This repository contains a collection of scripts developed for various penetration testing purposes, including Proof of Concepts (PoCs) for different vulnerabilities and general reconnaissance tools. Each script is designed to be a practical tool for security professionals, researchers, and enthusiasts.
Here is a summary of the available scripts:
- Purpose: A simple OS detection tool.
- Description: This script identifies the operating system of a target host by analyzing the Time To Live (TTL) value of its ICMP responses. It can differentiate between Windows, Linux, and other systems.
- Vulnerability: CVE-2023-27163 - Request-Baskets SSRF
- Description: An exploit for a Server-Side Request Forgery (SSRF) vulnerability found in Request-Baskets version v1.2.1 and below. It allows you to create a malicious basket that forwards requests to internal or external services.
- Vulnerability: CVE-2023-1389 - Maltrail Unauthenticated RCE
- Description: An exploit for an unauthenticated command injection vulnerability in Maltrail version 0.54 and below. The script leverages the vulnerability in the
/loginendpoint to achieve Remote Code Execution (RCE).
- Purpose: Nmap port extractor utility.
- Description: A bash script that extracts open port numbers from nmap grepable output and copies them to the clipboard. Useful for quick port enumeration workflows and chaining with other tools.