Tools and Scripts used for Pentesting and CTFs like HackTheBox, tryhackme, and more
| autorecon_config | ||
| .gitignore | ||
| autorecon.py | ||
| crack_hash.py | ||
| first_scan.sh | ||
| genRevShell.py | ||
| GitHack.py | ||
| gobuster.sh | ||
| LinEnum.sh | ||
| linpeas.sh | ||
| lse.sh | ||
| mimikatz.exe | ||
| p0wny-shell.php | ||
| padBuster.pl | ||
| php-reverse-shell.php | ||
| portscan.py | ||
| powercat.ps1 | ||
| pspy64 | ||
| README.md | ||
| requirements.txt | ||
| ssh-check-username.py | ||
| subdomainFuzz.sh | ||
| unix-privesc-check.sh | ||
| upload_file.py | ||
| uptux.py | ||
| util.py | ||
| winPEAS.bat | ||
| xss_handler.py | ||
HackingScripts
This repository contains self-made and common scripts for information gathering, enumeration and more.
Enumeration: Initial Scans
- first_scan.sh: Performs initial nmap scan (-A, -T5, -p-)
- gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
- ssh-check-username.py: Check if user enumeration works for ssh
- GitHack.py
- autorecon.py
- subdomainFuzz.sh: Fuzzes subdomains for a given domain
Enumeration: Privilege Escalation
- LinEnum.sh
- linpeas.sh
- lse.sh
- unix-privesc-check.sh
- uptux.py
- pspy64
Reverse Shell: Payloads
- genRevShell.py: Generates a reverse shell command (e.g. netcat, python, ...)
- php-reverse-shell.php
- p0wny-shell.php
- [powercat.ps1][https://github.com/besimorhino/powercat]
Miscellaneous
- upload_file.py: Starts a local tcp server, for netcat usage
- xss_handler.py: Starts a local http server and generates xss payload to steal cookies
- padBuster.pl