From 10593fd5debea5a344ed2beec361d52d23af107c Mon Sep 17 00:00:00 2001 From: 51x Date: Fri, 13 Jan 2017 22:31:48 +0100 Subject: [PATCH] some fixes and debug mode added --- README.md | 13 +++- chaosdir/agro.zsh | 0 chaosdir/chaosfunction.zsh | 0 chaosdir/halp/note_example.txt | 0 profile_files.zip | Bin 0 -> 10354 bytes profile_files/.zsh/pentest_functions.zsh | 83 +++++++++++++++++------ profile_files/.zshrc | 1 - 7 files changed, 75 insertions(+), 22 deletions(-) mode change 100644 => 100755 chaosdir/agro.zsh mode change 100644 => 100755 chaosdir/chaosfunction.zsh mode change 100644 => 100755 chaosdir/halp/note_example.txt create mode 100755 profile_files.zip diff --git a/README.md b/README.md index 7e6fcef..061e606 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,13 @@ -Penetration Tester's Zsh - functions 4 fast pawn +Penetration Tester's Zsh +======================== + +Goal: make penetration testing faster, more convinient, transparent and efficient. + +Features planned: preconfigured functions (including tools), note knowledge base with practical examples, automated "dumb" pentesting. + +Usability features: tor trigger (ton/tof), external ip check, tor check... and more to be added. + +Note: this project is a work in progress which we develop with one of my friend in our free time. If you use it, be prepared for some glitches. Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also. @@ -13,7 +22,7 @@ pawnpls - Automatically enumerate and start predefined attacks such as brute f Example for multiple targets: autopawn "n0nex-1.com n0nex-2.com" -everythingworksornot\? - check if everything works or not for this script +everythingworksornot\? - check if everything works or not for this script (tbd) chk functions diff --git a/chaosdir/agro.zsh b/chaosdir/agro.zsh old mode 100644 new mode 100755 diff --git a/chaosdir/chaosfunction.zsh b/chaosdir/chaosfunction.zsh old mode 100644 new mode 100755 diff --git a/chaosdir/halp/note_example.txt b/chaosdir/halp/note_example.txt old mode 100644 new mode 100755 diff --git a/profile_files.zip b/profile_files.zip new file mode 100755 index 0000000000000000000000000000000000000000..366724b4ca1ecbc850d77ac9e08ee5cc7055d2d0 GIT binary patch literal 10354 zcmb7qby!tf_w}JWL{d^px?4a(knRov;m~mCkd_hw=@d}9;}9YxDIFr+EsY#00fFyu zy}v75@%n!IdDcGcKNw@Kx#wPcjg{4;S%3vxPV8qaJz3kOD=+{+ z8ax0%dUGt$oY~kp{V9$(HC?MIHeBzcQobSUPv|(Uk2MM2au@l>1u2b-_*U54gPE>!kFW1<4PV5KC(;6x2EhYd6UaahNR9)d zMNj`0iTbNdL=N2waT%Jdx7nicu{-h2CZ-pMXOCs$foz(zvNXavrE>=jg;P;{jQ5ac zW9}_+pgBjIQJaeOJExe$gzBXg>Y3KOeXP5GjIy8@V6PC5E1KMIpsRRpZ8QAM;8x8y zCUvqj#_kF$t|e}+B?yDE%J4&i+v#1$`~B%!n_}Cpbw*4rjs&`BNf#_)+n*gi(X7I0 zgT5A0%lq$q+#VcljA80##cdEukJ@aY=AR;;Z{|7k-FB~@+k5(Lb?