.. | ||
Contoso-AD-Structure | ||
bluetoothObexSpam.py | ||
correlateCrackedHashes.py | ||
encrypt.rb | ||
forticlientsslvpn-expect.sh | ||
playRTPStream.sh | ||
README.md | ||
vm-manager.sh | ||
xor-key-recovery.py |
Other Penetration-Testing related scripts and tools
-
bluetoothObexSpam.py
- Script intended to flood bluetooth enabled devices with incoming OBEX Object Push requests containing attacker-specified file. (gist) -
Contoso-AD-Structure
- Simple script intended to create a sample AD structure filled out with users and groups. -
correlateCrackedHashes.py
- Hashcat results correlation utility. Takes two files on input. Tries to find every line of the second file within the first file and for every found match - extracts password value from the second file's line. Then prints these correlations. In other words - having the following in FileA:some-user@example.com,68eacb97d86f0c4621fa2b0e17cabd8c
and a line in FileB that would be a result of running hashcat:
68eacb97d86f0c4621fa2b0e17cabd8c:Test123
the script will print out:
some-user@example.com,68eacb97d86f0c4621fa2b0e17cabd8c,Test123
-
encrypt.rb
- Simple File Encryption utility (with support for Blowfish, GOST, IDEA, AES) capable of encrypting directories. (gist) -
forticlientsslvpn-expect.sh
- Forticlient SSL VPN Client launching script utilizing expect. Useful while working for clients exposing their local networks through a Fortinet SSL VPN. gist -
playRTPStream.sh
- Using rtpdump to play RTP streams from PCAP files with VLC. This script was useful to extract RTP Streams from sniffed VoIP communication and then with a help of VLC to dump those streams into valid .wav files. (https://github.com/hdiniz/rtpdump). gist -
vm-manager.sh
- A bash script offering several aliases/functions for quick management of a single Virtualbox VM machine. Handy to use it for example to manage a Kali box. By issuingstartkali
the VM will raise,sshkali
- offers instant SSH into your VM,getkali
- returns VM's IP address,iskali
- checks whether VM is running,stopkali
goes without explanation. gist
user@my-box $ startkali
[>] Launching kali in headless
[>] Awaiting for machine to get up...
Waiting for VM "kali" to power on...
VM "kali" has been successfully started.
1. Attempting to connect with kali...
[.] Testing: 192.168.56.1
[.] Testing: 192.168.56.101
[+] Found VM by ssh probing: 192.168.56.101
[+] Running VM init commands...
[?] Timed out while trying to run VM_INIT_COMMANDS.
Continuing anyway...
[.] Testing: 192.168.56.1
[.] Testing: 192.168.56.102
[+] Found VM by ssh probing: 192.168.56.102
[+] Running VM init commands...
[+] Updated /etc/hosts file with '192.168.56.102 kali' entry.
[+] Succeeded. kali found in network.
user@my-box $ sshkali
Linux Kali 5.3.0-kali2-amd64 #1 SMP Debian 5.3.9-1kali1 (2019-11-11) x86_64
Last login: Fri Dec 6 07:40:19 2019 from 192.168.56.1
root@Kali:~ # hostname
Kali
xor-key-recovery.py
- Simple XOR brute-force Key recovery script - given a cipher text, plain text and key length - it searches for proper key that could decrypt cipher into text. (gist)