forked from gwen001/pentest-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from gwen001/master
merge
- Loading branch information
Showing
76 changed files
with
1,147 additions
and
6,743 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,152 +1,208 @@ | ||
# pentest-tools | ||
My collection of custom tools I use daily. | ||
<h1 align="center">pentest-tools</h1> | ||
|
||
I don't believe in licenses. | ||
You can do whatever you want with this program. | ||
<h4 align="center">A collection of custom security tools for quick needs.</h4> | ||
|
||
However, there is a way to support :) | ||
<a href="https://github.com/sponsors/gwen001" title="Sponsor gwen001"><img src="https://raw.githubusercontent.com/gwen001/pentest-tools/master/github-sponsor.jpg" alt="Sponsor gwen001" title="Sponsor gwen001"></a> | ||
<p align="center"> | ||
<img src="https://img.shields.io/badge/-bash-gray" alt="bash badge"> | ||
<img src="https://img.shields.io/badge/python-v3-blue" alt="python badge"> | ||
<img src="https://img.shields.io/badge/php-%3E=5.5-blue" alt="php badge"> | ||
<img src="https://img.shields.io/badge/license-MIT-green" alt="MIT license badge"> | ||
<a href="https://twitter.com/intent/tweet?text=https%3a%2f%2fgithub.com%2fgwen001%2fpentest-tools%2f" target="_blank"><img src="https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2Fgwen001%2Fpentest-tools" alt="twitter badge"></a> | ||
</p> | ||
|
||
<!-- <p align="center"> | ||
<img src="https://img.shields.io/github/stars/gwen001/pentest-tools?style=social" alt="github stars badge"> | ||
<img src="https://img.shields.io/github/watchers/gwen001/pentest-tools?style=social" alt="github watchers badge"> | ||
<img src="https://img.shields.io/github/forks/gwen001/pentest-tools?style=social" alt="github forks badge"> | ||
</p> --> | ||
|
||
### arpa.sh | ||
A script that will convert address in "arpa" format to classical format. | ||
--- | ||
|
||
## Important note | ||
|
||
### crtsh.php | ||
A script that grab subdomains of a given domain from https://crt.sh | ||
‼ A big clean occured in 2022-11 ‼ | ||
|
||
Some useless/not working scripts have been archived and some others have been moved to their own repository to get more visibility, feel free to check them: | ||
- [apk-analyzer](https://github.com/gwen001/apk-analyzer) | ||
- [cloudflare-origin-ip](https://github.com/gwen001/cloudflare-origin-ip) | ||
- [csp-analyzer](https://github.com/gwen001/csp-analyzer) | ||
- [detectify-cves](https://github.com/gwen001/detectify-cves) | ||
- [extract-endpoints](https://github.com/gwen001/extract-endpoints) | ||
- [favicon-hashtrick](https://github.com/gwen001/favicon-hashtrick) | ||
- [google-search](https://github.com/gwen001/google-search) | ||
- [graphql-introspection-analyzer](https://github.com/gwen001/graphql-introspection-analyzer) | ||
- [keyhacks.sh](https://github.com/gwen001/keyhacks.sh) | ||
- [related-domains](https://github.com/gwen001/related-domains) | ||
|
||
### detect-vnc-rdp.sh | ||
A script that test port of a given IP range with netcat, by default: 3389 and 5900. | ||
--- | ||
|
||
## Install | ||
|
||
### dnsenum-brute.sh | ||
A script that perform brute force through wordlist to find subdomains. | ||
``` | ||
git clone https://github.com/gwen001/pentest-tools | ||
cd pentest-tools | ||
pip3 install -r requirements.txt | ||
``` | ||
|
||
--- | ||
|
||
### dnsenum-bruten.sh | ||
A script that perform brute force through numeric variation to find subdomains. | ||
## arpa.sh | ||
Converts IP address in `arpa` format to classical format. | ||
|
||
## bbhost.sh | ||
Performs `host` command on a given hosts list using `parallel` to make it fast. | ||
|
||
### dnsenum-reverse.sh | ||
A script that apply reverse DNS technic on a given IP range to find subdomains. | ||
## codeshare.php | ||
Performs a string search on [codeshare.io](https://codeshare.io/). | ||
|
||
## cors.py | ||
Test CORS issue on a given list of hosts. | ||
|
||
### dnsenum-reverserange.sh | ||
Same thing but IP ranges are read from an input file. | ||
