Untitled

## Auto-pentest
A modular python-requests based framework for semi-automation of simple web pen-testing. The pwntools of web.

### Rationale
Websites are many, testers are few. Good automation can set a minimum standard for web dev, quickly and efficiently iron out the simple derp moments developers have. A super simple example of this would be adding this as a vsc hook that runs a set of common user/pass combos when deploying a backend or db update to a production environment.

### Goals
1. Have a solution that can run a basic set of tests with little to no input on a given target.
2. Extend this solution to include custom tests, provided in a human readable format *- That maybe get interpreted into python? This might not be feasible otherwise as would need an interpreter*
3. Create small library of tests as examples/baselines/PoC
4. Continuous testing environment - Gym for pentesters, maybe use/adapt webgoat
5. Build target identification functionality, given a scope can find login fields, search functionality that might be vulnerable to information disclosure, *identify old unused endpoints (maybe - this seems like a separate project)*, etc.

### The dream
As a webhook:
```python
import auto-pentest as ap
TARGET = "super-secure.org"
user_names = ["admin", "CEO", "IT_people"]

l_form = ap.find_login_forms(TARGET):               # Magic target id to find login form
    for pword in ap.dumb_passwords:                 # rockyou or something idk
        for user in user_names:                     # Probably needs to be defined by org
            _, success = ap.try_login(l_form, user=user, password=pword)
            if success:
                no_pr_for_you()

```