scripts facelift

README.md

@@ -56,11 +56,3 @@ git clone https://github.com/maldevel/PenTestKit.git
 cd PenTestKit/
 sudo pip install -r requirements.txt
 ```
-
-***
-
-### Credits
-
-* [web_headers_checker.py](https://github.com/nma-io/pentest_tools/blob/master/web_headers_checker.py) from nma-io.
-* [AutoNessus](https://github.com/redteamsecurity/AutoNessus) from redteamsecurity.
-* [ShodanHat](https://github.com/HatBashBR/ShodanHat) from HatBashBR.

live-hosts/discover-live-hosts-ack-from-list.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+#    This file is part of PenTestKit
+#    Copyright (C) 2017-2018 @maldevel
+#    https://github.com/maldevel/PenTestKit
+#
+#    PenTestKit - Useful tools for Penetration Testing.
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#    For more see the file 'LICENSE' for copying permission.
+
+
+if [[ $EUID -ne 0 ]]; then
+  echo "For better results, please run this script as root." 1>&2
+  exit 1
+fi
+
+if [ $# -eq 1 ]; then
+  LOGNAME="tcp_ack_live_hosts_$1"
+  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
+  LOGNAME2="$LOGNAME.txt"
+  nmap -vv -n -sn -PA21,22,23,25,53,80,88,110,135,139,143,443,445,465,587,993,995,1433,3306,3389,8080,8443 -oA $LOGNAME -iL $1 | grep 'report' | grep -v 'host down' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2
+else
+    echo "Please provide a file list of targets."
+fi

live-hosts/discover-live-hosts-ack.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
 #    This file is part of PenTestKit
-#    Copyright (C) 2017 @maldevel
+#    Copyright (C) 2017-2018 @maldevel
 #    https://github.com/maldevel/PenTestKit
-#    
+#
 #    PenTestKit - Useful tools for Penetration Testing.
 #
 #    This program is free software: you can redistribute it and/or modify
@@ -18,26 +18,22 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#   
+#
 #    For more see the file 'LICENSE' for copying permission.
 
 
-# -n    	Never do DNS resolution
-# -sn   	Ping Scan - disable port scan
-# -PA[portlist] TCP ACK discovery to given ports
-# -oA   	Output in the three major formats at once
-
 if [[ $EUID -ne 0 ]]; then
   echo "For better results, please run this script as root." 1>&2
   exit 1
 fi
 
 if [ $# -eq 1 ]; then
   LOGNAME="tcp_ack_live_hosts_$1"
-  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g')
-  nmap -n -sn -PA21,22,23,25,53,80,88,110,135,139,143,443,445,465,587,993,995,1433,3306,3389,8080,8443 -oA $LOGNAME $1 | grep 'report' | sed 's/Nmap scan report for //'
+  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
+  LOGNAME2="$LOGNAME.txt"
+  nmap -vv -n -sn -PA21,22,23,25,53,80,88,110,135,139,143,443,445,465,587,993,995,1433,3306,3389,8080,8443 -oA $LOGNAME $1 | grep 'report' | grep -v 'host down' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2
 else
-    echo "Please provide the target ip range."
+    echo "Please provide the target IP range."
 fi
 
 

live-hosts/discover-live-hosts-icmp-echo-from-list.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+#    This file is part of PenTestKit
+#    Copyright (C) 2017-2018 @maldevel
+#    https://github.com/maldevel/PenTestKit
+#
+#    PenTestKit - Useful tools for Penetration Testing.
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#    For more see the file 'LICENSE' for copying permission.
+
+
+if [[ $EUID -ne 0 ]]; then
+  echo "For better results, please run this script as root." 1>&2
+  exit 1
+fi
+
+if [ $# -eq 1 ]; then
+  LOGNAME="icmp_echo_live_hosts_$1"
+  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
+  LOGNAME2="$LOGNAME.txt"
+  nmap -vv -n -sn -PE -oA $LOGNAME -iL $1 | grep 'report' | grep -v 'host down' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2
+else
+  echo "Please provide a file list of targets."