|
||
|
||
### dnsenum-zonetransfer.sh | ||
A script that test Zone Transfer of a given domain. | ||
|
||
|
||
### extract-endpoints.php | ||
A script that try to extract endpoints from Javascript files, thanks to [ZSeano](https://twitter.com/zseano) | ||
## crlf.py | ||
Test CRLF issue on a given list of hosts. | ||
|
||
## crtsh.php | ||
Grabs subdomains of a given domain from [crt.sh](https://crt.sh). | ||
|
||
### extract_links.php | ||
A script that try to extract links from a given HTML file. | ||
## detect-vnc-rdp.sh | ||
Tests if ports `3389` and `5900` are open on a given IP range using `netcat`. | ||
|
||
## dnsenum-brute.sh | ||
Performs brute force through wordlist to find subdomains. | ||
|
||
### finddl.sh | ||
??? | ||
## dnsenum-bruten.sh | ||
Performs brute force through numeric variation to find subdomains. | ||
|
||
## dnsenum-reverse.sh | ||
Apply reverse DNS method on a given IP range to find subdomains. | ||
|
||
### gdorks.php | ||
A script that simply creates Google dorks for a given domain (the search are not performed). | ||
|
||
|
||
### gg-extract-links.php | ||
??? | ||
|
||
|
||
### ip-converter.php | ||
A script that convert a given IP address to different format, thanks to [Nicolas Grégoire](http://www.agarri.fr/) | ||
## dnsenum-reverserange.sh | ||
Same thing but IP ranges are read from an input file. | ||
|
||
## dnsenum-zonetransfer.sh | ||
Tests Zone Transfer of a given domain. | ||
|
||
### ip-listing.php | ||
A script that generates IP address from the start to the end. | ||
## dnsreq-alltypes.sh | ||
Performs all types of DNS requests for a given (sub)domain. | ||
|
||
## extract-domains.py | ||
Extracts domain of a given URL or a list of URLs. | ||
|
||
### mass_axfr.sh | ||
A script that test Zone Transfer on a given list of domains using [Fierce](https://github.com/mschwager/fierce). | ||
## extract_links.php | ||
Extracts links from a given HTML file. | ||
|
||
## filterurls.py | ||
Classifies and displays URLs by vulnerability types. | ||
|
||
### mass-smtp-user-enum-bruteforce.sh | ||
A script that perform SMTP user enumeration on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum) | ||
## flash-regexp.sh | ||
Performs regexps listed in `flash-regexp.txt` for Flash apps testing purpose. | ||
|
||
## gdorks.php | ||
Generates Google dorks for a given domain (searches are not performed). | ||
|
||
### mass-smtp-user-enum-check.sh | ||
A script that simply test if SMTP user enumeration is possible on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum) | ||
## hashall.php | ||
Uses about 40 algorithms to hash a given string. | ||
|
||
## ip-converter.php | ||
Converts a given IP address to different format, see [Nicolas Grégoire presentation](https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf). | ||
|
||
### nrpe.sh | ||
A script that test the Nagios Remote Plugin Executor Arbitrary Command Execution using Metasploit. | ||
## ip-listing.php | ||
Generates a list of IPs addresses from the given start to the given end, range and mask supported. | ||
|
||
## mass_axfr.sh | ||
Mass test zone transfer on a given list of domains. | ||
|
||
### pass-permut.php | ||
A script that creates words permutation with different separators and output the hashes. | ||
## mass-smtp-user-enum-bruteforce.sh | ||
Performs SMTP user enumeration on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum). | ||
|
||
## mass-smtp-user-enum-check.sh | ||
Tests if SMTP user enumeration is possible on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum). | ||
|
||
### ping-sweep-nc.sh | ||
A script that try to determine what IP are alive in a given range of IP address using Netcat. | ||
## myutils.sh | ||
Just few common Bash functions. | ||
|
||
## node-uuid.js | ||
Encode/Decode UUID using base36. | ||
|
||
### ping-sweep-nmap.sh | ||
A script that try to determine what IP are alive in a given range of IP address using Nmap. | ||
## nrpe.sh | ||
Test Nagios Remote Plugin Executor Arbitrary Command Execution on a given host using Metasploit. | ||
