daniruiz/kali-shell-aliases-and-functions.sh

## kali-shell-aliases-and-functions.sh
##################################################
# Packages
#   $ sudo apt install -y xclip grc gobuster rlwrap evil-winrm powercat seclists peass
# Install flatpak
#   -> https://www.kali.org/docs/tools/flatpak/
# urlencode:
#   $ sudo apt install gridsite-clients
# Python2 pip
#   $ sudo sh -c "curl https://bootstrap.pypa.io./pip/2.7/get-pip.py | python2"
# Cool Hollywood screensaver ❤️
#   $ sudo apt install kali-screensaver

# Sudo without password
# $ sudo dpkg-reconfigure kali-grant-root

# Resources
# accesschk.exe
# https://web.archive.org/web/20080530012252/http://live.sysinternals.com/accesschk.exe

reset=$'\E[0;0m'
bold=$'\E[1m'
red=$'\E[31m'
green=$'\E[32m'
blue=$'\E[34m'

alias sudo='sudo ' # Causes the next word to be checked for alias substitution
alias xclip='xclip -selection c'
alias update='sudo sh -c "
  set -e
  export DEBIAN_FRONTEND=noninteractive
  dpkg --configure -a
  apt update
  apt -y --fix-broken --fix-missing full-upgrade
  apt -y autoremove --purge
# Change nmap permissions and file capabilities in case it got overwritten
  chgrp adm /usr/bin/nmap
  chmod 750 /usr/bin/nmap
  setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
"
echo
echo Flatpak:
flatpak update && flatpak remove --unused
'

alias nmap='sudo grc nmap'
alias john='john -w=/usr/share/wordlists/rockyou.txt'
alias wpscan='wpscan --rua -e ap,at,tt,cb,dbe,u,m --passwords /usr/share/wordlists/seclists/Passwords/probable-v2-top1575.txt'
alias wfuzz='wfuzz -c'
alias gobusterdir='gobuster dir -w /usr/share/seclists/Discovery/Web-Content/combined_words.txt -k -u "$@"'
alias wapiti='wapiti --color --url'
alias nikto='nikto -host'
alias whatweb='whatweb -a 3'
alias webserver='python -m http.server 80'
alias smbserver='impacket-smbserver share . -smb2support'
alias proxy_nmap='sudo proxychains -q grc nmap -v -n -Pn -sT'
alias proxy_hydra='sudo proxychains -q hydra'
alias proxy_gobusterdir='HTTP_PROXY=socks5://127.0.0.1:9090/ gobusterdir'

wordlists() {
  echo "${green}${bold}"
  figlet Wordlists
  echo ${reset}
  echo "${bold}Web server enumeration:${reset}"
  du -h /usr/share/seclists/Discovery/Web-Content/combined_words.txt \
          /usr/share/seclists/Discovery/Web-Content/combined_directories.txt \
  | sed 's/^/ /'
  echo " [i] Useful file extensions: php,asp,aspx,jsp,ini,config,cfg,xml,htm,html,json,bak,txt"
  echo ""
  echo "${bold}Online credentials:${reset}"
  echo " > /usr/share/seclists/Passwords/probable-v2-top1575.txt"
  echo " > /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt"
  echo ""
  echo "${bold}Password Hash cracking:${reset}"
  echo " > /usr/share/wordlists/rockyou.txt"
  echo "________________________________________________________________________________________"
  command wordlists
}

# Running nmap as an unprivileged user
# https://secwiki.org/w/Running_nmap_as_an_unprivileged_user
# $ sudo chgrp adm /usr/bin/nmap
# $ sudo chmod 750 /usr/bin/nmap
# $ sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
export NMAP_PRIVILEGED=""
nmapfast() {
  nmap_output=$(mktemp)
  command nmap -n -sS -Pn -T4 --min-rate 1000 -p- -v $1 -oN $nmap_output \
    | sed -u 's|[0-9]\+/tcp|\x1b\[1;32m\0\x1b\[0m|'
  ports=$(cat $nmap_output \
    | grep ^[1-9] \
    | cut -d/ -f1 \
    | xargs \
    | sed 's/ /,/g')
  echo ""
  echo "======================================="
  echo ""
  echo "    PORTS"
  echo "    -----"
  echo "    ${bold}${red}${ports}${reset}"
  echo ""
  grc nmap -n -Pn -sT -p$ports -sC -sV $1
  echo ""
  echo "======================================="
  echo ""
  command nmap -n -Pn -sU --top-ports 100 -v $1 | sed -u 's|[0-9]\+/udp|\x1b\[1;34m\0\x1b\[0m|'
}

