Skip to main content

Discover: A Custom Bash Scripts Used To Perform Pentesting Tasks With Metasploit

By admin

About discover: discover is a custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit Framework. For use with Kali Linux, Parrot Security OS and the Penetration Testers Framework (PTF).

About authors:

discover Installation and Updating


About RECON in discover
   Domain

RECON

1. Passive
2. Active
3. Import names into an existing recon-ng workspace
4. Previous menu

   Passive uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit Framework, URLCrazy, Whois, multiple websites, and recon-ng.

   Active uses dnsrecon, WAF00W, traceroute, Whatweb, and recon-ng.
   [*] Acquire API keys for Bing, Builtwith, Fullcontact, GitHub, Google, Hashes, Hunter, SecurityTrails, and Shodan for maximum results with recon-ng and theHarvester.

API key locations:

recon-ng
   show keys
   keys add bing_api <value>

theHarvester
   /opt/theHarvester/api-keys.yaml

   Person: Combines info from multiple websites.

RECON

First name:
Last name:

   Parse salesforce: Gather names and positions into a clean list.

Create a free account at salesforce (https://connect.data.com/login).
Perform a search on your target company > select the company name > see all.
Copy the results into a new file.

Enter the location of your list:

About SCANNING in discover
   Generate target list: Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.

SCANNING

1. Local area network
2. NetBIOS
3. netdiscover
4. Ping sweep
5. Previous menu


   CIDR, List, IP, Range, or URL

Type of scan:

1. External
2. Internal
3. Previous menu

  • External scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms.
  • Internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms.
  • Nmap is used to perform host discovery, port scanning, service enumeration and OS identification.
  • Matching nmap scripts are used for additional enumeration.
  • Addition tools: enum4linux, smbclient, and ike-scan.
  • Matching Metasploit auxiliary modules are also leveraged.

About WEB in discover
   Insecure direct object reference

Using Burp, authenticate to a site, map & Spider, then log out.
Target > Site map > select the URL > right click > Copy URLs in this host.
Paste the results into a new file.


Enter the location of your file:

   Open multiple tabs in Firefox

Open multiple tabs in Firefox with:

1. List
2. Directories from robots.txt.
3. Previous menu

  • Use a list containing IPs and/or URLs.
  • Use wget to pull a domain's robot.txt file, then open all of the directories.

   Nikto

Run multiple instances of Nikto in parallel.

1. List of IPs.
2. List of IP:port.
3. Previous menu

    SSL: Use sslscan and sslyze to check for SSL/TLS certificate issues.

Check for SSL certificate issues.

Enter the location of your list:

About MISC in discover
   Parse XML

Parse XML to CSV.

1. Burp (Base64)
2. Nessus (.nessus)
3. Nexpose (XML 2.0)
4. Nmap
5. Qualys
6. revious menu

   Generate a malicious payload

Malicious Payloads

1. android/meterpreter/reverse_tcp
2. cmd/windows/reverse_powershell
3. java/jsp_shell_reverse_tcp (Linux)
4. java/jsp_shell_reverse_tcp (Windows)
5. linux/x64/meterpreter_reverse_https
6. linux/x64/meterpreter_reverse_tcp
7. linux/x64/shell/reverse_tcp
8. osx/x64/meterpreter_reverse_https
9. osx/x64/meterpreter_reverse_tcp
10. php/meterpreter/reverse_tcp
11. python/meterpreter_reverse_https 12. python/meterpreter_reverse_tcp
13. windows/x64/meterpreter_reverse_https
14. windows/x64/meterpreter_reverse_tcp
15. Previous menu

   Start a Metasploit listener

Metasploit Listeners

1. android/meterpreter/reverse_tcp
2. cmd/windows/reverse_powershell
3. java/jsp_shell_reverse_tcp
4. linux/x64/meterpreter_reverse_https
5. linux/x64/meterpreter_reverse_tcp
6. linux/x64/shell/reverse_tcp
7. osx/x64/meterpreter_reverse_https
8. osx/x64/meterpreter_reverse_tcp
9. php/meterpreter/reverse_tcp
10. python/meterpreter_reverse_https
11. python/meterpreter_reverse_tcp
12. windows/x64/meterpreter_reverse_https
13. windows/x64/meterpreter_reverse_tcp
14. Previous menu


Read more


Comments

Post a Comment

Popular posts from this blog

5525 Interesting News

By admin
TikTok Restoring Service for U.S. Users, After Trump Signals He Will Save It The pandemic has changed the shape of global happiness The "Scream" franchise adds another self-referential sequel Millions of Chinese people play guandan. Is that good or bad? A theatre in Jenin offers a different kind of Palestinian resistance Economic data, commodities and markets Covid-19 has shone a light on racial disparities in health Is Syria's drug-dealing dictator coming in from the cold? Female soldiers are changing how armed forces work This Tool Probes Frontier AI Models for Lapses in Intelligence How much cash should be removed from the financial system? Can the voluntary carbon market save the Amazon? File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add This week's cover War in space is no longer science fiction The best Apple deals you can get right now: Save on Apple TV+, AirPods, iPads and more Trump's Agg...
Post a Comment
Read more

9774 hash passwords

By admin
blake2b-256(jade41) blake2b-256(jade420) blake2b-256(jade429) blake2b-256(jade44) blake2b-256(jade456) blake2b-256(jade4ever69) blake2b-256(jade50) blake2b-256(jade5264) blake2b-256(jade555) blake2b-256(jade5565) blake2b-256(jade69) blake2b-256(Jade69) blake2b-256(jade98) blake2b-256(jadebaby11121) blake2b-256(jadebink) blake2b-256(jadeblue) blake2b-256(jadecape) blake2b-256(jadeck) blake2b-256(jadeclub) blake2b-256(jaded) blake2b-256(jaded1) blake2b-256(jaded2) blake2b-256(jaded69) blake2b-256(jadedbaby) blake2b-256(jadedd) blake2b-256(jadedragonflower) blake2b-256(jadeds) blake2b-256(jadeduck) blake2b-256(jadeee) blake2b-256(jadeeeee) blake2b-256(jadefox) blake2b-256(jadehungder) blake2b-256(jadejade) blake2b-256(jadejord) blake2b-256(jadejs) blake2b-256(jadeland) blake2b-256(jadelilly) blake2b-256(jadelugo) blake2b-256(jadelyn) blake2b-256(jadelynn) blake2b-256(jadelynp) blake2b-256(jaden) blake2b-256(jaden0) blake2b-256(jaden1) blake2b-2...
Post a Comment
Read more

The Base Blockchain Airdrop: Hidden Opportunities You Don’t Want to Miss!

By admin
The Base blockchain, supported by Coinbase, is making waves in the crypto space with its surging Total Value Locked (TVL) and potential airdrop opportunities. In this article, we'll dive deep into Base's ecosystem, its key protocols, and strategies for maximizing potential rewards. We'll also explore SynFutures, a standout perpetual protocol, and other exciting opportunities that could set the stage for a lucrative airdrop. Base Blockchain: A Rising Star Current Status Base has climbed to the sixth position among blockchains in terms of TVL, surpassing even Arbitrum, the long-time leader in Ethereum Layer 2 solutions. With $4 billion+ in TVL , Base's rapid growth is drawing attention from the crypto community. Why the Excitement Around a Potential Airdrop? Coinbase Backing: As a leading exchange, Coinbase's involvement ensures credibility and innovation. Changing Regulations: With evolving regulatory clarity, there's renewed optimism for potential rewards lik...
Post a Comment
Read more