Skip to content
Just a repo of random Python scripts to get pentesters started with the Python language on engagements.
Python
Branch: master
Clone or download

Latest commit

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Python Pentesting Scripts Feb 29, 2020
LICENSE Python Pentesting Scripts Feb 29, 2020
README.md Python Pentesting Scripts Feb 29, 2020
aws_services.txt Python Pentesting Scripts Feb 29, 2020
cloud_aws_s3.py Python Pentesting Scripts Feb 29, 2020
cloud_aws_secrets.py Python Pentesting Scripts Feb 29, 2020
cloud_azure_ad.py Python Pentesting Scripts Feb 29, 2020
cloud_gsuite_backdoor.py Python Pentesting Scripts Feb 29, 2020
cloud_gsuite_email.py Python Pentesting Scripts Feb 29, 2020
crack_jwt.py Python Pentesting Scripts Feb 29, 2020
live_host_discovery.py Python Pentesting Scripts Feb 29, 2020
live_port_discovery.py Python Pentesting Scripts Feb 29, 2020
passwords_attack.py Python Pentesting Scripts Feb 29, 2020
pivot_psremoting.py Python Pentesting Scripts Feb 29, 2020
pivot_winrm.py Python Pentesting Scripts Feb 29, 2020
pivot_wmi.py Python Pentesting Scripts Feb 29, 2020
powerstrip.py Python Pentesting Scripts Feb 29, 2020
pyinjector.py Python Pentesting Scripts Feb 29, 2020
pymeta.py Python Pentesting Scripts Feb 29, 2020
requirements.txt Python Pentesting Scripts Feb 29, 2020
shodan_search.py Python Pentesting Scripts Feb 29, 2020
socket_c2_client.py Python Pentesting Scripts Feb 29, 2020
socket_c2_server.py Python Pentesting Scripts Feb 29, 2020
web_brute.py Python Pentesting Scripts Feb 29, 2020
web_robots.py Python Pentesting Scripts Feb 29, 2020
web_sniff.py Python Pentesting Scripts Feb 29, 2020
web_spa.py Python Pentesting Scripts Feb 29, 2020

README.md

Python for Pentesters

Overview

Getting started with Python for pentesting and red team engagements is fairly easy! This repo is just a small collection of random scripts to help get you started.

Brought to you by:

Black Hills Information Security

Examples: by Mike Felch (@ustayready) and Joff Thyer (@joff_thyer)

This code is provided purely for educational purposes.

  • pivot_winrm.py: shows how to use Python with winrm to execute commands on a remote machine
  • cloud_aws_s3.py: search AWS S3 buckets for sensitive filenames
  • cloud_aws_secrets.py: Dump all the secrets in AWS Secrets Manager
  • cloud_azure_ad.py: Dumping AzureAD users
  • cloud_gsuite_backdoor.py: Backdooring G Suite accounts for full access
  • cloud_gsuite_email.py: Reading GMail emails
  • crack_jwt.py: Cracking JSON web tokens
  • live_host_discovery.py: Discovering live hosts on a network
  • live_port_discovery.py: Discovering open ports on a host
  • passwords_attack.py: Trying username/password combinations on a web authentication portal
  • pivot_psremoting.py: Pivoting in a Windows environment using PSRemoting
  • pivot_wmi.py: Pivoting in a Windows environment using WMI
  • shodan_search.py: Searching for internet connected devices on Shodan
  • socket_c2_client.py: C2 socket client
  • socket_c2_server.py: C2 socket server
  • web_brute.py: Brute forcing web paths for unknown attack surfaces
  • web_robots.py: Downloading the robots.txt for URLs
  • web_sniff.py: Sniffing HTTP packets
  • web_spa.py: Interacting with a single page app with a headless browser then copying session cookies to the requests library
  • pymeta.py: Read all files in a directory recursively and extracts metadata from any office documents, and PDFs discovered
  • powerstrip.py: Strips comments out of a PowerShell script, and writes a file with -stripped as part of the filename
  • pyinjector.py: Using ctypes to execute shellcode within the same process or inject into a remote process using thread manipulation
You can’t perform that action at this time.