‼ A big clean occured in 2022-11 ‼
Some useless/not working scripts have been archived and some others have been moved to their own repository to get more visibility, feel free to check them:
- apk-analyzer
- cloudflare-origin-ip
- csp-analyzer
- detectify-cves
- extract-endpoints
- favicon-hashtrick
- google-search
- graphql-introspection-analyzer
- keyhacks.sh
- related-domains
git clone https://github.com/gwen001/pentest-tools
cd pentest-tools
pip3 install -r requirements.txt
Converts IP address in arpa format to classical format.
Performs host command on a given hosts list using parallel to make it fast.
Performs a string search on codeshare.io.
Test CORS issue on a given list of hosts.
Test CRLF issue on a given list of hosts.
Grabs subdomains of a given domain from crt.sh.
Tests if ports 3389 and 5900 are open on a given IP range using netcat.
Performs brute force through wordlist to find subdomains.
Performs brute force through numeric variation to find subdomains.
Apply reverse DNS method on a given IP range to find subdomains.
Same thing but IP ranges are read from an input file.
Tests Zone Transfer of a given domain.
Performs all types of DNS requests for a given (sub)domain.
Extracts domain of a given URL or a list of URLs.
Extracts links from a given HTML file.
Classifies and displays URLs by vulnerability types.
Performs regexps listed in flash-regexp.txt for Flash apps testing purpose.
Generates Google dorks for a given domain (searches are not performed).
Uses about 40 algorithms to hash a given string.
Converts a given IP address to different format, see Nicolas Grégoire presentation.
Generates a list of IPs addresses from the given start to the given end, range and mask supported.
Mass test zone transfer on a given list of domains.
Performs SMTP user enumeration on a given list of IP address using smtp-user-enum.
Tests if SMTP user enumeration is possible on a given list of IP address using smtp-user-enum.
Just few common Bash functions.
Encode/Decode UUID using base36.
Test Nagios Remote Plugin Executor Arbitrary Command Execution on a given host using Metasploit.
Test Open Redirect issue on a given list of hosts.
Creates words permutation with different separators and output the hashes using about 40 algorithms.
Performs a string search on pastebin.com.
See xss.py.
Determines what IPs are alive in a given range of IPs addresses using netcat.
Determines what IPs are alive in a given range of IPs addresses using nmap.
Determines what IPs are alive in a given range of IPs addresses using ping.
Determines the open ports of a given IP address using netcat.
Tests a given list of path on a given list of hosts.
Same but the Python version. Tests a given list of path on a given list of hosts.
Test RCE issue on a given list of hosts.
Resolves a give list of hosts to check which ones are alive and which ones are dead.
Takes screenshots of a given url+port using xvfb.
Performs searches on Shodan using their API.
Test HTTP request smuggling issue on a given list of hosts.
Perform very small tests of a given IP address.
Tries to guess SSH users using timing attack.
Generate random IP address:port inside private network range for SSRF scans.
Generates subdomains alterations and permutations.
Brute force a wordlist on IPs range and ports list.
Tries to determine if an url (subdomain+port) is a web thing.
Performs fuzzing on a given IP address+port using netcat.
Just few common PHP functions.
Perform brute force on a given url that use WebDav using Davtest.
Test XSS issue on a given list of hosts using phantomjs.
Feel free to open an issue if you have any problem with the script.