_(zcj1 zK?=2fyf0t}-y)JJJ47wyqGFA$b8()5ewyv|9p$CAdK)FJ?pPAHR0xtN*8t@k*!=|+ z1azK}pwlh77gKf884 z7Gwr;c>kX}!yLwznH(@5>B71Yqyvp&Pcw$w(g?B|k^6 zUnmMyk}B>Lg*E9E;V9BfYO??@!uBH?$`(Cl+O=a^kZI!x-{b0I<$K`tm^yv36rE@_ zx;@rpf38G#t#HTs9;(_AQ9~A;0V4I@PMFb4T+aF+8r(3Rx>w6#4IeBU){-SExVt&Q z&+b&lX{#}kASTyFB|6IzQ3U1AXD)QpQD1Z(N8IMqR2Z0OwPbpRtgz;Jc$hl#z@VIi zwK2t?_oRo(<-{lHgL#=D7c`aMj3zfhlBs@8I=coIqQ|;0W znCp18(y_EMxV5qM1JuVcrlq&C13#5)a@bhlr{MaH=A3FE=D|<26?gHO;9w^8 z<8Ov?X-NsL?L*|_^OaIa1iED#^n=B8ZFsr_;&l4?$rOtf94wb=e{t%z_Fd@M|XXnQWA~gXewdl2;uj7#Y=Hc_-UkFY@cgY;AOz)Yh0&Q z3>xBdZYAoJ1j-FBlF^qF-UQifDp@%LO!cVBP3%Z<&OHG5$St9Si-rVZ>=wP&*(a&U zRe4&>Fp+7Q!El5QFE*8`o|jTp;WMLotqVLh2%5aJrSpxOaMTKY1*eDdUFQomA|`(e zN)I77hfT_U2++f?bR?f#d%q7RsFK8A7tKni*|M4aHl<2iWy<}Jq~UOTy-5`8WSR99 z+PY5`lfQT8z^I6j#)xriPVLmHy~nqiwHb5?ST}$9{tcU01J52#VM{q4ZKR1{uCEit zAcx*bu!vA=mQv0E32hI$Bb6A^9(9l?s!H6HV67=r%0xR1E=aOBVX8W>R`iP>k?e|X zo9ST7I!_QUDgze04pn8Gd}D$PaXI>}=Vw*KUg&SVv$y@EQNz&QcXrc1XwsY=Jbw&6 zV0>$8!|ggXwb`!b!M*4=^Dt-Z4%%3oS!y)lFu&%Ve#Ycsg?v4GW7^UUnVj(w|Kfgm z)oR9QHq=THzOTeW)oJG&f~f+ERIBR|igQ}d>3BMdXk4djO&l0r7}YF6NgN}XjH^!Q zLo$u)?y+y2@dyzGWF@QCtU}d`R)B;RpW7AM(0Y^WPE@KT^PD#X6zBL9BZ_Ts&y3fy z`m~-U(^8Ac8$Nv?sMj;nX}#vFyuv9!Jz!9BYGrNv_QAv4FELEY?5mw{&QDX)!O!9N z#pm$8lBw#(CepwyQ1>)tCFzPQspBf^gg6BmUcRSxpo3 zw()2MBi}?VMxwlEtBRL(zT8G{lj7DYVhfZZTrUQ2UZ2G z&VW8XO#!qV5wDa4?aB$k(|cGkqoW|g)(75)Td5Cx?mIuQ^=bF0XgNZ7p_r>6E#k9w zFK|FL)@MjdW9yu*2so#`Rpf*R-t2+(M^~49&!dBHhna=SZ z2SMD|ZAfWilIr7A>m9u(i|qow?hC}W>aHd(lpOI5T&=eoYWp6kRfmr7)O|wNWHB18 zo*>pgT#!F3A*&N@gy%r%XT#M*7|rvldB4hWZ10EYo0CjC1W)#@eT!k9!MSYYDCPX+ z47tErl+ZNT)uX?}%;WI@M9_N<+>mjUuL{V~)GeuqW2TcguUin%&2V54IM} z;R6q!3VF0q*HL^<(68TGygjtNh_!XxrEu}Ve2i?%z4g62smQ_mRrR5V+m)}&AKnv9 z)@#N?`5MI;XE#pskf$}hl1W_7V=-Oz1uD5<7F$a-COyXM(Xetot8hA61>51o@Pfn) zBlAdeE!=r27;&?MfNq}T&@xmg~h~oO2s`^J=^p zO|AJZ{HOicW;6bgB)&6ukO2Wb6vzLAQ%hAV0!9IZ6Tf*VQBeG=_GEvAg$OkcHPG zQ^g)rW8NnRlEi$%RcWgJX~%XkmSDjn2+Xlk*m^NIWuVR4GdmMyyo#lUo04a3l_L{t zuAwxg?JSwtEm1Moz3%|xS8JHNgCTKXL^B!02y$-+nG&RkBbHl^)o*Cv{ zBx8L((I9ui7&~I$^a0}UFS?Q9?$(A-Bt#?=1tJui@n&z)lnZhtuA!GOSFF_EgeO;888j#nL1vw3)qFCN~h)AXPn|nyd z1}IxH1qR}fJgMdp4bhJ+x6-mFR+)?5!<4dLaQrqNCMQg&0Or78>0?Ni(k5}s(XTQM zr~$vlyxy$A*BU}>7FQAALyi1EnNnPa3SJ_99rl0$S#@DI z@h*og>xgTdAu>Q}4^0(06r1v+E#I>Jvjk-rEvol;W2oA>cIIr2ZxB?~pUF@`L)3*9F!Us1R%dja>e z>Aw`O#}vh86;R>&04f?8Z*KaH%p5=lCO{|PUoF3Zosokh(1FFy{l8?avtkcw3mbO* zD&rHuO3HobTd3#H9=ySMBEK#+6JVkX`66$bjanP*H<7tbQp7JMkHePhS6|2XPT!eq709o`|M~~uq7gr3v1hO zW%~zFtUUgCT^uwW7EE4X4G7mEcd0>|CBtr3dpUGZ?##4_tgu|zM?WOw{FM%p6sv!) zY7-Z~5ppF)#B<-hPxm^~uIJ^UnYSkyG%rvs1R(oOUaT#Q9DzS2(C-v|ZUGf&T0;Fe)&2vC=8qp<_TI zTwN9zg6vYyyx=_b#Pybh&K6tG{O1>63NO5jYKDkZm3Z4V`%=8wi2OFMlsk{jawTn- zMXXx7p-usf=W_h!W|>c3Lqy6MDnA_7Nk+b)p->TVfp8OaGbk56+ zWv5Qw#KNW;bb0yd!pqFbhTfxgdgb(NTAvatoTXANQkCt%?Rl7xNVzzlOhtmWAGehM zu8oO$`ZF(-oi3pWsq)hF*>&-B3UTw!sGd7UnHcl8`UVh0T+3mgGIArRHa47EPQQ!f zQPB`mI&vl^DTJt(sz0IZvseIQ;tMQH(0K~$ZSrSTjae_q>svN}QM>G-L`uBcO&+lV z_?(dGn2L#?hcc=Cco>UO4B-X;B$c^ymW&xD!gLbsc3$|LZ=2?}HLuNV0gsh^sEnxtqhtO!>-D?yHe5^dJG3IQ zp?Bvueuf#)7U*DPeS@FzoBHsI9=dt?5q+sDU0PEO3J$}LYI}sk-Mmf zr@TFb#078BwQ)O<{PhF>I4UE1ipb0nJ*{_|02Mt%H^+xkGoILqeK3T^Fd_)#Wt!{| z6pZoEtjO@Y@1oel`EM=7X_shkM%0y|$PzYw(l<{=7&%53qHC0q7huiXB^ z+}v;eVF>nICwL~pihIf+-e8+=pp0fQ#=VqI&gsb2nVu3B%1?H;atnFOb&%8j=-L+A zJp}z*9*_E|Xq~AwUe7L*OPI?CXm$;t^-q5D+VaH0*2D_v{>SPMj|AJch@b}@2?jbB zxA_XH<*7bOG!(bCpwef-G+S8|@2|QSFlh#&!;PGTVST&&1?@#o5WxgtRm^UraE!TisX`qN<^x5G3FGyRUlPk!<%D~aq!qgPHC>pq0H~<~Z zjU234oZOuLvjvE1R%m5I5BlPbTG3khxI9MD?OncG;P)aUCY3q~P9eFd!@;@I z!RAQQ-!JCK@0VADN2_VPGKLPk4K`i3EDQD2$Kfm`Qo%^R1b%_B{@ZVClUUh%A|FtP z&CPK3zpGAVzOc*Av?6ecTmQKB87|)%%pD)OM~K+`OeyzGsY77ATl~c;_>0i%YBvsf zPOh$MSW<0ulGZ}-e)>f0-4)32WIYPqR`1h(M;N?8*4yD2?gJ;n_0Q%{Uq_&!TGxH@R{*%%m`1C5*<&4ECt zKV`gFb4G!Lm$2bT)l;UxZm{2$j#@^B2MKFHxp}rs=lvz1oS^a8;TBf6#B4h6 zx_%l>MD)FNu$gHR!i#bk5%cy3tDfhc?_aw^%9wand=vtS6(8oKad?(+4VbqLxh9Rq z(~2>)A7<@srx=HhpyccfDYJBDYur&(6~0%RKmP@uo*!S$JXBhnkS1{;kjp=~;T!R6 z*jw+inwn<9Q;GO#nT6*GL@qB$i1p4By1;%$?EeBV7Y0GaV+Hqx>m&U$+ zBB-^347q6L(>}TPzmAIxn8Gc>tj#$%R?M zj=wID_a;%Rq3+BiU|rylNyi`fww>7#6r2PwCZ(g530ig>m^Xe%lu=sie$}l?4dKrq zMevJ=MfP~~OrcEU?O%uV^p%(M% zIFsNOKYc#1GGthvm+g0o8LqrSyvh}fVv!}yn9q_bIeyP0HUJW_uo0m82T@t*_x*G?zC(h;f_$__lDdqha5tW7J{=ko-o3uUp;^vkXC zoQV-a@dGUmlm+Xz&*)?wWDKoS-_Dz~jeZScz9ZXyenrsQLN!m>{tJ75=$nlL+Lz$| zy4FHJzd9KI_1d}!a?^tSRqc57vtzcfp(A`0%I(w$NuTi`!fgqbbl#?O338g>s$@c@ ze^T-N{rh4S*#IB;rIH@pz^pZXfisvu>9?56l)40q;Cos)JBDv?aT~;|+m7&xA1SiQ zyxGij5cKd!Lg&dl>tm9ZmpOetHFBpJYwu|8nByCUUc)o&zM4UD_qcZj1TLWKFOS#T zOLDT%38_QJ4HI&)u=#sJzj^VKc7ZXPD9{lG)949(Ihb1s?cilhsJ>@LZu{pc(cuMMJ`5uj=i29^x&hwlA#n*bp+zRLp} z&?I{K`|nKy2tPIr{Gxh)V*a{i;3}rnFPN7q6Dp~pz&CClxCH*$ie2A6@BA%Y3@SVuIJ>h_^<90_%p??ACRw7=tH+*+(dEn=VU0` z<>%x-Oz66Eb(Kv8>qfTU`&fUT-epgJ-4eP=Xo-C@;Z=j^zc_wp0R7Xtv>&C=Y3T9{=H#{f5u_^vHw(COuDqAStjcnIt z`+t%AsM}xl?hle5b(@d>3&{`l`~MG21h@)(cr)<-DdGQu|9Q8s>)@-&ktVn??jP`f zQpNup`E^-%mAo2y@vl1gsq+69k@)8Te(ja620#V%zW)`#-<=Z_`Lc8R!