pentesting security security-tools ctf-tools pentest-scripts reverse-shell pentestmonkey dirsearch dns-zone-transfers qrencode reverse irc irc-bot irc-client headers

pypentesting

This repository contains some python tools that may be of some help in pentesting, CTFs or information security assignments in general:

revshell.py (reverse shell generator)
shconverter.py (objdump2shellcode converter)
explorer.py (processes dirsearch results and then pops a browser with every url we can visit)
qrutils.py (easily decode/encode QR codes)
vtamper.py (verb tampering/avalaibility checker)
dnz.py (dns zone transfers)
irc_bot.py (an IRC bot main template using twisted framework)
fakeid.py (fake id generator)

revshell

This is a simple script to automate the process of generating a reverse-shell command like those described in pentestmonkey blog:

Note: You can find a more updated and featured version of the revshell.py script here!

shconverter

This is a small script that takes as input an objdump output and extracts the shellcode:

Example - asm snippet from here:

explorer

This script uses selenium with chromedriver (can work with other web-drivers also) to open every url (with a status code of 200) from a dirsearch output (specified with --plain-text-report):

qrutils

Easily decode a QR code using zxing online service or QR-encode a message using qrencode utility:

vtamper

Simple verb avalaibility/tampering checker. Using the -i switch it checks also for common header-vulnerabilities:

dnz

This script uses dnspython to perform DNS zone transfers easily:

irc

This script can be used as a template to built an automated IRC-bot using twisted framework.

fakeid

This script uses fakenamegenerator.com to generate a completely random person's id.

Requirements:

Note: To install the requirements (except for qrencode and chromedriver):

pip install -r requirements.txt --upgrade --user

Disclaimer

These tools are only for testing and academic purposes and can only be used where strict consent has been given. Do not use them for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by these tools, programs, scripts and software.

License

This project is licensed under the GPLv3 License - see the LICENSE file for details

About

python tools to assist in penetration testing

pentesting security security-tools ctf-tools pentest-scripts reverse-shell pentestmonkey dirsearch dns-zone-transfers qrencode reverse irc irc-bot irc-client headers

GNU General Public License v3.0

Languages

Language:Python 100.0%