A collection of scripts I've used on pentests. Hopefully they can be of use to others as well.
Run pip install -r requirements.txt
within the cloned tool directory.
Domino effect exploits an IBM Domino Database Security Bypass vulnerability, CVE-2005-2428, to extract password hashes from the names.nsf database. Domino effect obtains password hashes from hidden HTML HTTPPassword and dspHTTPPassword fields and outputs them to stdout in multiple formats for use with hashcat and/or john the ripper.
This script was inspired by @maudits's fetchDomino
Domino Effect - A Lotus Domino password hash tool by Jonathan Broche (@g0jhonny)
positional arguments:
system IP address or hostname to harvest hashes from.
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-u path, --uri path Path to the names.nsf file. [Default: /names.nsf]
Output Options:
--hashcat Print results for use with hashcat.
--john Print results for use with John the Ripper.
This script will take an IP address range or a list of addresses/ranges and either expand them into single IPs or combine them into a supernet. Very useful for those abnormal scopes.
EasyScope - A script to combine or expand IP Addresses by Jonathan Broche (@g0jhonny)
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-f FILE, --file FILE A new line delimieted file containing subnets (e.g.,
192.168.1.1/24) or IP ranges (e.g.
192.168.1.1-192.168.1.254).
-e [EXPAND], --expand [EXPAND]
Expand IP adddresses/ranges into single IP addresses
-c [COMBINE], --combine [COMBINE]
Combine IPs addresses/ranges into supernets
Expanding arbitrary IP address range with EasyScope
./easyscope.py -e 192.168.1.1-5
EasyScope 1.0.1
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
Combining IP ranges into supernets with EasyScope
cat subnets.txt
192.168.0.1/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
./easyscope.py -c -f subnets.txt
EasyScope 1.0.1
192.168.0.0/22
This script will take a web application URL and attempt to include it into an iframe to depict the clickjacking vulnerability. The script can output to stdout or in HTML format.
Clickjacking POC - A proof of concept script for clickjacking by Jonathan Broche (@g0jhonny)
positional arguments:
url Web application URL to test for clickjacking.
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--webapp string Web application name.
--html file Print results in HTML file.