Last active
March 22, 2022 05:19
-
-
Save freb/308f5ba79595e2db66a4d7c720745f78 to your computer and use it in GitHub Desktop.
Bash functions for pentest tool output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nmap-uphosts() { | |
FILE=`realpath $1` | |
echo " | |
from lxml import etree | |
t = etree.parse('$FILE') | |
if \"-Pn\" in t.xpath(\"string(@args)\"): # port scan | |
hosts = t.xpath(\"/*/host[ports/port/state[@state='open']]/address[@addrtype='ipv4']/@addr\") | |
else: # ping scan | |
hosts = t.xpath(\"/*/host[status[@state='up']]/address[@addrtype='ipv4']/@addr\") | |
print(' '.join(hosts)) | |
" | python | |
} | |
nmap-downhosts() { | |
FILE=`realpath $1` | |
echo " | |
from lxml import etree | |
t = etree.parse('$FILE') | |
if \"-Pn\" in t.xpath(\"string(@args)\"): # port scan | |
hosts = t.xpath(\"/*/host[not(ports/port/state[@state='open'])]/address[@addrtype='ipv4']/@addr\") | |
else: # ping scan | |
hosts = t.xpath(\"/*/host[status[@state='down']]/address[@addrtype='ipv4']/@addr\") | |
print(' '.join(hosts)) | |
" | python | |
} | |
nmap-openports() { | |
FILE=`realpath $1` | |
python -c \ | |
"from lxml import etree; \ | |
t = etree.parse('$FILE'); \ | |
tcp = t.xpath(\"//state[@state='open']/parent::port[@protocol='tcp']/@portid\"); \ | |
tcp = list(set(tcp)); \ | |
udp = t.xpath(\"//state[@state='open']/parent::port[@protocol='udp']/@portid\"); \ | |
udp = list(set(udp)); \ | |
tcp = sorted(tcp, key=lambda x: int(x)); \ | |
udp = sorted(udp, key=lambda x: int(x)); \ | |
print('T:'+','.join(tcp)+',U:'+','.join(udp)); " | |
} | |
nmap-scope() { | |
FILE=`realpath $1` | |
echo " | |
from lxml import etree | |
t = etree.parse('$FILE') | |
hosts = t.xpath(\"//state[@state='open']/ancestor::host/address[@addrtype='ipv4']/@addr\") | |
for h in hosts: | |
tcpports = t.xpath(\"//host[address/@addr='%s']/ports/port[@protocol='tcp' and state[@state='open']]/@portid\" % h) | |
udpports = t.xpath(\"//host[address/@addr='%s']/ports/port[@protocol='udp' and state[@state='open']]/@portid\" % h) | |
tcp = [\"%s/tcp\" % t for t in tcpports] | |
udp = [\"%s/tcp\" % u for u in udpports] | |
print(\"%s: %s\" % (h, \", \".join(tcp + udp))) | |
" | python | |
} | |
nmap-topports-tcp() { | |
echo "T:$( | |
sudo nmap -oX - -sS --top-ports $1 2>&1 | | |
xmllint --xpath 'string(//scaninfo/@services)' - | |
)" | |
} | |
nmap-topports-udp() { | |
echo "U:$( | |
sudo nmap -oX - -sU --top-ports $1 2>&1 | | |
xmllint --xpath 'string(//scaninfo/@services)' - | |
)" | |
} | |
# Return the round trip time to a tcp port in microseconds: portrrt host port | |
nmap-rtt() { | |
if [ $# -lt 2 ]; then | |
echo "Usage: portrrt host port" | |
return | |
fi | |
echo "$( | |
nmap -sT -Pn -n -p$2 -d3 $1 | grep "Final times for host:" | awk '{print $6/1000}' | |
)" | |
} | |
# Get SSL cert (for any host/port) | |
# nmap and other SSL tools only like to give you the cert if the service behind | |
# it can be detected. This uses OpenSSL to get the cert from any host/port | |
# use: host:port... | |
pt-ssl-cert() { | |
for host in "$@"; | |
