PYTHON small toolset (penetration testing toolset) written by myself
scanTitle.py Get domain titles in batches scanTitle.py urls.txt 10 (thread)
shodan.py Use shadan interface to query ip open ports, shodan.py 127.0.0.1 supports C segment shodan.py 127.0.0.0/24
getKeyword.py Get web page content, generate keywords, and passdict project can be used together to generate password dictionary; need pypinyin, jieba, tldextract library
dns.py Copy the code of the previous dark cloud. Add an A record xxxx.domain.com to point to the server ip, and add an ns record dnslog.domain.com to point to xxxx.domain.com. test.dnslog.domain.com
domain2ip.py Use socket.gethostbyname to query the corresponding ip of the domain name. domain2ip.py domains.dict
portScan.py If the target is windows and all unopened ports are forwarded to one port, NMAP will show that there are ports open. portScan.py -t 127.0.0.1-100 -p 80,8000-10000 -n 100
-ip2domains.py Use the query interface of virustotal.com to realize IP reverse domain name and subdomain query. good effect
-t3scan.py protocol scan, 64-bit python recommended
-nmap_oG.py format the output of nmap -oG 127.0.0.1:80
-weblogic_hash.py weblogic 6-digit random pathname calculation
-chunked.py Copy the chunked transfer script written by t00ls w8ayy. chunked.py "id=1' and 1=1 and ''='"
-ips2ipc.py /tmp/ip Convert the independent IP in the file /tmp/ip into an ip segment, 127.0.0.1; 127.0.0.100 into 127.0.0.1-100
-brute.py blasting tool, temporarily only supports ssh
-sub.py multiple interfaces to query subdomains
-iis_shortname_Scan.py py Copy lijiejie's iis shortname filename exploit tool
-tftp.py python implements tftp download tool, UDP protocol
-aliyunECS.py aliyun ECS command is executed and echoed, you need to install aliyun sdk with pip first
-fofa.py Simple fofa search tool, need to configure key
-redisWriteFile.py redis write file tool, supports python2, python3 will be a bit buggy
-mssqlC2H.py There is a Chinese path when mssql writes a file, and the hex encoding is wrong
-socks5.py2 python2 does not need a third-party library to implement socks5 proxy, from the original Internet
-simple_http.py2 There is no need for a third-party library under python2 to implement web services and upload simple_http.py2
-cms.rb whatweb CMS fingerprint, put it in the plugins directory
-f5_CookieDecode.py f5 cookie decode to ip:port,python3 f5_CookieDecode.py 1677787402.36895.0000
-npmSearch.py searches for unregistered packages through package.json, supports url or local files
-bigData.py Multiple asset discovery interfaces, check data
-/dirScan directory scan items
-/passdict Generate password based on keywords- Find cname resolution
python3 sub.py baidu.com --sub|dnsprobe-r cname - Query subdomain information
python3 sub.py baidu.com
python3 sub.py baidu.com --sub > baidu.com.sub- Scan Title
python3 scanTitle.py baidu.com.sub- Subdomain to IP
python3 domain2ip.py baidu.com.sub
Extract IP regex
([0-9]{1,3}\.){3}[0-9]{1,3}- Convert a single IP into an IP segment
python3 ips2ipc.py baidu.com.ips > baidu.com.ipc
192.168.1.1
192.168.1.9
turn into 192.168.1-9- nmap -oG Scan result conversion
nmap -n -T4 --open -iL baidu.com.ipc -oG baidu.com.nmap
python3 nmap_oG.py baidu.com.nmap
#https://www.virustotal.com Free registration to get api key
vt_key="9************"
#https://securitytrails.com/ free registration to get api key
sec_keys = ["9************"]
#https://fofa.so/ register to get the api key
fofa_email="9******@qq.com"
fofa_key="9************"import aiohttp import urlparse jieba.posseg slug
GITHUB: https://github.com/fxsjy/jieba
