some fixes and debug mode added

README.md

@@ -1,4 +1,13 @@
-Penetration Tester's Zsh - functions 4 fast pawn
+Penetration Tester's Zsh
+========================
+
+Goal: make penetration testing faster, more convinient, transparent and efficient.
+
+Features planned: preconfigured functions (including tools), note knowledge base with practical examples, automated "dumb" pentesting.
+
+Usability features: tor trigger (ton/tof), external ip check, tor check... and more to be added.
+
+Note: this project is a work in progress which we develop with one of my friend in our free time. If you use it, be prepared for some glitches.
 
 Works on Debian if the dependencies are met or on Kali. Probably works on Pentoo also.
 
@@ -13,7 +22,7 @@ pawnpls   - Automatically enumerate and start predefined attacks such as brute f
             Example for multiple targets: autopawn "n0nex-1.com n0nex-2.com"
 
 
-everythingworksornot\? - check if everything works or not for this script
+everythingworksornot\? - check if everything works or not for this script (tbd)
 
 
 chk functions

profile_files/.zsh/pentest_functions.zsh

@@ -1,3 +1,5 @@
+debug=1
+
 function everythingworksornot"?" {
     echo "really?"
 }
@@ -10,6 +12,20 @@ function tof {
     . torsocks off
 }
 
+function tip {
+    wget -qO- https://check.torproject.org/ -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" | egrep -i "Congratulations. This browser is configured to use Tor.|Sorry. You are not using Tor." | uniq
+}
+
+function wip {
+    if [ $RANDOM -gt $RANDOM ]
+        then
+            wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ipecho.net/plain
+        else
+            wget -qO- -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" icanhazip.com
+    fi
+    # curl -s checkip.dyndns.org | sed 's#.*Address: \(.*\)</b.*#\1#' # Alternative 1
+    # dig +short myip.opendns.com @resolver1.opendns.com  # Alternative 2
+}
 
 function chkhttpz {
     echo "HTTP responses"
@@ -110,21 +126,50 @@ function pawnpls {
 
 
 function dns_enum_tof {
+     if [ $debug -eq 1 ]
+         then
+             echo "Calling function scan_enum_tof"
+     fi
 
     . torsocks off
 
     dnstarg=($pawnpls_tof_target)
 
     cdate=$(date +"%Y-%m-%d-%H%M")
-    dettmpfold="~/.ptz/result-scan-$cdate"
-    mkdir -p $sctmpfold
-    cd $sctmpfold
+    dettmpfold=".ptz/$pawnpls_tof_target/result-enum-$cdate"
+    mkdir -p ~/$dettmpfold
+    cd ~/$dettmpfold
 
-    theharvester -d $pawnpls_tof_target -b all -v > 1_harvester_$pawnpls_tof_target.txt
-    
+    touch dnsenum_history.txt
+
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting traceroute." >> dnsenum_history.txt
+    traceroute $dnstarg > 1_traceroute_$pawnpls_tof_target.txt
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished traceroute." >> dnsenum_history.txt
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting theharvester." >> dnsenum_history.txt
+    theharvester -d $dnstarg -b all -v > 2_harvester_$pawnpls_tof_target.txt
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished theharvester." >> dnsenum_history.txt
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting fierce." >> dnsenum_history.txt
+    #fierce -dns $dnstarg -wide > 3_fierce_$pawnpls_tof_target.txt  # wide takes too much time for this script
+    fierce -dns $dnstarg > 3_fierce_$pawnpls_tof_target.txt
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished fierce." >> dnsenum_history.txt
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting dnsrecon." >> dnsenum_history.txt
+    dnsrecon -d $dnstarg -t std,brt,srv,axfr,goo --iw -a -s -c ./4_dnsrecon_$pawnpls_tof_target.txt
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished dnsrecon." >> dnsenum_history.txt
+
+    cat 4_dnsrecon_$pawnpls_tof_target.txt | grep -v 'hostnames found' | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort -u  > 5_ip_list_of_target.txt
+    cat 3_fierce_$pawnpls_tof_target.txt  | grep 'hostnames found'  | grep -E -o "([0-9]{1,3}[\.-]){4}[0-9]{1,3}" | sort -u > 6_ip_ranges_of_target.txt
+
+    # vhost enumeration missing yet
+    while read ipv ; do dig +short -x $ipv >> 7_vhosts_enumerated.txt ; done < 5_ip_list_of_target.txt 
+    cd
 }
 
+
 function scan_enum_tof {
+    if [ $debug -eq 1 ]
+        then
+            echo "Calling function scan_enum_tof"
+    fi
 
     . torsocks off
 
@@ -134,23 +179,19 @@ function scan_enum_tof {
     
     # Initialize directory and naming structure
     cdate=$(date +"%Y-%m-%d-%H%M")
-    sctmpfold="~/.ptz/result-scan-$cdate"
-    mkdir -p $sctmpfold
-    cd $sctmpfold
+    sctmpfold=".ptz/$pawnpls_tof_target/result-scan-$cdate"
+    mkdir -p ~/$sctmpfold
+    cd ~/$sctmpfold
 
     touch scan_history.txt
 
-    echo "---- Starting AgroScanner ----" >> scan_history.txt
-    
     # Start with standard alive scan and check ports on alive hosts
     # Get alive hosts
-    echo "Starting alive host enumeration..."
     echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt
     nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out 
     alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ')
     echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt
 
-    echo "Starting port scans on alive hosts..."
     # Port scanning on alive hosts and version detection
     echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt
     nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out
@@ -163,7 +204,6 @@ function scan_enum_tof {
     number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l)
     echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt
 
-    echo "Starting nmap nse vulnerability scanning..."    
     # Vulnerability scanning
     echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt
     nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt
@@ -175,18 +215,23 @@ function scan_enum_tof {
     # for searchsploit, but nmap should be configured to scan with xml, default is top 1000
     nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit
     searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt
+    rm 8_nmap_for_searchsploit.nmap 8_nmap_for_searchsploit.gnmap
     echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt
-
+    cd
 }
 
 function active_attack_tof {
+     if [ $debug -eq 1 ]
+         then
+             echo "Calling function active_attack_tof"
+     fi
 
     . torsocks off
 
     cdate=$(date +"%Y-%m-%d-%H%M")
-    aatmpfold="~/.ptz/result-attack-$cdate"
-    mkdir -p $aatmpfold
-    cd $aatmpfold
+    aatmpfold=".ptz/$pawnpls_tof_target/result-attack-$cdate"
+    mkdir -p ~/$aatmpfold
+    cd ~/$aatmpfold
 
 
     # Preconfs
@@ -194,7 +239,7 @@ function active_attack_tof {
     usernames="/usr/share/nmap/nselib/data/usernames.lst"
     passwords="/usr/share/nmap/nselib/data/passwords.lst"
 
+    # run hydra, dirb, arachni and the others....
 
-
-
+    cd
 }

profile_files/.zshrc

@@ -4,7 +4,6 @@ source ~/.zsh/prompt.zsh
 source ~/.zsh/completion.zsh
 source ~/.zsh/aliases.zsh
 source ~/.zsh/bindkeys.zsh
-source ~/.zsh/functions.zsh
 source ~/.zsh/general_functions.zsh
 source ~/.zsh/pentest_functions.zsh
 source ~/.zsh/history.zsh