Skip to content

highmeh/pentest_scripts

Repository files navigation

pentest_scripts

Scripts I've put together to help during penetration tests.

  • generate_emails.py - takes a list of full names (as generated by TheHarvester or scrape_linkedin.py) and converts them into various common email conventions. Attempts to sanitize the names to a "Firstname Lastname" format.

  • scrape_linkedin.py - using a google cse api key, use Google Dorks/Advanced Operators to retreive employee names from GitHub. Sanitize and dump to a list. [ Currently Deprecated ]

  • retrieve_osxhash.py - converts the contents of an OSX .plist file to a crackable password hash. Use Hashcat mode 7100 with the --username flag to crack. Without the -u flag, it dumps all password hashes. Requires root or sudo.

  • postgresbrute.py - a simple postgres brute-forcing tool. Currently supports only a single username at a time.

  • 200buster.py - a simple tool for directory brute-forcing when all requests return "200 OK". Excludes a range of response sizes and returns all others as valid path directories.

  • 4to6.py - Uses arp to get the IPv6 address of an IPv6 host. Note that ICMP must be enabled for the tool to work.

About

penetration testing scripts

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages