Merge pull request #2 from gwen001/master

merge

README.md

@@ -1,152 +1,208 @@
-# pentest-tools
-My collection of custom tools I use daily.
+<h1 align="center">pentest-tools</h1>
 
-I don't believe in licenses.  
-You can do whatever you want with this program.  
+<h4 align="center">A collection of custom security tools for quick needs.</h4>
 
-However, there is a way to support :)  
-<a href="https://github.com/sponsors/gwen001" title="Sponsor gwen001"><img src="https://raw.githubusercontent.com/gwen001/pentest-tools/master/github-sponsor.jpg" alt="Sponsor gwen001" title="Sponsor gwen001"></a>
+<p align="center">
+    <img src="https://img.shields.io/badge/-bash-gray" alt="bash badge">
+    <img src="https://img.shields.io/badge/python-v3-blue" alt="python badge">
+    <img src="https://img.shields.io/badge/php-%3E=5.5-blue" alt="php badge">
+    <img src="https://img.shields.io/badge/license-MIT-green" alt="MIT license badge">
+    <a href="https://twitter.com/intent/tweet?text=https%3a%2f%2fgithub.com%2fgwen001%2fpentest-tools%2f" target="_blank"><img src="https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2Fgwen001%2Fpentest-tools" alt="twitter badge"></a>
+</p>
 
+<!-- <p align="center">
+    <img src="https://img.shields.io/github/stars/gwen001/pentest-tools?style=social" alt="github stars badge">
+    <img src="https://img.shields.io/github/watchers/gwen001/pentest-tools?style=social" alt="github watchers badge">
+    <img src="https://img.shields.io/github/forks/gwen001/pentest-tools?style=social" alt="github forks badge">
+</p> -->
 
-### arpa.sh
-A script that will convert address in "arpa" format to classical format.
+---
 
+## Important note
 
-### crtsh.php
-A script that grab subdomains of a given domain from https://crt.sh
+‼ A big clean occured in 2022-11 ‼  
 
+Some useless/not working scripts have been archived and some others have been moved to their own repository to get more visibility, feel free to check them:
+- [apk-analyzer](https://github.com/gwen001/apk-analyzer)
+- [cloudflare-origin-ip](https://github.com/gwen001/cloudflare-origin-ip)
+- [csp-analyzer](https://github.com/gwen001/csp-analyzer)
+- [detectify-cves](https://github.com/gwen001/detectify-cves)
+- [extract-endpoints](https://github.com/gwen001/extract-endpoints)
+- [favicon-hashtrick](https://github.com/gwen001/favicon-hashtrick)
+- [google-search](https://github.com/gwen001/google-search)
+- [graphql-introspection-analyzer](https://github.com/gwen001/graphql-introspection-analyzer)
+- [keyhacks.sh](https://github.com/gwen001/keyhacks.sh)
+- [related-domains](https://github.com/gwen001/related-domains)
 
-### detect-vnc-rdp.sh
-A script that test port of a given IP range with netcat, by default: 3389 and 5900.
+---
 
+## Install
 
-### dnsenum-brute.sh
-A script that perform brute force through wordlist to find subdomains.
+```
+git clone https://github.com/gwen001/pentest-tools
+cd pentest-tools
+pip3 install -r requirements.txt
+```
 
+---
 
-### dnsenum-bruten.sh
-A script that perform brute force through numeric variation to find subdomains.
+## arpa.sh
+Converts IP address in `arpa` format to classical format.
 
+## bbhost.sh
+Performs `host` command on a given hosts list using `parallel` to make it fast.
 
-### dnsenum-reverse.sh
-A script that apply reverse DNS technic on a given IP range to find subdomains.
+## codeshare.php
+Performs a string search on [codeshare.io](https://codeshare.io/).
 
+## cors.py
+Test CORS issue on a given list of hosts.
 
-### dnsenum-reverserange.sh
-Same thing but IP ranges are read from an input file.
-
-
-### dnsenum-zonetransfer.sh
-A script that test Zone Transfer of a given domain.
-
-
-### extract-endpoints.php
-A script that try to extract endpoints from Javascript files, thanks to [ZSeano](https://twitter.com/zseano)
+## crlf.py
+Test CRLF issue on a given list of hosts.
 
