Pentest Entry Scripts

A collection of ready-to-use scripts to do recon and penetration testing on targets. Use ONLY on own or authorized systems.

How to use

These scripts should be executed in order.

git clone https://github.com/loviuz/pentest-entry-scripts.git
cd pentest-entry-scripts/
chmod +x *.sh```

Edit the config file to configure the host to scan:

# Target domain (only domain, without http)
host="127.0.0.1"

# Target protocol ("http" or "https")
protocol="http"

# Target path (starting with /)
path="/DVWA/"

# Select the browser to use for viewing scan results
browser="firefox"

# If you need a cookie, please specificy it here
cookie=""

Launch every scripts, and enjoy :-)

./0-prepare.sh
./1-recon.sh
./2-web-discovery.sh

Software used

Nmap: full network with discovery and vuln scripts

Gobuster: discovery a lot of possible subdirectories

Nikto: performs some basic vulnerability checks

DAVtest: tests if the URL support DAV protocol and some known vulnerabilities

Parsero: checks robots.txt file for some juicy info

Blackwidow: link spider with injection test (XSS, LFI and SQLi)

Wordlists from SecLists

About

A collection of ready-to-use scripts to do recon and penetration testing on targets. Use ONLY on own or authorized systems

pentest pentest-scripts security

GNU General Public License v3.0

Languages

Language:Shell 100.0%