+fi

live-hosts/discover-live-hosts-icmp-echo.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
 #    This file is part of PenTestKit
-#    Copyright (C) 2017 @maldevel
+#    Copyright (C) 2017-2018 @maldevel
 #    https://github.com/maldevel/PenTestKit
-#    
+#
 #    PenTestKit - Useful tools for Penetration Testing.
 #
 #    This program is free software: you can redistribute it and/or modify
@@ -18,24 +18,20 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#   
+#
 #    For more see the file 'LICENSE' for copying permission.
 
 
-# -n	Never do DNS resolution
-# -sn	Ping Scan - disable port scan
-# -PE	ICMP echo request discovery probes
-# -oA	Output in the three major formats at once
-
 if [[ $EUID -ne 0 ]]; then
   echo "For better results, please run this script as root." 1>&2
   exit 1
 fi
 
 if [ $# -eq 1 ]; then
   LOGNAME="icmp_echo_live_hosts_$1"
-  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g')
-  nmap -n -sn -PE -oA $LOGNAME $1 | grep 'report' | sed 's/Nmap scan report for //'
+  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
+  LOGNAME2="$LOGNAME.txt"
+  nmap -vv -n -sn -PE -oA $LOGNAME $1 | grep 'report' | grep -v 'host down' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2
 else
   echo "Please provide the target ip range."
 fi

live-hosts/discover-live-hosts-protocol-ping-from-list.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+#    This file is part of PenTestKit
+#    Copyright (C) 2017-2018 @maldevel
+#    https://github.com/maldevel/PenTestKit
+#
+#    PenTestKit - Useful tools for Penetration Testing.
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#    For more see the file 'LICENSE' for copying permission.
+
+
+if [[ $EUID -ne 0 ]]; then
+  echo "For better results, please run this script as root." 1>&2
+  exit 1
+fi
+
+if [ $# -eq 1 ]; then
+  LOGNAME="tcp_proto_ping_hosts_$1"
+  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
+  LOGNAME2="$LOGNAME.txt"
+  nmap -vv -n -sn -PO -oA $LOGNAME -iL $1 | grep 'report' | grep -v 'host down' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2
+else
+  echo "Please provide a file list of targets."
+fi
+
+

live-hosts/discover-live-hosts-protocol-ping.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
 #    This file is part of PenTestKit
-#    Copyright (C) 2017 @maldevel
+#    Copyright (C) 2017-2018 @maldevel
 #    https://github.com/maldevel/PenTestKit
-#    
+#
 #    PenTestKit - Useful tools for Penetration Testing.
 #
 #    This program is free software: you can redistribute it and/or modify
@@ -18,26 +18,22 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#   
+#
 #    For more see the file 'LICENSE' for copying permission.
 
 
-# -n            	Never do DNS resolution
-# -sn           	Ping Scan - disable port scan
-# -PO[protocol list] 	IP Protocol Ping
-# -oA           	Output in the three major formats at once
-
 if [[ $EUID -ne 0 ]]; then
   echo "For better results, please run this script as root." 1>&2
   exit 1
 fi
 
 if [ $# -eq 1 ]; then
-  LOGNAME="tcp_ack_live_hosts_$1"
-  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g')
-  nmap -n -sn -PO -oA $LOGNAME $1 | grep 'report' | sed 's/Nmap scan report for //'
+  LOGNAME="tcp_proto_ping_hosts_$1"
+  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
+  LOGNAME2="$LOGNAME.txt"
+  nmap -vv -n -sn -PO -oA $LOGNAME $1 | grep 'report' | grep -v 'host down' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2
 else
-  echo "Please provide the target ip range."
+  echo "Please provide the target IP range."
 fi
 
 

live-hosts/discover-live-hosts-sctp-from-list.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+#    This file is part of PenTestKit
+#    Copyright (C) 2017-2018 @maldevel
+#    https://github.com/maldevel/PenTestKit
+#
+#    PenTestKit - Useful tools for Penetration Testing.
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#    For more see the file 'LICENSE' for copying permission.
+
+
+if [[ $EUID -ne 0 ]]; then
+  echo "For better results, please run this script as root." 1>&2
+  exit 1
+fi
+
+if [ $# -eq 1 ]; then
+  LOGNAME="sctp_live_hosts_$1"
+  LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g')
+  LOGNAME2="$LOGNAME.txt"
+  nmap -vv -n -sn -PY2905 -oA $LOGNAME -iL $1 | grep 'report' | grep -v 'host down' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2
+else
+  echo "Please provide a file list of targets."
+fi
+
+