Repository: Wh1t3Rh1n0/pentest-scripts
Branch: master
Commit: dc36dcf47161
Files: 23
Total size: 43.1 KB
Directory structure:
gitextract_dv4qtq30/
├── Kali_Linux_Extra_Tools2.sh
├── README.md
├── dim
├── enable-forwarding
├── extract-hashes-responder
├── gnmap2ip
├── grep-cidr
├── grip
├── heartbleed
├── heartbleed-parser
├── ip2dec.py
├── iplist-detect_http.sh
├── iplist2dirs
├── live-usb-tweaks.sh
├── merge-hashcat.py
├── ms15-034_check.py
├── mv-screenshots
├── ncsv2ip
├── setup-x-limited.sh
├── strip-colors
├── update-firefox.sh
├── usb-armory
└── word-mutator
================================================
FILE CONTENTS
================================================
================================================
FILE: Kali_Linux_Extra_Tools2.sh
================================================
#!/bin/bash
##
## Kali Linux: Extra tools and customizations script
## =================================================
## Created by Wh1t3Rh1n0
##
## This script adds a bunch of my favorite tools to Kali Linux.
##
## Usage:
## Install all tools: ./Kali_Linux_Extra_Tools2.sh install
## Non-GUI tools only: ./Kali_Linux_Extra_Tools2.sh install nogui
##
# Major changes
# * 2015-09-09: In the process of being updated for Kali 2 Light Edition.
# * 2015-11-25: More modifications. Still Kali 2 Light Edition centric.
# * 2015-12-08: Separated GUI and non-GUI tools into two sections.
# * 2016-07-14: Disabled automatic install of smbexec
# * 2016-09-17: Major changes all over
# * 2017-09-18: Added Empire, CME, Hashcat Legacy
# * 2017-10-06: Light review to make sure this script still mostly works
# * 2018-03-20: Added sublist3r
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
if [ "$1" != "install" ]; then exit ; fi
# ====== Install Updates =====================================================
apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade
# ====== Personal Preferences =================================================
echo -e "\nPATH=\$PATH:/opt/pentest-scripts" >> /root/.bashrc
cat <<EOF > /root/.screenrc
caption always
caption string "%{kw}%-w%{wr}%n %t%{-}%+w"
startup_message off
EOF
cat <<EOF >> /root/.bashrc
alias nano='nano -\\\$iET 4'
EOF
ln -sn /usr/share/metasploit-framework/tools/pattern_create.rb /usr/bin/pattern_create
ln -sn /usr/share/metasploit-framework/tools/pattern_offset.rb /usr/bin/pattern_offset
# Log when this script was run and with what arguments to a file
echo "$(date)> $0 $*" >> /var/log/extra-tools.log
# ====== Install GUI Tools ===================================================
if [ "$2" != "nogui" ]; then
# GUI Tools installed with apt-get
# --------------------------------
# Additions for Kali Linux 2 Light
export DEBIAN_FRONTEND=noninteractive
apt-get install -y -q kali-linux-all
# Tools based on personal preference
apt-get install -y mousepad icedove
apt-get install -y vinagre
# Other stuff that comes in handy
apt-get install -y xfce4-screenshooter
#apt-get install -y flashplugin-nonfree icedtea-plugin
apt-get install -y gimp
apt-get install -y libreoffice-gnome libreoffice-writer libreoffice-calc
# Fix so chromium will run as root
apt-get install -y chromium
#sed -Ei "s#CHROMIUM_FLAGS=.+#CHROMIUM_FLAGS=\"--password-store=detect --user-data-dir\"#" /etc/chromium/default
# Firefox/Iceweasel Add-ons
# -------------------------
mkdir -p /opt/firefox-addons
cd /opt/firefox-addons
#Controle de Scripts
curl -L "https://addons.mozilla.org/firefox/downloads/latest/1154/addon-1154-latest.xpi" -o controle-de-scripts.xpi
#https://addons.mozilla.org/en-US/firefox/addon/open-multiple-locations/
curl -L "https://addons.mozilla.org/firefox/downloads/latest/216803/addon-216803-latest.xpi" -o open-multiple-locations.xpi
#https://addons.mozilla.org/en-US/firefox/addon/restclient/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/9780/addon-9780-latest.xpi" -o restclient.xpi
#https://addons.mozilla.org/en-US/firefox/addon/refcontrol/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/953/addon-953-latest.xpi" -o refcontrol.xpi
#https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/?src=ss
curl -L "https://addons.mozilla.org/firefox/downloads/file/308568/foxyproxy_standard-4.5.4-sm+tb+fx.xpi" -o foxyproxy.xpi
#https://addons.mozilla.org/en-US/firefox/addon/firebug/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/1843/addon-1843-latest.xpi" -o firebug.xpi
#https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/?src=ss
curl -L "https://addons.mozilla.org/firefox/downloads/latest/92079/addon-92079-latest.xpi" -o cookies-manager-plus.xpi
#https://addons.mozilla.org/en-US/firefox/addon/unhide-passwords/
curl -L "https://addons.mozilla.org/firefox/downloads/latest/462/addon-462-latest.xpi" -o unhide-passwords.xpi
#https://addons.mozilla.org/en-US/firefox/addon/hackbar/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/3899/addon-3899-latest.xpi" -o hackbar.xpi
#https://addons.mozilla.org/en-US/firefox/addon/tamper-data/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/latest/966/addon-966-latest.xpi" -o tamper-data.xpi
#https://addons.mozilla.org/en-US/firefox/addon/quickjava/?src=search
curl -L "https://addons.mozilla.org/firefox/downloads/file/82987/quickjava-1.7.2-fx.xpi" -o quickjava.xpi
#https://addons.mozilla.org/en-US/firefox/addon/parent-folder/
curl -L "https://addons.mozilla.org/firefox/downloads/latest/1800/addon-1800-latest.xpi" -o parent-folder.xpi
#https://addons.mozilla.org/en-US/firefox/addon/user-agent-quick-switch
curl -L "https://addons.mozilla.org/firefox/downloads/latest/355807/addon-355807-latest.xpi" -o user-agent-quick-switch.xpi
# [Removed 2017-10]
# Sublime text editor
#cd /opt
#if [ "$(arch)" == "x86_64" ] ; then
# wget "http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2%20x64.tar.bz2" -O sublime.tar.bz2
#else
# wget "http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2.tar.bz2" -O sublime.tar.bz2
#fi
#tar -xjvf sublime.tar.bz2
#rm -fv sublime.tar.bz2
#ln -sn "/opt/Sublime Text 2/sublime_text" /usr/bin/sublime
# Old Firefox for accessing pages with weak SSL ciphers
mkdir -p /opt/firefox-old
cd /opt/firefox-old/
wget 'https://download-installer.cdn.mozilla.net/pub/firefox/releases/30.0/linux-x86_64/en-US/firefox-30.0.tar.bz2'
tar -xjvf firefox-30.0.tar.bz2
mv firefox firefox-30.0
# Removed 2017-10 -- Kali has switched to Firefox ESR now
# Firefox (not Iceweasel)
#/opt/pentest-scripts/update-firefox.sh
fi
# ====== Install Non-GUI Tools ===============================================
# Setup metasploit database
apt-get install -y metasploit-framework
systemctl enable postgresql
service postgresql start
msfdb init
# Fix sendemail
# -------------
# Replaces: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i
# With: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))}i
sed -Ei 's#m\{\^\(\!\?\)\(\?:\(SSL\(\?:v2\|v3\|v23\|v2/3\)\)\|\(TLSv1\[12\]\?\)\)\$\}i#m\{\^\(\!\?\)\(\?:\(SSL\(\?:v2\|v3\|v23\|v2/3\)\)\|\(TLSv1\[12\]\?\)\)\}i#g' /usr/share/perl5/IO/Socket/SSL.pm
# Non-GUI Tools installed with apt-get
# ------------------------------------
apt-get install -y cifs-utils sshfs exif exiv2 exfat-fuse exfat-utils nfs-common
apt-get install -y metagoofil ufw
apt-get install -y vncsnapshot
apt-get install -y xdotool
apt-get install -y dnsutils passing-the-hash creddump
apt-get install -y bettercap
apt-get install -y ncftp
# Install tools for creating a wireless access point
apt-get install -y dnsmasq hostapd-wpe
systemctl disable dnsmasq
systemctl disable hostapd-wpe
# Default passwords list:
mkdir -p /usr/share/wordlists
cd /usr/share/wordlists
wget "http://www.phenoelit.org/dpl/dpl.html" -O /usr/share/wordlists/dpl.html
# Scripted, non-apt-get installs
# ------------------------------
# --- Coalfire --- #
# Coalfire private exploits (requires authenticating to github)
cd /opt
git clone https://github.com/coalfire/pentest-exploits.git
# --- X-Windows tools --- #
# xwatchwin
cd /opt
wget "http://www.ibiblio.org/pub/X11/contrib/utilities/xwatchwin.tar.gz"
tar -xzvf xwatchwin.tar.gz
rm xwatchwin.tar.gz
cd xwatchwin
apt-get -y install xutils-dev
xmkmf
make
# xwd
cd /opt
wget "http://xorg.freedesktop.org/archive/individual/app/xwd-1.0.5.tar.bz2"
tar -xjvf xwd-1.0.5.tar.bz2
rm xwd-1.0.5.tar.bz2
cd xwd-1.0.5
apt-get install -y libx11-dev libxt-dev pkgconf
./configure ; make ; make install
# --- Windows exploitation --- #
# Responder
cd /opt
git clone https://github.com/lgandx/Responder
# ntlmrelayx
mkdir -p /opt/ntlmrelayx
cd /opt/ntlmrelayx
apt-get install -y libssl-dev libffi-dev python-dev
pip install pyopenssl
pip install ldap3
pip install ldap3 --upgrade
git clone https://github.com/lgandx/Responder
git clone 'https://github.com/CoreSecurity/impacket'
cd impacket
python setup.py install
cd ../Responder
sed -Ei 's/HTTP = On/HTTP = Off/g' Responder.conf
sed -Ei 's/HTTPS = On/HTTPS = Off/g' Responder.conf
sed -Ei 's/SMB = On/SMB = Off/g' Responder.conf
# --- Linux kernel exploits --- #
# Linux Kernel Exploit Suggester
cd /opt
git clone https://github.com/PenturaLabs/Linux_Exploit_Suggester
# getroot.tgz from iKat
cd /opt
mkdir ikat
cd ikat
wget 'http://ikat.ha.cked.net/Linux/files/getroot.tgz'
# --- Password cracking --- #
# John The Ripper Jumbo with Tools
cd /opt
git clone https://github.com/magnumripper/JohnTheRipper
# Hashcat Legacy
cd /opt/
wget "https://hashcat.net/files_legacy/hashcat-2.00.7z" && 7z x hashcat-2.00.7z && rm hashcat-2.00.7z
mv /usr/bin/hashcat /usr/bin/hashcat3
ln -sn /opt/hashcat-2.00/hashcat-cli32.bin /usr/bin/hashcat
# PACK - Password Analysis and Cracking Kit
cd /opt
git clone https://github.com/tomato42/pack
ln -sn /opt/pack/rulegen.py /usr/bin/pack-rulegen
ln -sn /opt/pack/statsgen.py /usr/bin/pack-statsgen
ln -sn /opt/pack/policygen.py /usr/bin/pack-policygen
ln -sn /opt/pack/maskgen.py /usr/bin/pack-maskgen
# --- Password recovery --- #
# LaZagne - Password recovery for Windows and Linux
cd /opt
git clone https://github.com/AlessandroZ/LaZagne
LAZAGNE_CURRENT=$(curl -Is 'https://github.com/AlessandroZ/LaZagne/releases/latest' | grep -E '^Location:' | awk -F '/tag/' '{print $2}' | tr -d '\r' | tr -d '\n')
wget "https://github.com/AlessandroZ/LaZagne/releases/download/$LAZAGNE_CURRENT/Windows.zip"
# VNCpwd - VNC Password Decrypter
mkdir /opt/vncpwd
cd /opt/vncpwd
wget "http://aluigi.altervista.org/pwdrec/vncpwd.zip"
unzip vncpwd.zip
# PCredz - credentials/hash/credit card number sniffer
apt-get -y remove python-pypcap && apt-get -y install python-libpcap
cd /opt
git clone https://github.com/lgandx/PCredz
# --- Misc --- #
# clusterd.py
cd /opt
git clone https://github.com/hatRiot/clusterd.git
# Java Deserialization Exploits
cd /opt
git clone https://github.com/coalfire/java_deserialization_exploits
# CrackMapExec
cd /opt
git clone https://github.com/byt3bl33d3r/CrackMapExec
cd CrackMapExec && git submodule init && git submodule update --recursive
python setup.py install
# PowerShell Empire
cd /opt/
git clone 'https://github.com/EmpireProject/Empire'
cd Empire
./setup/install.sh
# Various extra Windows binaries
mkdir /opt/windows-extras
cd /opt/windows-extras
wget http://www.tightvnc.com/download/1.3.10/tightvnc-1.3.10_x86.zip
wget https://download.sysinternals.com/files/PSTools.zip
wget https://download.sysinternals.com/files/AccessChk.zip
wget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip
wget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip.gpg
wget https://download.sysinternals.com/files/Procdump.zip
# merger.py -> nessus-merger.py
wget "https://gist.githubusercontent.com/mastahyeti/2720173/raw" -O /tmp/merger.py
echo \#\!/usr/bin/env python > /usr/bin/nessus-merger.py
cat /tmp/merger.py >> /usr/bin/nessus-merger.py
chmod 755 /usr/bin/nessus-merger.py
