Repository: Wh1t3Rh1n0/pentest-scripts Branch: master Commit: dc36dcf47161 Files: 23 Total size: 43.1 KB Directory structure: gitextract_dv4qtq30/ ├── Kali_Linux_Extra_Tools2.sh ├── README.md ├── dim ├── enable-forwarding ├── extract-hashes-responder ├── gnmap2ip ├── grep-cidr ├── grip ├── heartbleed ├── heartbleed-parser ├── ip2dec.py ├── iplist-detect_http.sh ├── iplist2dirs ├── live-usb-tweaks.sh ├── merge-hashcat.py ├── ms15-034_check.py ├── mv-screenshots ├── ncsv2ip ├── setup-x-limited.sh ├── strip-colors ├── update-firefox.sh ├── usb-armory └── word-mutator ================================================ FILE CONTENTS ================================================ ================================================ FILE: Kali_Linux_Extra_Tools2.sh ================================================ #!/bin/bash ## ## Kali Linux: Extra tools and customizations script ## ================================================= ## Created by Wh1t3Rh1n0 ## ## This script adds a bunch of my favorite tools to Kali Linux. ## ## Usage: ## Install all tools: ./Kali_Linux_Extra_Tools2.sh install ## Non-GUI tools only: ./Kali_Linux_Extra_Tools2.sh install nogui ## # Major changes # * 2015-09-09: In the process of being updated for Kali 2 Light Edition. # * 2015-11-25: More modifications. Still Kali 2 Light Edition centric. # * 2015-12-08: Separated GUI and non-GUI tools into two sections. # * 2016-07-14: Disabled automatic install of smbexec # * 2016-09-17: Major changes all over # * 2017-09-18: Added Empire, CME, Hashcat Legacy # * 2017-10-06: Light review to make sure this script still mostly works # * 2018-03-20: Added sublist3r if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi if [ "$1" != "install" ]; then exit ; fi # ====== Install Updates ===================================================== apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade # ====== Personal Preferences ================================================= echo -e "\nPATH=\$PATH:/opt/pentest-scripts" >> /root/.bashrc cat < /root/.screenrc caption always caption string "%{kw}%-w%{wr}%n %t%{-}%+w" startup_message off EOF cat <> /root/.bashrc alias nano='nano -\\\$iET 4' EOF ln -sn /usr/share/metasploit-framework/tools/pattern_create.rb /usr/bin/pattern_create ln -sn /usr/share/metasploit-framework/tools/pattern_offset.rb /usr/bin/pattern_offset # Log when this script was run and with what arguments to a file echo "$(date)> $0 $*" >> /var/log/extra-tools.log # ====== Install GUI Tools =================================================== if [ "$2" != "nogui" ]; then # GUI Tools installed with apt-get # -------------------------------- # Additions for Kali Linux 2 Light export DEBIAN_FRONTEND=noninteractive apt-get install -y -q kali-linux-all # Tools based on personal preference apt-get install -y mousepad icedove apt-get install -y vinagre # Other stuff that comes in handy apt-get install -y xfce4-screenshooter #apt-get install -y flashplugin-nonfree icedtea-plugin apt-get install -y gimp apt-get install -y libreoffice-gnome libreoffice-writer libreoffice-calc # Fix so chromium will run as root apt-get install -y chromium #sed -Ei "s#CHROMIUM_FLAGS=.+#CHROMIUM_FLAGS=\"--password-store=detect --user-data-dir\"#" /etc/chromium/default # Firefox/Iceweasel Add-ons # ------------------------- mkdir -p /opt/firefox-addons cd /opt/firefox-addons #Controle de Scripts curl -L "https://addons.mozilla.org/firefox/downloads/latest/1154/addon-1154-latest.xpi" -o controle-de-scripts.xpi #https://addons.mozilla.org/en-US/firefox/addon/open-multiple-locations/ curl -L "https://addons.mozilla.org/firefox/downloads/latest/216803/addon-216803-latest.xpi" -o open-multiple-locations.xpi #https://addons.mozilla.org/en-US/firefox/addon/restclient/?src=search curl -L "https://addons.mozilla.org/firefox/downloads/latest/9780/addon-9780-latest.xpi" -o restclient.xpi #https://addons.mozilla.org/en-US/firefox/addon/refcontrol/?src=search curl -L "https://addons.mozilla.org/firefox/downloads/latest/953/addon-953-latest.xpi" -o refcontrol.xpi #https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/?src=ss curl -L "https://addons.mozilla.org/firefox/downloads/file/308568/foxyproxy_standard-4.5.4-sm+tb+fx.xpi" -o foxyproxy.xpi #https://addons.mozilla.org/en-US/firefox/addon/firebug/?src=search curl -L "https://addons.mozilla.org/firefox/downloads/latest/1843/addon-1843-latest.xpi" -o firebug.xpi #https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/?src=ss curl -L "https://addons.mozilla.org/firefox/downloads/latest/92079/addon-92079-latest.xpi" -o cookies-manager-plus.xpi #https://addons.mozilla.org/en-US/firefox/addon/unhide-passwords/ curl -L "https://addons.mozilla.org/firefox/downloads/latest/462/addon-462-latest.xpi" -o unhide-passwords.xpi #https://addons.mozilla.org/en-US/firefox/addon/hackbar/?src=search curl -L "https://addons.mozilla.org/firefox/downloads/latest/3899/addon-3899-latest.xpi" -o hackbar.xpi #https://addons.mozilla.org/en-US/firefox/addon/tamper-data/?src=search curl -L "https://addons.mozilla.org/firefox/downloads/latest/966/addon-966-latest.xpi" -o tamper-data.xpi #https://addons.mozilla.org/en-US/firefox/addon/quickjava/?src=search curl -L "https://addons.mozilla.org/firefox/downloads/file/82987/quickjava-1.7.2-fx.xpi" -o quickjava.xpi #https://addons.mozilla.org/en-US/firefox/addon/parent-folder/ curl -L "https://addons.mozilla.org/firefox/downloads/latest/1800/addon-1800-latest.xpi" -o parent-folder.xpi #https://addons.mozilla.org/en-US/firefox/addon/user-agent-quick-switch curl -L "https://addons.mozilla.org/firefox/downloads/latest/355807/addon-355807-latest.xpi" -o user-agent-quick-switch.xpi # [Removed 2017-10] # Sublime text editor #cd /opt #if [ "$(arch)" == "x86_64" ] ; then # wget "http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2%20x64.tar.bz2" -O sublime.tar.bz2 #else # wget "http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2.tar.bz2" -O sublime.tar.bz2 #fi #tar -xjvf sublime.tar.bz2 #rm -fv sublime.tar.bz2 #ln -sn "/opt/Sublime Text 2/sublime_text" /usr/bin/sublime # Old Firefox for accessing pages with weak SSL ciphers mkdir -p /opt/firefox-old cd /opt/firefox-old/ wget 'https://download-installer.cdn.mozilla.net/pub/firefox/releases/30.0/linux-x86_64/en-US/firefox-30.0.tar.bz2' tar -xjvf firefox-30.0.tar.bz2 mv firefox firefox-30.0 # Removed 2017-10 -- Kali has switched to Firefox ESR now # Firefox (not Iceweasel) #/opt/pentest-scripts/update-firefox.sh fi # ====== Install Non-GUI Tools =============================================== # Setup metasploit database apt-get install -y metasploit-framework systemctl enable postgresql service postgresql start msfdb init # Fix sendemail # ------------- # Replaces: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i # With: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))}i sed -Ei 's#m\{\^\(\!\?\)\(\?:\(SSL\(\?:v2\|v3\|v23\|v2/3\)\)\|\(TLSv1\[12\]\?\)\)\$\}i#m\{\^\(\!\?\)\(\?:\(SSL\(\?:v2\|v3\|v23\|v2/3\)\)\|\(TLSv1\[12\]\?\)\)\}i#g' /usr/share/perl5/IO/Socket/SSL.pm # Non-GUI Tools installed with apt-get # ------------------------------------ apt-get install -y cifs-utils sshfs exif exiv2 exfat-fuse exfat-utils nfs-common apt-get install -y metagoofil ufw apt-get install -y vncsnapshot apt-get install -y xdotool apt-get install -y dnsutils passing-the-hash creddump apt-get install -y bettercap apt-get install -y ncftp # Install tools for creating a wireless access point apt-get install -y dnsmasq hostapd-wpe systemctl disable dnsmasq systemctl disable hostapd-wpe # Default passwords list: mkdir -p /usr/share/wordlists cd /usr/share/wordlists wget "http://www.phenoelit.org/dpl/dpl.html" -O /usr/share/wordlists/dpl.html # Scripted, non-apt-get installs # ------------------------------ # --- Coalfire --- # # Coalfire private exploits (requires authenticating to github) cd /opt git clone https://github.com/coalfire/pentest-exploits.git # --- X-Windows tools --- # # xwatchwin cd /opt wget "http://www.ibiblio.org/pub/X11/contrib/utilities/xwatchwin.tar.gz" tar -xzvf xwatchwin.tar.gz rm xwatchwin.tar.gz cd xwatchwin apt-get -y install xutils-dev xmkmf make # xwd cd /opt wget "http://xorg.freedesktop.org/archive/individual/app/xwd-1.0.5.tar.bz2" tar -xjvf xwd-1.0.5.tar.bz2 rm xwd-1.0.5.tar.bz2 cd xwd-1.0.5 apt-get install -y libx11-dev libxt-dev pkgconf ./configure ; make ; make install # --- Windows exploitation --- # # Responder cd /opt git clone https://github.com/lgandx/Responder # ntlmrelayx mkdir -p /opt/ntlmrelayx cd /opt/ntlmrelayx apt-get install -y libssl-dev libffi-dev python-dev pip install pyopenssl pip install ldap3 pip install ldap3 --upgrade git clone https://github.com/lgandx/Responder git clone 'https://github.com/CoreSecurity/impacket' cd impacket python setup.py install cd ../Responder sed -Ei 's/HTTP = On/HTTP = Off/g' Responder.conf sed -Ei 's/HTTPS = On/HTTPS = Off/g' Responder.conf sed -Ei 's/SMB = On/SMB = Off/g' Responder.conf # --- Linux kernel exploits --- # # Linux Kernel Exploit Suggester cd /opt git clone https://github.com/PenturaLabs/Linux_Exploit_Suggester # getroot.tgz from iKat cd /opt mkdir ikat cd ikat wget 'http://ikat.ha.cked.net/Linux/files/getroot.tgz' # --- Password cracking --- # # John The Ripper Jumbo with Tools cd /opt git clone https://github.com/magnumripper/JohnTheRipper # Hashcat Legacy cd /opt/ wget "https://hashcat.net/files_legacy/hashcat-2.00.7z" && 7z x hashcat-2.00.7z && rm hashcat-2.00.7z mv /usr/bin/hashcat /usr/bin/hashcat3 ln -sn /opt/hashcat-2.00/hashcat-cli32.bin /usr/bin/hashcat # PACK - Password Analysis and Cracking Kit cd /opt git clone https://github.com/tomato42/pack ln -sn /opt/pack/rulegen.py /usr/bin/pack-rulegen ln -sn /opt/pack/statsgen.py /usr/bin/pack-statsgen ln -sn /opt/pack/policygen.py /usr/bin/pack-policygen ln -sn /opt/pack/maskgen.py /usr/bin/pack-maskgen # --- Password recovery --- # # LaZagne - Password recovery for Windows and Linux cd /opt git clone https://github.com/AlessandroZ/LaZagne LAZAGNE_CURRENT=$(curl -Is 'https://github.com/AlessandroZ/LaZagne/releases/latest' | grep -E '^Location:' | awk -F '/tag/' '{print $2}' | tr -d '\r' | tr -d '\n') wget "https://github.com/AlessandroZ/LaZagne/releases/download/$LAZAGNE_CURRENT/Windows.zip" # VNCpwd - VNC Password Decrypter mkdir /opt/vncpwd cd /opt/vncpwd wget "http://aluigi.altervista.org/pwdrec/vncpwd.zip" unzip vncpwd.zip # PCredz - credentials/hash/credit card number sniffer apt-get -y remove python-pypcap && apt-get -y install python-libpcap cd /opt git clone https://github.com/lgandx/PCredz # --- Misc --- # # clusterd.py cd /opt git clone https://github.com/hatRiot/clusterd.git # Java Deserialization Exploits cd /opt git clone https://github.com/coalfire/java_deserialization_exploits # CrackMapExec cd /opt git clone