Skip to content

Instantly share code, notes, and snippets.

View ryan-wendel's full-sized avatar

Ryan Wendel ryan-wendel

13 followers · 4 following
View GitHub Profile
@ryan-wendel
ryan-wendel / enum_host.sh
Last active December 15, 2023 17:41
nmap script I use to enumerate hosts and pull banners with amap. Could probably use to add a few more protocols. I'll get on that...
#!/bin/bash
HOST="$1"
BASE="$2"
SCAN_UDP="1"
GRAB_BANNERS="1"
TOP_TCP_PORTS="100"
TOP_UDP_PORTS="50"
@ryan-wendel
ryan-wendel / parse_nessus_web.py
Last active July 21, 2017 14:15
Python script to parse web hosts from nessus output. Feed it a single argument that points to the nessus output file.
#!/usr/bin/python
import sys
import os.path
try:
import xml.etree.cElementTree as ET
except ImportError:
import xml.etree.ElementTree as ET
file=sys.argv[1]
@ryan-wendel
ryan-wendel / create_web_scans.sh
Last active October 14, 2020 09:37
BASH script to setup dirb and nikto enumeration from web hosts parsed from nessus output (see parse_nessus_web.py in other gist post)
#!/bin/bash
BASE="$1"
INPUT_FILE="$2"
print_help() {
echo "Usage: $(basename $0) <folder> <input file>"
}
if [ -z "$BASE" ]; then
@ryan-wendel
ryan-wendel / gobuster_recurse.sh
Last active April 24, 2023 14:23
Recursive gobuster script. I'll be looking to feed its output into EyeWitness.
#!/bin/bash
TARGET="$1"
WORDLIST="$2"
LEVELS="$3"
TMP_FILE_PREFIX="/tmp/gobuster_$$"
USER_AGENT='Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)'
BACKUP_WORDLIST="/usr/local/wordlists/custom/rw-common-dirs.txt"
RESPONSE_CODES="200,301,307,401,403"
@ryan-wendel
ryan-wendel / smb_credspray.sh
Last active October 22, 2020 02:25
Script to credential spray SMB servers with. Will attempt to access ADMIN$ to test for evelated privileges.
#!/bin/bash
HOST="$1"
USERS="$2"
PASSWORDS="$3"
SLEEP="$4"
TMP_FILE="/tmp/tmp_smb.$$.tmp"
RPCCLIENT=$(which rpcclient)
NMBLOOKUP=$(which nmblookup)
@ryan-wendel
ryan-wendel / smb_cme_credspray.sh
Last active November 9, 2023 17:57
A wrapper around CrackMapExec to help prevent locking accounts when credential spraying SMB services.
#!/bin/bash
HOST="$1"
USERS="$2"
PASSWORDS="$3"
SLEEP="$4"
EMAIL="idrinkyourmilkshake@foobarbbq.com"
TEXT="7205551234@mms.att.net"
@ryan-wendel
ryan-wendel / get_robots_paths.sh
Last active October 7, 2018 00:09
Grabs list of popular domains and aggregates disallowed path data from the top N domains' robots.txt files.
#!/bin/bash
TOP_N="5000"
SKIP_DOWNLOAD=0
BASE="/usr/local/tools/web/robots"
URL_BASE="http://s3-us-west-1.amazonaws.com/umbrella-static"
print_help() {
echo "Usage: $(basename $0) -n <integer> [-s]"
@ryan-wendel
ryan-wendel / parse_burp_history.sh
Created August 15, 2019 18:20
Simple shell script to part out requests/responses from a burp history file (with base64 output selected).
#!/bin/bash
print_help() {
echo "Usage: $(basename $0) <burp history file>"
}
INPUT=$1
if [ -z "$INPUT" ]; then
echo "Error: Provide me with a burp history file."
@ryan-wendel
ryan-wendel / jwt_store_and_set.py
Last active July 8, 2021 00:47
Python Burp Extension code to use the Cookie Jar for JWTs (medium post).
# python imports
import re
import sys
# Burp specific imports
from burp import IBurpExtender
from burp import ISessionHandlingAction
from burp import ICookie
# For using the debugging tools from
@ryan-wendel
ryan-wendel / jwt_set.py
Created September 9, 2019 22:53
Python Burp Extension code snippet to use the Cookie Jar for JWTs (medium post).
def performAction(self, current_request, macro_items):
# grab some stuff from the current request
req_text = self.helpers.bytesToString(current_request.getRequest())
# grab jwt from cookie jar
jwt = self.getCookieValue(self.cookieDomain, self.cookieName)
# does a value exist yet?
if jwt != None:
# replace the old token with the stored value