some fixes and debug mode added
parent
927cf13139
commit
10593fd5de
13
README.md
13
README.md
|
@ -1,4 +1,13 @@
|
|||
Penetration Tester's Zsh - functions 4 fast pawn
|
||||
Penetration Tester's Zsh
|
||||
========================
|
||||
|
||||
Goal: make penetration testing faster, more convinient, transparent and efficient.
|
||||
|
||||
Features planned: preconfigured functions (including tools), note knowledge base with practical examples, automated "dumb" pentesting.
|
||||
|
||||
Usability features: tor trigger (ton/tof), external ip check, tor check... and more to be added.
|
||||
|
||||
Note: this project is a work in progress which we develop with one of my friend in our free time. If you use it, be prepared for some glitches.
|
||||
|
||||
Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also.
|
||||
|
||||
|
@ -13,7 +22,7 @@ pawnpls - Automatically enumerate and start predefined attacks such as brute f
|
|||
Example for multiple targets: autopawn "n0nex-1.com n0nex-2.com"
|
||||
|
||||
|
||||
everythingworksornot\? - check if everything works or not for this script
|
||||
everythingworksornot\? - check if everything works or not for this script (tbd)
|
||||
|
||||
|
||||
chk functions
|
||||
|
|
Binary file not shown.
|
@ -1,3 +1,5 @@
|
|||
debug=1
|
||||
|
||||
function everythingworksornot"?" {
|
||||
echo "really?"
|
||||
}
|
||||
|
@ -10,6 +12,20 @@ function tof {
|
|||
. torsocks off
|
||||
}
|
||||
|
||||
function tip {
|
||||
wget -qO- https://check.torproject.org/ -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" | egrep -i "Congratulations. This browser is configured to use Tor.|Sorry. You are not using Tor." | uniq
|
||||
}
|
||||
|
||||
function wip {
|
||||
if [ $RANDOM -gt $RANDOM ]
|
||||
then
|
||||
wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ipecho.net/plain
|
||||
else
|
||||
wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" icanhazip.com
|
||||
fi
|
||||
# curl -s checkip.dyndns.org | sed 's#.*Address: \(.*\)</b.*#\1#' # Alternative 1
|
||||
# dig +short myip.opendns.com @resolver1.opendns.com # Alternative 2
|
||||
}
|
||||
|
||||
function chkhttpz {
|
||||
echo "HTTP responses"
|
||||
|
@ -110,21 +126,50 @@ function pawnpls {
|
|||
|
||||
|
||||
function dns_enum_tof {
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo "Calling function scan_enum_tof"
|
||||
fi
|
||||
|
||||
. torsocks off
|
||||
|
||||
dnstarg=($pawnpls_tof_target)
|
||||
|
||||
cdate=$(date +"%Y-%m-%d-%H%M")
|
||||
dettmpfold="~/.ptz/result-scan-$cdate"
|
||||
mkdir -p $sctmpfold
|
||||
cd $sctmpfold
|
||||
dettmpfold=".ptz/$pawnpls_tof_target/result-enum-$cdate"
|
||||
mkdir -p ~/$dettmpfold
|
||||
cd ~/$dettmpfold
|
||||
|
||||
theharvester -d $pawnpls_tof_target -b all -v > 1_harvester_$pawnpls_tof_target.txt
|
||||
touch dnsenum_history.txt
|
||||
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting traceroute." >> dnsenum_history.txt
|
||||
traceroute $dnstarg > 1_traceroute_$pawnpls_tof_target.txt
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished traceroute." >> dnsenum_history.txt
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting theharvester." >> dnsenum_history.txt
|
||||
theharvester -d $dnstarg -b all -v > 2_harvester_$pawnpls_tof_target.txt
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished theharvester." >> dnsenum_history.txt
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting fierce." >> dnsenum_history.txt
|
||||
#fierce -dns $dnstarg -wide > 3_fierce_$pawnpls_tof_target.txt # wide takes too much time for this script
|
||||
fierce -dns $dnstarg > 3_fierce_$pawnpls_tof_target.txt
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished fierce." >> dnsenum_history.txt
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting dnsrecon." >> dnsenum_history.txt
|
||||
dnsrecon -d $dnstarg -t std,brt,srv,axfr,goo --iw -a -s -c ./4_dnsrecon_$pawnpls_tof_target.txt
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished dnsrecon." >> dnsenum_history.txt
|
||||
|
||||
cat 4_dnsrecon_$pawnpls_tof_target.txt | grep -v 'hostnames found' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort -u > 5_ip_list_of_target.txt
|
||||
cat 3_fierce_$pawnpls_tof_target.txt | grep 'hostnames found' | grep -E -o "([0-9]{1,3}[\.-]){4}[0-9]{1,3}" | sort -u > 6_ip_ranges_of_target.txt
|
||||
|
||||
# vhost enumeration missing yet
|
||||
while read ipv ; do dig +short -x $ipv >> 7_vhosts_enumerated.txt ; done < 5_ip_list_of_target.txt
|
||||
cd
|
||||
}
|
||||
|
||||
|
||||
function scan_enum_tof {
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo "Calling function scan_enum_tof"
|
||||
fi
|
||||
|
||||
. torsocks off
|
||||
|
||||
|
@ -134,23 +179,19 @@ function scan_enum_tof {
|
|||
|
||||
# Initialize directory and naming structure
|
||||
cdate=$(date +"%Y-%m-%d-%H%M")
|
||||
sctmpfold="~/.ptz/result-scan-$cdate"
|
||||
mkdir -p $sctmpfold
|
||||
cd $sctmpfold
|
||||
sctmpfold=".ptz/$pawnpls_tof_target/result-scan-$cdate"
|
||||
mkdir -p ~/$sctmpfold
|
||||
cd ~/$sctmpfold
|
||||
|
||||
touch scan_history.txt
|
||||
|
||||
echo "---- Starting AgroScanner ----" >> scan_history.txt
|
||||
|
||||
# Start with standard alive scan and check ports on alive hosts
|
||||
# Get alive hosts
|
||||
echo "Starting alive host enumeration..."
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt
|
||||
nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out
|
||||
alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ')
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt
|
||||
|
||||
echo "Starting port scans on alive hosts..."
|
||||
# Port scanning on alive hosts and version detection
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt
|
||||
nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out
|
||||
|
@ -163,7 +204,6 @@ function scan_enum_tof {
|
|||
number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l)
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt
|
||||
|
||||
echo "Starting nmap nse vulnerability scanning..."
|
||||
# Vulnerability scanning
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt
|
||||
nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt
|
||||
|
@ -175,18 +215,23 @@ function scan_enum_tof {
|
|||
# for searchsploit, but nmap should be configured to scan with xml, default is top 1000
|
||||
nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit
|
||||
searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt
|
||||
rm 8_nmap_for_searchsploit.nmap 8_nmap_for_searchsploit.gnmap
|
||||
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt
|
||||
|
||||
cd
|
||||
}
|
||||
|
||||
function active_attack_tof {
|
||||
if [ $debug -eq 1 ]
|
||||
then
|
||||
echo "Calling function active_attack_tof"
|
||||
fi
|
||||
|
||||
. torsocks off
|
||||
|
||||
cdate=$(date +"%Y-%m-%d-%H%M")
|
||||
aatmpfold="~/.ptz/result-attack-$cdate"
|
||||
mkdir -p $aatmpfold
|
||||
cd $aatmpfold
|
||||
aatmpfold=".ptz/$pawnpls_tof_target/result-attack-$cdate"
|
||||
mkdir -p ~/$aatmpfold
|
||||
cd ~/$aatmpfold
|
||||
|
||||
|
||||
# Preconfs
|
||||
|
@ -194,7 +239,7 @@ function active_attack_tof {
|
|||
usernames="/usr/share/nmap/nselib/data/usernames.lst"
|
||||
passwords="/usr/share/nmap/nselib/data/passwords.lst"
|
||||
|
||||
# run hydra, dirb, arachni and the others....
|
||||
|
||||
|
||||
|
||||
cd
|
||||
}
|
||||
|
|
|
@ -4,7 +4,6 @@ source ~/.zsh/prompt.zsh
|
|||
source ~/.zsh/completion.zsh
|
||||
source ~/.zsh/aliases.zsh
|
||||
source ~/.zsh/bindkeys.zsh
|
||||
source ~/.zsh/functions.zsh
|
||||
source ~/.zsh/general_functions.zsh
|
||||
source ~/.zsh/pentest_functions.zsh
|
||||
source ~/.zsh/history.zsh
|
||||
|
|
Loading…
Reference in New Issue