https://github.com/byt3bl33d3r/CrackMapExec cd CrackMapExec && git submodule init && git submodule update --recursive python setup.py install # PowerShell Empire cd /opt/ git clone 'https://github.com/EmpireProject/Empire' cd Empire ./setup/install.sh # Various extra Windows binaries mkdir /opt/windows-extras cd /opt/windows-extras wget http://www.tightvnc.com/download/1.3.10/tightvnc-1.3.10_x86.zip wget https://download.sysinternals.com/files/PSTools.zip wget https://download.sysinternals.com/files/AccessChk.zip wget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip wget https://the.earth.li/~sgtatham/putty/latest/w32/putty.zip.gpg wget https://download.sysinternals.com/files/Procdump.zip # merger.py -> nessus-merger.py wget "https://gist.githubusercontent.com/mastahyeti/2720173/raw" -O /tmp/merger.py echo \#\!/usr/bin/env python > /usr/bin/nessus-merger.py cat /tmp/merger.py >> /usr/bin/nessus-merger.py chmod 755 /usr/bin/nessus-merger.py rm /tmp/merger.py # progress cd /opt git clone https://github.com/Xfennec/progress cd progress/ apt-get -y install libncurses5-dev make make install # Sublist3r cd /opt git clone https://github.com/aboul3la/Sublist3r apt-get update apt-get install -y python-requests python-dnspython python-argparse # MS15-034 Check mkdir /opt/ms15-034 cd /opt/ms15-034 ln -sn /usr/share/exploitdb/platforms/windows/dos/36773.c ms15-034.c gcc ms15-034.c -o ms15-034 # MS14-066 Check mkdir /opt/ms14-066 cd /opt/ms14-066 curl -L "https://raw.githubusercontent.com/anexia-it/winshock-test/master/winshock_test.sh" -o "winshock_test.sh" cat winshock_test.sh | sed -E 's/REMOTE_VERSION=.+/REMOTE_VERSION=\$VERSION/g' | sed 's#cat < /dev/null#g' | sed -E 's/read -p.+/REPLY=y/g' | sed 's#cat < /dev/null#g' > winshock_test2.sh # Removed 2017-10 # masscan - Mass IP port scanner #cd /opt #git clone https://github.com/robertdavidgraham/masscan #cd masscan/ #apt-get -y install libpcap0.8-dev #make -j # TCP Ping cd /usr/bin wget "http://www.vdberg.org/~richard/tcpping" chmod 755 tcpping ln -sn /usr/bin/tcpping /usr/bin/tcping # F5 BIG-IP Cookie decoder mkdir /opt/BIG-IP cd /opt/BIG-IP wget http://www.taddong.com/tools/BIG-IP_cookie_decoder.zip unzip BIG-IP_cookie_decoder.zip echo -e "#\!/bin/bash\npython /opt/BIG-IP/BIG-IP_cookie_decoder.py \$(curl -i -k \$1 2>/dev/null | grep -i \"Set-Cookie: BIGip\" | cut -d ' ' -f 2 | tr -d ';' | cut -d '=' -f 2)" > /opt/BIG-IP/big-ip-url.sh # Removed 2017-10 # smbexec - Download only. Install is manual. #cd /opt #git clone https://github.com/pentestgeek/smbexec # Removed 2017-10 # Metasploit-Plugins from darkoperator - includes the pentest plugin #cd /opt #git clone https://github.com/darkoperator/Metasploit-Plugins #ln -sn /opt/Metasploit-Plugins/*.rb /usr/share/metasploit-framework/plugins/ # Eyewitness cd /opt git clone 'https://github.com/ChrisTruncer/EyeWitness' cd Eyewitness/setup ./setup.sh # Sticky-Keys-Slayer cd /opt/ apt-get -y install imagemagick xdotool parallel bc git clone https://github.com/linuz/Sticky-Keys-Slayer # ====== Clean up ============================================================= apt-get --purge -y autoremove apt-get clean # ====== Old stuff I've disabled but am keeping around for reference ========== # # Setup limited user for running Firefox # cd /opt/pentest-scripts # script_name=firefox-nonroot iw_user=firefox-user program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" icon="/opt/firefox/browser/icons/mozicon128.png" catagories="Network;" ./setup-x-limited.sh # # Setup limited user for running Chromium # cd /opt/pentest-scripts # script_name=chromium-nonroot iw_user=chromium-user program_description="Chromium (Non-Root)" command_line="/usr/bin/chromium" icon="chromium" catagories="Network;" ./setup-x-limited.sh # # Setup limited user for running Hexchat # cd /opt/pentest-scripts # script_name=hexchat-nonroot iw_user=hexchat-user program_description="Hexchat (Non-Root)" command_line=/usr/bin/hexchat icon="hexchat" catagories="Network;" ./setup-x-limited.sh ================================================ FILE: README.md ================================================ Pentest Scripts =============== Just a bunch of simple, miscellaneous scripts I've created while pentesting. The rest of this readme was automatically generated with the following command: for f in * ; do echo -en "## $f\n" ; echo -e "\n$(./$f --help | tail -n +2 | sed -E 's/^/ /g')" ; done >> README.md ## dim dim - Dim the screen -------------------- Usage: dim <= Dim the screen to the lowest setting. dim <= Dim to a custom level. ## enable-forwarding enable-forwarding ----------------- A simple script to forward all incoming traffic out whatever interface is currently connected to the Internet. Usage: enable-forwarding [Internet-connected interface] ## extract-hashes-responder extract-hashes-responder ------------------------ Extracts one hash per user from a Responder-Session.log file for easy cracking with hashcat. Usage: ./extract-hashes-responder [Result number] ## gnmap2ip gnmap2ip -------- Converts a .gnmap file to an list of colon separated IP and TCP port numbers. Usage: gnmap2ip [GNMAP FILE] ## grep-cidr grep-cidr --------- Searches a target file for any IP addresses in the given range. Any range format that is Nmap compatible *should work*, not just CIDR. Usage: grep-cidr [Additional grep options] ## grip grip ---- greps a file for common patterns. Should