Tools and Scripts used for Pentesting like HackTheBox, tryhackme, and more (only white-hat stuff ofc :p)

Roman Hergenreder 2338077bd6 python webserver routes 3 months ago
autorecon_config 4c265dc683 GitHack 2 -> 3, crack hash, requirements 7 months ago
win 1a4d7821f8 Chisel + AccessChk 3 months ago
.gitignore dc4babba88 pingscan 4 months ago
LinEnum.sh a0476d4c17 Initial Commit 1 year ago
README.md c9a51b8868 README 3 months ago
__init__.py dba69dc704 xss_handler 3 months ago
autorecon.py 4c265dc683 GitHack 2 -> 3, crack hash, requirements 7 months ago
chisel 1a4d7821f8 Chisel + AccessChk 3 months ago
chisel64 1a4d7821f8 Chisel + AccessChk 3 months ago
crack_hash.py 269f4d280d Crack Hash: LM 3 months ago
deepce.sh a872da3d4c deepce fix 4 months ago
fileserver.py 2338077bd6 python webserver routes 3 months ago
first_scan.sh 59a10ddead wfuzz -> ffuf 5 months ago
genRevShell.py dc4babba88 pingscan 4 months ago
git-dumper.py 0b1c78ab56 git-dumper fix 7 months ago
gobuster.sh a0476d4c17 Initial Commit 1 year ago
jsp-webshell.jsp 6172f68da8 update 3 months ago
linpeas.sh 5dcbdb5f86 LinPeas update 4 months ago
linux-exploit-suggester.sh 2338077bd6 python webserver routes 3 months ago
lse.sh a0476d4c17 Initial Commit 1 year ago
p0wny-shell.php a0476d4c17 Initial Commit 1 year ago
padBuster.pl e3ad4d3e53 Powercat + Padbuster 9 months ago
php-reverse-shell.php a0476d4c17 Initial Commit 1 year ago
pingscan.py 5046360a1d queue availability check 3 months ago
portscan.py 5046360a1d queue availability check 3 months ago
pspy64 a0476d4c17 Initial Commit 1 year ago
requirements.txt 4c265dc683 GitHack 2 -> 3, crack hash, requirements 7 months ago
sql.php 0c5e663943 sql query script 4 months ago
ssh-check-username.py a0476d4c17 Initial Commit 1 year ago
startHttpServer.sh eb9e62b70f winPEAS update 3 months ago
subdomainFuzz.sh fcb562e6df https support for subdomain fuzzing 3 months ago
unix-privesc-check.sh a0476d4c17 Initial Commit 1 year ago
upload_file.py 712b851f36 xss + utils 7 months ago
uptux.py a0476d4c17 Initial Commit 1 year ago
util.py a086ddeb42 Some more xss payloads 4 months ago
web_service_finder.py 31f0849e1c Joomla Version Finder 3 months ago
xss_handler.py ffddd34e06 XSS 3 months ago

README.md

HackingScripts

This repository contains self-made and common scripts for information gathering, enumeration and more.

Enumeration: Initial Scans

  • first_scan.sh: Performs initial nmap scan
  • gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
  • ssh-check-username.py: Check if user enumeration works for ssh
  • git-dumper.py
  • autorecon.py
  • subdomainFuzz.sh: Fuzzes subdomains for a given domain

Enumeration: Privilege Escalation & Pivoting

  • LinEnum.sh
  • linpeas.sh
  • lse.sh
  • unix-privesc-check.sh
  • uptux.py
  • pspy64
  • portscan.py: small python script, which scans open TCP ports natively with multithread support. Can be deployed on victim machines to scan the intranet.
  • pingscan.py: small python script, which can detect internal hosts via ping probes natively. Can be deployed on victim machines to scan the intranet.
  • deepce.sh: Docker Privilege Escalation (e.g. exposed socket)

Reverse Shell: Payloads

Miscellaneous

  • upload_file.py: Starts a local tcp server, for netcat usage
  • xss_handler.py: Starts a local http server and generates xss payload to steal cookies
  • padBuster.pl
  • sql.php: Execute sql queries passed via GET/POST
  • util.py: Collection of some small functions
  • fileserver.py: Create a temporary http server serving in-memory files

Windows