Documentation

Getting Started

Install gitest and run your first full-chain penetration test in minutes.

Installation

Prerequisites

Clone

$ git clone https://github.com/GiorMalik/gitest.git

Install

$ cd gitest && bash setup.sh

Verify

Command should be installed

$ ls /root/.opencode/commands/gitest.md

Run scan

$ oc /gitest https://target.com

Custom SCAN dir

Optional: override output directory

$ export GITEST_SCAN_DIR=/path/to/scans

PHASE 00 — Environment setup & intelligence loading

PHASE 01A — Recon (subdomain, port, service enumeration)

PHASE 01B — Source code analysis (git dump, backup files, JS secrets)

PHASE 01C — OSINT (people, email, GitHub recon)

PHASE 02A — Web vulnerability scan (SQLi, XSS, directory fuzzing)

PHASE 02B — Supply chain & dependency attack

PHASE 02C — Full site spider & page extraction

PHASE 03 — API abuse (JWT, GraphQL, IDOR, rate limit bypass)

PHASE 04 — Authentication attacks (brute force, default creds)

PHASE 05 — Business logic & race condition

PHASE 06 — Cloud enumeration & subdomain takeover

PHASE 07 — Data exfiltration simulation

PHASE 08 — Persistence & backdoor simulation

PHASE 09 — Provider integration security

PHASE 10 — Report generation (CVSS, competitor simulation)

SCAN/targets/<domain>/

├── recon/ — scan results, ports, subdomains

├── loot/ — credentials, findings, secrets

├── exploits/ — sqlmap output, exploit data

├── reports/ — generated security report

├── screenshots/ — page screenshots

└── payloads/ — generated payloads