/Pentest-Scripts

Github for the scripts utilised during Penetration test

Primary LanguageShellGNU General Public License v3.0GPL-3.0

Pentest-Scripts

The github repo provides scripts which we utilize to do penetration test.

Intelligence Gathering:

This folder presents two scripts

  • Automate_Enum.sh : Automate_Enum is a bash script to automate information gathering part of Internal/ External Vulnerability Assessment and Penetration Testing. By default, it performs the Nmap List, Port scan. It can also executes Eyewitness, netbios scan, nikto, whatweb and zap. It automatically creates the folder structure for each subnet provided, followed by different folders for Nmap DNS/ Port Scan / Nikto, whatweb, Eyewitness for Web/ VNC/ RDP, dirb, ZAP. Sample video of Automate-Enum.sh running Nmap, Eyewitness, nikto, whatweb, zapmeweb on a subnet. Each tool data in separate folders @ Automate.sh

  • External_Enum.sh : External_Enum is a bash script to automate Information Gathering from Internet. It runs whois, hostsearch and dnssearch via DNS Dumpster API, Recon-ng, theharvester, dnstwist and combines all results in one file, Poopulated with enumerated domains and email addresses.

Vulnerability Analysis:

  • Auto_msf.rc : auto-msf is scripted to automate the execution of different auxiliary or other modules found in msf based on the port scan done. It also creates a log for each module separately in the folder specified.

  • isciadm.sh : iscsiadm script takes a file containing the IPAddress running iscsi and Port 3260 as input and discovers any isci portals and tries to login ( if --login is provided ) else logout ( if --logout is provided ).

Support_Scripts:

  • Offensive IT Ops : Tanoy Bose has written a blog entry Post Exploitation of Puppet and Ansible Servers. As a part of it, he has released two scripts to help the pwnage. Pwnpet.sh and Pwnsible.sh which are payload generator to hack systems in an puppet/ ansible infrastructure respectively using metasploit.

  • CIFWiki : CIFWiki: ( Collective Intelligence Framework Wiki ) - A Simple python script to convert CIF Wiki into PDF. Utilizes BeautifulSoup to parse the html page, utlizes markdown-pdf to create pdf files and pdftk to merge all the pdf documents.

  • DNS-Email.py : DNS-Email.py is a python script to parse the result of Reverse Whois Lookup by ViewDNS.info. This service provides all the domain registered by a particular email. This script would query viewDNS with an email address provided and parse the results for a in .csv format.

  • PSSync: PSSync is a python script to synchronize PacketStorm News/ Files in a sqlite database. It utilizes Beautifulsoup to parse the initial page for PacketStorm News and PacketStorm Files.

  • Niktomeweb : The niktomeweb runs nikto on multiple http/https ports based on gnmap output (-oG) generated together with -sV option. It also saves all the nikto files in a folder.

  • TellmeWeb : Tellmeweb runs whatweb on multiple http/https ports based on gnmap output ( -oG ) generated together with -sV options. It saves all the whatweb output in a folder.

  • ZapMeWeb : Zapmeweb runs Owasp ZAP on multiple http/https ports based on gnmap output (-oG) generated together with -sV options. It saves all the results in a folder.

  • Note: NiktoMeWeb and ZapMeWeb is created by utilizing tellmeweb which was originally created by YGN Ethical Hacker Group, Yangon, Myanmar.