Scripts that would help while pentesting

This script helps you build IPs file based on a previous -sP nmap scan.

This script scan all the targets inside an input file. It creates a directory for each target and write the scan result into a nmaped.txt file.

This script double scan a target. First it checks for all possible opened ports in aggressive mode. Then it runs a second scan with more discovery options against the previously found ports only.

This python script helps you to make requests on urls by focusing only on the essential things. You can add a proxy if needed (e.g. send the requests to burp).

An extensive and easy-to-use XSS fuzzer that targets web-based email clients.

Some great stuff when it comes to code analysis or shell scripting.

Custom blind sqli exploit script (test against Atutor, works fine!) that give you a reverse php shell on the target.

Fully automated auth bypass exploit against OpenCRX. Note that the OpenCRXToken.java file must be located in the same directory as the python file.

A full functional XXE exploit tool against OpenCRX.

Exploit of an XSS vulnerability against atmail that leads to an RCE attack.

Exploit that leads to a full compromise of the system if leverage to RCE (not showned here: do it guys!).

A magiclink bypass example.

A simple (de)serializer script that uses Pickle library.

Malware section with base to build your own droppers, introducing reflection techniques, msoffice phishing, process & DLL injection, Reflective DLL injection, ...