You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
200 lines
6.3 KiB
200 lines
6.3 KiB
function everythingworksornot"?" { |
|
echo "really?" |
|
} |
|
|
|
function ton { |
|
. torsocks on |
|
} |
|
|
|
function tof { |
|
. torsocks off |
|
} |
|
|
|
|
|
function chkhttpz { |
|
echo "HTTP responses" |
|
wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/" |
|
|
|
echo "\nHTTPS responses" |
|
wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/" |
|
} |
|
|
|
|
|
function chkcrt { |
|
openssl s_client -showcerts -connect $1:$2 |
|
} |
|
|
|
|
|
function hlp { |
|
echo "You can get help from the following topics:" |
|
for f in ~/.ptz/v3das/* ; do |
|
echo $f | rev | cut -d'/' -f1 | rev |cut -d'.' -f1 |
|
done |
|
} |
|
|
|
function hlprnd { |
|
cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-8};echo; |
|
cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo; |
|
cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo; |
|
cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c${1:-64};echo; |
|
} |
|
|
|
|
|
function johnzip { |
|
if [ $# -ne 2 ] |
|
then |
|
echo "Usage $0 <zipfile> <wordlist>" |
|
return |
|
fi |
|
|
|
echo "Unzip test..." |
|
unzip -l $1 |
|
|
|
echo "Cracking...." |
|
for i in $(john --wordlist=$2 --rules --stdout) |
|
do |
|
echo -ne "\rtrying \"$i\" " |
|
unzip -o -P $i $1 >/dev/null 2>&1 |
|
STATUS=$? |
|
if [ $STATUS -eq 0 ]; then |
|
echo -e "\nArchive password is: \"$i\"" |
|
return |
|
fi |
|
done |
|
} |
|
|
|
|
|
function johnrar { |
|
if [ $# -ne 2 ] |
|
then |
|
echo "Usage $0 <rarfile> <wordlist>" |
|
else |
|
rar l $1 |
|
echo "Cracking...." |
|
john --wordlist=$2 --rules --stdout | while read i |
|
do |
|
echo -ne "\rtrying \"$i\" " |
|
rar e -o+ -inul -p$i $1 >/dev/null |
|
STATUS=$? |
|
if [ $STATUS -eq "0" ]; then |
|
echo -e "\nArchive password is: \"$i\"" |
|
return |
|
fi |
|
done |
|
fi |
|
} |
|
|
|
|
|
|
|
function pawnpls { |
|
amir00t=$(whoami) |
|
if [ "$amir00t" != "root" ] |
|
then |
|
echo "pawnpls needs root in order to be effective (eg. for nmap -sS scans)." |
|
return |
|
fi |
|
|
|
if [ $# -ne 1 ] |
|
then |
|
echo "Are you sure? You need to specify a target. Be careful. This runs out of tor also, even if you have torsocks ;)" |
|
return |
|
fi |
|
|
|
# Pass to the scan function, no active attacks, just scanning |
|
pawnpls_tof_target=$1 |
|
dns_enum_tof |
|
scan_enum_tof |
|
active_attack_tof |
|
|
|
} |
|
|
|
|
|
function dns_enum_tof { |
|
|
|
. torsocks off |
|
|
|
dnstarg=($pawnpls_tof_target) |
|
|
|
cdate=$(date +"%Y-%m-%d-%H%M") |
|
dettmpfold="~/.ptz/result-scan-$cdate" |
|
mkdir -p $sctmpfold |
|
cd $sctmpfold |
|
|
|
theharvester -d $pawnpls_tof_target -b all -v > 1_harvester_$pawnpls_tof_target.txt |
|
|
|
} |
|
|
|
function scan_enum_tof { |
|
|
|
. torsocks off |
|
|
|
# Variables |
|
targetx=($pawnpls_tof_target) # Space delimited! |
|
ports=(21-23,25-26,53,80-81,110-111,113,135,139,143,179,199,443,445,465,514-515,548,554,587,646,993,995,1025-1027,1433,1720,1723,2000-2001,3306,3389,4443,5060,5666,5900,6001,8000,8008,8080,8443,8888,10000,32768,49152,49154,11211) |
|
|
|
# Initialize directory and naming structure |
|
cdate=$(date +"%Y-%m-%d-%H%M") |
|
sctmpfold="~/.ptz/result-scan-$cdate" |
|
mkdir -p $sctmpfold |
|
cd $sctmpfold |
|
|
|
touch scan_history.txt |
|
|
|
echo "---- Starting AgroScanner ----" >> scan_history.txt |
|
|
|
