pentest-tools

A collection of custom security tools for quick needs.

---

arpa.sh

Converts IP address in arpa format to classical format.

182.218.193.78.in-addr.arpa domain name pointer fey75-1-78-193-218-182.fbxo.proxad.net. -> 78.193.218.182

bbhost.sh

Performs host command on a given hosts list using parallel to make it fast.

codeshare.php

Performs a string search on codeshare.io.

cors.py

Test CORS issue on a given list of hosts.

crlf.py

Test CRLF issue on a given list of hosts.

crtsh.php

Grabs subdomains of a given domain from https://crt.sh

detect-vnc-rdp.sh

Tests if ports 3389 and 5900 are open on a given IP range using netcat.

dnsenum-brute.sh

Performs brute force through wordlist to find subdomains.

dnsenum-bruten.sh

Performs brute force through numeric variation to find subdomains.

dnsenum-reverse.sh

Apply reverse DNS method on a given IP range to find subdomains.

dnsenum-reverserange.sh

Same thing but IP ranges are read from an input file.

dnsenum-zonetransfer.sh

Tests Zone Transfer of a given domain.

dnsreq-alltypes.sh

Performs all types of DNS requests for a given (sub)domain.

extract-domains.py

Extracts domain of a given URL or a list of URLs.

extract_links.php

Extracts links from a given HTML file.

filterurls.py

Classifies and displays URLs by vulnerability types.

flash-regexp.sh

Performs regexps listed in flash-regexp.txt for Flash apps testing purpose.

gdorks.php

Generates Google dorks for a given domain (searches are not performed).

hashall.php

Uses about 40 algoritmes to hash a given string.

ip-converter.php

Converts a given IP address to different format, see Nicolas Grégoire presentation.

ip-listing.php

A script that generates IP address from the start to the end.

mass_axfr.sh

A script that test Zone Transfer on a given list of domains using Fierce.

mass-smtp-user-enum-bruteforce.sh

A script that perform SMTP user enumeration on a given list of IP address using smtp-user-enum

mass-smtp-user-enum-check.sh

A script that simply test if SMTP user enumeration is possible on a given list of IP address using smtp-user-enum

nrpe.sh

A script that test the Nagios Remote Plugin Executor Arbitrary Command Execution using Metasploit.

pass-permut.php

A script that creates words permutation with different separators and output the hashes.

ping-sweep-nc.sh

A script that try to determine what IP are alive in a given range of IP address using Netcat.

ping-sweep-nmap.sh

A script that try to determine what IP are alive in a given range of IP address using Nmap.

ping-sweep-ping.sh

A script that try to determine what IP are alive in a given range of IP address using Ping.

portscan-nc.sh

A script that try to determine the open ports of a given IP address using Netcat.

screensite.sh

A script that take a screenshot of a given url+port using Xvfb.

srv_reco.sh

A script that perform a very small test of a given IP address.

ssh-timing-b4-pass.sh

???

ssrf-generate-ip.php

A script that generate random IP address inside private network range.

subdomains_finder.sh

A script that find subdomains using other well known programs (TheHarvester, DNSrecon...)

subthreat.php

A script that grab subdomains of a given domain from https://www.threatcrowd.org

testhttp.php

A script that test if an url (subdomain+port) is a web thing.

testhttp2.php

Same same but different.

test-ip-wordlist.sh

???

testnc.sh

A script that fuzz a given IP address with Netcat.

wayback-analyzer.php

A script that try to nicely display waybackurls.py output.

webdav-bruteforce.sh

A script that perform brute force on a given url that use WebDav using Davtest