accept most standard grep flags. Example usage - IPv4 addresses only: grep for IPv4 addresses only: grip include CIDR notation: grip --cidr grep for IP:Port: grip --port Example usage - IPv6 addresses only: grep for IPv6 addresses only: grip --6 include CIDR notation: grip --6cidr Other supported patterns: grep for emails: grip --email grep for MAC addresses: grip --mac ## heartbleed Usage: heartbleed ## heartbleed-parser Usage: heartbleed-parser ## ip2dec.py ip2dec.py --------- Converts an IP address to its decimal equivalent. Usage: ip2dec.py [IP Address] ## iplist2dirs iplist2dirs ----------- Reads an IP:Port list and creates the following directory structure for each IP address: ./[OUTPUT DIR]/[PORT]/[IP Address] Usage: iplist2dirs [Ports] Example: iplist2dirs iplist.txt "80 443" Use "all" in place of port numbers to create a directory for every port listed. If ports are omitted, the default port list is used. The defaul port list and output directory name can be changed in the settings section of this script. ## iplist-detect_http.sh iplist-detect_http ------------------ Retrieves HTTP headers from each server listed in a IP:Port formatted file. Usage: iplist-detect_http [Maximum Connect Timeout] ## Kali_Linux_Extra_Tools2.sh Kali Linux: Extra tools and customizations script ================================================= Created by Wh1t3Rh1n0 This script adds a bunch of my favorite tools to Kali Linux. Usage: Install all tools: ./Kali_Linux_Extra_Tools2.sh install Non-GUI tools only: ./Kali_Linux_Extra_Tools2.sh install nogui ## live-usb-tweaks.sh live-usb-tweaks.sh ------------------ Install tweaks to increase performance when running Kali from a LiveUSB with persistence. Usage: ./live-usb-tweaks.sh install ## merge-hashcat.py merge-hashcat.py ---------------- Matches passwords cracked with hashcat to their usernames. Usage: merge-hashcat.py Notes: The "hash:password" file is created by hashcat's -o option. The "user:hash" file is easy to create using your original hashdump and the "cut" command. An example of creating this file from hashes dumped from a Windows domain controller follows: cat raw_dump.txt | cut -d ':' -f 1,4 > dumped-users_hashes.txt ## ms15-034_check.py Example: %s 'https://example.com:8443/' ## mv-screenshots mv-screenshots -------------- Moves screenshots from the current directory to a destination directory. Removes colons from the filename for Windows compatibility. Usage: mv-screenshots ## ncsv2ip ncsv2ip ------- Converts a Nessus exported CSV file to a colon-separated list of IPs and ports Usage: ncsv2ip [CSV FILE] Requires: grep, awk, sort Limitations: Only outputs TCP ports. UDP ports are ignored. ## setup-x-limited.sh ---------------------------------- setup-x-limited.sh | by Wh1t3Rh1n0 ---------------------------------- This script creates a script and a menu icon for executing a given program as a regular, non-root user if you are logged in as root. The following environment variables need to be set for it to run: script_name - the filename that the created script will be saved as. iw_user - the user that will be created for running the target program. program_description - the name that will show on the icon. command_line - the path of the target program to be run. icon - the icon to display on the menu categories - where the icon is placed within the applications menu. Example execution: ------------------ script_name=firefox-nonroot iw_user=firefox-user \ program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" \ icon="/opt/firefox/browser/icons/mozicon128.png" categories="Network;" \ ./setup-x-limited.sh Alternatively, you can provide a known binary location to accept default options for that program. Usage: ./setup-x-limited.sh [full path to binary] Currently accepted binary paths: /opt/firefox/firefox ## strip-colors strip-colors ------------ Removes colors from output for easy grepping. Usage: cat | strip-colors ## update-firefox.sh Firefox Updater/Installer ------------------------- Just a simple script to update or install Firefox on Kali Linux. Installs to /opt/firefox Run with no options to install or update. ## usb-armory usb-armory ---------- A simple script to setup a connection to a USB armory with Kali installed. Usage: usb-armory [Internet-connected interface] ## word-mutator word-mutator 9000 ----------------- Generates a wordlist by running all of hashcat's built-in rules on a single word (such as a company name) or small list of words. Primarily intended for targeted, offline password cracking attacks. Usage: bash ./word-mutator [optional output file] [optional input wordlist] Because I'm being lazy, you must specify an output file name in order to specify an input file. :P *This script has only been tested with the legacy hashcat 2.00 binaries.* ================================================ FILE: dim ================================================ #!/bin/bash ## ## dim - Dim the screen ## -------------------- ## Usage: dim <= Dim the screen to the lowest setting. ## dim <= Dim to a custom level. ## if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi if [ "$1" == "" ] ; then pkexec /usr/sbin/xfpm-power-backlight-helper --set-brightness 01 exit fi pkexec /usr/sbin/xfpm-power-backlight-helper --set-brightness $1 ================================================ FILE: enable-forwarding ================================================ #!