- Take from StackOverflow
gs \
-o repaired.pdf \
-sDEVICE=pdfwrite \
-dPDFSETTINGS=/prepress \
corrupted.pdf
#!/bin/bash | |
# | |
# (N)map(P)ort diff -- yeah there is `ndiff` command already but it fail to compare between `-sC` and `-p-` output format | |
# intended just for comparing between initial scan: `-sC -sV target-ipaddr` with allport scan `-p- target-ipaddr` | |
# use option `-n` to remove newline | |
# then run `-sC -sV -p{copy-and-paste-new-ports}` | |
# | |
# requirements: `pip install yq` | |
# |
#!/bin/bash | |
# | |
# (N)mapSer(V)ices(I)nfo -- yeah it's lame, can't think of anything, dont want to confused with (N)(S)cripting(E)ngine | |
# our eyes are playing tricks sometimes when the `.nmap` output is huge from `-sC -sV target-ip` | |
# just need to extract `name, product+version, port` into markdown style on each open ports | |
# then writing the rest of `-sC` output to more simplified note and continue thought process. for example; | |
# - **ftp** service open | |
# - port: 21 | |
# - version: vsftpd 3.0.3 | |
# - anonymous login allowed |
#!/bin/bash | |
function help() { | |
echo "Usage: $0 [target-url|target-url-file]" | |
echo "Example: $0 http://example.com/test/" | |
echo " $0 enumeration/gobuster/port_80_initial.txt" | |
} | |
[ ! -f /usr/share/seclists/Discovery/Web-Content/web-extensions.txt ] && echo "Error: We need https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/web-extensions.txt" && exit 0 | |
[ -z "$1" ] || [ ! -f "$1" ] && help && exit 0 |
while read line; do | |
ssh-keygen -p -P "$line" -N "$line" -f .ssh/id_rsa &>/dev/null | |
if [ "$?" == "0" ]; then | |
echo -e "\n-> Decrypted: $line" && break | |
else | |
echo -ne "\r-> $line " | |
fi | |
done < /usr/share/wordlists/rockyou.txt |
gs \
-o repaired.pdf \
-sDEVICE=pdfwrite \
-dPDFSETTINGS=/prepress \
corrupted.pdf
wfuzz -u "http://192.168.59.102/index.php?FUZZ" -w payloads.txt -b "PHPSESSID=cookie" -p 127.0.0.1:8080:HTTP --hh 12345,4321 --oF wfuzz
wfuzz -z wfuzzp,wfuzz -p 127.0.0.1:8080:HTTP --script errors --no-cache --prev FUZZ
grep -oP '(?<=Ports: ).*(?=Ignored)' | sed 's/\,\s/\n/g' | awk '/open/{print $1}'
############################################################################### | |
# OpenVAS Vulnerability Test | |
# $Id: gb_masscan.nasl 10411 2018-07-05 10:15:10Z cfischer $ | |
# | |
# masscan (NASL wrapper) | |
# | |
# Authors: | |
# Christian Kuersteiner <christian.kuersteiner@greenbone.net> | |
# | |
# Copyright: |
#!/bin/bash | |
target_ip=$1 | |
[[ -z "$target_ip" ]] && echo "We need target ip" && exit 1 | |
results=$(nmap -p 443 --script ssl-cert $target_ip | grep -oP '(?<=Subject: |Name: ).*') | |
domains=$(for name in `echo $results`; do | |
name=$(echo $name | sed -E 's/:|=/ /g' | awk '{print $NF}') # replace (:) or (=) to space and get last element($NF) | |
name=$(echo $name | sed -E 's/\*\.|\,//g') # remove .*(wildcard) and last comma(,) |