Tools and Scripts used for Pentesting and CTFs like HackTheBox, tryhackme, and more
Go to file
2021-04-30 22:50:58 +02:00
autorecon_config GitHack 2 -> 3, crack hash, requirements 2020-06-03 19:21:25 +02:00
win Windows Binaries + MSSQL hash type 2020-11-07 12:54:18 +01:00
__init__.py xss_handler 2020-09-27 15:19:31 +02:00
.gitignore pingscan 2020-08-28 23:04:41 +02:00
autorecon.py GitHack 2 -> 3, crack hash, requirements 2020-06-03 19:21:25 +02:00
chisel Chisel + AccessChk 2020-10-21 21:40:20 +02:00
chisel64 Chisel + AccessChk 2020-10-21 21:40:20 +02:00
crack_hash.py MSSQL hash fix 2020-11-07 12:58:24 +01:00
deepce.sh deepce fix 2020-09-02 14:05:51 +02:00
fileserver.py fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00
first_scan.sh wfuzz -> ffuf 2020-08-09 16:49:02 +02:00
genRevShell.py Windows Binaries + MSSQL hash type 2020-11-07 12:54:18 +01:00
git-dumper.py fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00
gobuster.sh Initial Commit 2020-01-28 22:15:42 +01:00
jsp-webshell.jsp update 2020-10-12 19:21:41 +02:00
LinEnum.sh Initial Commit 2020-01-28 22:15:42 +01:00
linpeas.sh LinPeas update 2020-09-25 14:46:08 +02:00
linux-exploit-suggester.sh python webserver routes 2020-10-21 21:41:06 +02:00
lse.sh Initial Commit 2020-01-28 22:15:42 +01:00
p0wny-shell.php Initial Commit 2020-01-28 22:15:42 +01:00
padBuster.pl Windows Binaries + MSSQL hash type 2020-11-07 12:54:18 +01:00
php-reverse-shell.php Initial Commit 2020-01-28 22:15:42 +01:00
pingscan.py queue availability check 2020-10-07 14:09:32 +02:00
portscan.py queue availability check 2020-10-07 14:09:32 +02:00
pspy Windows Binaries + MSSQL hash type 2020-11-07 12:54:18 +01:00
pspy64 Initial Commit 2020-01-28 22:15:42 +01:00
README.md README 2020-09-27 15:18:48 +02:00
requirements.txt GitHack 2 -> 3, crack hash, requirements 2020-06-03 19:21:25 +02:00
sql.php sql query script 2020-09-14 18:09:59 +02:00
ssh-check-username.py Initial Commit 2020-01-28 22:15:42 +01:00
startHttpServer.sh winPEAS update 2020-10-01 22:39:39 +02:00
subdomainFuzz.sh https support for subdomain fuzzing 2020-10-07 11:53:57 +02:00
test_ciphers.sh fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00
unix-privesc-check.sh Initial Commit 2020-01-28 22:15:42 +01:00
upload_file.py xss + utils 2020-06-02 14:15:03 +02:00
uptux.py Initial Commit 2020-01-28 22:15:42 +01:00
util.py fileserver xss, git dumper submodules, ciphers test, exif bugfix 2021-04-30 22:50:58 +02:00
web_service_finder.py Joomla Version Finder 2020-10-01 23:30:28 +02:00
xss_handler.py XSS 2020-09-28 15:44:46 +02:00

HackingScripts

This repository contains self-made and common scripts for information gathering, enumeration and more.

Enumeration: Initial Scans

  • first_scan.sh: Performs initial nmap scan
  • gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
  • ssh-check-username.py: Check if user enumeration works for ssh
  • git-dumper.py
  • autorecon.py
  • subdomainFuzz.sh: Fuzzes subdomains for a given domain

Enumeration: Privilege Escalation & Pivoting

  • LinEnum.sh
  • linpeas.sh
  • lse.sh
  • unix-privesc-check.sh
  • uptux.py
  • pspy64
  • portscan.py: small python script, which scans open TCP ports natively with multithread support. Can be deployed on victim machines to scan the intranet.
  • pingscan.py: small python script, which can detect internal hosts via ping probes natively. Can be deployed on victim machines to scan the intranet.
  • deepce.sh: Docker Privilege Escalation (e.g. exposed socket)

Reverse Shell: Payloads

Miscellaneous

  • upload_file.py: Starts a local tcp server, for netcat usage
  • xss_handler.py: Starts a local http server and generates xss payload to steal cookies
  • padBuster.pl
  • sql.php: Execute sql queries passed via GET/POST
  • util.py: Collection of some small functions
  • fileserver.py: Create a temporary http server serving in-memory files

Windows