/bin/bash ## ## enable-forwarding ## ----------------- ## A simple script to forward all incoming traffic out ## whatever interface is currently connected to the Internet. ## ## Usage: enable-forwarding [Internet-connected interface] ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi INTERFACE=$1 echo 1 > /proc/sys/net/ipv4/ip_forward ufw disable /sbin/iptables -t nat -F /sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE ================================================ FILE: extract-hashes-responder ================================================ #!/bin/bash ## ## extract-hashes-responder ## ------------------------ ## Extracts one hash per user from a Responder-Session.log file for easy ## cracking with hashcat. ## ## Usage: ./extract-hashes-responder [Result number] ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi if [ "$2" == "" ] ; then RESULTS=1 else RESULTS=$2 fi for user in $(grep -ioE "complete[^:]+:[^:]+:" "$1" | sort -u | grep -ioE ":[^:]+:") ; do grep -m $RESULTS "$user" "$1" | grep -ioE "[^:]+::.+$" | tail -n 1 done ================================================ FILE: gnmap2ip ================================================ #!/usr/bin/env python import sys if len(sys.argv) == 1 or "-h" in sys.argv or "--help" in sys.argv: print """ gnmap2ip -------- Converts a .gnmap file to an list of colon separated IP and TCP port numbers. Usage: gnmap2ip [GNMAP FILE] """ sys.exit() gnmap_file = sys.argv[1] f = open(gnmap_file, 'r') lines = [l.rstrip() for l in f.readlines()] f.close() for line in lines: if line.find("open") != -1: ip_address = line.split(' ')[1] port_data = line.split(':')[2].split('\t')[0].split(' ') for entry in port_data: if entry.find("open") != -1 and entry.find("tcp") != -1: port = entry.strip().split('/')[0] print "%s:%s" % (ip_address, port) ================================================ FILE: grep-cidr ================================================ #!/bin/bash ## ## grep-cidr ## --------- ## Searches a target file for any IP addresses in the given range. Any range ## format that is Nmap compatible *should work*, not just CIDR. ## ## Usage: grep-cidr [Additional grep options] ## if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi IP_RANGE=$1 TARGET_FILE=$2 GREP_OPTIONS=$3 $4 $5 $6 $7 $8 $9 TEMP_FILE=/tmp/grep-cidr.temp-$RANDOM # Use Nmap to generate a list of IPs in the given range and save them in a temporary file nmap -Pn -n -sL -oG - $IP_RANGE | grep Host: | cut -d ' ' -f 2 > $TEMP_FILE # Grep the target file for IPs in the specified range grep -F -f "$TEMP_FILE" "$TARGET_FILE" # Delete the temp file rm -f $TEMP_FILE ================================================ FILE: grip ================================================ #!/bin/bash ## ## grip ## ---- ## greps a file for common patterns. ## ## Should accept most standard grep flags. ## ## Example usage - IPv4 addresses only: ## grep for IPv4 addresses only: grip ## include CIDR notation: grip --cidr ## grep for IP:Port: grip --port ## ## Example usage - IPv6 addresses only: ## grep for IPv6 addresses only: grip --6 ## include CIDR notation: grip --6cidr ## ## Other supported patterns: ## grep for emails: grip --email ## grep for MAC addresses: grip --mac ## if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi if [ "$1" == "--port" ] ; then grep -iEo "(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(:[0-9]+)?" $(echo $* | sed 's/--port//g') exit fi if [ "$1" == "--email" ] ; then grep -Eoa '[A-Za-z0-9\._+-]+@[A-Za-z0-9\._-]+' $(echo $* | sed 's/--email//g') exit fi if [ "$1" == "--cidr" ] ; then grep -iEoa "(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(/[0-9]+)?" $(echo $* | sed 's/--cidr//g') exit fi if [ "$1" == "--mac" ] ; then grep -iEao '([abcdef0-9]{2}[:-]){5}[abcdef0-9]{2}' $(echo $* | sed 's/--mac//g') exit fi # The second grep command in each IPv6 example is there to prevent MAC addresses from being detected as IPv6 addresses if [ "$1" == "--6" ] ; then grep -iEao '[0-9a-f]{0,4}:([0-9a-f]*:){1,6}[0-9a-z]{0,4}' $(echo $* | sed 's/--6//g') | grep -Eia '::|:.*:.*:.*:.*:.*:.*:.*' exit fi if [ "$1" == "--6cidr" ] ; then grep -iEao '[0-9a-f]{0,4}:([0-9a-f]*:){1,6}[0-9a-z]{0,4}(/[0-9]+)?' $(echo $* | sed 's/--6cidr//g') | grep -Eia '::|:.*:.*:.*:.*:.*:.*:.*' exit fi # Default behavior - grep for IPv4 IP addresses only grep -iEao "(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])" $* ================================================ FILE: heartbleed ================================================ #!/bin/bash ## ## Usage: heartbleed ## if [ "$2" == "" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi /usr/bin/python /usr/share/exploitdb/platforms/multiple/remote/32764.py $1 -p $2 ================================================ FILE: heartbleed-parser ================================================ #!/bin/bash ## ## Usage: heartbleed-parser ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi cat "$1" | cut -d ' ' -f 21- |grep -vE '^$' | tr -d '\n' ================================================ FILE: ip2dec.py ================================================ #!/usr/bin/env python import sys usage = """ ip2dec.py --------- Converts an IP address to its decimal equivalent. Usage: ip2dec.py [IP Address] """ if len(sys.argv) <= 1 or "-h" in sys.argv or "--help" in sys.argv: print usage exit() ip = sys.argv[1].split('.') d = int(ip[0]) * 256 ** 3 d += int(ip[1]) * 256 ** 2 d += int(ip[2]) * 256 d += int(ip[3]) print d ================================================ FILE: iplist-detect_http.sh ================================================ #!