rm /tmp/merger.py
# progress
cd /opt
git clone https://github.com/Xfennec/progress
cd progress/
apt-get -y install libncurses5-dev
make
make install
# Sublist3r
cd /opt
git clone https://github.com/aboul3la/Sublist3r
apt-get update
apt-get install -y python-requests python-dnspython python-argparse
# MS15-034 Check
mkdir /opt/ms15-034
cd /opt/ms15-034
ln -sn /usr/share/exploitdb/platforms/windows/dos/36773.c ms15-034.c
gcc ms15-034.c -o ms15-034
# MS14-066 Check
mkdir /opt/ms14-066
cd /opt/ms14-066
curl -L "https://raw.githubusercontent.com/anexia-it/winshock-test/master/winshock_test.sh" -o "winshock_test.sh"
cat winshock_test.sh | sed -E 's/REMOTE_VERSION=.+/REMOTE_VERSION=\$VERSION/g' | sed 's#cat <<IMP#cat <<WARN > /dev/null#g' | sed -E 's/read -p.+/REPLY=y/g' | sed 's#cat <<EOF#cat <<EOF > /dev/null#g' > winshock_test2.sh
# Removed 2017-10
# masscan - Mass IP port scanner
#cd /opt
#git clone https://github.com/robertdavidgraham/masscan
#cd masscan/
#apt-get -y install libpcap0.8-dev
#make -j
# TCP Ping
cd /usr/bin
wget "http://www.vdberg.org/~richard/tcpping"
chmod 755 tcpping
ln -sn /usr/bin/tcpping /usr/bin/tcping
# F5 BIG-IP Cookie decoder
mkdir /opt/BIG-IP
cd /opt/BIG-IP
wget http://www.taddong.com/tools/BIG-IP_cookie_decoder.zip
unzip BIG-IP_cookie_decoder.zip
echo -e "#\!/bin/bash\npython /opt/BIG-IP/BIG-IP_cookie_decoder.py \$(curl -i -k \$1 2>/dev/null | grep -i \"Set-Cookie: BIGip\" | cut -d ' ' -f 2 | tr -d ';' | cut -d '=' -f 2)" > /opt/BIG-IP/big-ip-url.sh
# Removed 2017-10
# smbexec - Download only. Install is manual.
#cd /opt
#git clone https://github.com/pentestgeek/smbexec
# Removed 2017-10
# Metasploit-Plugins from darkoperator - includes the pentest plugin
#cd /opt
#git clone https://github.com/darkoperator/Metasploit-Plugins
#ln -sn /opt/Metasploit-Plugins/*.rb /usr/share/metasploit-framework/plugins/
# Eyewitness
cd /opt
git clone 'https://github.com/ChrisTruncer/EyeWitness'
cd Eyewitness/setup
./setup.sh
# Sticky-Keys-Slayer
cd /opt/
apt-get -y install imagemagick xdotool parallel bc
git clone https://github.com/linuz/Sticky-Keys-Slayer
# ====== Clean up =============================================================
apt-get --purge -y autoremove
apt-get clean
# ====== Old stuff I've disabled but am keeping around for reference ==========
# # Setup limited user for running Firefox
# cd /opt/pentest-scripts
# script_name=firefox-nonroot iw_user=firefox-user program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" icon="/opt/firefox/browser/icons/mozicon128.png" catagories="Network;" ./setup-x-limited.sh
# # Setup limited user for running Chromium
# cd /opt/pentest-scripts
# script_name=chromium-nonroot iw_user=chromium-user program_description="Chromium (Non-Root)" command_line="/usr/bin/chromium" icon="chromium" catagories="Network;" ./setup-x-limited.sh
# # Setup limited user for running Hexchat
# cd /opt/pentest-scripts
# script_name=hexchat-nonroot iw_user=hexchat-user program_description="Hexchat (Non-Root)" command_line=/usr/bin/hexchat icon="hexchat" catagories="Network;" ./setup-x-limited.sh
================================================
FILE: README.md
================================================
Pentest Scripts
===============
Just a bunch of simple, miscellaneous scripts I've created while pentesting.
The rest of this readme was automatically generated with the following command:
for f in * ; do echo -en "## $f\n" ; echo -e "\n$(./$f --help | tail -n +2 | sed -E 's/^/ /g')" ; done >> README.md
## dim
dim - Dim the screen
--------------------
Usage: dim <= Dim the screen to the lowest setting.
dim <integer> <= Dim to a custom level.
## enable-forwarding
enable-forwarding
-----------------
A simple script to forward all incoming traffic out
whatever interface is currently connected to the Internet.
Usage: enable-forwarding [Internet-connected interface]
## extract-hashes-responder
extract-hashes-responder
------------------------
Extracts one hash per user from a Responder-Session.log file for easy
cracking with hashcat.
Usage: ./extract-hashes-responder </opt/Responder/Responder-Session.log> [Result number]
## gnmap2ip
gnmap2ip
--------
Converts a .gnmap file to an list of colon separated IP and TCP port numbers.
Usage: gnmap2ip [GNMAP FILE]
## grep-cidr
grep-cidr
---------
Searches a target file for any IP addresses in the given range. Any range
format that is Nmap compatible *should work*, not just CIDR.
Usage: grep-cidr <IP Range> <Target File> [Additional grep options]
## grip
grip
----
greps a file for common patterns.
Should accept most standard grep flags.
Example usage - IPv4 addresses only:
grep for IPv4 addresses only: grip <filename>
include CIDR notation: grip --cidr <filename>
grep for IP:Port: grip --port <filename>
Example usage - IPv6 addresses only:
grep for IPv6 addresses only: grip --6 <filename>
include CIDR notation: grip --6cidr <filename>
Other supported patterns:
grep for emails: grip --email <filename>
grep for MAC addresses: grip --mac <filename>
## heartbleed
Usage: heartbleed <IP Address> <Port>
## heartbleed-parser
Usage: heartbleed-parser <input file>
## ip2dec.py
ip2dec.py
---------
Converts an IP address to its decimal equivalent.
Usage: ip2dec.py [IP Address]
## iplist2dirs
iplist2dirs
-----------
Reads an IP:Port list and creates the following directory structure for
each IP address:
./[OUTPUT DIR]/[PORT]/[IP Address]
Usage: iplist2dirs <IP List> [Ports]
Example: iplist2dirs iplist.txt "80 443"
Use "all" in place of port numbers to create a directory for every port listed.
If ports are omitted, the default port list is used.
The defaul port list and output directory name can be changed in the settings
section of this script.
## iplist-detect_http.sh
iplist-detect_http
------------------
Retrieves HTTP headers from each server listed in a IP:Port formatted file.
