Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ustayready/python-pentesting

Just a repo of random Python scripts to get pentesters started with the Python language on engagements.
https://github.com/ustayready/python-pentesting

Last synced: about 1 month ago
JSON representation

Just a repo of random Python scripts to get pentesters started with the Python language on engagements.

Host: GitHub
URL: https://github.com/ustayready/python-pentesting
Owner: ustayready
License: mit
Created: 2020-02-28T18:48:06.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2020-02-29T06:20:09.000Z (almost 5 years ago)
Last Synced: 2024-12-09T06:02:05.331Z (about 1 month ago)
Language: Python
Size: 17.6 KB
Stars: 212
Watchers: 8
Forks: 61
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-rainmana - ustayready/python-pentesting - Just a repo of random Python scripts to get pentesters started with the Python language on engagements. (Python)

README

Python for Pentesters
==================

## Overview ##
Getting started with Python for pentesting and red team engagements is fairly easy! This repo is just a small collection of random scripts to help get you started.

**Brought to you by:**

![Black Hills Information Security](https://www.blackhillsinfosec.com/wp-content/uploads/2016/03/BHIS-logo-L-300x300.png "Black Hills Information Security")

## Examples: by Mike Felch (@ustayready) and Joff Thyer (@joff_thyer) ##
This code is provided purely for educational purposes.

* pivot_winrm.py: shows how to use Python with winrm to execute commands on a remote machine
* cloud_aws_s3.py: search AWS S3 buckets for sensitive filenames
* cloud_aws_secrets.py: Dump all the secrets in AWS Secrets Manager
* cloud_azure_ad.py: Dumping AzureAD users
* cloud_gsuite_backdoor.py: Backdooring G Suite accounts for full access
* cloud_gsuite_email.py: Reading GMail emails
* crack_jwt.py: Cracking JSON web tokens
* live_host_discovery.py: Discovering live hosts on a network
* live_port_discovery.py: Discovering open ports on a host
* passwords_attack.py: Trying username/password combinations on a web authentication portal
* pivot_psremoting.py: Pivoting in a Windows environment using PSRemoting
* pivot_wmi.py: Pivoting in a Windows environment using WMI
* shodan_search.py: Searching for internet connected devices on Shodan
* socket_c2_client.py: C2 socket client
* socket_c2_server.py: C2 socket server
* web_brute.py: Brute forcing web paths for unknown attack surfaces
* web_robots.py: Downloading the robots.txt for URLs
* web_sniff.py: Sniffing HTTP packets
* web_spa.py: Interacting with a single page app with a headless browser then copying session cookies to the requests library
* pymeta.py: Read all files in a directory recursively and extracts metadata from any office documents, and PDFs discovered
* powerstrip.py: Strips comments out of a PowerShell script, and writes a file with -stripped as part of the filename
* pyinjector.py: Using ctypes to execute shellcode within the same process or inject into a remote process using thread manipulation