From e9d9ee29418f2d8c24db0b576c42b376379f16d5 Mon Sep 17 00:00:00 2001
From: 51x <six@keemail.me>
Date: Mon, 16 Jan 2017 21:06:37 +0100
Subject: [PATCH] extended scan and some improvements to pentest_functions.zsh

---
 profile_files/.zsh/pentest_functions.zsh | 30 +++++++++++++++++++-----
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/profile_files/.zsh/pentest_functions.zsh b/profile_files/.zsh/pentest_functions.zsh
index 238f731..a06e528 100644
--- a/profile_files/.zsh/pentest_functions.zsh
+++ b/profile_files/.zsh/pentest_functions.zsh
@@ -1,4 +1,11 @@
 # Experimental version!
+# Any commit can highly modify anything currently!
+#
+# This is the main file of PTZ.
+#
+# Logic
+# Provided IP -> vhost enum -> scan everything connected-> Identify services -> Vuln scan -> Add to queryable db
+# Provided domain name -> ip enum -> scan everything connected -> Identify services -> Vuln scan -> Add to queryable db
 
 debug=1
 
@@ -28,25 +35,25 @@ function n {
 
 function ptzdepchk {
     # check if dependencies are met or not
-    type john >/dev/null 2>&1 || { echo >&2 "john is missing."; }
-    type zip >/dev/null 2>&1 || { echo >&2 "zip is missing."; }
-    type rar >/dev/null 2>&1 || { echo >&2 "rar is missing."; }
+    type python >/dev/null 2>&1 || { echo >&2 "python is missing."; }
     type wget >/dev/null 2>&1 || { echo >&2 "wget is missing."; }
     type openssl >/dev/null 2>&1 || { echo >&2 "openssl is missing."; }
-    type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; }
+    type john >/dev/null 2>&1 || { echo >&2 "john is missing."; }
+    type rar >/dev/null 2>&1 || { echo >&2 "rar is missing."; }
+    type zip >/dev/null 2>&1 || { echo >&2 "zip is missing."; }
+    type unzip >/dev/null 2>&1 || { echo >&2 "unzip is missing."; }
     type tor >/dev/null 2>&1 || { echo >&2 "tor is missing."; }
+    type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; }
     type traceroute >/dev/null 2>&1 || { echo >&2 "traceroute is missing."; }
     type theharvester >/dev/null 2>&1 || { echo >&2 "theharvester is missing."; }
     type dnsenum >/dev/null 2>&1 || { echo >&2 "dnsenum is missing."; }
     type fierce >/dev/null 2>&1 || { echo >&2 "fierce is missing."; }
     type nmap >/dev/null 2>&1 || { echo >&2 "nmap is missing."; }
     type searchsploit >/dev/null 2>&1 || { echo >&2 "searchsploit is missing."; }
-    type unzip >/dev/null 2>&1 || { echo >&2 "unzip is missing."; }
     #type dig >/dev/null 2>&1 || { echo >&2 "dig is missing."; }
     #type curl  >/dev/null 2>&1 || { echo >&2 "curl is missing."; }
     #type arachni >/dev/null 2>&1 || { echo >&2 "arachni is missing."; }
     #type hydra >/dev/null 2>&1 || { echo >&2 "hydra is missing."; }
-    type  python >/dev/null 2>&1 || { echo >&2 "python is missing."; }
     #type dirb >/dev/null 2>&1 || { echo >&2 "dirb is missing."; }
      
 }
@@ -211,6 +218,7 @@ function dns_enum_tof {
 
     # vhost enumeration missing yet
     while read ipv ; do dig +short -x $ipv >> 7_vhosts_enumerated.txt ; done < 5_ip_list_of_target.txt 
+   
     cd
 }
 
@@ -267,6 +275,16 @@ function scan_enum_tof {
     searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt
     rm 8_nmap_for_searchsploit.nmap 8_nmap_for_searchsploit.gnmap
     echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt
+
+
+    # single nmap for all ports. thinking about this.. this is long, but more torough + replaces the others!
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Started all TCP ports / extended UDP scan for automatic searchsploit." >> scan_history.txt
+    nmap -sSU -p T:1-65535,U:7,9,11,13,17,19,20,37,39,42,49,52-54,65-71,81,111,161,123,136-170,514-518,630,631,636-640,650,653,921,1023-1030,1900,2048-2050,27900,27960,32767-32780,32831 -sV -O --script="(default or vuln or auth or brute or discovery) and not (broadcast or dos)" --script-args="unsafe=1,userdb=admin,passwd=admin" --host-timeout=180m --max-hostgroup=1 -Pn -oA 99_nmap_for_searchsploit $targetx
+    searchsploit -v --nmap 99_nmap_for_searchsploit.xml > 99_allports_searchslpoit_results.txt
+    rm 99_nmap_for_searchsploit.nmap 99_nmap_for_searchsploit.gnmap
+    echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the extended ports scan and searchsploit queries. Outputs are in the relevant files." >> scan_history.txt
+
+ 
     cd
 }