Technology Reviews

Discover – Custom Bash Scripts Used To Automate Various Penetration Testing Tasks Including Recon, Scanning, Parsing, And Creating Malicious Payloads And Listeners With Metasploit

Custom bash scripts used to automate quite a lot of penetration trying out duties together with recon, scanning, parsing, and growing malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework (PTF).

  • Lee Baird @discoverscripts
  • Jay “L1ghtn1ng” Townsend @jay_townsend1
  • Jason Ashton @ninewires

Download, setup, and utilization

1. Domain
2. Person
3. Parse salesforce

4. Generate goal listing
6. List
7. IP, vary, or area
8. Rerun Nmap scripts and MSF aux

9. Insecure direct object reference
10. Open more than one tabs in Firefox
11. Nikto
12. SSL

13. Parse XML
14. Generate a malicious payload
15. Start a Metasploit listener
16. Update
17. Exit




1. Passive
2. Active
3. Import names into an current recon-ng workspace
4. Previous menu

Passive makes use of ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, more than one web pages, and recon-ng.
Active makes use of dnsrecon, WAF00W, traceroute, Whatweb, and recon-ng.
[*] Acquire API keys for Bing, Builtwith, Fullcontact, GitHub, Google, Hashes, Hunter, SecurityTrails, and Shodan for most effects with recon-ng and theHarvester.

API key places:

display keys
keys upload bing_api




First identify:
Last identify:
  • Combines data from more than one web pages.

Parse salesforce

Create a unfastened account at salesforce (
Perform a seek for your goal corporate > make a selection the corporate identify > see all.
Copy the consequences into a brand new document.

Enter the positioning of your listing:
  • Gather names and positions right into a blank listing.


Generate goal listing


1. Local space community
2. NetBIOS
3. netdiscover
4. Ping sweep
5. Previous menu
  • Use other gear to create a goal listing together with Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.

CIDR, List, IP, Range, or URL

Type of scan:

1. External
2. Internal
3. Previous menu
  • External scan will set the nmap supply port to 53 and the max-rrt-timeout to 1500ms.
  • Internal scan will set the nmap supply port to 88 and the max-rrt-timeout to 500ms.
  • Nmap is used to accomplish host discovery, port scanning, carrier enumeration and OS id.
  • Matching nmap scripts are used for added enumeration.
  • Addition gear: enum4linux, smbclient, and ike-scan.
  • Matching Metasploit auxiliary modules also are leveraged.


Insecure direct object reference

Using Burp, authenticate to a web page, map & Spider, then log off.
Target > Site map > make a selection the URL > proper click on > Copy URLs on this host.
Paste the consequences into a brand new document.

Enter the positioning of your document:

Open more than one tabs in Firefox

Open more than one tabs in Firefox with:

1. List
2. Directories from robots.txt.
3. Previous menu
  • Use an inventory containing IPs and/or URLs.
  • Use wget to tug a website’s robotic.txt document, then open the entire directories.


Run more than one cases of Nikto in parallel.

1. List of IPs.
2. List of IP:port.
3. Previous menu


Check for SSL certificates problems.

Enter the positioning of your listing:
  • Use sslscan and sslyze to test for SSL/TLS certificates problems.


Parse XML

Parse XML to CSV.

1. Burp (Base64)
2. Nessus (.nessus)
3. Nexpose (XML 2.0)
4. Nmap
5. Qualys
6. Previous menu

Generate a malicious payload

Malicious Payloads

1. android/meterpreter/reverse_tcp
2. cmd/home windows/reverse_powershell
3. java/jsp_shell_reverse_tcp (Linux)
4. java/jsp_shell_reverse_tcp (Windows)
5. linux/x64/meterpreter_reverse_https
6. linux/x64/meterpreter_reverse_tcp
7. linux/x64/shell/reverse_tcp
8. osx/x64/meterpreter_reverse_https
9. osx/x64/meterpreter_reverse_tcp
10. php/meterpreter/reverse_tcp
11. python/meterpreter_reverse_https
12. python/meterpreter_reverse_tcp
13. home windows/x64/meterpreter_reverse_https
14. home windows/x64/meterpreter_reverse_tcp
15. Previous menu

Start a Metasploit listener

Metasploit Listeners

1. android/meterpreter/reverse_tcp
2. cmd/home windows/reverse_powershell
3. java/jsp_shell_reverse_tcp
4. linux/x64/meterpreter_reverse_https
5. linux/x64/meterpreter_reverse_tcp
6. linux/x64/shell/reverse_tcp
7. osx/x64/meterpreter_reverse_https
8. osx/x64/meterpreter_reverse_tcp
9. php/meterpreter/reverse_tcp
10. python/meterpreter_reverse_https
11. python/meterpreter_reverse_tcp
12. home windows/x64/meterpreter_reverse_https
13. home windows/x64/meterpreter_reverse_tcp
14. Previous menu


  • Use to replace Kali Linux , Discover scripts, quite a lot of gear, and the find database.
Download Discover