six
/
PTZ
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

some fixes and debug mode added

master
51x 2017-01-13 22:31:48 +01:00
parent 927cf13139
commit 10593fd5de
7 changed files with 75 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -1,4 +1,13 @@
Penetration Tester's Zsh - functions 4 fast pawn Penetration Tester's Zsh
========================
Goal: make penetration testing faster, more convinient, transparent and efficient.
Features planned: preconfigured functions (including tools), note knowledge base with practical examples, automated "dumb" pentesting.
Usability features: tor trigger (ton/tof), external ip check, tor check... and more to be added.
Note: this project is a work in progress which we develop with one of my friend in our free time. If you use it, be prepared for some glitches.
Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also. Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also.
@ -13,7 +22,7 @@ pawnpls - Automatically enumerate and start predefined attacks such as brute f
Example for multiple targets: autopawn "n0nex-1.com n0nex-2.com" Example for multiple targets: autopawn "n0nex-1.com n0nex-2.com"
everythingworksornot\? - check if everything works or not for this script everythingworksornot\? - check if everything works or not for this script (tbd)
chk functions chk functions

0
chaosdir/agro.zsh 100644 → 100755
View File

0
chaosdir/chaosfunction.zsh 100644 → 100755
View File

0
chaosdir/halp/note_example.txt 100644 → 100755
View File

BIN
profile_files.zip 100755
View File

Binary file not shown.

