diff --git a/README.md b/README.md index 7e6fcef..061e606 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,13 @@ -Penetration Tester's Zsh - functions 4 fast pawn +Penetration Tester's Zsh +======================== + +Goal: make penetration testing faster, more convinient, transparent and efficient. + +Features planned: preconfigured functions (including tools), note knowledge base with practical examples, automated "dumb" pentesting. + +Usability features: tor trigger (ton/tof), external ip check, tor check... and more to be added. + +Note: this project is a work in progress which we develop with one of my friend in our free time. If you use it, be prepared for some glitches. Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also. @@ -13,7 +22,7 @@ pawnpls - Automatically enumerate and start predefined attacks such as brute f Example for multiple targets: autopawn "n0nex-1.com n0nex-2.com" -everythingworksornot\? - check if everything works or not for this script +everythingworksornot\? - check if everything works or not for this script (tbd) chk functions diff --git a/chaosdir/agro.zsh b/chaosdir/agro.zsh old mode 100644 new mode 100755 diff --git a/chaosdir/chaosfunction.zsh b/chaosdir/chaosfunction.zsh old mode 100644 new mode 100755 diff --git a/chaosdir/halp/note_example.txt b/chaosdir/halp/note_example.txt old mode 100644 new mode 100755 diff --git a/profile_files.zip b/profile_files.zip new file mode 100755 index 0000000..366724b Binary files /dev/null and b/profile_files.zip differ diff --git a/profile_files/.zsh/pentest_functions.zsh b/profile_files/.zsh/pentest_functions.zsh index 86f549d..91615a0 100644 --- a/profile_files/.zsh/pentest_functions.zsh +++ b/profile_files/.zsh/pentest_functions.zsh @@ -1,3 +1,5 @@ +debug=1 + function everythingworksornot"?" { echo "really?" } @@ -10,6 +12,20 @@ function tof { . torsocks off } +function tip { + wget -qO- https://check.torproject.org/ -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" | egrep -i "Congratulations. This browser is configured to use Tor.|Sorry. You are not using Tor." | uniq +} + +function wip { + if [ $RANDOM -gt $RANDOM ] + then + wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ipecho.net/plain + else + wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" icanhazip.com + fi + # curl -s checkip.dyndns.org | sed 's#.*Address: \(.*\) 1_harvester_$pawnpls_tof_target.txt - + touch dnsenum_history.txt + + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting traceroute." >> dnsenum_history.txt + traceroute $dnstarg > 1_traceroute_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished traceroute." >> dnsenum_history.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting theharvester." >> dnsenum_history.txt + theharvester -d $dnstarg -b all -v > 2_harvester_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished theharvester." >> dnsenum_history.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting fierce." >> dnsenum_history.txt + #fierce -dns $dnstarg -wide > 3_fierce_$pawnpls_tof_target.txt # wide takes too much time for this script + fierce -dns $dnstarg > 3_fierce_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished fierce." >> dnsenum_history.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting dnsrecon." >> dnsenum_history.txt + dnsrecon -d $dnstarg -t std,brt,srv,axfr,goo --iw -a -s -c ./4_dnsrecon_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished dnsrecon." >> dnsenum_history.txt + + cat 4_dnsrecon_$pawnpls_tof_target.txt | grep -v 'hostnames found' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort -u > 5_ip_list_of_target.txt + cat 3_fierce_$pawnpls_tof_target.txt | grep 'hostnames found' | grep -E -o "([0-9]{1,3}[\.-]){4}[0-9]{1,3}" | sort -u > 6_ip_ranges_of_target.txt + + # vhost enumeration missing yet + while read ipv ; do dig +short -x $ipv >> 7_vhosts_enumerated.txt ; done < 5_ip_list_of_target.txt + cd } + function scan_enum_tof { + if [ $debug -eq 1 ] + then + echo "Calling function scan_enum_tof" + fi . torsocks off @@ -134,23 +179,19 @@ function scan_enum_tof { # Initialize directory and naming structure cdate=$(date +"%Y-%m-%d-%H%M") - sctmpfold="~/.ptz/result-scan-$cdate" - mkdir -p $sctmpfold - cd $sctmpfold + sctmpfold=".ptz/$pawnpls_tof_target/result-scan-$cdate" + mkdir -p ~/$sctmpfold + cd ~/$sctmpfold touch scan_history.txt - echo "---- Starting AgroScanner ----" >> scan_history.txt - # Start with standard alive scan and check ports on alive hosts # Get alive hosts - echo "Starting alive host enumeration..." echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ') echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt - echo "Starting port scans on alive hosts..." # Port scanning on alive hosts and version detection echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out @@ -163,7 +204,6 @@ function scan_enum_tof { number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l) echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt - echo "Starting nmap nse vulnerability scanning..." # Vulnerability scanning echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt @@ -175,18 +215,23 @@ function scan_enum_tof { # for searchsploit, but nmap should be configured to scan with xml, default is top 1000 nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt + rm 8_nmap_for_searchsploit.nmap 8_nmap_for_searchsploit.gnmap echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt - + cd } function active_attack_tof { + if [ $debug -eq 1 ] + then + echo "Calling function active_attack_tof" + fi . torsocks off cdate=$(date +"%Y-%m-%d-%H%M") - aatmpfold="~/.ptz/result-attack-$cdate" - mkdir -p $aatmpfold - cd $aatmpfold + aatmpfold=".ptz/$pawnpls_tof_target/result-attack-$cdate" + mkdir -p ~/$aatmpfold + cd ~/$aatmpfold # Preconfs @@ -194,7 +239,7 @@ function active_attack_tof { usernames="/usr/share/nmap/nselib/data/usernames.lst" passwords="/usr/share/nmap/nselib/data/passwords.lst" + # run hydra, dirb, arachni and the others.... - - + cd } diff --git a/profile_files/.zshrc b/profile_files/.zshrc index 45b0ff2..484a674 100644 --- a/profile_files/.zshrc +++ b/profile_files/.zshrc @@ -4,7 +4,6 @@ source ~/.zsh/prompt.zsh source ~/.zsh/completion.zsh source ~/.zsh/aliases.zsh source ~/.zsh/bindkeys.zsh -source ~/.zsh/functions.zsh source ~/.zsh/general_functions.zsh source ~/.zsh/pentest_functions.zsh source ~/.zsh/history.zsh