On my quest to learn all things pentest and earning my OSCP, I have written some tools that I want to share.

  • Alohomora
    • A tool that abuses public data for recon purposes
  • supersploit
    • This is just an extension of searchsploit. It makes it easy to query searchsploit and also copy the files.
      • ./supersploit -s <search param>
      • ./supersploit -c <relative path example: ./linux/remote/test.cpp>
  • OBBScan
    • Takes a batch of urls and scans the Open Bug Bounty Database for known vulnerabilities
      • obbscan <path to list of urls (line delimited)>
  • smtpenum
    • Enumerates vulnerable SMTP services for users
  • tomcat_brute-py
    • Tomcat login brute force tool.
  • tomcat_upload-py
    • Tomcat upload exploit tool. Default bind tcp payload included.
  • vsftpd_backdoor_shell-py-tar
    • Simple script that invokes the VSFTPD Backdoor and opens a shell.
  • mssql_brute
    • MSSQL login brute force tool.
  • dist_reverse_shell
    • DistCC Daemon reverse shell exploit. Default payload included.

If you expand on these tools or have any comments please feel free to reach out to me on the tweeter @DotNetRussell