/bin/bash ## ## iplist-detect_http ## ------------------ ## Retrieves HTTP headers from each server listed in a IP:Port formatted file. ## ## Usage: iplist-detect_http [Maximum Connect Timeout] ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi IPLIST=$1 if [ "$2" == "" ] ; then MAX_TIMEOUT=2 else MAX_TIMEOUT=$2 fi for ip in $(cat "$IPLIST"); do CURL_COMMAND="curl -s --retry 0 --retry-delay 0 --retry-max-time $MAX_TIMEOUT -I --connect-timeout $MAX_TIMEOUT -m $MAX_TIMEOUT -y $MAX_TIMEOUT -k" RESPONSE=$($CURL_COMMAND http://$ip | head -n 3 |tr -d "\r" | tr "\n" "|") echo "http://$ip > $RESPONSE" RESPONSE=$($CURL_COMMAND https://$ip | head -n 3 |tr -d "\r" | tr "\n" "|") echo "https://$ip > $RESPONSE" done ================================================ FILE: iplist2dirs ================================================ #!/bin/bash ## ## iplist2dirs ## ----------- ## Reads an IP:Port list and creates the following directory structure for ## each IP address: ## ## ./[OUTPUT DIR]/[PORT]/[IP Address] ## ## Usage: iplist2dirs [Ports] ## ## Example: iplist2dirs iplist.txt "80 443" ## ## Use "all" in place of port numbers to create a directory for every port listed. ## ## If ports are omitted, the default port list is used. ## The defaul port list and output directory name can be changed in the settings ## section of this script. ## # SETTINGS # DEFAULT_PORTS="21 22 23 25 53 80 110 139 443 445 3389 5800 5900" OUTPUT_DIR="hosts" # END SETTINGS # if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi if [ "$2" == "" ] ; then PORTS="$DEFAULT_PORTS" elif [ "$2" == "all" ] ; then PORTS="$(cat $1 | cut -d ':' -f 2 | sort -u | tr '\n' ' ')" else PORTS="$2" fi IP_LIST="$PWD/$1" for port in $PORTS; do mkdir -p "$OUTPUT_DIR/$port" for ip in $(grep ":$port$" "$IP_LIST" |cut -d ':' -f 1 ) ; do # touch "$OUTPUT_DIR/$port/$ip" mkdir -p "$OUTPUT_DIR/$port/$ip" done done ================================================ FILE: live-usb-tweaks.sh ================================================ #!/bin/bash ## ## live-usb-tweaks.sh ## ------------------ ## Install tweaks to increase performance when running ## Kali from a LiveUSB with persistence. ## ## Usage: ./live-usb-tweaks.sh install ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g' exit fi echo "Installing LiveUSB tweaks..." ### Changes to rc.local ### sed -i 's/exit 0//g' /etc/rc.local cat <> /etc/rc.local # Limit writes to the persistent volume to every 120 seconds mount -o remount,noatime,commit=120 /lib/live/mount/persistence/loop1 #Mount /var/cache/apt/archives onto ramdisk #mkdir /dev/shm/apt-archives #chmod 1777 /dev/shm/apt-archives #mount --bind /dev/shm/apt-archives /var/cache/apt/archives mount -t tmpfs tmpfs /var/cache/apt/archives -o rw,nosuid,nodev,uid=0,gid=0,mode=744 EOF echo -e "\nexit 0" >> /etc/rc.local ### Disable rsyslog ### #update-rc.d rsyslog disable ### Add these lines to /etc/sysctl.conf ### cat <> /etc/sysctl.conf vm.swappiness = 0 vm.dirty_background_ratio = 20 vm.dirty_expire_centisecs = 0 vm.dirty_ratio = 80 vm.dirty_writeback_centisecs = 0 EOF echo "Reboot for changes to take effect." ================================================ FILE: merge-hashcat.py ================================================ #!/usr/bin/env python import sys self_name = sys.argv[0].split('/')[-1] usage = """ %(name)s %(underline)s Matches passwords cracked with hashcat to their usernames. Usage: %(name)s Notes: The "hash:password" file is created by hashcat's -o option. The "user:hash" file is easy to create using your original hashdump and the "cut" command. An example of creating this file from hashes dumped from a Windows domain controller follows: cat raw_dump.txt | cut -d ':' -f 1,4 > dumped-users_hashes.txt """ % {'name': self_name, 'underline': ('-' * len(self_name)), } def file_to_dict(filename, reverse=0): ''' Takes the filename of a colon-separated file and returns a dictionary containing the keys and values from that file. ''' f = open(filename, 'r') lines = [line.rstrip() for line in f.readlines()] f.close() output_dict = {} for line in lines: if ":" in line: key = line.split(":")[0] value = line.split(":")[1] output_dict[key] = value return output_dict def dict_to_string(d): s = "" for key in d.keys(): s += "%s:%s\n" % (key, d[key]) return s.rstrip() if len(sys.argv) < 3 or "-h" in sys.argv or "--help" in sys.argv: print usage exit() user_hash_filename = sys.argv[1] hash_password_filename = sys.argv[2] user_hash = file_to_dict(user_hash_filename) hash_password = file_to_dict(hash_password_filename) user_password = {} for user in user_hash.keys(): password_hash = user_hash[user] password = hash_password.get(password_hash) if password != None: user_password[user]=password print dict_to_string(user_password) ================================================ FILE: ms15-034_check.py ================================================ #!