IDOR, JWT
8. Generates reports - JSON, CSV, TXT formats

---

🚀 Features

🔍 Reconnaissance

• Subdomain Discovery - 8 passive sources + DNS bruteforce
• HTTP Probing - Live host detection with tech fingerprinting
• IP Resolution - ASN lookups and geolocation
• URL Discovery - Katana + GAU with smart filtering
• Port Scanning - Nmap with service detection

Smart URL Filtering:

• Removes static assets (images, CSS, fonts) while preserving sensitive files
• Keeps .env, .sql, .bak, .config, .js files for security testing
• Prioritizes API, admin, auth, and upload endpoints
• Limits to 150 URLs/subdomain, 5 URLs/pattern (70% reduction)
• Ensures no sensitive points are missed

🛡️ Security Analysis

• Security Headers, TLS/SSL, CORS
• Subdomain Takeover (50+ services)
• Cloud Asset Discovery (S3, Azure, GCP)
• Secret Detection (API keys, tokens)

🤖 AI-Powered Active Exploitation

Vulnerability Testing:

• XSS, SQLi, SSRF, Open Redirect, Path Traversal, IDOR, JWT
• 10 payloads per type: 7 hardcoded advanced + 3 AI-generated bypass
• Model: deepseek-r1:7b (6-7GB RAM)

AI Features:

• Port Scanning CVE Analysis
• Adaptive Payload Generation
• NVD Database CVE Verification
• Sequential AI Generation (test while generating)
• Smart Detection (reduces false positives)

---

📦 Installation

1. Check Required Tools

Required: subfinder, httpx, dnsx, katana, gau, puredns, findomain, assetfinder, chaos, nmap, sublist3r, crtsh, shodan

pinakastra check

2. Install Pinakastra

go install github.com/who0xac/pinakastra/cmd/pinakastra@main

3. Install AI

Install Ollama:

curl -fsSL https://ollama.com/install.sh | sh

Pull DeepSeek Model:

ollama pull deepseek-r1:7b

Start Ollama:

ollama serve

Verify:

curl http://localhost:11434/api/tags
ollama list

---

📖 Usage

# Basic scan with AI
pinakastra -d target.com --enable-ai

# With options
pinakastra -d target.com --enable-ai -o ./results --no-bruteforce --use-tor

Options:

• -o - Custom output directory
• --no-portscan - Skip port scanning
• --no-bruteforce - Skip DNS bruteforce
• --use-tor - Use TOR proxy

---

⚙️ Configuration

Pinakastra Config: ~/.config/pinakastra/

~/.config/pinakastra/
├── config.yaml              # API keys (Chaos, Shodan)
├── configs/
│   └── resolvers.txt        # DNS resolvers for puredns
└── wordlists/
    └── subdomains.txt       # Subdomain wordlist (auto-downloaded)

Config File: ~/.config/pinakastra/config.yaml

api_keys:
  chaos: "your-chaos-api-key"
  shodan: "your-shodan-api-key"

Subfinder Config: ~/.config/subfinder/provider-config.yaml

---

📤 Output

Results saved in: ./output/<domain>-<timestamp>/

subdomains.txt              # All discovered subdomains
live_hosts.txt              # Live HTTP/HTTPS hosts
resolved_ips.txt            # IPs with ASN and geolocation
urls.txt                    # All discovered URLs
open_ports.txt              # Open ports with services
vulnerabilities.json        # Exploitation results (JSON)
vulnerabilities.csv         # Exploitation results (CSV)
vulnerabilities.txt         # Exploitation results (TXT)
security_headers.txt        # Security header analysis
tls_analysis.txt            # TLS/SSL analysis
cors_issues.txt             # CORS misconfiguration
cloud_assets.txt            # Cloud storage buckets
secrets_found.txt           # API keys, tokens
subdomain_takeover.txt      # Takeover vulnerabilities

---

🎯 Active Exploitation

Vulnerability	Hardcoded	AI	Total	Detection
XSS	7	3	10	Response reflection
SQL Injection	7	3	10	Error messages + time-based
SSRF	7	3	10	Cloud metadata detection
Open Redirect	7	3	10	Location header validation
Path Traversal	7	3	10	File signatures
IDOR	7	3	10	Response differential
JWT	-	Analysis	-	Token validation

---

🤝 Contributing

Contributions welcome! Fork, create a feature branch, and submit a PR. Help us improve detection, add new modules, or optimize performance.

---

⚠️ Disclaimer

For authorized security testing only. Use only on systems you own or have explicit written permission to test. Owner is not responsible for misuse. Always follow responsible disclosure and comply with local laws.

---

Built with ❤️ by who0xac