smbtest() {
  target=$1
  smbmap_output="$(smbmap -H $target -u %)"
  if ! echo "$smbmap_output" | grep -qF '[!]'; then
    echo "$smbmap_output" \
    | sed 's/WRITE/\x1b\[1;31m\0\x1b[0m/; s/READ/\x1b\[1;32m\0\x1b[0m/;'
  else
    smbclient -L //$target/ -U % --no-pass \
      || smbclient -L //$target/ -U anonymous --no-pass
  fi
  echo
  sudo msfdb init \
    && msfconsole -q -x "\
    use auxiliary/scanner/smb/smb_version; \
    set rhost ${target}; \
    run; \
    vulns ${target}; \
    exit"
}

rshell() {
  read rows cols < <(stty size)
  stty raw -echo
  cat <(cat << EOF
export TERM=xterm-256color
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

for PYTHON in \$(which python python2 python3); do : ; done
if [ -x "\$PYTHON" ]; then
  [ -x /bin/bash ] && exec \$PYTHON -c 'import pty;pty.spawn(("/bin/bash", "--rcfile", "/etc/skel/.bashrc", "-p"))'
  exec \$PYTHON -c 'import pty;pty.spawn(("/bin/sh"))'
elif command -v script > /dev/null; then
  exec script -qc /bin/bash /dev/null
fi
stty rows $rows cols $cols

# User commands to execute right after connection
clear; \
{ \
. /etc/os-release; \
printf "\\===========(\033[1;31m\$(whoami)@\$(hostname)\033[00m)===========/\n"; \
printf "|     \033[1;34mOS\033[00m :: \$PRETTY_NAME -- v\$VERSION_ID\n"; \
printf "| \033[1;34mKernel\033[00m :: \$(uname -r -s -m)\n"; \
printf "| \033[1;34mGroups\033[00m :: \$(groups)\n"; \
printf "\____________________________________________________________\n"; \
printf "\n"
ip --color=auto address || ifconfig; \
} 2>/dev/null ; \
echo;
EOF
  ) - | nc $@
  stty sane
}
	##################################################
	# Packages
	# $ sudo apt install -y xclip grc gobuster rlwrap evil-winrm powercat seclists peass
	# Install flatpak
	# -> https://www.kali.org/docs/tools/flatpak/
	# urlencode:
	# $ sudo apt install gridsite-clients
	# Python2 pip
	# $ sudo sh -c "curl https://bootstrap.pypa.io./pip/2.7/get-pip.py \| python2"
	# Cool Hollywood screensaver ❤️
	# $ sudo apt install kali-screensaver

	# Sudo without password
	# $ sudo dpkg-reconfigure kali-grant-root

	# Resources
	# accesschk.exe
	# https://web.archive.org/web/20080530012252/http://live.sysinternals.com/accesschk.exe

	reset=$'\E[0;0m'
	bold=$'\E[1m'
	red=$'\E[31m'
	green=$'\E[32m'
	blue=$'\E[34m'

	alias sudo='sudo ' # Causes the next word to be checked for alias substitution
	alias xclip='xclip -selection c'
	alias update='sudo sh -c "
	set -e
	export DEBIAN_FRONTEND=noninteractive
	dpkg --configure -a
	apt update
	apt -y --fix-broken --fix-missing full-upgrade
	apt -y autoremove --purge
	# Change nmap permissions and file capabilities in case it got overwritten
	chgrp adm /usr/bin/nmap
	chmod 750 /usr/bin/nmap
	setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
	"
	echo
	echo Flatpak:
	flatpak update && flatpak remove --unused
	'

	alias nmap='sudo grc nmap'
	alias john='john -w=/usr/share/wordlists/rockyou.txt'
	alias wpscan='wpscan --rua -e ap,at,tt,cb,dbe,u,m --passwords /usr/share/wordlists/seclists/Passwords/probable-v2-top1575.txt'
	alias wfuzz='wfuzz -c'
	alias gobusterdir='gobuster dir -w /usr/share/seclists/Discovery/Web-Content/combined_words.txt -k -u "$@"'
	alias wapiti='wapiti --color --url'
	alias nikto='nikto -host'
	alias whatweb='whatweb -a 3'
	alias webserver='python -m http.server 80'
	alias smbserver='impacket-smbserver share . -smb2support'
	alias proxy_nmap='sudo proxychains -q grc nmap -v -n -Pn -sT'
	alias proxy_hydra='sudo proxychains -q hydra'
	alias proxy_gobusterdir='HTTP_PROXY=socks5://127.0.0.1:9090/ gobusterdir'