{U6sX}OBL w|10v}EzF-|zO1zCUB^}AaPnVb{=XjNchCrk&{r(9dBFqlA_D+46qi^353IXaZ~y=R literal 0 HcmV?d00001 diff --git a/profile_files/.zsh/pentest_functions.zsh b/profile_files/.zsh/pentest_functions.zsh index 86f549d..91615a0 100644 --- a/profile_files/.zsh/pentest_functions.zsh +++ b/profile_files/.zsh/pentest_functions.zsh @@ -1,3 +1,5 @@ +debug=1 + function everythingworksornot"?" { echo "really?" } @@ -10,6 +12,20 @@ function tof { . torsocks off } +function tip { + wget -qO- https://check.torproject.org/ -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" | egrep -i "Congratulations. This browser is configured to use Tor.|Sorry. You are not using Tor." | uniq +} + +function wip { + if [ $RANDOM -gt $RANDOM ] + then + wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ipecho.net/plain + else + wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" icanhazip.com + fi + # curl -s checkip.dyndns.org | sed 's#.*Address: \(.*\) 1_harvester_$pawnpls_tof_target.txt - + touch dnsenum_history.txt + + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting traceroute." >> dnsenum_history.txt + traceroute $dnstarg > 1_traceroute_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished traceroute." >> dnsenum_history.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting theharvester." >> dnsenum_history.txt + theharvester -d $dnstarg -b all -v > 2_harvester_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished theharvester." >> dnsenum_history.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting fierce." >> dnsenum_history.txt + #fierce -dns $dnstarg -wide > 3_fierce_$pawnpls_tof_target.txt # wide takes too much time for this script + fierce -dns $dnstarg > 3_fierce_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished fierce." >> dnsenum_history.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting dnsrecon." >> dnsenum_history.txt + dnsrecon -d $dnstarg -t std,brt,srv,axfr,goo --iw -a -s -c ./4_dnsrecon_$pawnpls_tof_target.txt + echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished dnsrecon." >> dnsenum_history.txt + + cat 4_dnsrecon_$pawnpls_tof_target.txt | grep -v 'hostnames found' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort -u > 5_ip_list_of_target.txt + cat 3_fierce_$pawnpls_tof_target.txt | grep 'hostnames found' | grep -E -o "([0-9]{1,3}[\.