[ { "path": "Kali_Linux_Extra_Tools2.sh", "content": "#!/bin/bash\n\n##\n## Kali Linux: Extra tools and customizations script\n## =================================================\n## Created by Wh1t3Rh1n0\n##\n## This script adds a bunch of my favorite tools to Kali Linux.\n##\n## Usage:\n## Install all tools: ./Kali_Linux_Extra_Tools2.sh install\n## Non-GUI tools only: ./Kali_Linux_Extra_Tools2.sh install nogui\n##\n\n# Major changes\n# * 2015-09-09: In the process of being updated for Kali 2 Light Edition.\n# * 2015-11-25: More modifications. Still Kali 2 Light Edition centric.\n# * 2015-12-08: Separated GUI and non-GUI tools into two sections.\n# * 2016-07-14: Disabled automatic install of smbexec\n# * 2016-09-17: Major changes all over\n# * 2017-09-18: Added Empire, CME, Hashcat Legacy\n# * 2017-10-06: Light review to make sure this script still mostly works\n# * 2018-03-20: Added sublist3r\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nif [ \"$1\" != \"install\" ]; then exit ; fi\n\n\n# ====== Install Updates =====================================================\napt-get update && apt-get -y upgrade && apt-get -y dist-upgrade\n\n\n# ====== Personal Preferences =================================================\necho -e \"\\nPATH=\\$PATH:/opt/pentest-scripts\" >> /root/.bashrc\n\ncat < /root/.screenrc\ncaption always\ncaption string \"%{kw}%-w%{wr}%n %t%{-}%+w\"\nstartup_message off\nEOF\n\ncat <> /root/.bashrc\nalias nano='nano -\\\\\\$iET 4'\nEOF\n\nln -sn /usr/share/metasploit-framework/tools/pattern_create.rb /usr/bin/pattern_create\nln -sn /usr/share/metasploit-framework/tools/pattern_offset.rb /usr/bin/pattern_offset\n\n# Log when this script was run and with what arguments to a file\necho \"$(date)> $0 $*\" >> /var/log/extra-tools.log\n\n\n# ====== Install GUI Tools ===================================================\nif [ \"$2\" != \"nogui\" ]; then\n\n\n# GUI Tools installed with apt-get\n# --------------------------------\n\n# Additions for Kali Linux 2 Light\nexport DEBIAN_FRONTEND=noninteractive\napt-get install -y -q kali-linux-all\n\n# Tools based on personal preference\napt-get install -y mousepad icedove\napt-get install -y vinagre\n\n# Other stuff that comes in handy\napt-get install -y xfce4-screenshooter\n#apt-get install -y flashplugin-nonfree icedtea-plugin\napt-get install -y gimp\napt-get install -y libreoffice-gnome libreoffice-writer libreoffice-calc\n\n# Fix so chromium will run as root\napt-get install -y chromium\n#sed -Ei \"s#CHROMIUM_FLAGS=.+#CHROMIUM_FLAGS=\\\"--password-store=detect --user-data-dir\\\"#\" /etc/chromium/default\n\n\n# Firefox/Iceweasel Add-ons\n# -------------------------\nmkdir -p /opt/firefox-addons\ncd /opt/firefox-addons\n\n#Controle de Scripts\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/1154/addon-1154-latest.xpi\" -o controle-de-scripts.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/open-multiple-locations/\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/216803/addon-216803-latest.xpi\" -o open-multiple-locations.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/restclient/?src=search\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/9780/addon-9780-latest.xpi\" -o restclient.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/refcontrol/?src=search\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/953/addon-953-latest.xpi\" -o refcontrol.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/?src=ss\ncurl -L \"https://addons.mozilla.org/firefox/downloads/file/308568/foxyproxy_standard-4.5.4-sm+tb+fx.xpi\" -o foxyproxy.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/firebug/?src=search\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/1843/addon-1843-latest.xpi\" -o firebug.xpi \n\n#https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/?src=ss\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/92079/addon-92079-latest.xpi\" -o cookies-manager-plus.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/unhide-passwords/\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/462/addon-462-latest.xpi\" -o unhide-passwords.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/hackbar/?src=search\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/3899/addon-3899-latest.xpi\" -o hackbar.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/tamper-data/?src=search\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/966/addon-966-latest.xpi\" -o tamper-data.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/quickjava/?src=search\ncurl -L \"https://addons.mozilla.org/firefox/downloads/file/82987/quickjava-1.7.2-fx.xpi\" -o quickjava.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/parent-folder/\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/1800/addon-1800-latest.xpi\" -o parent-folder.xpi\n\n#https://addons.mozilla.org/en-US/firefox/addon/user-agent-quick-switch\ncurl -L \"https://addons.mozilla.org/firefox/downloads/latest/355807/addon-355807-latest.xpi\" -o user-agent-quick-switch.xpi\n\n\n# [Removed 2017-10]\n# Sublime text editor\n#cd /opt\n#if [ \"$(arch)\" == \"x86_64\" ] ; then\n# wget \"http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2%20x64.tar.bz2\" -O sublime.tar.bz2\n#else\n# wget \"http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2.tar.bz2\" -O sublime.tar.bz2\n#fi\n#tar -xjvf sublime.tar.bz2\n#rm -fv sublime.tar.bz2\n#ln -sn \"/opt/Sublime Text 2/sublime_text\" /usr/bin/sublime\n\n\n# Old Firefox for accessing pages with weak SSL ciphers\nmkdir -p /opt/firefox-old\ncd /opt/firefox-old/\nwget 'https://download-installer.cdn.mozilla.net/pub/firefox/releases/30.0/linux-x86_64/en-US/firefox-30.0.tar.bz2'\ntar -xjvf firefox-30.0.tar.bz2\nmv firefox firefox-30.0\n\n\n# Removed 2017-10 -- Kali has switched to Firefox ESR now\n# Firefox (not Iceweasel)\n#/opt/pentest-scripts/update-firefox.sh\n\nfi\n\n\n# ====== Install Non-GUI Tools ===============================================\n\n# Setup metasploit database\napt-get install -y metasploit-framework\nsystemctl enable postgresql\nservice postgresql start\nmsfdb init\n\n# Fix sendemail\n# -------------\n# Replaces: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i\n# With: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))}i\nsed -Ei 's#m\\{\\^\\(\\!\\?\\)\\(\\?:\\(SSL\\(\\?:v2\\|v3\\|v23\\|v2/3\\)\\)\\|\\(TLSv1\\[12\\]\\?\\)\\)\\$\\}i#m\\{\\^\\(\\!\\?\\)\\(\\?:\\(SSL\\(\\?:v2\\|v3\\|v23\\|v2/3\\)\\)\\|\\(TLSv1\\[12\\]\\?\\)\\)\\}i#g' /usr/share/perl5/IO/Socket/SSL.pm\n\n\n# Non-GUI Tools installed with apt-get\n# ------------------------------------\napt-get install -y cifs-utils sshfs exif exiv2 exfat-fuse exfat-utils nfs-common\napt-get install -y metagoofil ufw\napt-get install -y vncsnapshot\napt-get install -y xdotool\napt-get install -y dnsutils passing-the-hash creddump\napt-get install -y bettercap\napt-get install -y ncftp\n\n# Install tools for creating a wireless access point\napt-get install -y dnsmasq hostapd-wpe\nsystemctl disable dnsmasq\nsystemctl disable hostapd-wpe\n\n# Default passwords list:\nmkdir -p /usr/share/wordlists\ncd /usr/share/wordlists\nwget \"http://www.phenoelit.org/dpl/dpl.html\" -O /usr/share/wordlists/dpl.html\n\n\n# Scripted, non-apt-get installs\n# ------------------------------\n\n# --- Coalfire --- #\n\n# Coalfire private exploits (requires authenticating to github)\ncd /opt\ngit clone https://github.com/coalfire/pentest-exploits.git\n\n# --- X-Windows tools --- #\n\n# xwatchwin\ncd /opt\nwget \"http://www.ibiblio.org/pub/X11/contrib/utilities/xwatchwin.tar.gz\"\ntar -xzvf xwatchwin.tar.gz\nrm xwatchwin.tar.gz\ncd xwatchwin\napt-get -y install xutils-dev\nxmkmf\nmake\n\n# xwd\ncd /opt\nwget \"http://xorg.freedesktop.org/archive/individual/app/xwd-1.0.5.tar.bz2\"\ntar -xjvf xwd-1.0.5.tar.bz2\nrm xwd-1.0.5.tar.bz2\ncd xwd-1.0.5\napt-get install -y libx11-dev libxt-dev pkgconf\n./configure ; make ; make install\n\n# --- Windows exploitation --- #\n\n# Responder\ncd /opt\ngit clone https://github.com/lgandx/Responder\n\n# ntlmrelayx\nmkdir -p /opt/ntlmrelayx\ncd /opt/ntlmrelayx\napt-get install -y libssl-dev libffi-dev python-dev\npip install pyopenssl\npip install ldap3\npip install ldap3 --upgrade\ngit clone https://github.com/lgandx/Responder\ngit clone 'https://github.com/CoreSecurity/impacket'\ncd impacket\npython setup.py install\ncd ../Responder\nsed -Ei 's/HTTP = On/HTTP = Off/g' Responder.conf\nsed -Ei 's/HTTPS = On/HTTPS = Off/g' Responder.conf\nsed -Ei 's/SMB = On/SMB = Off/g' Responder.conf\n\n# --- Linux kernel exploits --- #\n\n# Linux Kernel Exploit Suggester\ncd /opt\ngit clone https://github.com/PenturaLabs/Linux_Exploit_Suggester\n\n# getroot.tgz from iKat\ncd /opt\nmkdir ikat\ncd ikat\nwget 'http://ikat.ha.cked.net/Linux/files/getroot.tgz'\n\n\n# --- Password cracking --- #\n\n# John The Ripper Jumbo with Tools\ncd /opt\ngit clone https://github.com/magnumripper/JohnTheRipper\n\n# Hashcat Legacy\ncd /opt/\nwget \"https://hashcat.net/files_legacy/hashcat-2.00.7z\" && 7z x hashcat-2.00.7z && rm hashcat-2.00.7z\nmv /usr/bin/hashcat /usr/bin/hashcat3\nln -sn /opt/hashcat-2.00/hashcat-cli32.bin /usr/bin/hashcat\n\n# PACK - Password Analysis and Cracking Kit\ncd /opt\ngit clone https://github.com/tomato42/pack\nln -sn /opt/pack/rulegen.py /usr/bin/pack-rulegen\nln -sn /opt/pack/statsgen.py /usr/bin/pack-statsgen\nln -sn /opt/pack/policygen.py /usr/bin/pack-policygen\nln -sn /opt/pack/maskgen.py /usr/bin/pack-maskgen\n\n# --- Password recovery --- #\n\n# LaZagne - Password recovery for Windows and Linux\ncd /opt\ngit clone https://github.com/AlessandroZ/LaZagne\nLAZAGNE_CURRENT=$(curl -Is 'https://github.com/AlessandroZ/LaZagne/releases/latest' | grep -E '^Location:' | awk -F '/tag/' '{print $2}' | tr -d '\\r' | tr -d '\\n') \nwget \"https://github.com/AlessandroZ/LaZagne/releases/download/$LAZAGNE_CURRENT/Windows.zip\"\n\n# VNCpwd - VNC Password Decrypter\nmkdir /opt/vncpwd\ncd /opt/vncpwd\nwget \"http://aluigi.altervista.org/pwdrec/vncpwd.zip\"\nunzip vncpwd.zip\n\n# PCredz - credentials/hash/credit card number sniffer\napt-get -y remove python-pypcap && apt-get -y install python-libpcap\ncd /opt\ngit clone https://github.com/lgandx/PCredz\n\n# --- Misc --- #\n\n# clusterd.py\ncd /opt\ngit clone https://github.com/hatRiot/clusterd.git\n\n# Java Deserialization Exploits\ncd /opt\ngit clone https://github.com/coalfire/java_deserialization_exploits\n\n# CrackMapExec\ncd /opt\ngit clone https://github.com/byt3bl33d3r/CrackMapExec\ncd CrackMapExec && git submodule init && git submodule update --recursive\npython setup.py install\n\n# PowerShell Empire\ncd /opt/\ngit clone 'https://github.com/EmpireProject/Empire'\ncd Empire\n./setup/install.sh\n\n# Various extra Windows binaries\nmkdir /opt/windows-extras\ncd /opt/windows-extras\nwget http://www.tightvnc.com/download/1.3.10/tightvnc-1.3.10_x86.zip\nwget https://download.sysinternals.com/files/PSTools.zip\nwget https://download.sysinternals.com/files/AccessChk.zip\nwget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip\nwget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip.gpg\nwget https://download.sysinternals.com/files/Procdump.zip\n\n# merger.py -> nessus-merger.py\nwget \"https://gist.githubusercontent.com/mastahyeti/2720173/raw\" -O /tmp/merger.py\necho \\#\\!