HackingScripts

This repository contains self-made and common scripts for information gathering, enumeration and more.

Enumeration: Initial Scans

• first_scan.sh: Performs initial nmap scan
• gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
• ssh-check-username.py: Check if user enumeration works for ssh
• git-dumper.py
• subdomainFuzz.sh: Fuzzes subdomains for a given domain

Enumeration: Privilege Escalation & Pivoting

• LinEnum.sh
• linpeas.sh
• lse.sh
• unix-privesc-check.sh
• uptux.py
• pspy64
• portscan.py: small python script, which scans open TCP ports natively with multithread support. Can be deployed on victim machines to scan the intranet.
• pingscan.py: small python script, which can detect internal hosts via ping probes natively. Can be deployed on victim machines to scan the intranet.
• deepce.sh: Docker Privilege Escalation (e.g. exposed socket)

Reverse Shell: Payloads

• genRevShell.py: Generates a reverse shell command (e.g. netcat, python, ...)
• php-reverse-shell.php
• p0wny-shell.php
• aspx-reverse-shell.aspx
• jsp-webshell.jsp: webshell for Java servlets

Miscellaneous

• upload_file.py: Starts a local tcp server, for netcat usage
• xss_handler.py: Starts a local http server and generates xss payload to steal cookies
• padBuster.pl
• sql.php: Execute sql queries passed via GET/POST
• util.py: Collection of some small functions
• fileserver.py: Create a temporary http server serving in-memory files
• dnsserver.py: Create a temporary dns server responding dynamically to basic DNS requests (in-memory)

Windows

• nc.exe/nc64.exe: netcat standalone binary
• mimikatz.exe
• plink.exe: command line PuTTY client for port forwarding
• powercat.ps1
• winPEAS.bat
• PowerView.ps1
• SharpHound.exe: BloodHound Ingestor
• windows-exploit-suggester.py
• aspx-reverse-shell.aspx
• xp_cmdshell.py (thanks to @alwayslucky)