/pentest_scripts

penetration testing scripts

Primary LanguagePython

pentest_scripts

Scripts I've put together to help during penetration tests.

  • generate_emails.py - takes a list of full names (as generated by TheHarvester or scrape_linkedin.py) and converts them into various common email conventions. Attempts to sanitize the names to a "Firstname Lastname" format.

  • scrape_linkedin.py - using a google cse api key, use Google Dorks/Advanced Operators to retreive employee names from GitHub. Sanitize and dump to a list.

  • retrieve_osxhash.py - converts the contents of an OSX .plist file to a crackable password hash. Use Hashcat mode 7100 with the --username flag to crack. Without the -u flag, it dumps all password hashes. Requires root or sudo.

  • postgresbrute.py - a simple postgres brute-forcing tool. Currently supports only a single username at a time.

  • 200buster.py - a simple tool for directory brute-forcing when all requests return "200 OK". Excludes a range of response sizes and returns all others as valid path directories.