/usr/bin/env python > /usr/bin/nessus-merger.py\ncat /tmp/merger.py >> /usr/bin/nessus-merger.py\nchmod 755 /usr/bin/nessus-merger.py\nrm /tmp/merger.py\n\n# progress\ncd /opt\ngit clone https://github.com/Xfennec/progress\ncd progress/\napt-get -y install libncurses5-dev\nmake\nmake install\n\n# Sublist3r\ncd /opt\ngit clone https://github.com/aboul3la/Sublist3r\napt-get update\napt-get install -y python-requests python-dnspython python-argparse\n\n# MS15-034 Check\nmkdir /opt/ms15-034\ncd /opt/ms15-034\nln -sn /usr/share/exploitdb/platforms/windows/dos/36773.c ms15-034.c\ngcc ms15-034.c -o ms15-034\n\n# MS14-066 Check\nmkdir /opt/ms14-066\ncd /opt/ms14-066\ncurl -L \"https://raw.githubusercontent.com/anexia-it/winshock-test/master/winshock_test.sh\" -o \"winshock_test.sh\"\ncat winshock_test.sh | sed -E 's/REMOTE_VERSION=.+/REMOTE_VERSION=\\$VERSION/g' | sed 's#cat < /dev/null#g' | sed -E 's/read -p.+/REPLY=y/g' | sed 's#cat < /dev/null#g' > winshock_test2.sh\n\n# Removed 2017-10\n# masscan - Mass IP port scanner\n#cd /opt\n#git clone https://github.com/robertdavidgraham/masscan\n#cd masscan/\n#apt-get -y install libpcap0.8-dev\n#make -j\n\n# TCP Ping\ncd /usr/bin\nwget \"http://www.vdberg.org/~richard/tcpping\"\nchmod 755 tcpping\nln -sn /usr/bin/tcpping /usr/bin/tcping\n\n# F5 BIG-IP Cookie decoder\nmkdir /opt/BIG-IP\ncd /opt/BIG-IP\nwget http://www.taddong.com/tools/BIG-IP_cookie_decoder.zip\nunzip BIG-IP_cookie_decoder.zip\necho -e \"#\\!/bin/bash\\npython /opt/BIG-IP/BIG-IP_cookie_decoder.py \\$(curl -i -k \\$1 2>/dev/null | grep -i \\\"Set-Cookie: BIGip\\\" | cut -d ' ' -f 2 | tr -d ';' | cut -d '=' -f 2)\" > /opt/BIG-IP/big-ip-url.sh\n\n# Removed 2017-10\n# smbexec - Download only. Install is manual.\n#cd /opt\n#git clone https://github.com/pentestgeek/smbexec\n\n# Removed 2017-10\n# Metasploit-Plugins from darkoperator - includes the pentest plugin\n#cd /opt\n#git clone https://github.com/darkoperator/Metasploit-Plugins\n#ln -sn /opt/Metasploit-Plugins/*.rb /usr/share/metasploit-framework/plugins/\n\n# Eyewitness\ncd /opt\ngit clone 'https://github.com/ChrisTruncer/EyeWitness'\ncd Eyewitness/setup\n./setup.sh\n\n# Sticky-Keys-Slayer\ncd /opt/\napt-get -y install imagemagick xdotool parallel bc\ngit clone https://github.com/linuz/Sticky-Keys-Slayer\n\n\n# ====== Clean up =============================================================\napt-get --purge -y autoremove\napt-get clean\n\n\n# ====== Old stuff I've disabled but am keeping around for reference ==========\n# # Setup limited user for running Firefox\n# cd /opt/pentest-scripts\n# script_name=firefox-nonroot iw_user=firefox-user program_description=\"Firefox (Non-Root)\" command_line=\"/opt/firefox/firefox\" icon=\"/opt/firefox/browser/icons/mozicon128.png\" catagories=\"Network;\" ./setup-x-limited.sh \n\n# # Setup limited user for running Chromium\n# cd /opt/pentest-scripts\n# script_name=chromium-nonroot iw_user=chromium-user program_description=\"Chromium (Non-Root)\" command_line=\"/usr/bin/chromium\" icon=\"chromium\" catagories=\"Network;\" ./setup-x-limited.sh\n\n# # Setup limited user for running Hexchat\n# cd /opt/pentest-scripts\n# script_name=hexchat-nonroot iw_user=hexchat-user program_description=\"Hexchat (Non-Root)\" command_line=/usr/bin/hexchat icon=\"hexchat\" catagories=\"Network;\" ./setup-x-limited.sh\n\n" }, { "path": "README.md", "content": "Pentest Scripts\n===============\nJust a bunch of simple, miscellaneous scripts I've created while pentesting.\n\nThe rest of this readme was automatically generated with the following command:\n\n for f in * ; do echo -en \"## $f\\n\" ; echo -e \"\\n$(./$f --help | tail -n +2 | sed -E 's/^/ /g')\" ; done >> README.md\n \n## dim\n\n dim - Dim the screen\n --------------------\n Usage: dim <= Dim the screen to the lowest setting.\n dim <= Dim to a custom level.\n \n## enable-forwarding\n\n enable-forwarding\n -----------------\n A simple script to forward all incoming traffic out\n whatever interface is currently connected to the Internet.\n \n Usage: enable-forwarding [Internet-connected interface]\n \n## extract-hashes-responder\n\n extract-hashes-responder\n ------------------------\n Extracts one hash per user from a Responder-Session.log file for easy\n cracking with hashcat.\n \n Usage: ./extract-hashes-responder [Result number]\n \n## gnmap2ip\n\n gnmap2ip\n --------\n Converts a .gnmap file to an list of colon separated IP and TCP port numbers.\n \n Usage: gnmap2ip [GNMAP FILE]\n \n## grep-cidr\n\n grep-cidr\n ---------\n Searches a target file for any IP addresses in the given range. Any range\n format that is Nmap compatible *should work*, not just CIDR.\n \n Usage: grep-cidr [Additional grep options]\n \n## grip\n\n grip\n ----\n greps a file for common patterns.\n \n Should accept most standard grep flags.\n \n Example usage - IPv4 addresses only:\n grep for IPv4 addresses only: grip \n include CIDR notation: grip --cidr \n grep for IP:Port: grip --port \n \n Example usage - IPv6 addresses only:\n grep for IPv6 addresses only: grip --6 \n include CIDR notation: grip --6cidr \n \n Other supported patterns:\n grep for emails: grip --email \n grep for MAC addresses: grip --mac \n \n## heartbleed\n\n Usage: heartbleed \n \n## heartbleed-parser\n\n Usage: heartbleed-parser \n \n## ip2dec.py\n\n ip2dec.py\n ---------\n Converts an IP address to its decimal equivalent.\n \n Usage: ip2dec.py [IP Address]\n \n## iplist2dirs\n\n iplist2dirs\n -----------\n Reads an IP:Port list and creates the following directory structure for \n each IP address:\n \n ./[OUTPUT DIR]/[PORT]/[IP Address]\n \n Usage: iplist2dirs [Ports]\n \n Example: iplist2dirs iplist.txt \"80 443\"\n \n Use \"all\" in place of port numbers to create a directory for every port listed.\n \n If ports are omitted, the default port list is used.\n The defaul port list and output directory name can be changed in the settings\n section of this script.\n \n## iplist-detect_http.sh\n\n iplist-detect_http\n ------------------\n Retrieves HTTP headers from each server listed in a IP:Port formatted file.\n \n Usage: iplist-detect_http [Maximum Connect Timeout]\n \n## Kali_Linux_Extra_Tools2.sh\n\n Kali Linux: Extra tools and customizations script\n =================================================\n Created by Wh1t3Rh1n0\n \n This script adds a bunch of my favorite tools to Kali Linux.\n \n Usage:\n Install all tools: ./Kali_Linux_Extra_Tools2.sh install\n Non-GUI tools only: ./Kali_Linux_Extra_Tools2.sh install nogui\n \n## live-usb-tweaks.sh\n\n live-usb-tweaks.sh\n ------------------\n Install tweaks to increase performance when running\n Kali from a LiveUSB with persistence.\n \n Usage: ./live-usb-tweaks.sh install\n \n## merge-hashcat.py\n\n merge-hashcat.py\n ----------------\n Matches passwords cracked with hashcat to their usernames.\n \n Usage: merge-hashcat.py \n \n Notes: The \"hash:password\" file is created by hashcat's -o option.\n \n The \"user:hash\" file is easy to create using your original hashdump and\n the \"cut\" command. An example of creating this file from hashes dumped\n from a Windows domain controller follows:\n \n cat raw_dump.txt | cut -d ':' -f 1,4 > dumped-users_hashes.txt\n \n## ms15-034_check.py\n \n Example: %s 'https://example.com:8443/'\n\n## mv-screenshots\n\n mv-screenshots\n --------------\n Moves screenshots from the current directory to a destination directory.\n Removes colons from the filename for Windows compatibility.\n \n Usage: mv-screenshots \n \n## ncsv2ip\n\n ncsv2ip\n -------\n Converts a Nessus exported CSV file to a colon-separated list of IPs and ports\n \n Usage: ncsv2ip [CSV FILE]\n \n Requires: grep, awk, sort\n Limitations: Only outputs TCP ports. UDP ports are ignored.\n \n## setup-x-limited.sh\n\n ----------------------------------\n setup-x-limited.sh | by Wh1t3Rh1n0\n ----------------------------------\n This script creates a script and a menu icon for executing a given program\n as a regular, non-root user if you are logged in as root.\n \n The following environment variables need to be set for it to run:\n \n script_name - the filename that the created script will be saved as.\n iw_user - the user that will be created for running the target program.\n program_description - the name that will show on the icon.\n command_line - the path of the target program to be run.\n icon - the icon to display on the menu\n categories - where the icon is placed within the applications menu.\n \n Example execution:\n ------------------\n script_name=firefox-nonroot iw_user=firefox-user \\\n program_description=\"Firefox (Non-Root)\" command_line=\"/opt/firefox/firefox\" \\\n icon=\"/opt/firefox/browser/icons/mozicon128.png\" categories=\"Network;\" \\\n ./setup-x-limited.sh\n \n Alternatively, you can provide a known binary location to accept default\n options for that program.\n \n Usage: ./setup-x-limited.sh [full path to binary]\n \n Currently accepted binary paths:\n /opt/firefox/firefox\n \n## strip-colors\n\n strip-colors\n ------------\n Removes colors from output for easy grepping.\n \n Usage: cat | strip-colors\n \n## update-firefox.sh\n\n Firefox Updater/Installer\n -------------------------\n Just a simple script to update or install Firefox on Kali Linux.\n \n Installs to /opt/firefox\n \n Run with no options to install or update.\n \n## usb-armory\n\n usb-armory\n ----------\n A simple script to setup a connection to a USB armory with Kali installed.\n \n Usage: usb-armory [Internet-connected interface]\n \n## word-mutator\n\n word-mutator 9000\n -----------------\n Generates a wordlist by running all of hashcat's built-in rules on a\n single word (such as a company name) or small list of words.\n \n Primarily intended for targeted, offline password cracking attacks.\n \n Usage: bash ./word-mutator [optional output file] [optional input wordlist]\n \n Because I'm being lazy, you must specify an output file name in order\n to specify an input file. :P\n \n *This script has only been tested with the legacy hashcat 2.00 binaries.*\n \n" }, { "path": "dim", "content": "#!/bin/bash\n\n##\n## dim - Dim the screen\n## --------------------\n## Usage: dim <= Dim the screen to the lowest setting.\n## dim <= Dim to a custom level.\n##\n\nif [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nif [ \"$1\" == \"\" ] ; then\n pkexec /usr/sbin/xfpm-power-backlight-helper --set-brightness 01\n exit\nfi\n\npkexec /usr/sbin/xfpm-power-backlight-helper --set-brightness $1\n" }, { "path": "enable-forwarding", "content": "#!/bin/bash\n##\n## enable-forwarding\n## -----------------\n## A simple script to forward all incoming traffic out\n## whatever interface is currently connected to the Internet.\n##\n## Usage: enable-forwarding [Internet-connected interface]\n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\n \nINTERFACE=$1\n \necho 1 > /proc/sys/net/ipv4/ip_forward\nufw disable\n/sbin/iptables -t nat -F\n/sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE\n \n" }, { "path": "extract-hashes-responder", "content": "#!/bin/bash\n\n##\n## extract-hashes-responder\n## ------------------------\n## Extracts one hash per user from a Responder-Session.log file for easy\n## cracking with hashcat.\n##\n## Usage: ./extract-hashes-responder [Result number]\n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nif [ \"$2\" == \"\" ] ; then\n RESULTS=1\nelse\n RESULTS=$2\nfi\n\nfor user in $(grep -ioE \"complete[^:]+:[^:]+:\" \"$1\" | sort -u | grep -ioE \":[^:]+:\") ; do \n grep -m $RESULTS \"$user\" \"$1\" | grep -ioE \"[^:]+::.+$\" | tail -n 1\ndone\n" }, { "path": "gnmap2ip", "content": "#!/usr/bin/env python\n\nimport sys\n\nif len(sys.argv) == 1 or \"-h\" in sys.argv or \"--help\" in sys.argv:\n print \"\"\"\ngnmap2ip\n--------\nConverts a .gnmap file to an list of colon separated IP and TCP port numbers.\n\nUsage: gnmap2ip [GNMAP FILE]\n\"\"\"\n sys.exit()\n \n \ngnmap_file = sys.argv[1]\n\nf = open(gnmap_file, 'r')\nlines = [l.rstrip() for l in f.readlines()]\nf.close()\n\nfor line in lines:\n if line.find(\"open\") != -1:\n ip_address = line.split(' ')[1]\n port_data = line.split(':')[2].split('\\t')[0].split(' ')\n\n for entry in port_data:\n if entry.find(\"open\") != -1 and entry.find(\"tcp\") != -1:\n port = entry.strip().split('/')[0]\n print \"%s:%s\" % (ip_address, port)\n" }, { "path": "grep-cidr", "content": "#!/bin/bash\n##\n## grep-cidr\n## ---------\n## Searches a target file for any IP addresses in the given range. Any range\n## format that is Nmap compatible *should work*, not just CIDR.\n##\n## Usage: grep-cidr [Additional grep options]\n##\n\nif [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nIP_RANGE=$1\nTARGET_FILE=$2\nGREP_OPTIONS=$3 $4 $5 $6 $7 $8 $9\nTEMP_FILE=/tmp/grep-cidr.temp-$RANDOM\n\n# Use Nmap to generate a list of IPs in the given range and save them in a temporary file\nnmap -Pn -n -sL -oG - $IP_RANGE | grep Host: | cut -d ' ' -f 2 > $TEMP_FILE\n\n# Grep the target file for IPs in the specified range\ngrep -F -f \"$TEMP_FILE\" \"$TARGET_FILE\"\n\n# Delete the temp file\nrm -f $TEMP_FILE" }, { "path": "grip", "content": "#!/bin/bash\n\n##\n## grip\n## ----\n## greps a file for common patterns.\n##\n## Should accept most standard grep flags.\n##\n## Example usage - IPv4 addresses only:\n## grep for IPv4 addresses only: grip \n## include CIDR notation: grip --cidr \n## grep for IP:Port: grip --port \n##\n## Example usage - IPv6 addresses only:\n## grep for IPv6 addresses only: grip --6 \n## include CIDR notation: grip --6cidr \n##\n## Other supported patterns:\n## grep for emails: grip --email \n## grep for MAC addresses: grip --mac \n\n##\n\nif [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nif [ \"$1\" == \"--port\" ] ; then\n grep -iEo \"(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(:[0-9]+)?\" $(echo $* | sed 's/--port//g')\n exit\nfi\n\nif [ \"$1\" == \"--email\" ] ; then\n grep -Eoa '[A-Za-z0-9\\._+-]+@[A-Za-z0-9\\._-]+' $(echo $* | sed 's/--email//g')\n exit\nfi\n\nif [ \"$1\" == \"--cidr\" ] ; then\n grep -iEoa \"(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(/[0-9]+)?\" $(echo $* | sed 's/--cidr//g')\n exit\nfi\n\nif [ \"$1\" == \"--mac\" ] ; then\n grep -iEao '([abcdef0-9]{2}[:-]){5}[abcdef0-9]{2}' $(echo $* | sed 's/--mac//g')\n exit\nfi\n\n# The second grep command in each IPv6 example is there to prevent MAC addresses from being detected as IPv6 addresses\nif [ \"$1\" == \"--6\" ] ; then\n grep -iEao '[0-9a-f]{0,4}:([0-9a-f]*:){1,6}[0-9a-z]{0,4}' $(echo $* | sed 's/--6//g') | grep -Eia '::|:.*:.*:.*:.*:.*:.*:.*'\n\n exit\nfi\n\nif [ \"$1\" == \"--6cidr\" ] ; then\n grep -iEao '[0-9a-f]{0,4}:([0-9a-f]*:){1,6}[0-9a-z]{0,4}(/[0-9]+)?' $(echo $* | sed 's/--6cidr//g') | grep -Eia '::|:.*:.*:.*:.*:.*:.*:.*'\n exit\nfi\n\n# Default behavior - grep for IPv4 IP addresses only\ngrep -iEao \"(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\" $*\n" }, { "path": "heartbleed", "content": "#!/bin/bash\n\n##\n## Usage: heartbleed \n##\n\nif [ \"$2\" == \"\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\n/usr/bin/python /usr/share/exploitdb/platforms/multiple/remote/32764.py $1 -p $2\n" }, { "path": "heartbleed-parser", "content": "#!/bin/bash\n\n##\n## Usage: heartbleed-parser \n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\ncat \"$1\" | cut -d ' ' -f 21- |grep -vE '^$' | tr -d '\\n'\n\n" }, { "path": "ip2dec.py", "content": "#!/usr/bin/env python\n\nimport sys\n\nusage = \"\"\"\nip2dec.py\n---------\nConverts an IP address to its decimal equivalent.\n\nUsage: ip2dec.py [IP Address]\n\"\"\"\n\nif len(sys.argv) <= 1 or \"-h\" in sys.argv or \"--help\" in sys.argv:\n print usage\n exit()\n \nip = sys.argv[1].split('.')\n\nd = int(ip[0]) * 256 ** 3\nd += int(ip[1]) * 256 ** 2\nd += int(ip[2]) * 256\nd += int(ip[3])\n\nprint d\n" }, { "path": "iplist-detect_http.sh", "content": "#!/bin/bash\n\n##\n## iplist-detect_http\n## ------------------\n## Retrieves HTTP headers from each server listed in a IP:Port formatted file.\n##\n## Usage: iplist-detect_http [Maximum Connect Timeout]\n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nIPLIST=$1\n\nif [ \"$2\" == \"\" ] ; then\n MAX_TIMEOUT=2\nelse\n MAX_TIMEOUT=$2\nfi\n\nfor ip in $(cat \"$IPLIST\"); do\n CURL_COMMAND=\"curl -s --retry 0 --retry-delay 0 --retry-max-time $MAX_TIMEOUT -I --connect-timeout $MAX_TIMEOUT -m $MAX_TIMEOUT -y $MAX_TIMEOUT -k\"\n\n RESPONSE=$($CURL_COMMAND http://$ip | head -n 3 |tr -d \"\\r\" | tr \"\\n\" \"|\")\n echo \"http://$ip > $RESPONSE\" \n\n RESPONSE=$($CURL_COMMAND https://$ip | head -n 3 |tr -d \"\\r\" | tr \"\\n\" \"|\")\n echo \"https://$ip > $RESPONSE\" \ndone\n" }, { "path": "iplist2dirs", "content": "#!/bin/bash\n\n##\n## iplist2dirs\n## -----------\n## Reads an IP:Port list and creates the following directory structure for \n## each IP address:\n##\n## ./[OUTPUT DIR]/[PORT]/[IP Address]\n##\n## Usage: iplist2dirs [Ports]\n##\n## Example: iplist2dirs iplist.txt \"80 443\"\n##\n## Use \"all\" in place of port numbers to create a directory for every port listed.\n##\n## If ports are omitted, the default port list is used.\n## The defaul port list and output directory name can be changed in the settings\n## section of this script.\n##\n\n# SETTINGS #\nDEFAULT_PORTS=\"21 22 23 25 53 80 110 139 443 445 3389 5800 5900\"\nOUTPUT_DIR=\"hosts\"\n# END SETTINGS #\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nif [ \"$2\" == \"\" ] ; then\n PORTS=\"$DEFAULT_PORTS\"\nelif [ \"$2\" == \"all\" ] ; then\n PORTS=\"$(cat $1 | cut -d ':' -f 2 | sort -u | tr '\\n' ' ')\"\nelse\n PORTS=\"$2\"\nfi\n\nIP_LIST=\"$PWD/$1\"\n\nfor port in $PORTS; do\n mkdir -p \"$OUTPUT_DIR/$port\"\n for ip in $(grep \":$port$\" \"$IP_LIST\" |cut -d ':' -f 1 ) ; do\n # touch \"$OUTPUT_DIR/$port/$ip\"\n mkdir -p \"$OUTPUT_DIR/$port/$ip\"\n done\ndone\n" }, { "path": "live-usb-tweaks.sh", "content": "#!/bin/bash\n\n##\n## live-usb-tweaks.sh\n## ------------------\n## Install tweaks to increase performance when running\n## Kali from a LiveUSB with persistence.\n##\n## Usage: ./live-usb-tweaks.sh install\n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E \"^##([^#]|$)\" \"$0\" | sed -E 's/^##.?//g'\n exit\nfi\n\necho \"Installing LiveUSB tweaks...\"\n\n### Changes to rc.local ###\n\nsed -i 's/exit 0//g' /etc/rc.local\n\ncat <> /etc/rc.local\n# Limit writes to the persistent volume to every 120 seconds\nmount -o remount,noatime,commit=120 /lib/live/mount/persistence/loop1\n\n#Mount /var/cache/apt/archives onto ramdisk \n#mkdir /dev/shm/apt-archives\n#chmod 1777 /dev/shm/apt-archives\n#mount --bind /dev/shm/apt-archives /var/cache/apt/archives\nmount -t tmpfs tmpfs /var/cache/apt/archives -o rw,nosuid,nodev,uid=0,gid=0,mode=744\nEOF\n\necho -e \"\\nexit 0\" >> /etc/rc.local\n\n\n### Disable rsyslog ###\n#update-rc.d rsyslog disable\n\n\n### Add these lines to /etc/sysctl.conf ###\ncat <> /etc/sysctl.conf\nvm.swappiness = 0\nvm.dirty_background_ratio = 20\nvm.dirty_expire_centisecs = 0\nvm.dirty_ratio = 80\nvm.dirty_writeback_centisecs = 0\nEOF\n\n\necho \"Reboot for changes to take effect.\"\n" }, { "path": "merge-hashcat.py", "content": "#!/usr/bin/env python\n\nimport sys\n\nself_name = sys.argv[0].split('/')[-1]\n\nusage = \"\"\"\n%(name)s\n%(underline)s\nMatches passwords cracked with hashcat to their usernames.\n\nUsage: %(name)s \n\nNotes: The \"hash:password\" file is created by hashcat's -o option.\n\n The \"user:hash\" file is easy to create using your original hashdump and\n the \"cut\" command. An example of creating this file from hashes dumped\n from a Windows domain controller follows:\n \n cat raw_dump.txt | cut -d ':' -f 1,4 > dumped-users_hashes.txt\n\"\"\" % {'name': self_name,\n 'underline': ('-' * len(self_name)),\n }\n\n\ndef file_to_dict(filename, reverse=0):\n '''\n Takes the filename of a colon-separated file and returns a dictionary\n containing the keys and values from that file.\n '''\n \n f = open(filename, 'r')\n lines = [line.rstrip() for line in f.readlines()]\n f.close()\n \n output_dict = {}\n for line in lines:\n if \":\" in line:\n key = line.split(\":\")[0]\n value = line.split(\":\")[1]\n output_dict[key] = value\n \n return output_dict\n\n\ndef dict_to_string(d):\n s = \"\"\n for key in d.keys():\n s += \"%s:%s\\n\" % (key, d[key])\n return s.rstrip()\n\n\nif len(sys.argv) < 3 or \"-h\" in sys.argv or \"--help\" in sys.argv:\n print usage\n exit()\n\nuser_hash_filename = sys.argv[1]\nhash_password_filename = sys.argv[2]\n \nuser_hash = file_to_dict(user_hash_filename)\nhash_password = file_to_dict(hash_password_filename)\n\nuser_password = {}\n\nfor user in user_hash.keys():\n password_hash = user_hash[user]\n password = hash_password.get(password_hash)\n\n if password != None: user_password[user]=password\n \nprint dict_to_string(user_password)\n" }, { "path": "ms15-034_check.py", "content": "#!/usr/bin/env python\n\nimport sys\nimport requests\n\n# Disable warnings about invalid SSL certificates\nimport warnings\nwarnings.filterwarnings(\"ignore\")\n\nif len(sys.argv) <= 1 or '-h' in sys.argv or '--help' in sys.argv:\n print \"Usage: %s \"\n print \n print \"Example: %s 'https://example.com:8443/'\"\n exit()\n\nurl = sys.argv[1]\nheaders = {'Range': 'bytes=0-18446744073709551615'}\n\nr = requests.get(url, stream=True, verify=False, headers=headers)\n\nif \"Requested Range Not Satisfiable\" in r.text:\n print \"[+] %s - Looks VULNERABLE!