Skip to content

leonteale/pentestpackage

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

316 Commits

Automation

Automation

 
 

Cryptography

Cryptography

 
 

GoPhish

GoPhish

 
 

MSWord_Macros/Scope_table_Generator

MSWord_Macros/Scope_table_Generator

 
 

Nessus

Nessus

 
 

Network

Network

 
 

Nmap

Nmap

 
 

Plesk

Plesk

 
 

Privilege_Escalation

Privilege_Escalation

 
 

SSL

SSL

 
 

TamperMonkeyScripts

TamperMonkeyScripts

 
 

Utilities

Utilities

 
 

WIFI

WIFI

 
 

Web

Web

 
 

Windows_portable_apps

Windows_portable_apps

 
 

Wordlists

Wordlists

 
 

dev-mightnotworkyet

dev-mightnotworkyet

 
 

web_shells

web_shells

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

README.md

README.md

 
 

gpt.sh

gpt.sh

 
 

gxfr.py

gxfr.py

 
 

powermenu.bat

powermenu.bat

 
 

puttest.sh

puttest.sh

 
 

Repository files navigation

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|P|e|n|t|e|s|t|P|a|c|k|a|g|e|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    Author: Leon Teale
    Twitter: @leonteale
    Website: cyberwolf-security.co.uk

A package of Pentest tools and scripts I have made or commonly use

Contents:

  • segmentation.sh - This is a tool for helping automate the process of segmentation testing for PCI compliance
Options:
-I, --ingress | Run ingress testing TO the CDE. Ensure you are connecting to a NON-CDE before running.
-E, --egress  | Run egress testing FROM the CDE. Ensure you are connected to the CDE before running.
-P, --icmp    | ICMP scan on a list of IP addresses [filename]
-F, --fast    | Quick scan using masscan on a list of IP addresses [filename] (all tcp ports)
-h, --help    | This help and exit

Example usage:
./segmentation.sh --icmp    iplist.txt
./segmentation.sh --ingress [networkname] iplist.txt
./segmentation.sh --egress  [networkname] iplist.txt
./segmentation.sh --fast    iplist.txt
  • suggester.py - This tool automates the identification of network services from scan results and offers tailored command recommendations or potential attack vectors for each detected service. It aims to expedite the assessment of potential vulnerabilities or misconfigurations in network services for penetration testers and security analysts.
Options:
-a, --attack  | Enable attack mode to run predefined attacks on detected services.

Available Attack Modules:
- screenshotter (using the -a or --attack option activates this)

Example usage:
python3 suggester.py services.csv
python3 suggester.py -a nmap-scan.xml

  • GPT.sh - This tool is a CLI for openAI's chatGPT version 3.5 and version 4 and also image generation. You will need your own API-KEY.

  • Wordlists - Comprises of password lists, username lists and subdomains

  • Web Service finder - Scans a list of IP addresses or hostnames for web services running on common web ports, and optionally takes screenshots of any web services found.

  • IPlist to 4 column csv - Converts a list of IPs into 4 columns in csv format. Handy for pentest reports.

  • Gpprefdecrypt.* - Decrypt the password of local users added via Windows 2008 Group Policy Preferences.

  • rdns.sh - Runs through a file of line seperated IPs and prints if there is a reverse DNS set or not. It has the necessary error handling, usage display, and output option with the ability to save results to a CSV file.

  • grouppolicypwn.sh - Enter domain user creds (doesnt need to be priv) and wil lcommunicated with the domain controllers and pull any stored CPASS from group policies and decode to plain text. Useful for instant Domain Admin!

  • privchecker.sh - Very young script that simply checks DCenum to a list of users to find their group access, indicated any privilaged users, this list can be edited.

  • NessusParserSummary.py - Parses Nessus results to give a summary breakdown of findings plus a host count next to each.

  • NessusParserBreakdown.py- Parses Nessus results to give a host based breakdown of findings plus the port(protocol) and CVSS rating.

  • NmapParser.py - Parses raw NMAP results (or .nmap) and will create individual .csv files for each host with a breakdown of ports, service version, protocol and port status.

  • NmapPortCount.py - Parses raw NMAP results (or .nmap) and will generate a single CSV with a list of Hosts, a count of how many open/closed/filtered ports it has, the OS detection and ICMP response.

  • Plesk-creds-gatherer.sh - Used on older versions of plesk (before the encription came in) that allows you to pull out all the credentials form the databases using a nice Bash menu

  • BashScriptTemplate.sh - Handy boiler plate template fro use in new scripts.

  • PythonScriptTemplate.py - Handy boiler plate template fro use in new scripts.

  • ipexplode.pl - Simply expands CIDRs and prints the ips in a list, handy for when you need a list of IPs and not a CIDR

  • LinEsc.sh - Linux escilation script. This will test common methods of gaining root access or show potential areas such as sticky perms that can allow manual testing for root escilation

  • gxfr.py - GXFR replicates dns zone transfers by enumerating subdomains using advanced search engine queries and conducting dns lookups.

  • knock.sh - Simple script used to test/perform port knocking.

  • sslscan-split-file.py - Used to split a large SSLScan results file into individual SSLScan results.

  • TestSSLServer.jar - Similar tool to SSLScan but with different output.

  • wiffy.sh - Wiffy hacking tool, encapsulated in a single Bash script.

  • gophish_positions_export.py - A simple pythoin script for taking 'results.csv' and getting statistics based on positions in the company.

  • powermenu - This tool is custom made to work as a menu system for easily downloading or running attacks using powershell

About

a package of Pentest scripts I have made or commonly use

Resources

Readme
Activity

Stars

598 stars

Watchers

74 watching

Forks

251 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 8

Languages