Usage: iplist-detect_http <IP List File> [Maximum Connect Timeout]
## Kali_Linux_Extra_Tools2.sh
Kali Linux: Extra tools and customizations script
=================================================
Created by Wh1t3Rh1n0
This script adds a bunch of my favorite tools to Kali Linux.
Usage:
Install all tools: ./Kali_Linux_Extra_Tools2.sh install
Non-GUI tools only: ./Kali_Linux_Extra_Tools2.sh install nogui
## live-usb-tweaks.sh
live-usb-tweaks.sh
------------------
Install tweaks to increase performance when running
Kali from a LiveUSB with persistence.
Usage: ./live-usb-tweaks.sh install
## merge-hashcat.py
merge-hashcat.py
----------------
Matches passwords cracked with hashcat to their usernames.
Usage: merge-hashcat.py <user:hash file> <hash:password file>
Notes: The "hash:password" file is created by hashcat's -o option.
The "user:hash" file is easy to create using your original hashdump and
the "cut" command. An example of creating this file from hashes dumped
from a Windows domain controller follows:
cat raw_dump.txt | cut -d ':' -f 1,4 > dumped-users_hashes.txt
## ms15-034_check.py
Example: %s 'https://example.com:8443/'
## mv-screenshots
mv-screenshots
--------------
Moves screenshots from the current directory to a destination directory.
Removes colons from the filename for Windows compatibility.
Usage: mv-screenshots <DESTINATION>
## ncsv2ip
ncsv2ip
-------
Converts a Nessus exported CSV file to a colon-separated list of IPs and ports
Usage: ncsv2ip [CSV FILE]
Requires: grep, awk, sort
Limitations: Only outputs TCP ports. UDP ports are ignored.
## setup-x-limited.sh
----------------------------------
setup-x-limited.sh | by Wh1t3Rh1n0
----------------------------------
This script creates a script and a menu icon for executing a given program
as a regular, non-root user if you are logged in as root.
The following environment variables need to be set for it to run:
script_name - the filename that the created script will be saved as.
iw_user - the user that will be created for running the target program.
program_description - the name that will show on the icon.
command_line - the path of the target program to be run.
icon - the icon to display on the menu
categories - where the icon is placed within the applications menu.
Example execution:
------------------
script_name=firefox-nonroot iw_user=firefox-user \
program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" \
icon="/opt/firefox/browser/icons/mozicon128.png" categories="Network;" \
./setup-x-limited.sh
Alternatively, you can provide a known binary location to accept default
options for that program.
Usage: ./setup-x-limited.sh [full path to binary]
Currently accepted binary paths:
/opt/firefox/firefox
## strip-colors
strip-colors
------------
Removes colors from output for easy grepping.
Usage: cat <some file> | strip-colors
## update-firefox.sh
Firefox Updater/Installer
-------------------------
Just a simple script to update or install Firefox on Kali Linux.
Installs to /opt/firefox
Run with no options to install or update.
## usb-armory
usb-armory
----------
A simple script to setup a connection to a USB armory with Kali installed.
Usage: usb-armory [Internet-connected interface]
## word-mutator
word-mutator 9000
-----------------
Generates a wordlist by running all of hashcat's built-in rules on a
single word (such as a company name) or small list of words.
Primarily intended for targeted, offline password cracking attacks.
Usage: bash ./word-mutator [optional output file] [optional input wordlist]
Because I'm being lazy, you must specify an output file name in order
to specify an input file. :P
*This script has only been tested with the legacy hashcat 2.00 binaries.*
================================================
FILE: dim
================================================
#!/bin/bash
##
## dim - Dim the screen
## --------------------
## Usage: dim <= Dim the screen to the lowest setting.
## dim <integer> <= Dim to a custom level.
##
if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
if [ "$1" == "" ] ; then
pkexec /usr/sbin/xfpm-power-backlight-helper --set-brightness 01
exit
fi
pkexec /usr/sbin/xfpm-power-backlight-helper --set-brightness $1
================================================
FILE: enable-forwarding
================================================
#!/bin/bash
##
## enable-forwarding
## -----------------
## A simple script to forward all incoming traffic out
## whatever interface is currently connected to the Internet.
##
## Usage: enable-forwarding [Internet-connected interface]
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
INTERFACE=$1
echo 1 > /proc/sys/net/ipv4/ip_forward
ufw disable
/sbin/iptables -t nat -F
/sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
================================================
FILE: extract-hashes-responder
================================================
#!/bin/bash
##
## extract-hashes-responder
## ------------------------
## Extracts one hash per user from a Responder-Session.log file for easy
## cracking with hashcat.
##
## Usage: ./extract-hashes-responder </opt/Responder/Responder-Session.log> [Result number]
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
if [ "$2" == "" ] ; then
RESULTS=1
else
RESULTS=$2
fi
for user in $(grep -ioE "complete[^:]+:[^:]+:" "$1" | sort -u | grep -ioE ":[^:]+:") ; do
grep -m $RESULTS "$user" "$1" | grep -ioE "[^:]+::.+$" | tail -n 1
done
================================================
FILE: gnmap2ip
================================================
#!/usr/bin/env python
import sys
if len(sys.argv) == 1 or "-h" in sys.argv or "--help" in sys.argv:
print """
gnmap2ip
--------
Converts a .gnmap file to an list of colon separated IP and TCP port numbers.
Usage: gnmap2ip [GNMAP FILE]
"""
sys.exit()
gnmap_file = sys.argv[1]
f = open(gnmap_file, 'r')
lines = [l.rstrip() for l in f.readlines()]
f.close()
for line in lines:
if line.find("open") != -1:
ip_address = line.split(' ')[1]
port_data = line.split(':')[2].split('\t')[0].split(' ')
for entry in port_data:
if entry.find("open") != -1 and entry.find("tcp") != -1:
port = entry.strip().split('/')[0]
print "%s:%s" % (ip_address, port)
================================================
FILE: grep-cidr
================================================
#!/bin/bash
##
## grep-cidr
## ---------
## Searches a target file for any IP addresses in the given range. Any range
## format that is Nmap compatible *should work*, not just CIDR.
##
## Usage: grep-cidr <IP Range> <Target File> [Additional grep options]
##
if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
IP_RANGE=$1
TARGET_FILE=$2
GREP_OPTIONS=$3 $4 $5 $6 $7 $8 $9
TEMP_FILE=/tmp/grep-cidr.temp-$RANDOM
# Use Nmap to generate a list of IPs in the given range and save them in a temporary file
nmap -Pn -n -sL -oG - $IP_RANGE | grep Host: | cut -d ' ' -f 2 > $TEMP_FILE
# Grep the target file for IPs in the specified range
grep -F -f "$TEMP_FILE" "$TARGET_FILE"
# Delete the temp file
rm -f $TEMP_FILE
================================================
FILE: grip
================================================
#!/bin/bash
##
## grip
## ----
## greps a file for common patterns.
##
## Should accept most standard grep flags.
##
## Example usage - IPv4 addresses only:
## grep for IPv4 addresses only: grip <filename>
## include CIDR notation: grip --cidr <filename>
## grep for IP:Port: grip --port <filename>
##
## Example usage - IPv6 addresses only:
## grep for IPv6 addresses only: grip --6 <filename>
## include CIDR notation: grip --6cidr <filename>
##
## Other supported patterns:
## grep for emails: grip --email <filename>
## grep for MAC addresses: grip --mac <filename>
##
if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
if [ "$1" == "--port" ] ; then
grep -iEo "(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(:[0-9]+)?" $(echo $* | sed 's/--port//g')
exit
fi
if [ "$1" == "--email" ] ; then
grep -Eoa '[A-Za-z0-9\._+-]+@[A-Za-z0-9\._-]+' $(echo $* | sed 's/--email//g')
exit
fi
if [ "$1" == "--cidr" ] ; then
grep -iEoa "(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(/[0-9]+)?" $(echo $* | sed 's/--cidr//g')
exit
fi
if [ "$1" == "--mac" ] ; then
grep -iEao '([abcdef0-9]{2}[:-]){5}[abcdef0-9]{2}' $(echo $* | sed 's/--mac//g')
exit
fi
# The second grep command in each IPv6 example is there to prevent MAC addresses from being detected as IPv6 addresses
if [ "$1" == "--6" ] ; then
grep -iEao '[0-9a-f]{0,4}:([0-9a-f]*:){1,6}[0-9a-z]{0,4}' $(echo $* | sed 's/--6//g') | grep -Eia '::|:.*:.*:.*:.*:.*:.*:.*'
exit
fi
if [ "$1" == "--6cidr" ] ; then
grep -iEao '[0-9a-f]{0,4}:([0-9a-f]*:){1,6}[0-9a-z]{0,4}(/[0-9]+)?' $(echo $* | sed 's/--6cidr//g') | grep -Eia '::|:.*:.*:.*:.*:.*:.*:.*'
exit
fi
# Default behavior - grep for IPv4 IP addresses only
grep -iEao "(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])" $*
================================================
FILE: heartbleed
================================================
#!/bin/bash
##
## Usage: heartbleed <IP Address> <Port>
##
if [ "$2" == "" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
/usr/bin/python /usr/share/exploitdb/platforms/multiple/remote/32764.py $1 -p $2
================================================
FILE: heartbleed-parser
================================================
#!/bin/bash
##
## Usage: heartbleed-parser <input file>
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
cat "$1" | cut -d ' ' -f 21- |grep -vE '^$' | tr -d '\n'
================================================
FILE: ip2dec.py
================================================
#!/usr/bin/env python
import sys
usage = """
ip2dec.py
---------
Converts an IP address to its decimal equivalent.
Usage: ip2dec.py [IP Address]
"""
if len(sys.argv) <= 1 or "-h" in sys.argv or "--help" in sys.argv:
print usage
exit()
ip = sys.argv[1].split('.')
d = int(ip[0]) * 256 ** 3
d += int(ip[1]) * 256 ** 2
d += int(ip[2]) * 256
d += int(ip[3])
print d
================================================
FILE: iplist-detect_http.sh
================================================
#!/bin/bash
##
## iplist-detect_http
## ------------------
## Retrieves HTTP headers from each server listed in a IP:Port formatted file.
##
## Usage: iplist-detect_http <IP List File> [Maximum Connect Timeout]
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
IPLIST=$1
if [ "$2" == "" ] ; then
MAX_TIMEOUT=2
else
MAX_TIMEOUT=$2
fi
for ip in $(cat "$IPLIST"); do
CURL_COMMAND="curl -s --retry 0 --retry-delay 0 --retry-max-time $MAX_TIMEOUT -I --connect-timeout $MAX_TIMEOUT -m $MAX_TIMEOUT -y $MAX_TIMEOUT -k"
RESPONSE=$($CURL_COMMAND http://$ip | head -n 3 |tr -d "\r" | tr "\n" "|")
echo "http://$ip > $RESPONSE"
RESPONSE=$($CURL_COMMAND https://$ip | head -n 3 |tr -d "\r" | tr "\n" "|")
echo "https://$ip > $RESPONSE"
done
================================================
FILE: iplist2dirs
================================================
#!/bin/bash
##
## iplist2dirs
## -----------
## Reads an IP:Port list and creates the following directory structure for
## each IP address:
##
## ./[OUTPUT DIR]/[PORT]/[IP Address]
##
## Usage: iplist2dirs <IP List> [Ports]
##
## Example: iplist2dirs iplist.txt "80 443"
##
## Use "all" in place of port numbers to create a directory for every port listed.
##
## If ports are omitted, the default port list is used.
## The defaul port list and output directory name can be changed in the settings
## section of this script.
##
# SETTINGS #
DEFAULT_PORTS="21 22 23 25 53 80 110 139 443 445 3389 5800 5900"
OUTPUT_DIR="hosts"
# END SETTINGS #
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
if [ "$2" == "" ] ; then
PORTS="$DEFAULT_PORTS"
elif [ "$2" == "all" ] ; then
PORTS="$(cat $1 | cut -d ':' -f 2 | sort -u | tr '\n' ' ')"
else
PORTS="$2"
fi
IP_LIST="$PWD/$1"
for port in $PORTS; do
mkdir -p "$OUTPUT_DIR/$port"
for ip in $(grep ":$port$" "$IP_LIST" |cut -d ':' -f 1 ) ; do
# touch "$OUTPUT_DIR/$port/$ip"
mkdir -p "$OUTPUT_DIR/$port/$ip"
done
done
================================================
FILE: live-usb-tweaks.sh
================================================
#!/bin/bash
##
## live-usb-tweaks.sh
## ------------------
## Install tweaks to increase performance when running
## Kali from a LiveUSB with persistence.
##
## Usage: ./live-usb-tweaks.sh install
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g'
exit
fi
echo "Installing LiveUSB tweaks..."
### Changes to rc.local ###
sed -i 's/exit 0//g' /etc/rc.local
cat <<EOF >> /etc/rc.local
# Limit writes to the persistent volume to every 120 seconds
mount -o remount,noatime,commit=120 /lib/live/mount/persistence/loop1
#Mount /var/cache/apt/archives onto ramdisk
#mkdir /dev/shm/apt-archives
#chmod 1777 /dev/shm/apt-archives
#mount --bind /dev/shm/apt-archives /var/cache/apt/archives
mount -t tmpfs tmpfs /var/cache/apt/archives -o rw,nosuid,nodev,uid=0,gid=0,mode=744
EOF
echo -e "\nexit 0" >> /etc/rc.local
### Disable rsyslog ###
#update-rc.d rsyslog disable
### Add these lines to /etc/sysctl.conf ###
cat <<EOF >> /etc/sysctl.conf
vm.swappiness = 0
vm.dirty_background_ratio = 20
vm.dirty_expire_centisecs = 0
vm.dirty_ratio = 80
vm.dirty_writeback_centisecs = 0
EOF
echo "Reboot for changes to take effect."
================================================
FILE: merge-hashcat.py
================================================
#!/usr/bin/env python
import sys
self_name = sys.argv[0].split('/')[-1]
usage = """
%(name)s
%(underline)s
Matches passwords cracked with hashcat to their usernames.
Usage: %(name)s <user:hash file> <hash:password file>
Notes: The "hash:password" file is created by hashcat's -o option.
The "user:hash" file is easy to create using your original hashdump and
the "cut" command. An example of creating this file from hashes dumped
from a Windows domain controller follows:
cat raw_dump.txt | cut -d ':' -f 1,4 > dumped-users_hashes.txt
""" % {'name': self_name,
'underline': ('-' * len(self_name)),
}
def file_to_dict(filename, reverse=0):
'''
Takes the filename of a colon-separated file and returns a dictionary
containing the keys and values from that file.
'''
f = open(filename, 'r')
lines = [line.rstrip() for line in f.readlines()]
f.close()
output_dict = {}
for line in lines:
if ":" in line:
key = line.split(":")[0]
value = line.split(":")[1]
output_dict[key] = value
return output_dict
def dict_to_string(d):
s = ""
for key in d.keys():
s += "%s:%s\n" % (key, d[key])
return s.rstrip()
if len(sys.argv) < 3 or "-h" in sys.argv or "--help" in sys.argv:
print usage
exit()
user_hash_filename = sys.argv[1]
hash_password_filename = sys.argv[2]
user_hash = file_to_dict(user_hash_filename)
hash_password = file_to_dict(hash_password_filename)
user_password = {}
for user in user_hash.keys():
password_hash = user_hash[user]
password = hash_password.get(password_hash)
if password != None: user_password[user]=password
print dict_to_string(user_password)
================================================
FILE: ms15-034_check.py
================================================
#!/usr/bin/env python
import sys
import requests
# Disable warnings about invalid SSL certificates
import warnings
warnings.filterwarnings("ignore")
if len(sys.argv) <= 1 or '-h' in sys.argv or '--help' in sys.argv:
print "Usage: %s <URL>"
print
print "Example: %s 'https://example.com:8443/'"
exit()
url = sys.argv[1]
headers = {'Range': 'bytes=0-18446744073709551615'}
r = requests.get(url, stream=True, verify=False, headers=headers)
if "Requested Range Not Satisfiable" in r.text:
print "[+] %s - Looks VULNERABLE!" % url
elif "The request has an invalid header name" in r.text:
print "[-] %s - Looks patched" % url
else:
print "[!] %s - Unexpected response. Cannot discern patch status" % url
================================================
FILE: mv-screenshots
================================================
#!/bin/bash
##
## mv-screenshots
## --------------
## Moves screenshots from the current directory to a destination directory.
## Removes colons from the filename for Windows compatibility.
##
## Usage: mv-screenshots <DESTINATION>
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
DEST_DIR="$1"
for f in *png ; do
# Make xfce4-screenshooter output sort chronologically
if [ "$(echo $f | grep -Ei ':[0-9]{2} (AM|PM)')" != "" ]; then
NEW_NAME=$(echo "$f" | tr ':' '-' | tr '.' ' ' | awk -F ' ' '{print $1 " " $2 " " $3 " " $4 " " $6 " " $5 "." $7}')
NEW_NAME=$(echo $NEW_NAME | sed 's/AM 12/AM 00/g' | sed 's/PM 12/PM 00/g')
mv -v "$f" "$DEST_DIR/$NEW_NAME"
else
# Generic handler for Kali default screenshot names
mv -v "$f" "$DEST_DIR/$(echo $f | tr ':' '-')"
fi
done
================================================
FILE: ncsv2ip
================================================
#!/bin/bash
##
## ncsv2ip
## -------
## Converts a Nessus exported CSV file to a colon-separated list of IPs and ports
##
## Usage: ncsv2ip [CSV FILE]
##
## Requires: grep, awk, sort
## Limitations: Only outputs TCP ports. UDP ports are ignored.
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
CSV_FILE=$1
grep -iE '^"[0-9].+,"tcp","[1-9][0-9]*",' "$CSV_FILE" | awk -F '"' '{print $10 ":" $14}' | sort -u
================================================
FILE: setup-x-limited.sh
================================================
#!/bin/bash
##
## ----------------------------------
## setup-x-limited.sh | by Wh1t3Rh1n0
## ----------------------------------
## This script creates a script and a menu icon for executing a given program
## as a regular, non-root user if you are logged in as root.
##
## The following environment variables need to be set for it to run:
##
## script_name - the filename that the created script will be saved as.
## iw_user - the user that will be created for running the target program.
## program_description - the name that will show on the icon.
## command_line - the path of the target program to be run.
## icon - the icon to display on the menu
## categories - where the icon is placed within the applications menu.
##
## Example execution:
## ------------------
## script_name=firefox-nonroot iw_user=firefox-user \
## program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" \
## icon="/opt/firefox/browser/icons/mozicon128.png" categories="Network;" \
## ./setup-x-limited.sh
##
## Alternatively, you can provide a known binary location to accept default
## options for that program.
##
## Usage: ./setup-x-limited.sh [full path to binary]
##
## Currently accepted binary paths:
## /opt/firefox/firefox
##
# Default options for Firefox installed in /opt
if [ "$1" == "/opt/firefox/firefox" ] ; then
script_name=firefox-nonroot
iw_user=firefox-user
program_description="Firefox (Non-Root)"
command_line="/opt/firefox/firefox"
icon="/opt/firefox/browser/icons/mozicon128.png"
categories="Network;"
fi
if [ "$iw_user" == "" ] || [ "command_line" == "" ] || [ "program_description" == "" ] ; then
grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g' | more
exit
fi
### SETTINGS ###
# Change the values below to set this script up for the desired program.
# script_name is the filename that the created script will be saved as.
#script_name=iceweasel-nonroot
# iw_user is the user that will be created for the purpose of running the
# target program.
#iw_user=iceweasel-user
# program_description is the name that will show on the icon.
#program_description="Iceweasel (Non-Root)"
# command_line is the path of the target program to be run.
#command_line="/usr/bin/iceweasel"
# icon is the icon to display on the menu. If unknown, you can find it by
# examining /usr/share/applications/<program name>.desktop
#icon="iceweasel"