\" % url\nelif \"The request has an invalid header name\" in r.text:\n print \"[-] %s - Looks patched\" % url\nelse:\n print \"[!] %s - Unexpected response. Cannot discern patch status\" % url\n\n\n" }, { "path": "mv-screenshots", "content": "#!/bin/bash\n\n##\n## mv-screenshots\n## --------------\n## Moves screenshots from the current directory to a destination directory.\n## Removes colons from the filename for Windows compatibility.\n##\n## Usage: mv-screenshots \n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nDEST_DIR=\"$1\"\n\nfor f in *png ; do \n # Make xfce4-screenshooter output sort chronologically\n if [ \"$(echo $f | grep -Ei ':[0-9]{2} (AM|PM)')\" != \"\" ]; then\n NEW_NAME=$(echo \"$f\" | tr ':' '-' | tr '.' ' ' | awk -F ' ' '{print $1 \" \" $2 \" \" $3 \" \" $4 \" \" $6 \" \" $5 \".\" $7}')\n NEW_NAME=$(echo $NEW_NAME | sed 's/AM 12/AM 00/g' | sed 's/PM 12/PM 00/g')\n mv -v \"$f\" \"$DEST_DIR/$NEW_NAME\"\n else\n # Generic handler for Kali default screenshot names\n mv -v \"$f\" \"$DEST_DIR/$(echo $f | tr ':' '-')\"\n fi\ndone\n" }, { "path": "ncsv2ip", "content": "#!/bin/bash\n\n##\n## ncsv2ip\n## -------\n## Converts a Nessus exported CSV file to a colon-separated list of IPs and ports\n##\n## Usage: ncsv2ip [CSV FILE]\n##\n## Requires: grep, awk, sort\n## Limitations: Only outputs TCP ports. UDP ports are ignored.\n##\n\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nCSV_FILE=$1\n\ngrep -iE '^\"[0-9].+,\"tcp\",\"[1-9][0-9]*\",' \"$CSV_FILE\" | awk -F '\"' '{print $10 \":\" $14}' | sort -u\n" }, { "path": "setup-x-limited.sh", "content": "#!/bin/bash\n##\n## ----------------------------------\n## setup-x-limited.sh | by Wh1t3Rh1n0\n## ----------------------------------\n## This script creates a script and a menu icon for executing a given program\n## as a regular, non-root user if you are logged in as root.\n##\n## The following environment variables need to be set for it to run:\n##\n## script_name - the filename that the created script will be saved as.\n## iw_user - the user that will be created for running the target program.\n## program_description - the name that will show on the icon.\n## command_line - the path of the target program to be run.\n## icon - the icon to display on the menu\n## categories - where the icon is placed within the applications menu.\n##\n## Example execution:\n## ------------------\n## script_name=firefox-nonroot iw_user=firefox-user \\\n## program_description=\"Firefox (Non-Root)\" command_line=\"/opt/firefox/firefox\" \\\n## icon=\"/opt/firefox/browser/icons/mozicon128.png\" categories=\"Network;\" \\\n## ./setup-x-limited.sh\n##\n## Alternatively, you can provide a known binary location to accept default\n## options for that program.\n##\n## Usage: ./setup-x-limited.sh [full path to binary]\n##\n## Currently accepted binary paths:\n## /opt/firefox/firefox\n##\n\n\n# Default options for Firefox installed in /opt\nif [ \"$1\" == \"/opt/firefox/firefox\" ] ; then\n script_name=firefox-nonroot\n iw_user=firefox-user\n program_description=\"Firefox (Non-Root)\"\n command_line=\"/opt/firefox/firefox\"\n icon=\"/opt/firefox/browser/icons/mozicon128.png\"\n categories=\"Network;\"\nfi\n\n\nif [ \"$iw_user\" == \"\" ] || [ \"command_line\" == \"\" ] || [ \"program_description\" == \"\" ] ; then\n grep -E \"^##([^#]|$)\" \"$0\" | sed -E 's/^##.?//g' | more\n exit\nfi\n\n### SETTINGS ###\n# Change the values below to set this script up for the desired program.\n\n# script_name is the filename that the created script will be saved as.\n#script_name=iceweasel-nonroot\n\n# iw_user is the user that will be created for the purpose of running the\n# target program.\n#iw_user=iceweasel-user\n\n# program_description is the name that will show on the icon.\n#program_description=\"Iceweasel (Non-Root)\"\n\n# command_line is the path of the target program to be run.\n#command_line=\"/usr/bin/iceweasel\"\n\n# icon is the icon to display on the menu. If unknown, you can find it by\n# examining /usr/share/applications/.desktop\n#icon=\"iceweasel\"\n\n# categories determines where the icon is placed within the applications menu.\n# Like icon, if you don't know it, you can find it in \n# /usr/share/applications/.desktop\n#categories=\"Network;\"\n\n### END OF SETTINGS ###\n\n\nuseradd -G audio,pulse,pulse-access $iw_user\nmkdir /home/$iw_user\nchown -R $iw_user /home/$iw_user\n\n\ncat << EOF > /usr/bin/$script_name\n#!/bin/bash\ncp \\$XAUTHORITY /home/$iw_user/.Xauth\nchmod 400 /home/$iw_user/.Xauth\nchown $iw_user /home/$iw_user/.Xauth\nsudo -u $iw_user -i XAUTHORITY=/home/$iw_user/.Xauth $command_line \\$*\nEOF\nchmod 555 /usr/bin/$script_name\n\n\ncat << EOF > /usr/share/applications/$script_name.desktop\n[Desktop Entry]\nEncoding=UTF-8\nName=$program_description\nComment=$program_description\nGenericName=$program_description\nX-GNOME-FullName=$program_description\nExec=/usr/bin/$script_name\nTerminal=false\nX-MultipleArgs=false\nType=Application\nIcon=$icon\nCategories=$categories\nStartupNotify=true\nEOF\n" }, { "path": "strip-colors", "content": "#!/bin/bash\n\n##\n## strip-colors\n## ------------\n## Removes colors from output for easy grepping.\n##\n## Usage: cat | strip-colors\n##\n\nif [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\nsed -E 's/\\x1B\\[[0-9;]*[JKmsu]//g'\n" }, { "path": "update-firefox.sh", "content": "#!