	wordlists() {
	echo "${green}${bold}"
	figlet Wordlists
	echo ${reset}
	echo "${bold}Web server enumeration:${reset}"
	du -h /usr/share/seclists/Discovery/Web-Content/combined_words.txt \
	/usr/share/seclists/Discovery/Web-Content/combined_directories.txt \
	\| sed 's/^/ /'
	echo " [i] Useful file extensions: php,asp,aspx,jsp,ini,config,cfg,xml,htm,html,json,bak,txt"
	echo ""
	echo "${bold}Online credentials:${reset}"
	echo " > /usr/share/seclists/Passwords/probable-v2-top1575.txt"
	echo " > /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt"
	echo ""
	echo "${bold}Password Hash cracking:${reset}"
	echo " > /usr/share/wordlists/rockyou.txt"
	echo "________________________________________________________________________________________"
	command wordlists
	}

	# Running nmap as an unprivileged user
	# https://secwiki.org/w/Running_nmap_as_an_unprivileged_user
	# $ sudo chgrp adm /usr/bin/nmap
	# $ sudo chmod 750 /usr/bin/nmap
	# $ sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
	export NMAP_PRIVILEGED=""
	nmapfast() {
	nmap_output=$(mktemp)
	command nmap -n -sS -Pn -T4 --min-rate 1000 -p- -v $1 -oN $nmap_output \
	\| sed -u 's\|[0-9]\+/tcp\|\x1b\[1;32m\0\x1b\[0m\|'
	ports=$(cat $nmap_output \
	\| grep ^[1-9] \
	\| cut -d/ -f1 \
	\| xargs \
	\| sed 's/ /,/g')
	echo ""
	echo "======================================="
	echo ""
	echo " PORTS"
	echo " -----"
	echo " ${bold}${red}${ports}${reset}"
	echo ""
	grc nmap -n -Pn -sT -p$ports -sC -sV $1
	echo ""
	echo "======================================="
	echo ""
	command nmap -n -Pn -sU --top-ports 100 -v $1 \| sed -u 's\|[0-9]\+/udp\|\x1b\[1;34m\0\x1b\[0m\|'
	}

	smbtest() {
	target=$1
	smbmap_output="$(smbmap -H $target -u %)"
	if ! echo "$smbmap_output" \| grep -qF '[!]'; then
	echo "$smbmap_output" \
	\| sed 's/WRITE/\x1b\[1;31m\0\x1b[0m/; s/READ/\x1b\[1;32m\0\x1b[0m/;'
	else
	smbclient -L //$target/ -U % --no-pass \
	\|\| smbclient -L //$target/ -U anonymous --no-pass
	fi
	echo
	sudo msfdb init \
	&& msfconsole -q -x "\
	use auxiliary/scanner/smb/smb_version; \
	set rhost ${target}; \
	run; \
	vulns ${target}; \
	exit"
	}

	rshell() {
	read rows cols < <(stty size)
	stty raw -echo
	cat <(cat << EOF
	export TERM=xterm-256color
	export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

	for PYTHON in \$(which python python2 python3); do : ; done
	if [ -x "\$PYTHON" ]; then
	[ -x /bin/bash ] && exec \$PYTHON -c 'import pty;pty.spawn(("/bin/bash", "--rcfile", "/etc/skel/.bashrc", "-p"))'
	exec \$PYTHON -c 'import pty;pty.spawn(("/bin/sh"))'
	elif command -v script > /dev/null; then
	exec script -qc /bin/bash /dev/null
	fi
	stty rows $rows cols $cols

	# User commands to execute right after connection
	clear; \
	{ \
	. /etc/os-release; \
	printf "\\===========(\033[1;31m\$(whoami)@\$(hostname)\033[00m)===========/\n"; \
	printf "\| \033[1;34mOS\033[00m :: \$PRETTY_NAME -- v\$VERSION_ID\n"; \
	printf "\| \033[1;34mKernel\033[00m :: \$(uname -r -s -m)\n"; \
	printf "\| \033[1;34mGroups\033[00m :: \$(groups)\n"; \
	printf "\____________________________________________________________\n"; \
	printf "\n"
	ip --color=auto address \|\| ifconfig; \
	} 2>/dev/null ; \
	echo;
	EOF
	) - \| nc $@
	stty sane
	}