http://pentesterscripting.com/ 2010-08-20T22:12:30+00:00 http://pentesterscripting.com/ http://pentesterscripting.com/lib/images/favicon.ico text/html 2010-08-19T20:53:06+00:00 Robin Wood http://pentesterscripting.com/discovery/url_crawler?rev=1282251186&do=diff #!/usr/bin/env bash ## listing only target domain with list-urls.py (in backtrack4) ## by Aung Khant, http://yehg.net list_url_location=/pentest/enumeration/list-urls/list-urls.py echo ++++++++++++++++++++++++++++++++++++ echo echo Target URL Crawler with list-urls.py echo echo by Aung Khant, http://yehg.net echo YGN Ethical Hacker Group, Myanmar echo echo ++++++++++++++++++++++++++++++++++++ echo if [ ! -e $list_url_location ]; then echo This script depends on: echo "$list_url_loca… text/html 2010-08-19T20:51:30+00:00 Robin Wood http://pentesterscripting.com/discovery/ssl_tests?rev=1282251090&do=diff #!/usr/bin/env bash echo +++++++++++++++++++++++++++++++++++++++++++++++++ echo SSL Tests - v2, weak ciphers, MD5, Renegotiation echo by Aung Khant, http://yehg.net echo +++++++++++++++++++++++++++++++++++++++++++++++++ echo if [ $# -ne 2 ]; then echo Usage: $0 IP Port exit fi echo [*] testing on $1:$2 .. echo echo [*] tesing for sslv2 .. echo [*] sslscan $1:$2 \| grep "Accepted SSLv2" sslscan $1:$2 | grep "Accepted SSLv2" echo echo echo [*] testing for weak ciphers ... echo [*] … text/html 2010-08-19T20:50:05+00:00 Robin Wood http://pentesterscripting.com/mapping/iis_internal_ip_disclosure?rev=1282251005&do=diff #!/usr/bin/env bash echo +++++++++++++++++++++++++++++++++++++++++ echo IIS Internal IP Revealed POC echo by Aung Khant, http://yehg.net echo +++++++++++++++++++++++++++++++++++++++++ echo if [ $# -ne 2 ]; then echo Usage: $0 IP Port exit fi echo [*] sending Get request to $1 on port $2 printf "GET / HTTP/1.0\r\nCONNECTION: CLOSE\r\n\r\n" | nc $1 $2 | grep Content-Location: echo [*] done text/html 2010-08-19T20:49:06+00:00 Robin Wood http://pentesterscripting.com/discovery/web_requester?rev=1282250946&do=diff Scan URLs for a list of given regexps #!/usr/bin/env bash ################################################################ # Bash Web Requester # by Aung Khant, http://yehg.net # License: GPL v2 # # takes 2 arguments: # one is a file with a list of URLs (url like http://site.com/test.asp) # second is file with regexp compatible pattern that checks page content for matched keywords # # E.g If you request URL which contains string like 'require_once' in URL response, which is… text/html 2010-08-19T20:47:20+00:00 Robin Wood http://pentesterscripting.com/exploitation/apache_413_xss?rev=1282250840&do=diff A proof of concept script for Apache 413 Error Message XSS #!/usr/bin/env bash # # Check Apache 413 XSS against a list of hosts running web server # Takes Argument 1 a file which contains a list of host (in format: hostname/IP PORT) # Output a file with host(s) found to be vulnerable # # ./xss_apache_413.sh hosts_file # # sample content of hosts_file (line by line) # # yehg.org 80 # 127.0.0.1 80 # echo ++++++++++++++++++++++++++++++++++++ echo Apache 413 Error Message XSS POC echo by Aun… text/html 2010-08-19T20:46:25+00:00 Robin Wood http://pentesterscripting.com/exploitation/apache_expect_xss?rev=1282250785&do=diff A proof of concept for the Apache EXPECT header XSS #!/usr/bin/env bash # # Check Apache EXPECT Header XSS against a list of hosts running web server # Takes Argument 1 a file which contains a list of host (in format: hostname/IP PORT) # Output a file with host(s) found to be vulnerable # # ./xss_apache_expect.sh hosts_file # # sample content of hosts_file (line by line) # # yehg.org 80 # 127.0.0.1 80 # echo ++++++++++++++++++++++++++++++++++++ echo Apache EXPECT Header XSS POC echo by … text/html 2010-08-07T17:44:49+00:00 Robin Wood http://pentesterscripting.com/discovery/parse_nessus2_into_db?rev=1281203089&do=diff Parse the nessus 2 format file into mysql database for later references such as customized/scheduled reporting. #!/usr/bin/perl # Created by Adrien de Beaupre, adriendb (at) gmail (dot) com # or adriendb (at) whitehats (dot) ca # # Based on "Yet Another Nessus v2 Parser" nessusv2.pl from https://discussions.nessus.org/message/5596 by rrich. # # Version 0.021 # 04 August 2010 # # To do: Better coding and error checking. ;-) # As well add back in v1 file format support. # Oh, and more docume… text/html 2010-08-07T17:44:06+00:00 Robin Wood http://pentesterscripting.com/discovery?rev=1281203046&do=diff Discovery is probably one of the most important portions of a penetration test. It is where we try to determine what potential flaws exist in the target. The scripts found in this section will focus on finding these flaws so that they can be used in the exploitation phase of the penetration test. Some examples would be user name harvesting or scanning for routers exposed to the network. text/html 2010-08-03T12:30:54+00:00 Robin Wood http://pentesterscripting.com/exploitation/bash_web_parameter_fuzzer?rev=1280838654&do=diff Fuzz URL parameters, the comments give the usage. #!/usr/bin/env bash ################################################################ # Bash Web Parameter Fuzzer # by Aung Khant, http://yehg.net # License: GPL v2 # # takes 3 arguments: # one is a file with a list of fuzzable URLs (url like http://site.com/test.asp?s=str) # second is file with a list of payloads # third is file with regexp compatible pattern # # E.g If you send URL with "><script> which is included in 2nd… text/html 2010-08-03T01:18:51+00:00 Tom Eston http://pentesterscripting.com/authors/tom_eston?rev=1280798331&do=diff Tom Eston is a Senior Security Consultant for SecureState. Tom is actively involved in the security community and focuses much of his research on the security of social media. Tom is a security blogger (spylogic.net) and co-host of the Security Justice and Social Media Security podcasts. Tom is also a frequent speaker at security user groups and conferences including Notacon, Defcon and OWASP AppSec DC. You can find Tom on Twitter as: agent0x0