/bin/bash \n\n##\n## Firefox Updater/Installer\n## -------------------------\n## Just a simple script to update or install Firefox on Kali Linux.\n##\n## Installs to /opt/firefox\n##\n## Run with no options to install or update.\n##\n\nif [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E '^## ?' \"$0\" | sed -E 's/^## ?//g'\n exit\nfi\n\n# Firefox (not Iceweasel) \n# Reference: https://download-installer.cdn.mozilla.net/pub/firefox/releases/latest/README.txt\ncd /opt\nrm -rfv firefox\n\nif [ \"$(uname -m)\" == \"i686\" ] ; then \n wget -O firefox.tar.bz2 \"https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US\"\nelse \n wget -O firefox.tar.bz2 \"https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US\"\nfi\n\ntar -xjvf firefox.tar.bz2\nrm -fv firefox.tar.bz2\n" }, { "path": "usb-armory", "content": "\n#!/bin/bash\n##\n## usb-armory\n## ----------\n## A simple script to setup a connection to a USB armory with Kali installed.\n##\n## Usage: usb-armory [Internet-connected interface]\n##\nif [ \"$1\" == \"\" ] || [ \"$1\" == \"--help\" ] || [ \"$1\" == \"-h\" ] ; then\n grep -E \"^##([^#]|$)\" \"$0\" | sed -E 's/^##.?//g'\n if [ \"$1\" == \"\" ] ; then\n echo\n echo Available interfaces:\n /sbin/ifconfig | grep -E 'Ethernet|inet'\n echo\n fi\n exit\nfi\n \nINTERFACE=$1\n \necho 1 > /proc/sys/net/ipv4/ip_forward\nufw disable\n/sbin/iptables -t nat -F\n/sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE\n \nifconfig usb0 10.42.0.1 netmask 255.255.255.0 up\nssh root@10.42.0.3\n \n" }, { "path": "word-mutator", "content": "#!/bin/bash\n##\n## word-mutator 9000\n## -----------------\n## Generates a wordlist by running all of hashcat's built-in rules on a\n## single word (such as a company name) or small list of words.\n##\n## Primarily intended for targeted, offline password cracking attacks.\n##\n## Usage: bash ./word-mutator [optional output file] [optional input wordlist]\n##\n## Because I'm being lazy, you must specify an output file name in order\n## to specify an input file. :P\n##\n## *This script has only been tested with the legacy hashcat 2.00 binaries.*\n##\nif [ \"$3\" != \"\" ] || [ \"$1\" == \"-h\" ] || [ \"$1\" == \"--help\" ] ; then\n grep -E \"^##([^#]|$)\" \"$0\" | sed -E 's/^##.?//g'\n exit\nfi\n\n### SETTINGS ###\n\n# Path to hashcat binary\nHASHCAT=/opt/hashcat-2.00/hashcat-cli64.bin\n\n# Path to hashcat rules directory\nRULESDIR=/opt/hashcat-2.00/rules\n\n### END OF SETTINGS ###\n\n\nif [ \"$(ls $HASHCAT)\" == \"\" ] || [ \"$(ls $RULESDIR)\" == \"\" ] ; then\n echo Could not find required hashcat files.\n echo Please check the binary paths defined in $0.\n exit\nfi\n\nif [ \"$1\" != \"\" ] ; then\n OUTPUT_FILE=$1\nelse\n OUTPUT_FILE=word-mutator.wordlist\nfi\n\nTEMP_PREFIX=/tmp/word-mutator.tmp\n\nrm $TEMP_PREFIX* 2>/dev/null\n\nif [ \"$2\" != \"\" ] ; then\n START_FILE=$2\nelse\n read -p \"Base word [Enter for Top 10 common passwords]: \" CO_NAME\n if [ \"$CO_NAME\" == \"\" ] ; then\n # Top 10 Yahoo Passwords, 2012\n cat < $TEMP_PREFIX.0\n123456\npassword\nwelcome\nninja\nabc123\n123456789\n12345678\nsunshine\nprincess\nqwerty\nEOF\n else\n echo \"$CO_NAME\" > $TEMP_PREFIX.0\n fi\n START_FILE=$TEMP_PREFIX.0\nfi\n\necho First pass with selected rules...\n\n\n# separate phrases into individual words\ncat $START_FILE | tr \"[:space:]\" \"\\n\" >> $TEMP_PREFIX.1\n# lowercase only\ncat $START_FILE | tr [:upper:] [:lower:] >> $TEMP_PREFIX.1\ncat $START_FILE | tr [:upper:] [:lower:] | tr \"[:space:]\" \"\\n\" >> $TEMP_PREFIX.1\n# uppercase only\ncat $START_FILE | tr [:lower:] [:upper:] >> $TEMP_PREFIX.1\ncat $START_FILE | tr [:lower:] [:upper:] | tr \"[:space:]\" \"\\n\" >> $TEMP_PREFIX.1\n# remove special chars and spaces\ncat $START_FILE | tr -d [:punct:] >> $TEMP_PREFIX.1\ncat $START_FILE | tr -d [:punct:] | tr -d \"[:space:]\" >> $TEMP_PREFIX.1\n# lowercase only, remove special chars and spaces\ncat $START_FILE | tr [:upper:] [:lower:] | tr -d [:punct:] >> $TEMP_PREFIX.1\ncat $START_FILE | tr [:upper:] [:lower:] | tr -d [:punct:] | tr -d \"[:space:]\" >> $TEMP_PREFIX.1\n# uppercase only, remove special chars and spaces\ncat $START_FILE | tr [:lower:] [:upper:] | tr -d [:punct:] >> $TEMP_PREFIX.1\ncat $START_FILE | tr [:lower:] [:upper:] | tr -d [:punct:] | tr -d \"[:space:]\" >> $TEMP_PREFIX.1\n\n$HASHCAT --stdout -r \"$RULESDIR/leetspeak.rule\" $TEMP_PREFIX.1 >> $TEMP_PREFIX.2 2>/dev/null\n$HASHCAT --stdout -r \"$RULESDIR/Ninja-leetspeak.rule\" $TEMP_PREFIX.1 >> $TEMP_PREFIX.2 2>/dev/null\n\necho Removing duplicates...\n\nsort -u $TEMP_PREFIX.2 > $TEMP_PREFIX.3\n\necho Processing second pass with all rules...\n\nfor r in $RULESDIR/*.rule ; do\n $HASHCAT --stdout -r \"$r\" $TEMP_PREFIX.3 >> $TEMP_PREFIX.4 2>/dev/null\ndone\n\n# Add digits to beginning/end of all current words\nIFS=$(echo -en \"\\n\\b\")\nfor w in $(cat \"$TEMP_PREFIX.1\") ; do\n for n in {0..9} ; do\n echo $w$n >> \"$TEMP_PREFIX.5\"\n echo $n$w >> \"$TEMP_PREFIX.5\"\n done\ndone\nfor w in $(cat \"$TEMP_PREFIX.1\") ; do\n for n in {00..99} ; do\n echo $w$n >> \"$TEMP_PREFIX.5\"\n echo $n$w >> \"$TEMP_PREFIX.5\"\n done\ndone\nfor w in $(cat \"$TEMP_PREFIX.1\") ; do\n for n in {000..999} ; do\n echo $w$n >> \"$TEMP_PREFIX.5\"\n echo $n$w >> \"$TEMP_PREFIX.5\"\n done\ndone\nfor w in $(cat \"$TEMP_PREFIX.1\") ; do\n for n in {0000..9999} ; do\n echo $w$n >> \"$TEMP_PREFIX.5\"\n echo $n$w >> \"$TEMP_PREFIX.5\"\n done\ndone\n\n\necho Removing duplicates...\n\nsort -u $TEMP_PREFIX.* > $OUTPUT_FILE\n\necho Done.\n" } ]