Skip to content
Branch: master
Go to file
Code

Latest commit

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

README.md

shotovuln

An offensive bash script which tries to find GENERIC privilege escalation or privilege changes vulnerabilities and similar issues on *Nix systems. The tool will try to focus only on useful information.

target audience

Pentesters which need accurate and useful information for privilege escalation

the script follow this guidelines

  • non interactive shell
  • stealth, try not to touch drive except if needed, try to run everything in memory
  • do not output useless information, only valid vuln or nothing
  • run as low privilege user
  • show clear path to root if it exists
  • no colors, can be used outside of standard terminals
  • user should pipe output to file for better read
  • try to document the vuln example in comments (ie CVE-xxx CWE weakness)
  • requirement on the compromised box : *nix OS, bash [+ python , pip: for bruteforce]

typical usage: you get a webshell on *nix and you want to elevate

options

Usage: ./shotovuln.sh [currentpassword] [brute] [network] [nosuidaudit] [pupy] [msf]

another audit script for Linux again ? seriously ?

Yes and no. We will try to be attack oriented. Alternative for this script (lynis, upc, ...) are outputing too much unecessary information or information which need to be cross checked. These step slow down pentesters in their tentative to escalate. The script also focuses on the cause of the vulnerability so it might find new ones.

About

An offensive bash script which tries to find GENERIC privesc vulnerabilities and issues.

Resources

Releases

No releases published

Languages

You can’t perform that action at this time.