Manas Bellani manasmbellani
manasmbellani
/ subdomaincheck.py
Last active
March 3, 2022 01:20
Subdomaincheck.py - A script to detect subdomain takeover possibilities given a list of domains.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from argparse import ArgumentParser, RawTextHelpFormatter | |
| import subprocess | |
| import shlex | |
| import requests | |
| USER_AGENT_STR = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0" |
manasmbellani
/ recon_info_grepassets.py
Last active
August 8, 2018 05:03
recon_info_grepassets.py - script to parse domains, hashes, and ip addresses from a file/directory. Useful for info gathering phase of pentesting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import os | |
| import re | |
| import subprocess | |
| import shlex | |
| import requests | |
| from argparse import ArgumentParser, RawTextHelpFormatter | |
| DEFINITION = ("Greps the assets, IPs, and emails from a given input file, and " |
manasmbellani
/ recon_info_crtsh.py
Created
September 30, 2017 20:50
recon_info_crtsh - connect to crt.sh and obtain a list of subdomains that belong to the specified main domain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import subprocess | |
| import shlex | |
| import requests | |
| from bs4 import BeautifulSoup | |
| from sys import exit | |
| from argparse import ArgumentParser, RawTextHelpFormatter | |
| ### URL to crt.sh to get all the domains |
manasmbellani
/ recon_info_netcraft.py
Created
October 1, 2017 02:36
recon_info_netcraft.py - Script to download sub domains for a given domain from netcraft.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import subprocess | |
| import shlex | |
| import requests | |
| from bs4 import BeautifulSoup | |
| from sys import exit | |
| from argparse import ArgumentParser, RawTextHelpFormatter | |
manasmbellani
/ modified-sudo-backdoor.sh
Created
October 29, 2017 02:27
A script inspired by the sudo-backdoor script from ldionmarcil - instead of sending the creds remotely, it will write to disk.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script created for testing and learning purposes only. The author does not take any responsibility for the actions taken | |
| # when using this script. | |
| # Note that it is generally not a good idea to be storing plain text credentials to disk where other users will be able to | |
| # access them. | |
| # Drop this file on disk in the leading directory on $PATH and make it executable | |
| # Then update the CREDS_FILE to the location that the creds must be written |
manasmbellani
/ zzz_exploit_2.py
Created
January 18, 2018 14:30
Modified zzz_exploit.py script which will execute a user provided shellcode file (e.g. generated via msfvenom) to be dropped and executed on the target. A metapsploit listener on the other side will then listen for the received shell/sending a secondary stager payload.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb, smbconnection | |
| from mysmb import MYSMB | |
| from struct import pack, unpack, unpack_from | |
| import sys | |
| import socket | |
| import time | |
| ''' | |
| MS17-010 exploit for Windows 2000 and later by sleepya |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:vb="urn:the-xml-files:xslt-vb" xmlns:user="placeholder" version="1.0"> | |
| <!-- Copyright (c) Microsoft Corporation. All rights reserved. --> | |
| <xsl:output method="text" omit-xml-declaration="yes" indent="no"/> | |
| <xsl:strip-space elements="*" /> | |
| <ms:script implements-prefix="user" language="JScript"> | |
| <![CDATA[ | |
manasmbellani
/ Get-EmployeesWithId.ps1
Last active
September 12, 2021 13:44
Gets a list of employees with Active EmployeeID and information on them.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gets a list of employees with Active EmployeeID | |
| # As at 24/07/2018, Information on Get-ADUser powershell cmdlet available at https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=winserver2012-ps | |
| Get-ADUser -LDAPFilter "(&(EmployeeID=*))" -Properties EmployeeID,EmployeeNumber,Displayname,department, userAccountControl,title | Export-Csv -Path C:\Windows\Temp\out.csv |
manasmbellani
/ check_live_assets_via_ping.sh
Created
August 8, 2018 06:36
Check live assets via a ping scan. Tested on Kali Linux.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -lt 2 ]; then | |
| echo "[-] $0 <assets-list> <out-active-assets-list>" | |
| exit | |
| fi | |
| assets_list="$1" | |
| out_active_assets_list="$2" | |
| for asset in `cat "$assets_list"`; do | |
| echo "[*] Testing asset '$asset'" |
manasmbellani
/ get_dorks_for_sensitive_dirs.sh
Last active
August 12, 2018 15:22
Get the latest dorks from Github for a given ID/category which is the page that dorks are located on e.g. 3 is sensitive directories.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ./get_latest_dorks_from_ghdb.sh 3 |
OlderNewer