discover: automate various pentesting tasks
For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
Download, setup & usage
- git clone https://github.com/leebaird/discover /opt/discover/
- All scripts must be run from this location.
- cd /opt/discover/
- Passive uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, multiple websites, and recon-ng.
- Active uses Nmap, dnsrecon, Fierce, lbd, WAF00W, traceroute, and Whatweb.
- Acquire API keys for Bing, Builtwith, Fullcontact, GitHub, Google, Hashes, and Shodan for maximum results with recon-ng.
- Combines info from multiple websites.
- Gather names and positions into a clean list.
Generate target list
- Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep.
CIDR, List, IP, Range, or URL
- An external scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms.
- An internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms.
- Nmap is used to perform host discovery, port scanning, service enumeration and OS identification.
- Matching nmap scripts are used for additional enumeration.
- Addition tools: enum4linux, smbclient, and ike-scan.
- Matching Metasploit auxiliary modules are also leveraged.
Insecure direct object reference
Open multiple tabs in Firefox
- Use a list containing IPs and/or URLs.
- Use wget to pull a domain’s robot.txt file, then open all of the directories.
- Use sslscan and sslyze to check for SSL/TLS certificate issues.
- Crack wireless networks.
Generate a malicious payload
Start a Metasploit listener
- Use to update Kali Linux, Discover scripts, various tools and the locate database.
Copyright (c) 2007-2017 Lee Baird