|
||
## openredirect.py | ||
Test Open Redirect issue on a given list of hosts. | ||
|
||
### ping-sweep-ping.sh | ||
A script that try to determine what IP are alive in a given range of IP address using Ping. | ||
## pass-permut.php | ||
Creates words permutation with different separators and output the hashes using about 40 algorithms. | ||
|
||
## pastebin.php | ||
Performs a string search on [pastebin.com](https://pastebin.com/). | ||
|
||
### portscan-nc.sh | ||
A script that try to determine the open ports of a given IP address using Netcat. | ||
## phantom-xss.js | ||
See `xss.py`. | ||
|
||
## ping-sweep-nc.sh | ||
Determines what IPs are alive in a given range of IPs addresses using `netcat`. | ||
|
||
### screensite.sh | ||
A script that take a screenshot of a given url+port using Xvfb. | ||
## ping-sweep-nmap.sh | ||
Determines what IPs are alive in a given range of IPs addresses using `nmap`. | ||
|
||
## ping-sweep-ping.sh | ||
Determines what IPs are alive in a given range of IPs addresses using `ping`. | ||
|
||
### srv_reco.sh | ||
A script that perform a very small test of a given IP address. | ||
## portscan-nc.sh | ||
Determines the open ports of a given IP address using `netcat`. | ||
|
||
## quick-hits.php | ||
Tests a given list of path on a given list of hosts. | ||
|
||
### ssh-timing-b4-pass.sh | ||
??? | ||
## quickhits.py | ||
Same but the Python version. Tests a given list of path on a given list of hosts. | ||
|
||
## rce.py | ||
Test RCE issue on a given list of hosts. | ||
|
||
### ssrf-generate-ip.php | ||
A script that generate random IP address inside private network range. | ||
## resolve.py | ||
Resolves a give list of hosts to check which ones are alive and which ones are dead. | ||
|
||
## screensite.sh | ||
Takes screenshots of a given url+port using `xvfb`. | ||
|
||
### subdomains_finder.sh | ||
A script that find subdomains using other well known programs ([TheHarvester](https://github.com/laramies/theHarvester), [DNSrecon](https://github.com/darkoperator/dnsrecon)...) | ||
## shodan.php | ||
Performs searches on Shodan using their API. | ||
|
||
## smuggler.py | ||
Test HTTP request smuggling issue on a given list of hosts. | ||
|
||
### subthreat.php | ||
A script that grab subdomains of a given domain from https://www.threatcrowd.org | ||
## srv_reco.sh | ||
Perform very small tests of a given IP address. | ||
|
||
## ssh-timing-b4-pass.sh | ||
Tries to guess SSH users using timing attack. | ||
|
||
### testhttp.php | ||
A script that test if an url (subdomain+port) is a web thing. | ||
## ssrf-generate-ip.php | ||
Generate random IP address:port inside private network range for SSRF scans. | ||
|
||
## subalt.py | ||
Generates subdomains alterations and permutations. | ||
|
||
### testhttp2.php | ||
Same same but different. | ||
## test-ip-wordlist.sh | ||
Brute force a wordlist on IPs range and ports list. | ||
|
||
## testhttp.php | ||
Tries to determine if an url (subdomain+port) is a web thing. | ||
|
||
### test-ip-wordlist.sh | ||
??? | ||
## testnc.sh | ||
Performs fuzzing on a given IP address+port using `netcat`. | ||
|
||
## Utils.php | ||
Just few common PHP functions. | ||
|
||
### testnc.sh | ||
A script that fuzz a given IP address with Netcat. | ||
## webdav-bruteforce.sh | ||
Perform brute force on a given url that use `WebDav` using [Davtest](https://github.com/cldrn/davtest). | ||
|
||
## xss.py | ||
Test XSS issue on a given list of hosts using `phantomjs`. | ||
|
||
### wayback-analyzer.php | ||
A script that try to nicely display [waybackurls.py](https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050) output. | ||
--- | ||
|
||
Feel free to [open an issue](/../../issues/) if you have any problem with the script. | ||
|
||
### webdav-bruteforce.sh | ||
A script that perform brute force on a given url that use WebDav using [Davtest](https://github.com/cldrn/davtest) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
2.0.0 |
Oops, something went wrong.