/usr/bin/env python import sys import requests # Disable warnings about invalid SSL certificates import warnings warnings.filterwarnings("ignore") if len(sys.argv) <= 1 or '-h' in sys.argv or '--help' in sys.argv: print "Usage: %s " print print "Example: %s 'https://example.com:8443/'" exit() url = sys.argv[1] headers = {'Range': 'bytes=0-18446744073709551615'} r = requests.get(url, stream=True, verify=False, headers=headers) if "Requested Range Not Satisfiable" in r.text: print "[+] %s - Looks VULNERABLE!" % url elif "The request has an invalid header name" in r.text: print "[-] %s - Looks patched" % url else: print "[!] %s - Unexpected response. Cannot discern patch status" % url ================================================ FILE: mv-screenshots ================================================ #!/bin/bash ## ## mv-screenshots ## -------------- ## Moves screenshots from the current directory to a destination directory. ## Removes colons from the filename for Windows compatibility. ## ## Usage: mv-screenshots ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi DEST_DIR="$1" for f in *png ; do # Make xfce4-screenshooter output sort chronologically if [ "$(echo $f | grep -Ei ':[0-9]{2} (AM|PM)')" != "" ]; then NEW_NAME=$(echo "$f" | tr ':' '-' | tr '.' ' ' | awk -F ' ' '{print $1 " " $2 " " $3 " " $4 " " $6 " " $5 "." $7}') NEW_NAME=$(echo $NEW_NAME | sed 's/AM 12/AM 00/g' | sed 's/PM 12/PM 00/g') mv -v "$f" "$DEST_DIR/$NEW_NAME" else # Generic handler for Kali default screenshot names mv -v "$f" "$DEST_DIR/$(echo $f | tr ':' '-')" fi done ================================================ FILE: ncsv2ip ================================================ #!/bin/bash ## ## ncsv2ip ## ------- ## Converts a Nessus exported CSV file to a colon-separated list of IPs and ports ## ## Usage: ncsv2ip [CSV FILE] ## ## Requires: grep, awk, sort ## Limitations: Only outputs TCP ports. UDP ports are ignored. ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi CSV_FILE=$1 grep -iE '^"[0-9].+,"tcp","[1-9][0-9]*",' "$CSV_FILE" | awk -F '"' '{print $10 ":" $14}' | sort -u ================================================ FILE: setup-x-limited.sh ================================================ #!/bin/bash ## ## ---------------------------------- ## setup-x-limited.sh | by Wh1t3Rh1n0 ## ---------------------------------- ## This script creates a script and a menu icon for executing a given program ## as a regular, non-root user if you are logged in as root. ## ## The following environment variables need to be set for it to run: ## ## script_name - the filename that the created script will be saved as. ## iw_user - the user that will be created for running the target program. ## program_description - the name that will show on the icon. ## command_line - the path of the target program to be run. ## icon - the icon to display on the menu ## categories - where the icon is placed within the applications menu. ## ## Example execution: ## ------------------ ## script_name=firefox-nonroot iw_user=firefox-user \ ## program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" \ ## icon="/opt/firefox/browser/icons/mozicon128.png" categories="Network;" \ ## ./setup-x-limited.sh ## ## Alternatively, you can provide a known binary location to accept default ## options for that program. ## ## Usage: ./setup-x-limited.sh [full path to binary] ## ## Currently accepted binary paths: ## /opt/firefox/firefox ## # Default options for Firefox installed in /opt if [ "$1" == "/opt/firefox/firefox" ] ; then script_name=firefox-nonroot iw_user=firefox-user program_description="Firefox (Non-Root)" command_line="/opt/firefox/firefox" icon="/opt/firefox/browser/icons/mozicon128.png" categories="Network;" fi if [ "$iw_user" == "" ] || [ "command_line" == "" ] || [ "program_description" == "" ] ; then grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g' | more exit fi ### SETTINGS ### # Change the values below to set this script up for the desired program. # script_name is the filename that the created script will be saved as. #script_name=iceweasel-nonroot # iw_user is the user that will be created for the purpose of running the # target program. #iw_user=iceweasel-user # program_description is the name that will show on the icon. #program_description="Iceweasel (Non-Root)" # command_line is the path of the target program to be run. #command_line="/usr/bin/iceweasel" # icon is the icon to display on the menu. If unknown, you can find it by # examining /usr/share/applications/.desktop #icon="iceweasel" # categories determines where the icon is placed within the applications menu. # Like icon, if you don't know it, you can find it in # /usr/share/applications/.desktop #categories="Network;" ### END OF SETTINGS ### useradd -G audio,pulse,pulse-access $iw_user mkdir /home/$iw_user chown -R $iw_user /home/$iw_user cat << EOF > /usr/bin/$script_name #!/bin/bash cp \$XAUTHORITY /home/$iw_user/.Xauth chmod 400 /home/$iw_user/.Xauth chown $iw_user /home/$iw_user/.Xauth sudo -u $iw_user -i XAUTHORITY=/home/$iw_user/.Xauth $command_line \$* EOF chmod 555 /usr/bin/$script_name cat << EOF > /usr/share/applications/$script_name.desktop [Desktop Entry] Encoding=UTF-8 Name=$program_description Comment=$program_description GenericName=$program_description X-GNOME-FullName=$program_description Exec=/usr/bin/$script_name Terminal=false X-MultipleArgs=false Type=Application Icon=$icon Categories=$categories StartupNotify=true EOF ================================================ FILE: strip-colors ================================================ #!