Tools and Scripts used for Pentesting and CTFs like HackTheBox, tryhackme, and more
Go to file
2024-02-24 16:08:04 +01:00
win update 2024-02-14 13:00:30 +01:00
__init__.py pcap file extract fix 2023-12-09 09:37:28 -05:00
.gitignore pingscan 2020-08-28 23:04:41 +02:00
cdk64 update + fix 2023-10-24 23:45:09 +02:00
chisel Update Dependencies + paramiko port forwarding + some bug fixes 2023-09-13 21:16:52 +02:00
chisel64 Update Dependencies + paramiko port forwarding + some bug fixes 2023-09-13 21:16:52 +02:00
crack_hash.py windows binaries + Name The Hash 2022-01-03 15:00:43 +01:00
crawl_urls.py Update 2022-12-09 14:54:06 +01:00
deepce.sh update 2024-02-03 20:53:55 +01:00
dnsserver.py Update 2022-03-01 14:23:45 +01:00
fileserver.py xss handler, argparse 2024-02-14 12:40:05 +01:00
find_git_commit.py chmod +x 2022-01-30 20:47:22 +01:00
first_scan.sh wfuzz -> ffuf 2020-08-09 16:49:02 +02:00
git-dumper.py Update 2022-03-01 14:23:45 +01:00
gobuster.sh util: stack 2023-11-12 20:26:19 +01:00
jsp-webshell.jsp update 2020-10-12 19:21:41 +02:00
LinEnum.sh Project Update 2021-05-03 22:35:31 +02:00
linpeas.sh update 2024-02-14 13:00:30 +01:00
linux-exploit-suggester.sh Update Dependencies + paramiko port forwarding + some bug fixes 2023-09-13 21:16:52 +02:00
lse.sh update 2024-02-03 20:53:55 +01:00
ncat Added ncat + background shell listener 2021-10-27 13:08:14 +02:00
p0wny-shell.php Update Dependencies + paramiko port forwarding + some bug fixes 2023-09-13 21:16:52 +02:00
padBuster.pl Padbuster https proxy, util regex assertions, sql.php cli mode 2023-10-27 20:45:51 +02:00
pcap_file_extract.py pcap file extract fix 2023-12-09 09:37:28 -05:00
PetitPotam.py update 2024-02-14 13:00:30 +01:00
php-reverse-shell.php update 2023-11-26 14:10:54 +01:00
phpinfo-analyzer.py chmod +x 2022-01-30 20:47:22 +01:00
pingscan.py Update 2022-12-09 14:54:06 +01:00
portscan.py Ping/Portscan update, git-dumper fix, genRevShell trigger shell 2021-05-14 16:49:49 +02:00
pspy Update Dependencies + paramiko port forwarding + some bug fixes 2023-09-13 21:16:52 +02:00
pspy64 Update Dependencies + paramiko port forwarding + some bug fixes 2023-09-13 21:16:52 +02:00
README.md README 2024-02-14 13:32:32 +01:00
requirements.txt project update 2023-01-02 05:43:57 -05:00
rev_shell.py xss handler, argparse 2024-02-14 12:40:05 +01:00
smtpserver.py ssh and smtp server 2023-09-19 14:39:11 +02:00
socat update 2024-02-14 13:00:30 +01:00
socat64 update 2024-02-14 13:00:30 +01:00
sql.php sql.php: PDO support 2023-11-26 19:49:43 +01:00
sqli.py sqli template 2024-02-24 16:08:04 +01:00
ssh-check-username.py README 2023-12-11 09:30:13 +01:00
sshserver.py new functions 2023-10-01 11:23:05 +02:00
subdomainFuzz.sh bugfix, sni fuzzing preparation 2023-10-29 17:22:24 +01:00
template.py sqli template 2024-02-24 16:08:04 +01:00
unix-privesc-check.sh Project Update 2021-05-03 22:35:31 +02:00
update.sh update 2024-02-14 13:00:30 +01:00
upload_file.py Potatoes Potatoes 2023-10-05 14:01:50 +02:00
uptux.py Update Dependencies + paramiko port forwarding + some bug fixes 2023-09-13 21:16:52 +02:00
util.py update 2024-02-03 20:53:55 +01:00
web_service_finder.py Project Update 2022-12-05 10:09:01 +01:00
xp_cmdshell.py update + fix 2023-10-24 23:45:09 +02:00
xss_handler.py xss handler, argparse 2024-02-14 12:40:05 +01:00

HackingScripts

This repository contains self-made and common scripts for information gathering, enumeration and more.

What is this?

I use this repository mostly for automated exploit chains. HackTheBox machines often involve steps like spawning a http server, serving a file, extracting content, steal data through custom DNS/FTP/SSH servers, spawning a reverse shell etc. Using this library I implement a script-to-root mechanism to chain all these steps together. Since the repository also includes lots of common payloads and binaries, I didn't want to put it on PyPI. If you got any recommendations for me, feel free to contact me!

Installation

PYTHON_DIR=$(python -c "import sys;print(sys.path[-1])")

# clone directly into python site-packages
git clone https://git.romanh.de/Roman/HackingScripts.git $PYTHON_DIR/hackingscripts
# or use a symlink
git clone https://git.romanh.de/Roman/HackingScripts.git
sudo ln -s $(pwd)/HackingScripts $PYTHON_DIR/hackingscripts

# Install requirements
pip3 install -r $PYTHON_DIR/hackingscripts/requirements.txt

Enumeration: Initial Scans

  • first_scan.sh: Performs initial nmap scan
  • gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
  • subdomainFuzz.sh: Fuzzes subdomains for a given domain
  • ssh-check-username.py: Check if user enumeration works for ssh
  • git-dumper.py

Enumeration: Privilege Escalation & Pivoting

  • LinEnum.sh
  • linpeas.sh
  • lse.sh
  • unix-privesc-check.sh
  • uptux.py
  • pspy64
  • portscan.py: small python script, which scans open TCP ports natively with multithread support. Can be deployed on victim machines to scan the intranet.
  • pingscan.py: small python script, which can detect internal hosts via ping probes natively. Can be deployed on victim machines to scan the intranet.
  • deepce.sh: Docker Privilege Escalation (e.g. exposed socket)
  • socat

Reverse Shell: Payloads

Miscellaneous

  • upload_file.py: Starts a local tcp server, for netcat usage
  • xss_handler.py: Starts a local http server and generates xss payload to steal cookies
  • padBuster.pl
  • sql.php: Execute sql queries passed via GET/POST
  • util.py: Collection of some small functions
  • fileserver.py: Create a temporary http server serving in-memory files
  • dnsserver.py: Create a temporary dns server responding dynamically to basic DNS requests (in-memory)
  • sshserver.py: Create a temporary ssh server to intercept credentials (TODO: relay) (in-memory)
  • smtpserver.py: Create a temporary smtp server (in-memory)
  • template.py: Creates a template for web exploits, similar to pwnlib's template
  • pcap_file_extract.py: Lists and extracts files from http connections found in pcap files
  • find_git_commit.py: Compares a local repository (e.g. downloaded from a remote server) with another git repository to guess the commit hash. Useful to find used versions
  • TODO: smb
  • sqli.py: An abstract class for automizing SQL-Injections (WIP)

Windows

Example API-Usage

TODO: Add some example code or bash commands on how to use the custom libraries, e.g. fileserver, xss_handler, etc.