# Start with standard alive scan and check ports on alive hosts |
|
# Get alive hosts |
|
echo "Starting alive host enumeration..." |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting alive hosts scan." >> scan_history.txt |
|
nmap --randomize-hosts -sn -PS$ports $targetx -oG 1_alive_hosts.out |
|
alive_hosts=$(grep "Status: Up" 1_alive_hosts.out | cut -d' ' -f2 | tr '\r\n' ' ') |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished alive hosts scan. Found hosts: " $alive_hosts >> scan_history.txt |
|
|
|
echo "Starting port scans on alive hosts..." |
|
# Port scanning on alive hosts and version detection |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting port scans on alive hosts with top 1000." >> scan_history.txt |
|
nmap --randomize-hosts -sS -sV -n -Pn --top-ports 1000 $targetx > 2_ports_and_service_top1000_on_alive_hosts.out |
|
python ~/.zsh/agro_detection_parser.py | sed -n '/ /s/ \+/ /gp' > 3_ip_port_service.out |
|
number_open_tcp_ports=$(grep -v "Nmap scan report for" 3_ip_port_service.out |wc -l) # It lists all ports, even unknown and faster to grep from here for this. |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished port scans on alive hosts with top 1000. Number of open ports: " $number_open_tcp_ports >> scan_history.txt |
|
# Run UDP scan on most common ports |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting UDP scans." >> scan_history.txt |
|
nmap -sU --top-ports 50 $targetx > 4_udpscan.out |
|
number_open_udp_ports=$(grep "open" 4_udpscan.out |wc -l) |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished UDP scans. Number of open UDP ports: " $number_open_udp_ports >> scan_history.txt |
|
|
|
echo "Starting nmap nse vulnerability scanning..." |
|
# Vulnerability scanning |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Starting simple vulnerbility scans." >> scan_history.txt |
|
nmap -n -p 21 --script=ftp-anon.nse $targetx > 5_nmap_script_ftpanon.txt |
|
nmap -sU -sS --script smb-enum-* -p U:137,T:139 $targetx > 6_nmap_sbm_nse_scan.txt # There is issue with the * askterisk... should be escaped or something |
|
nmap -sS -n -p $ports --script=default,safe,vuln $targetx > 7_nmap_script_default-safe-vuln_scan.txt |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished vulnerability scans. Lists are in the relevant txt files." >> scan_history.txt |
|
|
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Started scan for automatic searchsploit." >> scan_history.txt |
|
# for searchsploit, but nmap should be configured to scan with xml, default is top 1000 |
|
nmap -sS -sV -sC -O --host-timeout=5m --max-hostgroup=1 -Pn $targetx -oA 8_nmap_for_searchsploit |
|
searchsploit -v --nmap 8_nmap_for_searchsploit.xml > 9_searchslpoit_results.txt |
|
echo $(date +"%Y-%m-%d-%H-%M-%S") " Finished the searchsploit queries. Outputs are in the relevant files." >> scan_history.txt |
|
|
|
} |
|
|
|
function active_attack_tof { |
|
|
|
. torsocks off |
|
|
|
cdate=$(date +"%Y-%m-%d-%H%M") |
|
aatmpfold="~/.ptz/result-attack-$cdate" |
|
mkdir -p $aatmpfold |
|
cd $aatmpfold |
|
|
|
|
|
# Preconfs |
|
hydrabruteprotocol=(cvs firebird icq irc ldap nntp oracle-listener oracle-sid pcanywhere pcnfs postgres rdp redis rtsp ssh sip teamspeak vmauthd) |
|
usernames="/usr/share/nmap/nselib/data/usernames.lst" |
|
passwords="/usr/share/nmap/nselib/data/passwords.lst" |
|
|
|
|
|
|
|
|
|
}
|
|
|