Nikita Medvedev nikallass

## github-recon
“Hackme.tld” API_key
“Hackme.tld” secret_key
“Hackme.tld” aws_key
“Hackme.tld” Password
“Hackme.tld” FTP
“Hackme.tld” login
“Hackme.tld” github_token
“Hackme.tld” http:// & https://
“Hackme.tld” amazonaws
“Hackme.tld” digitaloceanspaces

## subdomain.rb
#Tools based on a resolver.rb by @melvinsh
#Repository: https://github.com/melvinsh/subresolve
#Modified by @ehsahil for Personal Use.
#Modified by @nikallass for Personal Use.

require 'socket'
require 'colorize'

begin
  if ARGV[0] == nil

## meterpreter.sl
in armitage/armitage.jar
in /scripts/meterpreter.sl

replace line 381:
from:  if ($text ismatch '... (.*?):(\d+) - TCP OPEN') {
to:    if ($text ismatch '... (.*?): +- \1:(\d+) - TCP OPEN') {


## toggle_terminator.sh
#!/bin/bash
# hotkey for prefrences /root/toggle_terminator.sh terminator
# on first start run script manually to install dependencies
#
# This script does this:
# launch an app if it isn't launched yet,
# focus the app if it is launched but not focused,
# minimize the app if it is focused.
#
# by desgua - 2012/04/29

## rbcd_demo.ps1
# import the necessary toolsets
Import-Module .\powermad.ps1
Import-Module .\powerview.ps1

# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
whoami

# the target computer object we're taking over
$TargetComputer = "primary.testlab.local"

## Kali 2017.1 x64, Docker-ce Install script
#!/bin/bash

# update apt-get
export DEBIAN_FRONTEND="noninteractive"
sudo apt-get update

# remove previously installed Docker
sudo apt-get remove docker docker-engine docker.io* lxc-docker*

# install dependencies 4 cert

## check-smb-v3.11.sh
#!/bin/bash
if [ $# -eq 0 ]
  then
    echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
    exit 1
fi

echo "Checking if there's SMB v3.11 in" $1 "..."

nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'

## ptrarc.sh
#!/bin/bash

if [ "$1" == "-h" ] || [ "$1" == "--help" ] || [[ $# -eq 0 ]]
  then
    me=`basename "$0"`
    echo "Find subdomains in PTR-archive http://ptrarchive.com/tools/search.htm?date=ALL&label=example.com"
    echo -e "Usage:\n\t./${me} [domain]"
    echo -e "Example:\n\t./${me} example.com"
    echo -e "\t./${me} -v example.com # Verbose output, includes IPs."
    exit 1

## portinfo.sh
#!/bin/bash

if [ "$1" == "-h" ] || [ "$1" == "--help" ]
  then
    me=`basename "$0"`
    echo "Find information about TCP/IP ports."
    echo -e "Usage:\n\t./${me} [port|service]"
    echo -e "Example:\n\t./${me} snmp\n\t./${me} 3389"
    exit 1
fi

## crt.sh
#!/bin/bash

if [ "$1" == "-h" ] || [ "$1" == "--help" ] || [[ $# -eq 0 ]]
  then
    me=`basename "$0"`
    echo "Find subdomains in certificate transparency log."
    echo -e "Usage:\n\t./${me} [domain]"
    echo -e "Example:\n\t./${me} example.com"
    exit 1
fi
	“Hackme.tld” API_key
	“Hackme.tld” secret_key
	“Hackme.tld” aws_key
	“Hackme.tld” Password
	“Hackme.tld” FTP
	“Hackme.tld” login
	“Hackme.tld” github_token
	“Hackme.tld” http:// & https://
	“Hackme.tld” amazonaws
	“Hackme.tld” digitaloceanspaces
	#Tools based on a resolver.rb by @melvinsh
	#Repository: https://github.com/melvinsh/subresolve
	#Modified by @ehsahil for Personal Use.
	#Modified by @nikallass for Personal Use.

	require 'socket'
	require 'colorize'

	begin
	if ARGV[0] == nil
	in armitage/armitage.jar
	in /scripts/meterpreter.sl

	replace line 381:
	from: if ($text ismatch '... (.*?):(\d+) - TCP OPEN') {
	to: if ($text ismatch '... (.*?): +- \1:(\d+) - TCP OPEN') {
	#!/bin/bash
	# hotkey for prefrences /root/toggle_terminator.sh terminator
	# on first start run script manually to install dependencies
	#
	# This script does this:
	# launch an app if it isn't launched yet,
	# focus the app if it is launched but not focused,
	# minimize the app if it is focused.
	#
	# by desgua - 2012/04/29
	# import the necessary toolsets
	Import-Module .\powermad.ps1
	Import-Module .\powerview.ps1

	# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
	whoami

	# the target computer object we're taking over
	$TargetComputer = "primary.testlab.local"
	#!/bin/bash

	# update apt-get
	export DEBIAN_FRONTEND="noninteractive"
	sudo apt-get update

	# remove previously installed Docker
	sudo apt-get remove docker docker-engine docker.io* lxc-docker*

	# install dependencies 4 cert
	#!/bin/bash
	if [ $# -eq 0 ]
	then
	echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
	exit 1
	fi

	echo "Checking if there's SMB v3.11 in" $1 "..."

	nmap -p445 --script smb-protocols -Pn -n $1 \| grep -P '\d+\.\d+\.\d+\.\d+\|^\\|.\s+3.11' \| tr '\n' ' ' \| replace 'Nmap scan report for' '@' \| tr "@" "\n" \| grep 3.11 \| tr '\|' ' ' \| tr '_' ' ' \| grep -oP '\d+\.\d+\.\d+\.\d+'
	#!/bin/bash

	if [ "$1" == "-h" ] \|\| [ "$1" == "--help" ] \|\| [[ $# -eq 0 ]]
	then
	me=`basename "$0"`
	echo "Find subdomains in PTR-archive http://ptrarchive.com/tools/search.htm?date=ALL&label=example.com"
	echo -e "Usage:\n\t./${me} [domain]"
	echo -e "Example:\n\t./${me} example.com"
	echo -e "\t./${me} -v example.com # Verbose output, includes IPs."
	exit 1