Hack Tools

PentestPackage – A Collection of Scripts for Pentesting

PentestPackage is a collection of scripts for Pentesting

  • Wordlists – Comprises of password lists, username lists, and subdomains
  • Web Service finder – Finds web services of a list of IPs and also returns any URL rewrites
  • Gpprefdecrypt.* – Decrypt the password of local users added via Windows 2008 Group Policy Preferences.
  • rdns.sh – Runs through a file of line separated IPs and prints if there is a reverse DNS set or not.
  • grouppolicypwn.sh – Enter domain user creds (doesn’t need to be priv) and will communicate with the domain controllers and pull any stored CPASS from group policies and decode to plain text. Useful for instant Domain Admin!
  • privchecker.sh – Very young script that simply checks DCenum to a list of users to find their group access, indicated any privileged users, this list can be edited.
  • NessusParserSummary.py – Parses Nessus results to give a summary breakdown of findings plus a host count next to each.
  • NessusParserBreakdown.py– Parses Nessus results to give a host-based breakdown of findings plus the port(protocol) and CVSS rating.
  • NmapParser.py – Parses raw NMAP results (or .nmap) and will create individual .csv files for each host with a breakdown of ports, service version, protocol and port status.
  • NmapPortCount.py – Parses raw NMAP results (or .nmap) and will generate a single CSV with a list of Hosts, a count of how many open/closed/filtered ports it has, the OS detection and ICMP response.
  • Plesk-creds-gatherer.sh – Used on older versions of Plesk (before the encryption came in) that allows you to pull out all the credentials form the databases using a nice Bash menu
  • BashScriptTemplate.sh – Handy boiler plate template fro use in new scripts.
  • PythonScriptTemplate.py – Handy boiler plate template fro use in new scripts.
  • ipexplode.pl – Simply expands CIDRs and prints the IPs in a list, handy for when you need a list of IPs and not a CIDR
  • LinEsc.sh – Linux escalation script. This will test common methods of gaining root access or show potential areas such as sticky perms that can allow manual testing for root escalation
  • gxfr.py – GXFR replicates DNS zone transfers by enumerating subdomains using advanced search engine queries and conducting DNS lookups.
  • knock.sh – Simple script used to test/perform port knocking.
  • sslscan-split-file.py – Used to split a large SSLScan results file into individual SSLScan results.
  • TestSSLServer.jar – Similar tool to SSLScan but with different output.
  • wiffy.sh – Wiffy hacking tool, encapsulated in a single Bash script.
  • gophish_positions_export.py – A simple python script for taking ‘results.csv’ and getting statistics based on positions in the company.