Skip to content

Instantly share code, notes, and snippets.

@biagiopietro
Last active June 16, 2024 18:47
Show Gist options
  • Save biagiopietro/e9b815a97e99f5dff70d5fd8b51c7a21 to your computer and use it in GitHub Desktop.
Save biagiopietro/e9b815a97e99f5dff70d5fd8b51c7a21 to your computer and use it in GitHub Desktop.
CTF installation tools
#!/bin/bash
set -exo pipefail
cd $HOME/Downloads
go_package='go1.22.1.linux-amd64.tar.gz'
bashrc_path="${HOME}/.bashrc"
apt update -y && apt install 2to3
pip3 install dirsearch smbmap autopep8
curl -s -L -o $go_package "https://golang.org/dl/$go_package"
rm -rf /usr/local/go && tar -C /usr/local -xzf "$go_package"
echo 'export PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> "$bashrc_path"
rm -rf "$go_package"
source "$bashrc_path"
export PATH=$PATH:/usr/local/go/bin:/root/go/bin
go install github.com/cmd-tools/gtfocli@latest
go install github.com/owasp-amass/amass/v4/...@master
go install github.com/lc/gau/v2/cmd/gau@latest
go install -v github.com/tomnomnom/anew@latest
cargo install rustscan
curl -s -L -o $HOME/Downloads/les.sh "https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh"
curl -s -L -o $HOME/Downloads/les.pl "https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl"
curl -s -L -o $HOME/Downloads/linpeas.sh "https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh"
curl -s -L -o $HOME/Downloads/wles.py "https://raw.githubusercontent.com/AonCyberLabs/Windows-Exploit-Suggester/master/windows-exploit-suggester.py"
chmod +x les.* linpeas.sh
git clone https://github.com/wireghoul/dotdotpwn.git
git clone https://github.com/rbsec/dnscan.git
echo "alias dnscan='$HOME/Downloads/dnscan/dnscan.py'" >> "$bashrc_path"
echo "alias dotdotpwn='perl $HOME/Downloads/dotdotpwn/dotdotpwn.pl'" >> "$bashrc_path"
echo "alias rot13=\"tr 'A-Za-z' 'N-ZA-Mn-za-m'\""
updatedb
##########
# TIPS generic
##########
# rustscan -a $IP -- -sV
# https://www.guballa.de/vigenere-solver
# autopep8 -i searchsploit-script.py # fixes spaces
# 2to3 -w searchsploit-script.py # converts from python2 to python3
# dnscan -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt -t 20 -d domain.com
# gobuster vhost -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt -u http://domain.com
# amass enum -v -brute -active -d
# gcc -fPIC -shared -o shell.so /tmp/shell.c -nostartfiles
# Upgrade shell
# python3 -c 'import pty; pty.spawn("/bin/bash");'
# CTRL + Z
# stty raw -echo && fg
# stty columns 120
##########
# TIPS for Linux
##########
# getcap -r / 2>/dev/null
# find / -type f -perm -u=s 2>/dev/null
##########
# TIPS for Windows
##########
# smbclient -N -L \\\\$IP
# smbmap -i $IP -u $USER -p $PASSWORD
# evil-winrm -a $IP -u $UPSER -p $PASSWORD -n
# whoami /priv
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment