4 months ago · 67045c6ba0
--- a/README.md
+++ b/README.md
@@ -14,9 +14,9 @@ sudo ln -s HackingScripts $(python -c "import sys;print(sys.path[-1])")/hackings
 
				 ### Enumeration: Initial Scans
			
 
				 - first_scan.sh: Performs initial nmap scan
			
 
				 - gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
			
 
				-- ssh-check-username.py: Check if user enumeration works for ssh
			
 
				-- [git-dumper.py](https://github.com/arthaud/git-dumper)
			
 
				 - subdomainFuzz.sh: Fuzzes subdomains for a given domain
			
 
				+- [ssh-check-username.py](https://www.exploit-db.com/exploits/45939): Check if user enumeration works for ssh
			
 
				+- [git-dumper.py](https://github.com/arthaud/git-dumper)
			
 
				 
			
 
				 ### Enumeration: Privilege Escalation & Pivoting
			
 
				 - [LinEnum.sh](https://github.com/rebootuser/LinEnum)
			
@@ -32,7 +32,7 @@ Can be deployed on victim machines to scan the intranet.
 
				 - [deepce.sh](https://github.com/stealthcopter/deepce): Docker Privilege Escalation (e.g. exposed socket)
			
 
				 
			
 
				 ### Reverse Shell: Payloads
			
 
				-- genRevShell.py: Generates a reverse shell command (e.g. netcat, python, ...)
			
 
				+- rev_shell.py: Generates a reverse shell command (e.g. netcat, python, ...)
			
 
				 - [php-reverse-shell.php](https://github.com/pentestmonkey/php-reverse-shell)
			
 
				 - [p0wny-shell.php](https://github.com/flozz/p0wny-shell)
			
 
				 - [aspx-reverse-shell.aspx](https://github.com/borjmz/aspx-reverse-shell)
			
@@ -46,8 +46,14 @@ Can be deployed on victim machines to scan the intranet.
 
				 - util.py: Collection of some small functions
			
 
				 - fileserver.py: Create a temporary http server serving in-memory files
			
 
				 - dnsserver.py: Create a temporary dns server responding dynamically to basic DNS requests (in-memory)
			
 
				+- sshserver.py: Create a temporary ssh server to intercept credentials (TODO: relay) (in-memory)
			
 
				+- smtpserver.py: Create a temporary smtp server (in-memory)
			
 
				+- template.py: Creates a template for web exploits, similar to pwnlib's template
			
 
				+- pcap_file_extract.py: Lists and extracts files from http connections found in pcap files
			
 
				+- find_git_commit.py: Compares a local repository (e.g. downloaded from a remote server) with another git repository to guess the commit hash. Useful to find used versions
			
 
				+- TODO: smb
			
 
				 
			
 
				-### Windows
			
 
				+### [Windows](win/)
			
 
				  - nc.exe/nc64.exe: netcat standalone binary
			
 
				  - [mimikatz.exe](https://github.com/gentilkiwi/mimikatz)
			
 
				  - [plink.exe](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html): command line PuTTY client for port forwarding
			
--- a/ssh-check-username.py
+++ b/ssh-check-username.py
@@ -10,6 +10,8 @@ import socket
 
				 import sys
			
 
				 import pdb
			
 
				 
			
 
				+# CVE-2018-15473 (OpenSSH 7.7)
			
 
				+
			
 
				 class InvalidUsername(Exception):
			
 
				     pass
			
 
				 
			
--- a/win/wireshark-setup.exe
+++ b/win/wireshark-setup.exe