A few little handy scripts I have created that should assist on pentests. 

Frogger2 - The  VLAN Hopper

Does what says in the tin. Hops VLANs.

Download from the Commonexploits Source GitHub Repository below:

Easy 802.1Q VLAN Hopping
Forks: 12
Stars: 37
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/vlan-hopping.git

 

Cisc0wn2 - Cisco SNMP Tool

Handy tool to brute force SNMP communities, enumerate information such as routing tables, interfaces and download the config file.

Download from the Commonexploits Source GitHub Repository below:

Automated Cisco SNMP Enumeration, Brute Force, Configuration Download and Password Cracking
Forks: 7
Stars: 11
Open issues: 1
Latest tag: None
git clone https://github.com/commonexploits/cisco-SNMP-enumeration.git

 

Lazymap - Auto NMAP scans and Nessus policy creation. 

Automates network scanning with NMAP.

Download from the CommonExploits GitHub Repository below:

Automate NMAP Scans and Generate Custom Nessus Policies Automatically
Forks: 41
Stars: 99
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/port-scan-automation.git

 

WinOCPHC -  Windows Offline Common Password Hash Checker

  • Auto reads file output from hashdump, fgdump, gsecdump, pwdump etc
  • Finds common passwords hashes and lists all users that share passwords
  • Lists disabled accounts (if fgdump/gsecdump tool used and if exist)
  • Lists and checks history passwords (if fgdump/gsecdump tool used and if exist) and alerts if user has the same password as previously set
  • Masks the hash output for reporting. Not good practice to put a password of the hash in a pen test report.

Download from the CommonExploits GitHub Repository below:

Windows Offline Common Password Hash Checker
Forks: 6
Stars: 22
Open issues: 1
Latest tag: None
git clone https://github.com/commonexploits/winocphc.git

 

wEAPe - Weape-Wireless-EAP-Extractor Script

Auto extracts EAP 802.1x user names from wireless access points.

Download from the CommonExploits GitHub Repository below:

Weape-Wireless-EAP-Extractor
Forks: 4
Stars: 17
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/weape.git

 

IpGen - Simple IP Address List Creator

This script is a simple front end for Nmap that will list out lists of IP addresses. It will also allow IPs to be excluded, also removes any addresses ending in x.x.x.0 or x.x.x.255.

Download from the CommonExploits GitHub Repository below:

IP Address Listing Tool
Forks: 4
Stars: 8
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/ipgen.git

 

DTP Scan

Detects DTP modes for VLAN Hopping (passive check)

DTPscan will passively sniff the network and detect which switchport mode the switch is configured in to assist with VLAN hopping attacks.

Download from the Commonexploits Source GitHub Repository below:

Detects Cisco DTP modes for VLAN Hopping (passive detection)
Forks: 10
Stars: 32
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/dtpscan.git

 

Live Hosts

This is a cut down version of the Lazymap script.

It will run NMAP and find and list just the live hosts on the network/s.

Very quick way to discover what hosts are live, for input into Nessus or to just work out how many hosts are in each VLAN.

Download from the Commonexploits Source GitHub Repository below:

Quick scan to find live hosts on the network/across networks
Forks: 10
Stars: 31
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/livehosts.git

 

Whatsfree

Very simple script to find/check for a free IP address to use on your local subnet.

Why?

During pentests you are sometimes not given a free IP address to scan from, or you are given a free IP address but you want to ensure it is not in use.

Ever set your IP address to one that a client gives you and find it is in use?

You do not need to set an IP address, just run this simple script and it will work out the range that should be there and arpscan to find what is in use. It will then display what IP addresses are free.

Download from the Commonexploits Source GitHub Repository below:

Find a useable IP address to use
Forks: 9
Stars: 17
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/whatsfree.git

 

Junijohn

A very simple script to extract usernames and hashes from Juniper firewall configs.

Just point to the config file, it will extract all local user accounts and password hashes and format/output them in the correct way to run John the Ripper over them.

Download from the Commonexploits Source GitHub Repository below:

Extract Juniper firewall usernames and hashes and put into a John the Ripper format for cracking
Forks: 3
Stars: 6
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/junijohn.git

 

Sonijohn

A very simple script to extract usernames and hashes from Sonicwall encoded firewall configs.

Just point to the config file, it will base64 decode it, extract all local user accounts and password hashes and format/output them in the correct way to run John the Ripper over them.

Download from the Commonexploits Source GitHub Repository below:

Sonicwall Firewall decoder, username, password hash extract. Formats into John the Ripper
Forks: 4
Stars: 12
Open issues: 0
Latest tag: None
git clone https://github.com/commonexploits/sonijohn.git