# categories determines where the icon is placed within the applications menu.
# Like icon, if you don't know it, you can find it in
# /usr/share/applications/<program name>.desktop
#categories="Network;"
### END OF SETTINGS ###
useradd -G audio,pulse,pulse-access $iw_user
mkdir /home/$iw_user
chown -R $iw_user /home/$iw_user
cat << EOF > /usr/bin/$script_name
#!/bin/bash
cp \$XAUTHORITY /home/$iw_user/.Xauth
chmod 400 /home/$iw_user/.Xauth
chown $iw_user /home/$iw_user/.Xauth
sudo -u $iw_user -i XAUTHORITY=/home/$iw_user/.Xauth $command_line \$*
EOF
chmod 555 /usr/bin/$script_name
cat << EOF > /usr/share/applications/$script_name.desktop
[Desktop Entry]
Encoding=UTF-8
Name=$program_description
Comment=$program_description
GenericName=$program_description
X-GNOME-FullName=$program_description
Exec=/usr/bin/$script_name
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=$icon
Categories=$categories
StartupNotify=true
EOF
================================================
FILE: strip-colors
================================================
#!/bin/bash
##
## strip-colors
## ------------
## Removes colors from output for easy grepping.
##
## Usage: cat <some file> | strip-colors
##
if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
sed -E 's/\x1B\[[0-9;]*[JKmsu]//g'
================================================
FILE: update-firefox.sh
================================================
#!/bin/bash
##
## Firefox Updater/Installer
## -------------------------
## Just a simple script to update or install Firefox on Kali Linux.
##
## Installs to /opt/firefox
##
## Run with no options to install or update.
##
if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E '^## ?' "$0" | sed -E 's/^## ?//g'
exit
fi
# Firefox (not Iceweasel)
# Reference: https://download-installer.cdn.mozilla.net/pub/firefox/releases/latest/README.txt
cd /opt
rm -rfv firefox
if [ "$(uname -m)" == "i686" ] ; then
wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US"
else
wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US"
fi
tar -xjvf firefox.tar.bz2
rm -fv firefox.tar.bz2
================================================
FILE: usb-armory
================================================
#!/bin/bash
##
## usb-armory
## ----------
## A simple script to setup a connection to a USB armory with Kali installed.
##
## Usage: usb-armory [Internet-connected interface]
##
if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then
grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g'
if [ "$1" == "" ] ; then
echo
echo Available interfaces:
/sbin/ifconfig | grep -E 'Ethernet|inet'
echo
fi
exit
fi
INTERFACE=$1
echo 1 > /proc/sys/net/ipv4/ip_forward
ufw disable
/sbin/iptables -t nat -F
/sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
ifconfig usb0 10.42.0.1 netmask 255.255.255.0 up
ssh root@10.42.0.3
================================================
FILE: word-mutator
================================================
#!/bin/bash
##
## word-mutator 9000
## -----------------
## Generates a wordlist by running all of hashcat's built-in rules on a
## single word (such as a company name) or small list of words.
##
## Primarily intended for targeted, offline password cracking attacks.
##
## Usage: bash ./word-mutator [optional output file] [optional input wordlist]
##
## Because I'm being lazy, you must specify an output file name in order
## to specify an input file. :P
##
## *This script has only been tested with the legacy hashcat 2.00 binaries.*
##
if [ "$3" != "" ] || [ "$1" == "-h" ] || [ "$1" == "--help" ] ; then
grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g'
exit
fi
### SETTINGS ###
# Path to hashcat binary
HASHCAT=/opt/hashcat-2.00/hashcat-cli64.bin
# Path to hashcat rules directory
RULESDIR=/opt/hashcat-2.00/rules
### END OF SETTINGS ###
if [ "$(ls $HASHCAT)" == "" ] || [ "$(ls $RULESDIR)" == "" ] ; then
echo Could not find required hashcat files.
echo Please check the binary paths defined in $0.
exit
fi
if [ "$1" != "" ] ; then
OUTPUT_FILE=$1
else
OUTPUT_FILE=word-mutator.wordlist
fi
TEMP_PREFIX=/tmp/word-mutator.tmp
rm $TEMP_PREFIX* 2>/dev/null
if [ "$2" != "" ] ; then
START_FILE=$2
else
read -p "Base word [Enter for Top 10 common passwords]: " CO_NAME
if [ "$CO_NAME" == "" ] ; then
# Top 10 Yahoo Passwords, 2012
cat <<EOF > $TEMP_PREFIX.0
123456
password
welcome
ninja
abc123
123456789
12345678
sunshine
princess
qwerty
EOF
else
echo "$CO_NAME" > $TEMP_PREFIX.0
fi
START_FILE=$TEMP_PREFIX.0
fi
echo First pass with selected rules...
# separate phrases into individual words
cat $START_FILE | tr "[:space:]" "\n" >> $TEMP_PREFIX.1
# lowercase only
cat $START_FILE | tr [:upper:] [:lower:] >> $TEMP_PREFIX.1
cat $START_FILE | tr [:upper:] [:lower:] | tr "[:space:]" "\n" >> $TEMP_PREFIX.1
# uppercase only
cat $START_FILE | tr [:lower:] [:upper:] >> $TEMP_PREFIX.1
cat $START_FILE | tr [:lower:] [:upper:] | tr "[:space:]" "\n" >> $TEMP_PREFIX.1
# remove special chars and spaces
cat $START_FILE | tr -d [:punct:] >> $TEMP_PREFIX.1
cat $START_FILE | tr -d [:punct:] | tr -d "[:space:]" >> $TEMP_PREFIX.1
# lowercase only, remove special chars and spaces
cat $START_FILE | tr [:upper:] [:lower:] | tr -d [:punct:] >> $TEMP_PREFIX.1
cat $START_FILE | tr [:upper:] [:lower:] | tr -d [:punct:] | tr -d "[:space:]" >> $TEMP_PREFIX.1
# uppercase only, remove special chars and spaces
cat $START_FILE | tr [:lower:] [:upper:] | tr -d [:punct:] >> $TEMP_PREFIX.1
cat $START_FILE | tr [:lower:] [:upper:] | tr -d [:punct:] | tr -d "[:space:]" >> $TEMP_PREFIX.1
$HASHCAT --stdout -r "$RULESDIR/leetspeak.rule" $TEMP_PREFIX.1 >> $TEMP_PREFIX.2 2>/dev/null
$HASHCAT --stdout -r "$RULESDIR/Ninja-leetspeak.rule" $TEMP_PREFIX.1 >> $TEMP_PREFIX.2 2>/dev/null
echo Removing duplicates...
sort -u $TEMP_PREFIX.2 > $TEMP_PREFIX.3
echo Processing second pass with all rules...