-]){4}[0-9]{1,3}" | sort -u > 6_ip_ranges_of_target.txt + + # vhost enumeration missing yet + while read ipv ; do dig +short -x $ipv >> 7_vhosts_enumerated.txt ; done < 5_ip_list_of_target.txt + cd } + function scan_enum_tof { + if [ $debug -eq 1 ] + then + echo "Calling function scan_enum_tof" + fi . torsocks off @@ -134,23 +179,19 @@ function scan_enum_tof { # Initialize directory and naming structure cdate=$(date +"%Y-%m-%d-%H%M") - sctmpfold="~/.ptz/result-scan-$cdate" - mkdir -p $sctmpfold - cd $sctmpfold + sctmpfold=".ptz/$pawnpls_tof_target/result-scan-$cdate" + mkdir -p ~/$sctmpfold + cd ~/$sctmpfold touch scan_history.txt - echo "---- Starting AgroScanner ----" >> scan_history.txt - # Start with standard alive scan and check ports on alive hosts # Get alive hosts - echo "Starting alive host enumeration..." echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ') echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt - echo "Starting port scans on alive hosts..." # Port scanning on alive hosts and version detection echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out @@ -163,7 +204,6 @@ function scan_enum_tof { number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l) echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt - echo "Starting nmap nse vulnerability scanning..." # Vulnerability scanning echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt @@ -175,18 +215,23 @@ function scan_enum_tof { # for searchsploit, but nmap should be configured to scan with xml, default is top 1000 nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt + rm 8_nmap_for_searchsploit.nmap 8_nmap_for_searchsploit.gnmap echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt - + cd } function active_attack_tof { + if [ $debug -eq 1 ] + then + echo "Calling function active_attack_tof" + fi . torsocks off cdate=$(date +"%Y-%m-%d-%H%M") - aatmpfold="~/.ptz/result-attack-$cdate" - mkdir -p $aatmpfold - cd $aatmpfold + aatmpfold=".ptz/$pawnpls_tof_target/result-attack-$cdate" + mkdir -p ~/$aatmpfold + cd ~/$aatmpfold # Preconfs @@ -194,7 +239,7 @@ function active_attack_tof { usernames="/usr/share/nmap/nselib/data/usernames.lst" passwords="/usr/share/nmap/nselib/data/passwords.lst" + # run hydra, dirb, arachni and the others.... - - + cd } diff --git a/profile_files/.zshrc b/profile_files/.zshrc index 45b0ff2..484a674 100644 --- a/profile_files/.zshrc +++ b/profile_files/.zshrc @@ -4,7 +4,6 @@ source ~/.zsh/prompt.zsh source ~/.zsh/completion.zsh source ~/.zsh/aliases.zsh source ~/.zsh/bindkeys.zsh -source ~/.zsh/functions.zsh source ~/.zsh/general_functions.zsh source ~/.zsh/pentest_functions.zsh source ~/.zsh/history.zsh