added shell-plug

.#scan.sh

@@ -0,0 +1 @@
+msc@nixmsc.941:1569389815

scan.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+add_params="-Pn"
+
 function initial {
 
     if [ -f nmap/initial.nmap ]; then
@@ -7,8 +9,8 @@ function initial {
        exit 1
     fi
 
-    echo "[-] Initial scan for $1"
-    nmap -T4 -oA nmap/initial "$1" 2> /dev/null
+    echo "[*] Initial scan for $1"
+    nmap -T4 -oA nmap/initial "$1" "$add_params" 2> /dev/null
 
 }
 
@@ -18,8 +20,8 @@ function allports {
         echo "[-] initial scan files are already present on system"
         exit 1
     fi
-    echo "[-] Full scna for $1"
-    nmap -T4 -p- -sV -oA nmap/all-ports "$1" 2> /dev/null
+    echo "[*] Full scan for $1"
+    nmap -T4 -p- -sV -sC -oA nmap/all-ports "$1" "$add_params" 2> /dev/null
 
 }
 
@@ -29,14 +31,24 @@ function udp {
         echo "[-] initial scan files are already present on system"
         exit 1
     fi
-    echo "[-] UDP scan for $1 (root is needed for that scan-mode)"
-    sudo nmap -T4 --top-ports 1000 -sU -oA nmap/udp "$1" 2> /dev/null
+    echo "[*] UDP scan for $1 (root is needed for that scan-mode)"
+    sudo nmap -T4 --top-ports 1000 -sU -oA nmap/udp "$1" "$add_params"  2> /dev/null
 
 }
 
+function udpfull {
+
+    if [ -f nmap/udp-full.nmap ]; then
+        echo "[-] initial scan files are already present on system"
+        exit 1
+    fi
+    echo "[*] Full UDP scan for $1 (root is needed for that scan-mode)"
+    sudo nmap -T4 -sV -sU -oA nmap/udp "$1" "$add_params"  2> /dev/null
+
+}
 
 if [ $# -ne 2 ]; then
-    echo '[-] scan <range> <type> (initial, all, udp)'
+    echo 'scan <range> <type> (initial, all, udp)'
     exit 1
 fi
 
@@ -51,4 +63,6 @@ elif [ "$2" = "full" ] || [ "$2" = "all" ]; then
     allports "$1"
 elif [ "$2" = "udp" ]; then
     udp "$1"
+elif [ "$2" = "udpfull" ]; then
+    udpfull "$1"
 fi

shell-plug.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# A shell script to use as plugin that includes several pentesting helpers, such as:
+# * Wordlists
+# * Env. Variables
+# * aliases
+
+# base variables
+WORDLIST_PATH="$HOME/documents/tools/lists"
+
+
+function pentest {
+    echo "Pentest Shortuts Plugins"
+    echo "[*] Aliases: "
+    echo "    pentest: display help for the commands and shortcuts"
+    echo ""
+    echo "[*] Env. Variables: "
+    echo "    ROCKYOU: $ROCKYOU"
+    echo "    WLIST_DIRS: $WLIST_DIRS"
+    echo "    WLIST_FILES: $WLIST_FILES"
+    echo "[*] Functions"
+    echo "    set_ip <ip>: set global env variable \$IP/\$ip to <ip>"
+    echo "    get_ip: prints \$ip"
+}
+
+function set_ip {
+    if [ "$1" != "" ]; then
+        echo "[*] Setting IP to $1"
+        echo "$1" > $HOME/.pentest_target
+        # export the scope IP as global variable
+        export ip=$(cat $HOME/.pentest_target)
+        export IP=$ip
+    fi
+}
+
+function get_ip {
+    # print the ip, for using this function
+    echo $ip
+}
+
+export ROCKYOU=$WORDLIST_PATH/SecLists/Discovery/Web-Content/raft-medium-directories.txt
+export WLIST_DIRS=$WORDLIST_PATH/SecLists/Discovery/Web-Content/raft-medium-directories.txt
+export WLIST_FILES=$WORDLIST_PATH/SecLists/Discovery/Web-Content/raft-medium-files.txt

smb-vuln-finder.sh

@@ -1,19 +1,30 @@
 #!/bin/bash
 
 ips="$1"
+params="-Pn"
 echo "[*] Enumerating all SMB Shares"
-nmap -p 139,445 --script=smb-enum-shares -iL $ips -oA nmap/smb-enum-shares > /dev/null
+nmap -p 139,445 --script=smb-enum-shares -iL $ips -oA nmap/smb-enum-shares $params > /dev/null
 echo "[*] Enumerating SMB Vulnerability: MS06-025"
-nmap -p 139,445 --script=smb-vuln-ms06-025 -iL $ips -oA nmap/smb-vuln-ms06-025 > /dev/null
+nmap -p 139,445 --script=smb-vuln-ms06-025 -iL $ips -oA nmap/smb-vuln-ms06-025 $params > /dev/null
 echo "[*] Enumerating SMB Vulnerability: MS07-029"
-nmap -p 139,445 --script=smb-vuln-ms07-029 -iL $ips -oA nmap/smb-vuln-ms07-029 > /dev/null
+nmap -p 139,445 --script=smb-vuln-ms07-029 -iL $ips -oA nmap/smb-vuln-ms07-029 $params > /dev/null
 echo "[*] Enumerating SMB Vulnerability: MS08-067"
-nmap -p 139,445 --script=smb-vuln-ms08-067 -iL $ips -oA nmap/smb-vuln-ms08-067 > /dev/null
+nmap -p 139,445 --script=smb-vuln-ms08-067 -iL $ips -oA nmap/smb-vuln-ms08-067 $params > /dev/null
 echo "[*] Enumerating SMB Vulnerability: MS10-054"
-nmap -p 139,445 --script=smb-vuln-ms10-054 -iL $ips -oA nmap/smb-vuln-ms10-054 > /dev/null
+nmap -p 139,445 --script=smb-vuln-ms10-054 -iL $ips -oA nmap/smb-vuln-ms10-054 $params > /dev/null
 echo "[*] Enumerating SMB Vulnerability: MS10-061"
-nmap -p 139,445 --script=smb-vuln-ms10-061 -iL $ips -oA nmap/smb-vuln-ms10-061 > /dev/null
+nmap -p 139,445 --script=smb-vuln-ms10-061 -iL $ips -oA nmap/smb-vuln-ms10-061 $params > /dev/null
 echo "[*] Enumerating SMB Vulnerability: ms17-010 (aka EternalBlue)"
-nmap -p 139,445 --script=smb-vuln-ms17-010 -iL $ips -oA nmap/smb-vuln-ms17-010 > /dev/null
+nmap -p 139,445 --script=smb-vuln-ms17-010 -iL $ips -oA nmap/smb-vuln-ms17-010 $params > /dev/null
 echo "[*] Enumerating SMB Vulnerability: regsvc-dos"
-nmap -p 139,445 --script=smb-vuln-regsvc-dos -iL $ips -oA nmap/smb-vuln-regsvc-dos > /dev/null
+nmap -p 139,445 --script=smb-vuln-regsvc-dos -iL $ips -oA nmap/smb-vuln-regsvc-dos $params > /dev/null
+                                                                                     
+                                                                                     
+                                                                                     
+                                                                                     
+                                                                                     
+                                                                                     
+                                                                                     
+                                                                                     
+                                                                                     
+