187 penetration-testing tools (including 27 AI/LLM-powered) across 11 security domains. Interactive web lab, terminal launchers, 592 scenarios, and structured knowledge — all open-source.

A learning + reference + simulation system for offensive security tooling. It combines:

• Interactive web laboratory — browse tools, run 592 safe scenarios in sandbox mode
• Domain-specific terminal launchers with menus, lessons, quizzes, and attack scenarios
• AI/LLM security tools — garak, PentestGPT, PyRIT, and 24 more
• Real install automation — apt, pip, gem, git clone from inside the launcher
• Global cross-domain search across every knowledge base

It is not a hacking framework. It is a structured knowledge layer that teaches you how to use the real tools.

git clone https://github.com/TFD-42/Pen_Test_Tool_Box.git
cd Pen_Test_Tool_Box

# Interactive web lab (recommended)
./LAUNCH_ME.sh
# Open http://127.0.0.1:5001

# Terminal mode
python3 src/core/master_launcher.py

# Stop the web server
./fullstop.sh

All tools below are real open-source projects with verified GitHub repos:

Every tool in this knowledge base is built by real open-source authors:

The web server runs locally only (127.0.0.1:5001) in full sandbox mode:

./LAUNCH_ME.sh          # start server
./fullstop.sh           # kill server (5-round nuclear shutdown)

Security features:

• Command blocklist (blocks rm -rf, sudo, nc -e, etc.)
• 5-second execution timeout per command
• Output limited to 2KB
• CSP + X-Frame-Options DENY + CORS restricted to localhost
• Child process tracking with kill-on-shutdown
• Triple-check shutdown (children → port → PID file)
• fullstop.sh — 5-round nuclear kill (SIGTERM → SIGKILL → PID file → port sweep → verify)

Pen_Test_Tool_Box/
├── README.md
├── LAUNCH_ME.sh              ← start web lab
├── fullstop.sh               ← kill server
├── run.sh                    ← terminal launcher
│
├── src/core/
│   ├── master_launcher.py    ← entry point: all 11 domains
│   ├── simulation_launcher.py
│   └── <domain>_domain/      ← 11 domain launchers
│
├── src/web_server.py         ← Flask server (sandbox mode)
├── src/templates/index.html
├── src/static/               ← CSS + JS
│
├── data/
│   ├── enriched/             ← 187 per-tool JSON profiles
│   ├── scenarios_generated/  ← 592 scenarios (68 AI-powered)
│   └── <domain>_enriched/    ← Domain knowledge bases
│
├── scripts/                  ← maintenance & test scripts
└── docs/                     ← methodology documentation

This repository contains knowledge about offensive security tools, not the tools themselves. The tools are open-source projects maintained by their respective authors.

Only use these tools on systems you own or have explicit written permission to test. Unauthorized use is illegal in most jurisdictions.

For:

• Authorized penetration testers
• CTF players and security students
• Defenders learning what attacks look like
• AI security researchers red-teaming LLMs

• New tools: drop a verified profile in data/enriched/<tool>.json with a real GitHub URL
• New scenarios: add to data/scenarios_generated/SCENARIOS.json
• Bug fixes in launchers: regular pull request flow
• Every added command should be verified against the tool's man page or official docs

Built on top of the incredible work of:

• Kali Linux team
• MITRE ATT&CK framework
• NVIDIA garak team
• ProjectDiscovery team
• awesome-password-cracking curators
• And the hundreds of tool authors whose projects make this knowledge base possible

MIT — see LICENSE.

Stay curious. Stay legal. Hack responsibly.