Skip to content
Custom pentesting tools
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
Utils.php
arpa.sh
certspotter.sh
cloudflare-ip.txt
cloudflare-range.txt
codeshare.php
crtsh.php
detect-vnc-rdp.sh
dnsenum-brute.sh
dnsenum-bruten.sh
dnsenum-reverse.sh
dnsenum-reverserange.sh
dnsenum-zonetransfer.sh
extract-endpoints.php
extract-links.php
finddl.sh
gdorks.php
gg-extract-links.php
ip-converter.php
ip-listing.php
is-cloudflare.sh
lynx-google.sh
mass-smtp-user-enum-bruteforce.sh
mass-smtp-user-enum-check.sh
mass_axfr.sh
multiple-host.php
myrecon.sh
myutils.sh
nrpe.sh
pass-permut.php
pastebin.php
ping-sweep-nc.sh
ping-sweep-nmap.sh
ping-sweep-ping.sh commit message Nov 2, 2018
portscan-nc.sh
quick-hits.php
screensite.sh
shodan.php
srv_reco.sh
ssh-timing-b4-pass.sh
ssrf-generate-ip.php commit message Nov 2, 2018
subdomains_finder.sh
subthreat.php
test-ip-wordlist.sh
testall.sh
testhttp.php
testhttp2.php
testnc.sh
testrce.sh
wayback-analyzer.php commit message Nov 2, 2018
webdav-bruteforce.sh commit message Nov 2, 2018

README.md

pentest-tools

My collection of custom tools I use in my daily.

arpa.sh

A script that will convert address in "arpa" format to classical format.

crtsh.php

A script that grab subdomains of a given domain from https://crt.sh

detect-vnc-rdp.sh

A script that test port of a given IP range with netcat, by default: 3389 and 5900.

dnsenum-brute.sh

A script that perform brute force through wordlist to find subdomains.

dnsenum-bruten.sh

A script that perform brute force through numeric variation to find subdomains.

dnsenum-reverse.sh

A script that apply reverse DNS technic on a given IP range to find subdomains.

dnsenum-reverserange.sh

Same thing but IP ranges are read from an input file.

dnsenum-zonetransfer.sh

A script that test Zone Transfer of a given domain.

extract-endpoints.php

A script that try to extract endpoints from Javascript files, thanks to ZSeano

extract_links.php

A script that try to extract links from a given HTML file.

finddl.sh

???

gdorks.php

A script that simply creates Google dorks for a given domain (the search are not performed).

gg-extract-links.php

???

ip-converter.php

A script that convert a given IP address to different format, thanks to Nicolas Grégoire

ip-listing.php

A script that generates IP address from the start to the end.

mass_axfr.sh

A script that test Zone Transfer on a given list of domains using Fierce.

mass-smtp-user-enum-bruteforce.sh

A script that perform SMTP user enumeration on a given list of IP address using smtp-user-enum

mass-smtp-user-enum-check.sh

A script that simply test if SMTP user enumeration is possible on a given list of IP address using smtp-user-enum

nrpe.sh

A script that test the Nagios Remote Plugin Executor Arbitrary Command Execution using Metasploit.

pass-permut.php

A script that creates words permutation with different separators and output the hashes.

ping-sweep-nc.sh

A script that try to determine what IP are alive in a given range of IP address using Netcat.

ping-sweep-nmap.sh

A script that try to determine what IP are alive in a given range of IP address using Nmap.

ping-sweep-ping.sh

A script that try to determine what IP are alive in a given range of IP address using Ping.

portscan-nc.sh

A script that try to determine the open ports of a given IP address using Netcat.

screensite.sh

A script that take a screenshot of a given url+port using Xvfb.

srv_reco.sh

A script that perform a very small test of a given IP address.

ssh-timing-b4-pass.sh

???

ssrf-generate-ip.php

A script that generate random IP address inside private network range.

subdomains_finder.sh

A script that find subdomains using other well known programs (TheHarvester, DNSrecon...)

subthreat.php

A script that grab subdomains of a given domain from https://www.threatcrowd.org

testhttp.php

A script that test if an url (subdomain+port) is a web thing.

testhttp2.php

Same same but different.

test-ip-wordlist.sh

???

testnc.sh

A script that fuzz a given IP address with Netcat.

wayback-analyzer.php

A script that try to nicely display waybackurls.py output.

webdav-bruteforce.sh

A script that perform brute force on a given url that use WebDav using Davtest

You can’t perform that action at this time.