81
profile_files/.zsh/pentest_functions.zsh
View File

@ -1,3 +1,5 @@
debug=1
function everythingworksornot"?" { function everythingworksornot"?" {
echo "really?" echo "really?"
} }
@ -10,6 +12,20 @@ function tof {
. torsocks off . torsocks off
} }
function tip {
wget -qO- https://check.torproject.org/ -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" | egrep -i "Congratulations. This browser is configured to use Tor.|Sorry. You are not using Tor." | uniq
}
function wip {
if [ $RANDOM -gt $RANDOM ]
then
wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ipecho.net/plain
else
wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" icanhazip.com
fi
# curl -s checkip.dyndns.org | sed 's#.*Address: \(.*\)</b.*#\1#' # Alternative 1
# dig +short myip.opendns.com @resolver1.opendns.com # Alternative 2
}
function chkhttpz { function chkhttpz {
echo "HTTP responses" echo "HTTP responses"
@ -110,21 +126,50 @@ function pawnpls {
function dns_enum_tof { function dns_enum_tof {
if [ $debug -eq 1 ]
then
echo "Calling function scan_enum_tof"
fi
. torsocks off . torsocks off
dnstarg=($pawnpls_tof_target) dnstarg=($pawnpls_tof_target)
cdate=$(date +"%Y-%m-%d-%H%M") cdate=$(date +"%Y-%m-%d-%H%M")
dettmpfold="~/.ptz/result-scan-$cdate" dettmpfold=".ptz/$pawnpls_tof_target/result-enum-$cdate"
mkdir -p $sctmpfold mkdir -p ~/$dettmpfold
cd $sctmpfold cd ~/$dettmpfold
theharvester -d $pawnpls_tof_target -b all -v > 1_harvester_$pawnpls_tof_target.txt touch dnsenum_history.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting traceroute." >> dnsenum_history.txt
traceroute $dnstarg > 1_traceroute_$pawnpls_tof_target.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished traceroute." >> dnsenum_history.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting theharvester." >> dnsenum_history.txt
theharvester -d $dnstarg -b all -v > 2_harvester_$pawnpls_tof_target.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished theharvester." >> dnsenum_history.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting fierce." >> dnsenum_history.txt
#fierce -dns $dnstarg -wide > 3_fierce_$pawnpls_tof_target.txt # wide takes too much time for this script
fierce -dns $dnstarg > 3_fierce_$pawnpls_tof_target.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished fierce." >> dnsenum_history.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting dnsrecon." >> dnsenum_history.txt
dnsrecon -d $dnstarg -t std,brt,srv,axfr,goo --iw -a -s -c ./4_dnsrecon_$pawnpls_tof_target.txt
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished dnsrecon." >> dnsenum_history.txt
cat 4_dnsrecon_$pawnpls_tof_target.txt | grep -v 'hostnames found' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort -u > 5_ip_list_of_target.txt
cat 3_fierce_$pawnpls_tof_target.txt | grep 'hostnames found' | grep -E -o "([0-9]{1,3}[\.-]){4}[0-9]{1,3}" | sort -u > 6_ip_ranges_of_target.txt
# vhost enumeration missing yet
while read ipv ; do dig +short -x $ipv >> 7_vhosts_enumerated.txt ; done < 5_ip_list_of_target.txt
cd
} }
function scan_enum_tof { function scan_enum_tof {
if [ $debug -eq 1 ]
then
echo "Calling function scan_enum_tof"
fi
. torsocks off . torsocks off
@ -134,23 +179,19 @@ function scan_enum_tof {
# Initialize directory and naming structure # Initialize directory and naming structure
cdate=$(date +"%Y-%m-%d-%H%M") cdate=$(date +"%Y-%m-%d-%H%M")
sctmpfold="~/.ptz/result-scan-$cdate" sctmpfold=".ptz/$pawnpls_tof_target/result-scan-$cdate"
mkdir -p $sctmpfold mkdir -p ~/$sctmpfold
cd $sctmpfold cd ~/$sctmpfold
touch scan_history.txt touch scan_history.txt
echo "---- Starting AgroScanner ----" >> scan_history.txt
# Start with standard alive scan and check ports on alive hosts # Start with standard alive scan and check ports on alive hosts
# Get alive hosts # Get alive hosts
echo "Starting alive host enumeration..."
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt
nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out
alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ') alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ')
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt
echo "Starting port scans on alive hosts..."
# Port scanning on alive hosts and version detection # Port scanning on alive hosts and version detection
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt
nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out
@ -163,7 +204,6 @@ function scan_enum_tof {
number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l) number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l)
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt
echo "Starting nmap nse vulnerability scanning..."
# Vulnerability scanning # Vulnerability scanning
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt
nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt
@ -175,18 +215,23 @@ function scan_enum_tof {
# for searchsploit, but nmap should be configured to scan with xml, default is top 1000 # for searchsploit, but nmap should be configured to scan with xml, default is top 1000
nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit
searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt
rm 8_nmap_for_searchsploit.nmap 8_nmap_for_searchsploit.gnmap
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt
cd
} }
function active_attack_tof { function active_attack_tof {
if [ $debug -eq 1 ]
then
echo "Calling function active_attack_tof"
fi
. torsocks off . torsocks off
cdate=$(date +"%Y-%m-%d-%H%M") cdate=$(date +"%Y-%m-%d-%H%M")
aatmpfold="~/.ptz/result-attack-$cdate" aatmpfold=".ptz/$pawnpls_tof_target/result-attack-$cdate"
mkdir -p $aatmpfold mkdir -p ~/$aatmpfold
cd $aatmpfold cd ~/$aatmpfold
# Preconfs # Preconfs
@ -194,7 +239,7 @@ function active_attack_tof {
usernames="/usr/share/nmap/nselib/data/usernames.lst" usernames="/usr/share/nmap/nselib/data/usernames.lst"
passwords="/usr/share/nmap/nselib/data/passwords.lst" passwords="/usr/share/nmap/nselib/data/passwords.lst"
# run hydra, dirb, arachni and the others....
cd
} }

1
profile_files/.zshrc
View File

@ -4,7 +4,6 @@ source ~/.zsh/prompt.zsh
source ~/.zsh/completion.zsh source ~/.zsh/completion.zsh
source ~/.zsh/aliases.zsh source ~/.zsh/aliases.zsh
source ~/.zsh/bindkeys.zsh source ~/.zsh/bindkeys.zsh
source ~/.zsh/functions.zsh
source ~/.zsh/general_functions.zsh source ~/.zsh/general_functions.zsh
source ~/.zsh/pentest_functions.zsh source ~/.zsh/pentest_functions.zsh
source ~/.zsh/history.zsh source ~/.zsh/history.zsh