OWASP Nightingale

Welcome to the Nightingale documentation! This guide will provide you with all the information you need to install and set up Nightingale, a powerful open-source tool that utilizes the power of Docker to provide a ready-to-use environment for penetration testing.

Nightingale Logo

Why Nightingale?

Penetration testing plays a vital role in safeguarding an organization’s IT infrastructure. However, setting up a testing environment is often a time-intensive and complex process, requiring the installation of multiple tools, frameworks, and programming languages. Ensuring consistency across different environments can also pose significant challenges, making it difficult for organizations to effectively identify and address vulnerabilities.

How Nightingale Simplifies Penetration Testing

Nightingale is an open-source solution designed to overcome these challenges by offering a pre-configured, ready-to-use environment for penetration testers. Built on top of Docker, Nightingale streamlines the setup process, eliminating the need to manually install and configure programming languages and modules.

Nightingale Logo

Nightingale is an open-source tool leveraging Docker to provide a ready-to-use environment for penetration testers. It simplifies the setup and management of testing environments for web applications, network infrastructure, and other systems.

Docker, a powerful containerization technology, allows users to create isolated and consistent environments. For penetration testing, this translates into easily reproducible setups, saving significant time and effort when tests need to be re-run.

Key Benefits of Nightingale

Nightingale is an open-source, Docker-based penetration testing toolkit designed to streamline security assessments. Its features address common challenges in setting up and managing testing environments, making it an essential tool for penetration testers.

  • Eliminates Complex Setup
    • Nightingale removes the need to install multiple programming languages and modules. Testers can skip the tedious process of configuring environments from scratch, saving valuable time and effort.
  • Fast and Efficient Booting
    • Leveraging Docker’s lightweight containerization, Nightingale enables rapid environment creation and teardown. This speeds up testing workflows and minimizes downtime.
  • Resource Efficiency
    • Nightingale is optimized for resource efficiency, utilizing only the necessary hardware resources. It’s particularly beneficial for testers working with limited system resources.
  • Comprehensive Pre-Installed Tools
    • Nightingale includes a variety of essential penetration testing tools and frameworks, making it suitable for vulnerability assessments and penetration testing of any scope.
  • Consistent Environment
    • Nightingale provides a standardized, repeatable testing environment across different systems. This ensures consistent results, reduces configuration errors, and improves reliability.
  • Customizable Configuration
    • Users can tailor Nightingale’s setup to their needs by adding or removing tools and frameworks, ensuring a testing environment that aligns with specific requirements.
  • Browser-Based Access
    • Nightingale allows users to access the testing environment through a web browser using the local IP address. This provides added flexibility and convenience.
  • Cross-Platform Compatibility
    • Nightingale is platform-independent, allowing penetration testers to use it on any operating system that supports Docker. This ensures a consistent experience across different environments.

Why Choose Nightingale?

Nightingale empowers penetration testers with a platform-independent toolkit, ensuring a consistent, repeatable, and efficient workflow. By leveraging Docker, it enables rapid setup and management of testing environments, saving time and effort while providing all the tools needed for professional penetration testing.

Architecture

Architecture

General Workflow

General Workflow

Here is a list of tools supported by Nightingale

Operating System

  • Text Editor
    • Vim
    • Nano
  • Development Essentials
    • locate
    • tree
    • figlet
    • ssh
    • git
    • curl
    • wget
    • file
    • dos2unix
  • Terminal Support
    • bash (default)
    • zsh
  • Compression Technique
    • unzip
    • p7zip-full
  • Network Essentials
    • htop
    • traceroute
    • telnet
    • net-tools
    • iputils-ping
    • whois
    • tor
    • dnsutils

Web Application VAPT tools

  • Website Tech Stack
    • Whatweb
  • sqlmap
  • amass
  • assetfinder
  • dirsearch
  • ffuf
  • findomain
  • gau
  • gf
  • gobuster
  • hawkscan
  • httprobe
  • httpx
  • jwt_tool
  • linkfinder
  • masscan
  • nuclei
  • subfinder
  • sublist3r
  • waybackurls
  • xray
  • reconspider
  • john
  • hydra
  • Arjun
  • Katana
  • Trufflehog
  • Ghauri
  • Detect Secrects
  • Gitleaks
  • Hashcat
  • interactsh

Network VAPT tools

  • nmap
  • metasploit
  • Naabu
  • RustScan

OSINT

  • Reconspider
  • recon-ng
  • spiderfoot
  • metagoofil
  • theHarvester

Mobile VAPT tools

  • adb
  • apktool
  • jdax
  • Mobile Security Framework - MobSF
  • Runtime Mobile Security - RMS
  • android-framework-res
  • frida tools
  • Objection

Forensic and Red team Tools

  • impacket
  • exiftool
  • steghide
  • binwalk
  • foremost

Wordlist

  • wfuzz
  • Seclists
  • dirb
  • rockyou.txt
  • fuzzdb
  • Node Dirbuster

Programming language Support

  • Python 3
  • Java
  • Ruby
  • Nodejs
  • GO

Nightingale Releases

    Watch Star