do | |
echo "Certicicate ($host):" | |
echo | \ | |
openssl s_client -showcerts -servername "$host" -connect "$host" 2>/dev/null | \ | |
openssl x509 -inform pem -noout -text | \ | |
grep 'Issuer\|Subject\|Public Key\|Public-Key\|Signature Algorithm' | \ | |
sed -e 's/^[[:space:]]*//' | |
echo | |
done | |
} | |
pt-ssl-cert-all() { | |
for host in "$@"; | |
do | |
echo | \ | |
openssl s_client -showcerts -servername "$host" -connect "$host" 2>/dev/null | \ | |
openssl x509 -inform pem -noout -text | |
done | |
} | |
ssllabs-scan-protocols() { | |
FILE=`realpath $1` | |
echo " | |
import json | |
with open('$FILE') as f: | |
j = json.load(f) | |
for h in j: | |
print('Host:', h['host']) | |
print('Protocols:') | |
for e in h['endpoints']: | |
for p in e['details']['protocols']: | |
print('\t {} {}'.format(p['name'], p['version'])) | |
print() | |
" | python | |
} | |
ssllabs-scan-weak-ciphers() { | |
FILE=`realpath $1` | |
echo " | |
import json | |
with open('$FILE') as f: | |
j = json.load(f) | |
for h in j: | |
print('Host:', h['host']) | |
print('Weak Ciphers:') | |
for e in h['endpoints']: | |
for s in e['details']['suites']['list']: | |
if int(s['cipherStrength']) < 128: | |
print('\t {} {}'.format(s['cipherStrength'], s['name'])) | |
print() | |
" | python | |
} | |
nessus-openports() { | |
FILE=`realpath $1` | |
python -c \ | |
"from lxml import etree; \ | |
t = etree.parse('$FILE'); \ | |
tcp = t.xpath(\"//Report/ReportHost/ReportItem[@port!='0' and @protocol='tcp']/@port\"); \ | |
tcp = list(set(tcp)); \ | |
udp = t.xpath(\"//Report/ReportHost/ReportItem[@port!='0' and @protocol='udp']/@port\"); \ | |
udp = list(set(udp)); \ | |
tcp = sorted(tcp, key=lambda x: int(x)); \ | |
udp = sorted(udp, key=lambda x: int(x)); \ | |
print('T:'+','.join(tcp)+',U:'+','.join(udp)); " | |
} | |
nessus-summary() { | |
FILE=`realpath $1` | |
echo " | |
from lxml import etree | |
t = etree.parse('$FILE') | |
name = t.xpath('//Report/@name')[0] | |
print('name: {}'.format(name)) | |
policy = t.xpath('//Policy/policyName/text()')[0] | |
print('policy: {}'.format(policy)) | |
targets = t.xpath('//preference/name[text() = \'TARGET\']/../value/text()')[0] | |
print('targets: {}'.format(targets)) | |
lows = t.xpath('//ReportItem[@severity = 1]') | |
meds = t.xpath('//ReportItem[@severity = 2]') | |
highs = t.xpath('//ReportItem[@severity = 3]') | |
print('lows:', len(lows)) | |
for i in lows: | |
ip = i.xpath('../HostProperties/tag[@name=\'host-ip\']/text()')[0] | |
print(' {}:{}\t{}'.format(ip, i.xpath('@port')[0], i.xpath('@pluginName')[0])) | |
print('meds:', len(meds)) | |
for i in meds: | |
ip = i.xpath('../HostProperties/tag[@name=\'host-ip\']/text()')[0] | |
print(' {}:{}\t{}'.format(ip, i.xpath('@port')[0], i.xpath('@pluginName')[0])) | |
print('highs:', len(highs)) | |
for i in highs: | |
ip = i.xpath('../HostProperties/tag[@name=\'host-ip\']/text()')[0] | |
print(' {}:{}\t{}'.format(ip, i.xpath('@port')[0], i.xpath('@pluginName')[0])) | |
" | python | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment