Tools and Scripts used for Pentesting like HackTheBox, tryhackme, and more (only white-hat stuff ofc :p)

Roman Hergenreder f11f99fdf4 update 1 week ago
win f11f99fdf4 update 1 week ago
.gitignore dc4babba88 pingscan 3 years ago
LinEnum.sh eadff755a0 Project Update 2 years ago
PetitPotam.py 5006819532 update 1 month ago
README.md 546d6c8447 Added reflected SQLi 1 month ago
__init__.py 254826351a pcap file extract fix 3 months ago
cdk64 afb27bd33d update + fix 5 months ago
chisel b1380967a4 Update Dependencies + paramiko port forwarding + some bug fixes 6 months ago
chisel64 b1380967a4 Update Dependencies + paramiko port forwarding + some bug fixes 6 months ago
crack_hash.py 48727a7aa6 windows binaries + Name The Hash 2 years ago
crawl_urls.py da8dee2143 Update 1 year ago
deepce.sh 0fac5c75b0 update 1 month ago
dnsserver.py 21b2396076 Update 2 years ago
fileserver.py ad8225e918 xss handler, argparse 1 month ago
find_git_commit.py f640b45acf chmod +x 2 years ago
first_scan.sh 59a10ddead wfuzz -> ffuf 3 years ago
git-dumper.py 21b2396076 Update 2 years ago
gobuster.sh 309b27e330 util: stack 4 months ago
jsp-webshell.jsp 6172f68da8 update 3 years ago
linpeas.sh f11f99fdf4 update 1 week ago
linux-exploit-suggester.sh f11f99fdf4 update 1 week ago
lse.sh 0fac5c75b0 update 1 month ago
ncat 3ea1cba7ca Added ncat + background shell listener 2 years ago
p0wny-shell.php b1380967a4 Update Dependencies + paramiko port forwarding + some bug fixes 6 months ago
padBuster.pl 2048702cf7 Padbuster https proxy, util regex assertions, sql.php cli mode 5 months ago
pcap_file_extract.py 254826351a pcap file extract fix 3 months ago
php-reverse-shell.php 17455af5f2 update 4 months ago
phpinfo-analyzer.py f640b45acf chmod +x 2 years ago
pingscan.py da8dee2143 Update 1 year ago
portscan.py ec70ac9c60 Ping/Portscan update, git-dumper fix, genRevShell trigger shell 2 years ago
pspy b1380967a4 Update Dependencies + paramiko port forwarding + some bug fixes 6 months ago
pspy64 b1380967a4 Update Dependencies + paramiko port forwarding + some bug fixes 6 months ago
requirements.txt 35de6ca59b project update 1 year ago
rev_shell.py ad8225e918 xss handler, argparse 1 month ago
smtpserver.py b3cd20ca8b ssh and smtp server 6 months ago
socat 5006819532 update 1 month ago
socat64 5006819532 update 1 month ago
sql.php c50aa4cd42 sql.php: PDO support 4 months ago
sqli.py 680b029677 sqli one bugfix 1 month ago
ssh-check-username.py 67045c6ba0 README 3 months ago
sshserver.py b4a96e1398 new functions 5 months ago
subdomainFuzz.sh f7f9ad1628 bugfix, sni fuzzing preparation 5 months ago
template.py 546d6c8447 Added reflected SQLi 1 month ago
unix-privesc-check.sh eadff755a0 Project Update 2 years ago
update.sh 5006819532 update 1 month ago
upload_file.py 1cded84850 Potatoes Potatoes 5 months ago
uptux.py b1380967a4 Update Dependencies + paramiko port forwarding + some bug fixes 6 months ago
util.py 0fac5c75b0 update 1 month ago
web_service_finder.py 80abe85b85 Project Update 1 year ago
xp_cmdshell.py afb27bd33d update + fix 5 months ago
xss_handler.py ad8225e918 xss handler, argparse 1 month ago

README.md

HackingScripts

This repository contains self-made and common scripts for information gathering, enumeration and more.

What is this?

I use this repository mostly for automated exploit chains. HackTheBox machines often involve steps like spawning a http server, serving a file, extracting content, steal data through custom DNS/FTP/SSH servers, spawning a reverse shell etc. Using this library I implement a script-to-root mechanism to chain all these steps together. Since the repository also includes lots of common payloads and binaries, I didn't want to put it on PyPI. If you got any recommendations for me, feel free to contact me!

Installation

PYTHON_DIR=$(python -c "import sys;print(sys.path[-1])")

# clone directly into python site-packages
git clone https://git.romanh.de/Roman/HackingScripts.git $PYTHON_DIR/hackingscripts
# or use a symlink
git clone https://git.romanh.de/Roman/HackingScripts.git
sudo ln -s $(pwd)/HackingScripts $PYTHON_DIR/hackingscripts

# Install requirements
pip3 install -r $PYTHON_DIR/hackingscripts/requirements.txt

Enumeration: Initial Scans

  • first_scan.sh: Performs initial nmap scan
  • gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
  • subdomainFuzz.sh: Fuzzes subdomains for a given domain
  • ssh-check-username.py: Check if user enumeration works for ssh
  • git-dumper.py

Enumeration: Privilege Escalation & Pivoting

  • LinEnum.sh
  • linpeas.sh
  • lse.sh
  • unix-privesc-check.sh
  • uptux.py
  • pspy64
  • portscan.py: small python script, which scans open TCP ports natively with multithread support. Can be deployed on victim machines to scan the intranet.
  • pingscan.py: small python script, which can detect internal hosts via ping probes natively. Can be deployed on victim machines to scan the intranet.
  • deepce.sh: Docker Privilege Escalation (e.g. exposed socket)
  • socat

Reverse Shell: Payloads

Miscellaneous

  • upload_file.py: Starts a local tcp server, for netcat usage
  • xss_handler.py: Starts a local http server and generates xss payload to steal cookies
  • padBuster.pl
  • sql.php: Execute sql queries passed via GET/POST
  • util.py: Collection of some small functions
  • fileserver.py: Create a temporary http server serving in-memory files
  • dnsserver.py: Create a temporary dns server responding dynamically to basic DNS requests (in-memory)
  • sshserver.py: Create a temporary ssh server to intercept credentials (TODO: relay) (in-memory)
  • smtpserver.py: Create a temporary smtp server (in-memory)
  • template.py: Creates a template for web exploits, similar to pwnlib's template
  • pcap_file_extract.py: Lists and extracts files from http connections found in pcap files
  • find_git_commit.py: Compares a local repository (e.g. downloaded from a remote server) with another git repository to guess the commit hash. Useful to find used versions
  • TODO: smb
  • sqli.py: An sqlmap-like abstract class for automizing SQL-Injections (WIP)

Windows

Example API-Usage

TODO: Add some example code or bash commands on how to use the custom libraries, e.g. fileserver, xss_handler, etc.