+## crtsh.php
+Grabs subdomains of a given domain from [crt.sh](https://crt.sh).
 
-### extract_links.php
-A script that try to extract links from a given HTML file.
+## detect-vnc-rdp.sh
+Tests if ports `3389` and `5900` are open on a given IP range using `netcat`.
 
+## dnsenum-brute.sh
+Performs brute force through wordlist to find subdomains.
 
-### finddl.sh
-???
+## dnsenum-bruten.sh
+Performs brute force through numeric variation to find subdomains.
 
+## dnsenum-reverse.sh
+Apply reverse DNS method on a given IP range to find subdomains.
 
-### gdorks.php
-A script that simply creates Google dorks for a given domain (the search are not performed).
-
-
-### gg-extract-links.php
-???
-
-
-### ip-converter.php
-A script that convert a given IP address to different format, thanks to [Nicolas Grégoire](http://www.agarri.fr/)
+## dnsenum-reverserange.sh
+Same thing but IP ranges are read from an input file.
 
+## dnsenum-zonetransfer.sh
+Tests Zone Transfer of a given domain.
 
-### ip-listing.php
-A script that generates IP address from the start to the end.
+## dnsreq-alltypes.sh
+Performs all types of DNS requests for a given (sub)domain.
 
+## extract-domains.py
+Extracts domain of a given URL or a list of URLs.
 
-### mass_axfr.sh
-A script that test Zone Transfer on a given list of domains using [Fierce](https://github.com/mschwager/fierce).
+## extract_links.php
+Extracts links from a given HTML file.
 
+## filterurls.py
+Classifies and displays URLs by vulnerability types.
 
-### mass-smtp-user-enum-bruteforce.sh
-A script that perform SMTP user enumeration on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum)
+## flash-regexp.sh
+Performs regexps listed in `flash-regexp.txt` for Flash apps testing purpose.
 
+## gdorks.php
+Generates Google dorks for a given domain (searches are not performed).
 
-### mass-smtp-user-enum-check.sh
-A script that simply test if SMTP user enumeration is possible on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum)
+## hashall.php
+Uses about 40 algorithms to hash a given string.
 
+## ip-converter.php
+Converts a given IP address to different format, see [Nicolas Grégoire presentation](https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf).
 
-### nrpe.sh
-A script that test the Nagios Remote Plugin Executor Arbitrary Command Execution using Metasploit.
+## ip-listing.php
+Generates a list of IPs addresses from the given start to the given end, range and mask supported.
 
+## mass_axfr.sh
+Mass test zone transfer on a given list of domains.
 
-### pass-permut.php
-A script that creates words permutation with different separators and output the hashes.
+## mass-smtp-user-enum-bruteforce.sh
+Performs SMTP user enumeration on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum).
 
+## mass-smtp-user-enum-check.sh
+Tests if SMTP user enumeration is possible on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum).
 
-### ping-sweep-nc.sh
-A script that try to determine what IP are alive in a given range of IP address using Netcat.
+## myutils.sh
+Just few common Bash functions.
 
+## node-uuid.js
+Encode/Decode UUID using base36.
 
-### ping-sweep-nmap.sh
-A script that try to determine what IP are alive in a given range of IP address using Nmap.
+## nrpe.sh
+Test Nagios Remote Plugin Executor Arbitrary Command Execution on a given host using Metasploit.
 
+## openredirect.py
+Test Open Redirect issue on a given list of hosts.
 
-### ping-sweep-ping.sh
-A script that try to determine what IP are alive in a given range of IP address using Ping.
+## pass-permut.php
+Creates words permutation with different separators and output the hashes using about 40 algorithms.
 
+## pastebin.php
+Performs a string search on [pastebin.com](https://pastebin.com/).
 
-### portscan-nc.sh
-A script that try to determine the open ports of a given IP address using Netcat.
+## phantom-xss.js
+See `xss.py`.
 
+## ping-sweep-nc.sh
+Determines what IPs are alive in a given range of IPs addresses using `netcat`.
 
-### screensite.sh
-A script that take a screenshot of a given url+port using Xvfb.
+## ping-sweep-nmap.sh
+Determines what IPs are alive in a given range of IPs addresses using `nmap`.
 