for r in $RULESDIR/*.rule ; do
$HASHCAT --stdout -r "$r" $TEMP_PREFIX.3 >> $TEMP_PREFIX.4 2>/dev/null
done
# Add digits to beginning/end of all current words
IFS=$(echo -en "\n\b")
for w in $(cat "$TEMP_PREFIX.1") ; do
for n in {0..9} ; do
echo $w$n >> "$TEMP_PREFIX.5"
echo $n$w >> "$TEMP_PREFIX.5"
done
done
for w in $(cat "$TEMP_PREFIX.1") ; do
for n in {00..99} ; do
echo $w$n >> "$TEMP_PREFIX.5"
echo $n$w >> "$TEMP_PREFIX.5"
done
done
for w in $(cat "$TEMP_PREFIX.1") ; do
for n in {000..999} ; do
echo $w$n >> "$TEMP_PREFIX.5"
echo $n$w >> "$TEMP_PREFIX.5"
done
done
for w in $(cat "$TEMP_PREFIX.1") ; do
for n in {0000..9999} ; do
echo $w$n >> "$TEMP_PREFIX.5"
echo $n$w >> "$TEMP_PREFIX.5"
done
done
echo Removing duplicates...
sort -u $TEMP_PREFIX.* > $OUTPUT_FILE
echo Done.
gitextract_dv4qtq30/ ├── Kali_Linux_Extra_Tools2.sh ├── README.md ├── dim ├── enable-forwarding ├── extract-hashes-responder ├── gnmap2ip ├── grep-cidr ├── grip ├── heartbleed ├── heartbleed-parser ├── ip2dec.py ├── iplist-detect_http.sh ├── iplist2dirs ├── live-usb-tweaks.sh ├── merge-hashcat.py ├── ms15-034_check.py ├── mv-screenshots ├── ncsv2ip ├── setup-x-limited.sh ├── strip-colors ├── update-firefox.sh ├── usb-armory └── word-mutator
SYMBOL INDEX (2 symbols across 1 files) FILE: merge-hashcat.py function file_to_dict (line 26) | def file_to_dict(filename, reverse=0): function dict_to_string (line 46) | def dict_to_string(d):
Condensed preview — 23 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (47K chars).
[
{
"path": "Kali_Linux_Extra_Tools2.sh",
"chars": 14270,
"preview": "#!/bin/bash\n\n##\n## Kali Linux: Extra tools and customizations script\n## ================================================"
},
{
"path": "README.md",
"chars": 7420,
"preview": "Pentest Scripts\n===============\nJust a bunch of simple, miscellaneous scripts I've created while pentesting.\n\nThe rest o"
},
{
"path": "dim",
"chars": 459,
"preview": "#!/bin/bash\n\n##\n## dim - Dim the screen\n## --------------------\n## Usage: dim <= Dim the screen to the lowest setting.\n"
},
{
"path": "enable-forwarding",
"chars": 538,
"preview": "#!/bin/bash\n##\n## enable-forwarding\n## -----------------\n## A simple script to forward all incoming traffic out\n## whate"
},
{
"path": "extract-hashes-responder",
"chars": 625,
"preview": "#!/bin/bash\n\n##\n## extract-hashes-responder\n## ------------------------\n## Extracts one hash per user from a Responder-S"
},
{
"path": "gnmap2ip",
"chars": 738,
"preview": "#!/usr/bin/env python\n\nimport sys\n\nif len(sys.argv) == 1 or \"-h\" in sys.argv or \"--help\" in sys.argv:\n print \"\"\"\ngnma"
},
{
"path": "grep-cidr",
"chars": 771,
"preview": "#!/bin/bash\n##\n## grep-cidr\n## ---------\n## Searches a target file for any IP addresses in the given range. Any range\n##"
},
{
"path": "grip",
"chars": 2348,
"preview": "#!/bin/bash\n\n##\n## grip\n## ----\n## greps a file for common patterns.\n##\n## Should accept most standard grep flags.\n##\n##"
},
{
"path": "heartbleed",
"chars": 227,
"preview": "#!/bin/bash\n\n##\n## Usage: heartbleed <IP Address> <Port>\n##\n\nif [ \"$2\" == \"\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E "
},
{
"path": "heartbleed-parser",
"chars": 248,
"preview": "#!/bin/bash\n\n##\n## Usage: heartbleed-parser <input file>\n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\""
},
{
"path": "ip2dec.py",
"chars": 381,
"preview": "#!/usr/bin/env python\n\nimport sys\n\nusage = \"\"\"\nip2dec.py\n---------\nConverts an IP address to its decimal equivalent.\n\nUs"
},
{
"path": "iplist-detect_http.sh",
"chars": 833,
"preview": "#!/bin/bash\n\n##\n## iplist-detect_http\n## ------------------\n## Retrieves HTTP headers from each server listed in a IP:Po"
},
{
"path": "iplist2dirs",
"chars": 1184,
"preview": "#!/bin/bash\n\n##\n## iplist2dirs\n## -----------\n## Reads an IP:Port list and creates the following directory structure for"
},
{
"path": "live-usb-tweaks.sh",
"chars": 1204,
"preview": "#!/bin/bash\n\n##\n## live-usb-tweaks.sh\n## ------------------\n## Install tweaks to increase performance when running\n## Ka"
},
{
"path": "merge-hashcat.py",
"chars": 1786,
"preview": "#!/usr/bin/env python\n\nimport sys\n\nself_name = sys.argv[0].split('/')[-1]\n\nusage = \"\"\"\n%(name)s\n%(underline)s\nMatches pa"
},
{
"path": "ms15-034_check.py",
"chars": 736,
"preview": "#!/usr/bin/env python\n\nimport sys\nimport requests\n\n# Disable warnings about invalid SSL certificates\nimport warnings\nwar"
},
{
"path": "mv-screenshots",
"chars": 911,
"preview": "#!/bin/bash\n\n##\n## mv-screenshots\n## --------------\n## Moves screenshots from the current directory to a destination dir"
},
{
"path": "ncsv2ip",
"chars": 492,
"preview": "#!/bin/bash\n\n##\n## ncsv2ip\n## -------\n## Converts a Nessus exported CSV file to a colon-separated list of IPs and ports\n"
},
{
"path": "setup-x-limited.sh",
"chars": 3346,
"preview": "#!/bin/bash\n##\n## ----------------------------------\n## setup-x-limited.sh | by Wh1t3Rh1n0\n## --------------------------"
},
{
"path": "strip-colors",
"chars": 291,
"preview": "#!/bin/bash\n\n##\n## strip-colors\n## ------------\n## Removes colors from output for easy grepping.\n##\n## Usage: cat <some "
},
{
"path": "update-firefox.sh",
"chars": 786,
"preview": "#!/bin/bash \n\n##\n## Firefox Updater/Installer\n## -------------------------\n## Just a simple script to update or install "
},
{
"path": "usb-armory",
"chars": 678,
"preview": "\n#!/bin/bash\n##\n## usb-armory\n## ----------\n## A simple script to setup a connection to a USB armory with Kali installed"
},
{
"path": "word-mutator",
"chars": 3819,
"preview": "#!/bin/bash\n##\n## word-mutator 9000\n## -----------------\n## Generates a wordlist by running all of hashcat's built-in ru"
}
]
About this extraction
This page contains the full source code of the Wh1t3Rh1n0/pentest-scripts GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 23 files (43.1 KB), approximately 14.0k tokens, and a symbol index with 2 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.