A few little handy scripts I have created that should assist on pentests.
Frogger2 - The VLAN Hopper
Does what says in the tin. Hops VLANs.
Download from the Commonexploits Source GitHub Repository below:
Cisc0wn2 - Cisco SNMP Tool
Handy tool to brute force SNMP communities, enumerate information such as routing tables, interfaces and download the config file.
Download from the Commonexploits Source GitHub Repository below:
Lazymap - Auto NMAP scans and Nessus policy creation.
Automates network scanning with NMAP.
Download from the CommonExploits GitHub Repository below:
WinOCPHC - Windows Offline Common Password Hash Checker
- Auto reads file output from hashdump, fgdump, gsecdump, pwdump etc
- Finds common passwords hashes and lists all users that share passwords
- Lists disabled accounts (if fgdump/gsecdump tool used and if exist)
- Lists and checks history passwords (if fgdump/gsecdump tool used and if exist) and alerts if user has the same password as previously set
- Masks the hash output for reporting. Not good practice to put a password of the hash in a pen test report.
Download from the CommonExploits GitHub Repository below:
wEAPe - Weape-Wireless-EAP-Extractor Script
Auto extracts EAP 802.1x user names from wireless access points.
Download from the CommonExploits GitHub Repository below:
IpGen - Simple IP Address List Creator
This script is a simple front end for Nmap that will list out lists of IP addresses. It will also allow IPs to be excluded, also removes any addresses ending in x.x.x.0 or x.x.x.255.
Download from the CommonExploits GitHub Repository below:
DTP Scan
Detects DTP modes for VLAN Hopping (passive check)
DTPscan will passively sniff the network and detect which switchport mode the switch is configured in to assist with VLAN hopping attacks.
Download from the Commonexploits Source GitHub Repository below:
Live Hosts
This is a cut down version of the Lazymap script.
It will run NMAP and find and list just the live hosts on the network/s.
Very quick way to discover what hosts are live, for input into Nessus or to just work out how many hosts are in each VLAN.
Download from the Commonexploits Source GitHub Repository below:
Whatsfree
Very simple script to find/check for a free IP address to use on your local subnet.
Why?
During pentests you are sometimes not given a free IP address to scan from, or you are given a free IP address but you want to ensure it is not in use.
Ever set your IP address to one that a client gives you and find it is in use?
You do not need to set an IP address, just run this simple script and it will work out the range that should be there and arpscan to find what is in use. It will then display what IP addresses are free.
Download from the Commonexploits Source GitHub Repository below:
Junijohn
A very simple script to extract usernames and hashes from Juniper firewall configs.
Just point to the config file, it will extract all local user accounts and password hashes and format/output them in the correct way to run John the Ripper over them.
Download from the Commonexploits Source GitHub Repository below:
Sonijohn
A very simple script to extract usernames and hashes from Sonicwall encoded firewall configs.
Just point to the config file, it will base64 decode it, extract all local user accounts and password hashes and format/output them in the correct way to run John the Ripper over them.
Download from the Commonexploits Source GitHub Repository below: