Various tools for Penetration Testing
Useful for generating passwords for a dictionary attack based on a target's name (for example).
- Basic usage:
echo "john
fitzgerald
kennedy" > names
python ./combinator.py -i names
- Using minimum and maximum for more lengths:
python ./combinator.py -i names -min 1 -max 3
- Returning only concatenation results without underscores (-c) and only lowercase (-l):
python ./combinator.py -i names -l -c
Finds comments inside web pages. These can sometimes contain useful information.
- Recursively scanning a directory containing a website:
python ./find_comments.py "/local/path/to/website/dir"
- Scanning a single file:
python ./find_comments.py "/local/path/to/some/index.html"
- No errors and no titles etc. in output:
python ./find_comments.py -e -s "/local/path/to/page_or_dir"
Injects a DLL of our choice to a process of our choice, calling its DllMain function in the victim process.
SDI.exe <Target PID> <DLL Path>
Finds subdomains of a given website. Works well with https://github.com/averagesecurityguy/axfr/blob/master/subdomains_nc.txt (entire runtime is likely to take a while, but it will find most results quickly, and the script allows for stopping and picking up from a previous spot)
- Using the one-click, no-questions-asked script:
./simple_run.sh example.com
- Basic usage:
echo "www
mail" > subdomain_options
python ./subdomainer.py -i subdomain_options -d example.com
- Using subdomains_nc and output to file:
python ./subdomainer.py -i subdomains_nc.txt -d example.com -o subdomains
- Scan only first 10,000 subdomain options in the list:
python ./subdomainer.py -i subdomains_nc.txt -d example.com -n 10000 -o subdomains
- Continue from line 10,001:
python ./subdomainer.py -i subdomains_nc.txt -d example.com -s 10001
Collects data about a given list of subdomains. Useful to run on the output of Subdomainer.
- Basic usage, scanning www.example.com and mail.example.com:
echo "www
mail" > subdomains
./extractor.sh subdomains example.com
- Using the one-click, no-questions-asked script, including running Subdomainer:
./simple_run.sh example.com
Very simple obfuscator for php. I mainly wrote it for the sport, but it's not nearly as good as some of the other ones out there, like fopo.com.ar
python obfuscate.py my.php