http://www.pentesterscripting.com/ 2012-02-05T12:39:21+00:00 http://www.pentesterscripting.com/ http://www.pentesterscripting.com/lib/tpl/arctic_dark/images/favicon.ico text/html 2011-06-05T17:58:47+00:00 Robin Wood http://www.pentesterscripting.com/discovery/ssl_tests?rev=1307296727&do=diff #!/usr/bin/env bash # Description: # Script to extract the most security relevant details from a # target SSL/TLS implementation by using sslscan. # Author: Raul Siles (raul _AT_ taddong _DOT_ com) # Taddong (www.taddong.com) # Date: 2011-05-27 # Version: 1.0 # # - Current SSL/TLS tests: # SSLv2, NULL cipher, weak ciphers -key length-, strong # ciphers -AES-, MD5 signed cert, SSL/TLS renegotiation # # Requires: # - sslscan # https://sourceforge.net/projects/ssls… text/html 2011-05-30T18:58:04+00:00 Jason Haddix http://www.pentesterscripting.com/authors/jason_haddix?rev=1306781884&do=diff Jason is a Sr Web Application Penetration Tester for HP. He focuses on external network and webapp assessments. He also is a regular contributor to ethicalhacker.net and various other online hackery publications. Find him at - @jhaddix on twitter and <http://www.securityaegis.com> text/html 2011-01-18T15:07:01+00:00 Adrien de Beaupre http://www.pentesterscripting.com/discovery?rev=1295363221&do=diff Discovery is probably one of the most important portions of a penetration test. It is where we try to determine what potential flaws exist in the target. The scripts found in this section will focus on finding these flaws so that they can be used in the exploitation phase of the penetration test. Some examples would be user name harvesting or scanning for routers exposed to the network. text/html 2010-11-02T15:10:11+00:00 Robin Wood http://www.pentesterscripting.com/mapping?rev=1288710611&do=diff Mapping is the part of a penetration test where we attempt to determine what is part of the target. For example, during a web pen-test, we would find all of the functionality of the site during this phase. These scripts will help us fill out our target map. text/html 2010-11-02T15:09:11+00:00 Robin Wood http://www.pentesterscripting.com/mapping/nmap_open_port_stats?rev=1288710551&do=diff This script will take a .nmap file from an nmap scan and give you a csv file containing a count of how many times each different port number was found open. For example: * port, count * 22, 100 * 53, 6 * 80, 88 It only looks at TCP ports but to change to UDP is fairly easy, to get both just add a second hits hash and put on in one and one in the new one. text/html 2010-10-25T14:11:42+00:00 Robin Wood http://www.pentesterscripting.com/exploitation?rev=1288015902&do=diff Exploitation is probably everyone favorite portion of a penetration test. It is where we get to actually launch attacks. The scripts in this section will target vulnerabilities in the target and the leverage these to further our penetration. ---------- TYPO3 CMS Insecure Randomness Exploit - REF: TYPO3-SA-2009-001 Detailed Advisory - c22.cc text/html 2010-10-25T14:11:01+00:00 Robin Wood http://www.pentesterscripting.com/exploitation/p0wnpr0xy?rev=1288015861&do=diff Direct from Mark himself... I wrote p0wnpr0xy because I was repeatedly launching SQLMAP and similar tools against various URLs as I was browsing a site. The tools required that I grab the cookie and build the command line. After manually launching SQLMAP a third time against a website I decided to automate it. I gave more details and made a video on sample use text/html 2010-10-19T19:21:50+00:00 Robin Wood http://www.pentesterscripting.com/mapping/userpass?rev=1287516110&do=diff #!/usr/bin/env python #Username passwod generator - Mark Baggett #Searches for Linkedin.com users of the target company. #Then lauches CEWL on each users LinkedIn Profile to build a custom password list per users #If the user has a photo on linkedin, it will use TinEye to find other accounts or pages used by that individual and use CEWL on them #If the user list "Their website", facebook, myspace, etc in linkedin we build password lists off of those pages. #The Default CeWL path assumes your u… text/html 2010-10-19T19:19:03+00:00 Robin Wood http://www.pentesterscripting.com/exploitation/sqlinjector?rev=1287515943&do=diff #SQLInjector - MySQL Blind SQL injector. Uses techniques outlined in this paper http://www.exploit-db.com/papers/13696/ to generate fewer queries. # Written by Mark Baggett # download from www.pauldotcom.com # known issues; # uses md5 for page comparison rather than searching for a string. This can be a problem if the page includes dynamic banner ads. # M,N and 0-9 period and comma are not representative of the actual correct frequent character set # lettertable() function needs be expan… text/html 2010-10-19T19:16:06+00:00 Robin Wood http://www.pentesterscripting.com/exploitation/get_to_post?rev=1287515766&do=diff #XSS GET to POST script by mark baggett http://www.pauldotcom.com #start it like this... python get2post.py #use it like this... http://<yourIPaddress>:8080/?target=http://www.targeturl.com&postparam=postvalue&anotherparam=itsvalue&postvariable=itsvalue import os import sys import BaseHTTPServer import urlparse import re class XSSWebHandler(BaseHTTPServer.BaseHTTPRequestHandler): clientfilter="" def do_GET(self): self.send_response(200) self.end_headers() (ignore, ignore, i… text/html 2010-10-19T18:53:57+00:00 Robin Wood http://www.pentesterscripting.com/discovery/domain_account_brute_force?rev=1287514437&do=diff The comments say it all... #!/bin/sh echo echo "*******************************************************" echo "* *" echo "* Welcome to the Domain Account Bruteforce Tool. *" echo "* By Sean gambles 21st Sep 2010 *" echo "*******************************************************" echo echo "This tool makes use of the nmap smb-enum-users script," echo "by basically exporting the results, in a cleaned up form" echo "int…