+## ping-sweep-ping.sh
+Determines what IPs are alive in a given range of IPs addresses using `ping`.
 
-### srv_reco.sh
-A script that perform a very small test of a given IP address.
+## portscan-nc.sh
+Determines the open ports of a given IP address using `netcat`.
 
+## quick-hits.php
+Tests a given list of path on a given list of hosts.
 
-### ssh-timing-b4-pass.sh
-???
+## quickhits.py
+Same but the Python version. Tests a given list of path on a given list of hosts.
 
+## rce.py
+Test RCE issue on a given list of hosts.
 
-### ssrf-generate-ip.php
-A script that generate random IP address inside private network range.
+## resolve.py
+Resolves a give list of hosts to check which ones are alive and which ones are dead.
 
+## screensite.sh
+Takes screenshots of a given url+port using `xvfb`.
 
-### subdomains_finder.sh
-A script that find subdomains using other well known programs ([TheHarvester](https://github.com/laramies/theHarvester), [DNSrecon](https://github.com/darkoperator/dnsrecon)...)
+## shodan.php
+Performs searches on Shodan using their API.
 
+## smuggler.py
+Test HTTP request smuggling issue on a given list of hosts.
 
-### subthreat.php
-A script that grab subdomains of a given domain from https://www.threatcrowd.org
+## srv_reco.sh
+Perform very small tests of a given IP address.
 
+## ssh-timing-b4-pass.sh
+Tries to guess SSH users using timing attack.
 
-### testhttp.php
-A script that test if an url (subdomain+port) is a web thing.
+## ssrf-generate-ip.php
+Generate random IP address:port inside private network range for SSRF scans.
 
+## subalt.py
+Generates subdomains alterations and permutations.
 
-### testhttp2.php
-Same same but different.
+## test-ip-wordlist.sh
+Brute force a wordlist on IPs range and ports list.
 
+## testhttp.php
+Tries to determine if an url (subdomain+port) is a web thing.
 
-### test-ip-wordlist.sh
-???
+## testnc.sh
+Performs fuzzing on a given IP address+port using `netcat`.
 
+## Utils.php
+Just few common PHP functions.
 
-### testnc.sh
-A script that fuzz a given IP address with Netcat.
+## webdav-bruteforce.sh
+Perform brute force on a given url that use `WebDav` using [Davtest](https://github.com/cldrn/davtest).
 
+## xss.py
+Test XSS issue on a given list of hosts using `phantomjs`.
 
-### wayback-analyzer.php
-A script that try to nicely display [waybackurls.py](https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050) output.
+---
 
+Feel free to [open an issue](/../../issues/) if you have any problem with the script.  
 
-### webdav-bruteforce.sh
-A script that perform brute force on a given url that use WebDav using [Davtest](https://github.com/cldrn/davtest)

Utils.php

@@ -1,11 +1,5 @@
 <?php
 
-/**
- * I don't believe in license
- * You can do want you want with this program
- * - gwen -
- */
-
 class Utils
 {
 	const TMP_DIR = '/tmp/';
@@ -94,8 +88,8 @@ public static function _array_search( $array, $search, $ignore_case=true )
 
 		return false;
 	}
-	
-	
+
+
 	public static function isDomain( $str )
 	{
 		$str = strtolower( $str );
@@ -119,7 +113,7 @@ public static function isSubdomain( $str )
 		}
 	}
 
-	
+
 	public static function extractDomain( $host )
 	{
 		$tmp = explode( '.', $host );
@@ -136,30 +130,30 @@ public static function extractDomain( $host )
 
 		return $domain;
 	}
-	
-	
+
+
 	public static function cleanOutput( $str )
 	{
 		$str = preg_replace( '#\[[0-9;]{1,4}m#', '', $str );
 
 		return $str;
 	}
-	
+
 
 	public static function _exec( $cmd )
 	{
 		$output = '';
-	
+
 		while( @ob_end_flush() );
-		
+
 		$proc = popen( $cmd, 'r' );
 		while( !feof($proc) ) {
 			$line = fread( $proc, 4096 );
 			echo $line;
 			$output .= $line;
 			@flush();
 		}
-		
+
 		return $output;
 	}
 }

VERSION

@@ -0,0 +1 @@
+2.0.0