/bin/bash ## ## strip-colors ## ------------ ## Removes colors from output for easy grepping. ## ## Usage: cat | strip-colors ## if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi sed -E 's/\x1B\[[0-9;]*[JKmsu]//g' ================================================ FILE: update-firefox.sh ================================================ #!/bin/bash ## ## Firefox Updater/Installer ## ------------------------- ## Just a simple script to update or install Firefox on Kali Linux. ## ## Installs to /opt/firefox ## ## Run with no options to install or update. ## if [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E '^## ?' "$0" | sed -E 's/^## ?//g' exit fi # Firefox (not Iceweasel) # Reference: https://download-installer.cdn.mozilla.net/pub/firefox/releases/latest/README.txt cd /opt rm -rfv firefox if [ "$(uname -m)" == "i686" ] ; then wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux&lang=en-US" else wget -O firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US" fi tar -xjvf firefox.tar.bz2 rm -fv firefox.tar.bz2 ================================================ FILE: usb-armory ================================================ #!/bin/bash ## ## usb-armory ## ---------- ## A simple script to setup a connection to a USB armory with Kali installed. ## ## Usage: usb-armory [Internet-connected interface] ## if [ "$1" == "" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ] ; then grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g' if [ "$1" == "" ] ; then echo echo Available interfaces: /sbin/ifconfig | grep -E 'Ethernet|inet' echo fi exit fi INTERFACE=$1 echo 1 > /proc/sys/net/ipv4/ip_forward ufw disable /sbin/iptables -t nat -F /sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE ifconfig usb0 10.42.0.1 netmask 255.255.255.0 up ssh root@10.42.0.3 ================================================ FILE: word-mutator ================================================ #!/bin/bash ## ## word-mutator 9000 ## ----------------- ## Generates a wordlist by running all of hashcat's built-in rules on a ## single word (such as a company name) or small list of words. ## ## Primarily intended for targeted, offline password cracking attacks. ## ## Usage: bash ./word-mutator [optional output file] [optional input wordlist] ## ## Because I'm being lazy, you must specify an output file name in order ## to specify an input file. :P ## ## *This script has only been tested with the legacy hashcat 2.00 binaries.* ## if [ "$3" != "" ] || [ "$1" == "-h" ] || [ "$1" == "--help" ] ; then grep -E "^##([^#]|$)" "$0" | sed -E 's/^##.?//g' exit fi ### SETTINGS ### # Path to hashcat binary HASHCAT=/opt/hashcat-2.00/hashcat-cli64.bin # Path to hashcat rules directory RULESDIR=/opt/hashcat-2.00/rules ### END OF SETTINGS ### if [ "$(ls $HASHCAT)" == "" ] || [ "$(ls $RULESDIR)" == "" ] ; then echo Could not find required hashcat files. echo Please check the binary paths defined in $0. exit fi if [ "$1" != "" ] ; then OUTPUT_FILE=$1 else OUTPUT_FILE=word-mutator.wordlist fi TEMP_PREFIX=/tmp/word-mutator.tmp rm $TEMP_PREFIX* 2>/dev/null if [ "$2" != "" ] ; then START_FILE=$2 else read -p "Base word [Enter for Top 10 common passwords]: " CO_NAME if [ "$CO_NAME" == "" ] ; then # Top 10 Yahoo Passwords, 2012 cat < $TEMP_PREFIX.0 123456 password welcome ninja abc123 123456789 12345678 sunshine princess qwerty EOF else echo "$CO_NAME" > $TEMP_PREFIX.0 fi START_FILE=$TEMP_PREFIX.0 fi echo First pass with selected rules... # separate phrases into individual words cat $START_FILE | tr "[:space:]" "\n" >> $TEMP_PREFIX.1 # lowercase only cat $START_FILE | tr [:upper:] [:lower:] >> $TEMP_PREFIX.1 cat $START_FILE | tr [:upper:] [:lower:] | tr "[:space:]" "\n" >> $TEMP_PREFIX.1 # uppercase only cat $START_FILE | tr [:lower:] [:upper:] >> $TEMP_PREFIX.1 cat $START_FILE | tr [:lower:] [:upper:] | tr "[:space:]" "\n" >> $TEMP_PREFIX.1 # remove special chars and spaces cat $START_FILE | tr -d [:punct:] >> $TEMP_PREFIX.1 cat $START_FILE | tr -d [:punct:] | tr -d "[:space:]" >> $TEMP_PREFIX.1 # lowercase only, remove special chars and spaces cat $START_FILE | tr [:upper:] [:lower:] | tr -d [:punct:] >> $TEMP_PREFIX.1 cat $START_FILE | tr [:upper:] [:lower:] | tr -d [:punct:] | tr -d "[:space:]" >> $TEMP_PREFIX.1 # uppercase only, remove special chars and spaces cat $START_FILE | tr [:lower:] [:upper:] | tr -d [:punct:] >> $TEMP_PREFIX.1 cat $START_FILE | tr [:lower:] [:upper:] | tr -d [:punct:] | tr -d "[:space:]" >> $TEMP_PREFIX.1 $HASHCAT --stdout -r "$RULESDIR/leetspeak.rule" $TEMP_PREFIX.1 >> $TEMP_PREFIX.2 2>/dev/null $HASHCAT --stdout -r "$RULESDIR/Ninja-leetspeak.rule" $TEMP_PREFIX.1 >> $TEMP_PREFIX.2 2>/dev/null echo Removing duplicates... sort -u $TEMP_PREFIX.2 > $TEMP_PREFIX.3 echo Processing second pass with all rules... for r in $RULESDIR/*.rule ; do $HASHCAT --stdout -r "$r" $TEMP_PREFIX.3 >> $TEMP_PREFIX.4 2>/dev/null done # Add digits to beginning/end of all current words IFS=$(echo -en "\n\b") for w in $(cat "$TEMP_PREFIX.1") ; do for n in {0..9} ; do echo $w$n >> "$TEMP_PREFIX.5" echo $n$w >> "$TEMP_PREFIX.5" done done for w in $(cat "$TEMP_PREFIX.1") ; do for n in {00..99} ; do echo $w$n >> "$TEMP_PREFIX.5" echo $n$w >> "$TEMP_PREFIX.5" done done for w in $(cat "$TEMP_PREFIX.1") ; do for n in {000..999} ; do echo $w$n >> "$TEMP_PREFIX.5" echo $n$w >> "$TEMP_PREFIX.5" done done for w in $(cat "$TEMP_PREFIX.1") ; do for n in {0000..9999} ; do echo $w$n >> "$TEMP_PREFIX.5" echo $n$w >> "$TEMP_PREFIX.5" done done echo Removing duplicates... sort -u $TEMP_PREFIX.* > $OUTPUT_FILE echo Done.