[download attached] several scripts commonly used in penetration testing that are worth collecting

• 1.dirsearch Directory scanning
• 2.OneForAll-master Asset collection
• 3.sqlmap
• 4.awvs Batch scan
• 5.ip decode

Be careful ： Install your computer before using it python2x and python3x Environment .

At the end of the article, get all the script Baidu cloud download links

dirsearch Directory scanning

Dirsearch Is a probe WEB Sensitive files under the server / Directory command line tools .

Input cmd

The order is as follows

Python dirsearch.py -u https://www.baidu.com/ -e * -x 999

  The generated directory will be in the folder resports in .

OneForAll-master Asset collection

Powerful feature collection capability , Please read the description of the collection module for detailed modules

Use certificate transparency to collect subdomains （ There are 6 A module ：censys_api,certdb_api,certspotter,crtsh,entrust,google）

General check collection subdomain （ There are 4 A module ： Domain transport exploit axfr, Check the cross domain policy file cdx, Check HTTPS certificate cert, Check the content security policy csp, Check robots file robots, Check sitemap file sitemap, Check will be added later NSEC Record ,NSEC3 Record and other modules ）- Use web crawler files to collect subdomains （ There are 2 A module ：archivecrawl,commoncrawl, This module is still being debugged , The module needs to be added and improved ）

utilize DNS Data set collection sub domain （ There are 16 A module ：binaryedge_api, circl_api, hackertarget, riddler, bufferover, dnsdb, ipv4info, robtex, chinaz, dnsdb_api, netcraft, securitytrails_api, chinaz_api, dnsdumpster, ptrarchive, sitedossier）

utilize DNS Query collection sub domain （ There are 1 A module ： By enumerating common SRV Record and query to collect subdomains srv, The module needs to be added and improved ）

Use threat intelligence platform data collection sub domain （ There are 5 A module ：riskiq_api,threatbook_api,threatminer,virustotal,virustotal_api The module needs to be added and improved ）

Use search engines to find subdomains （ There are 15 A module ：ask, bing_api, fofa_api, shodan_api, yahoo, baidu, duckduckgo, google, so, yandex, bing, exalead, google_api, sogou, zoomeye_api）, In the search module, except for special search engines , General search engines support automatic exclusion of search , Full search , Recursively searching .

Powerful processing function , The subdomain results found support automatic removal , Automatically DNS analysis ,HTTP Request detection , Automatically remove invalid subdomains , Expand the of subdomains Banner Information , The final supported export formats are csv, tsv, json, yaml, html, xls, xlsx, dbf, latex, ods.

Speed is extremely fast , The collection module uses multithreaded calls , The blasting module uses asynchronous multiprocess multiprocess ,DNS Analytic and HTTP The request uses asynchronous multiprocessing .

The order is as follows

python oneforall.py --target https://www.baidu.com run

  Will be in results Create a .csv file , You can see the port number , Subdomain name and other information , Very easy to use .

sqlmap

The order is as follows

python sqlmap.py -u  https://www.baidu.com?id=1 --batch --level 3 --risk 3 -dbs

Here are some commonly used sqlmap Injection order

awvs Batch scan

When our asset collection is complete , You can copy the collected subdomain names to a txt In the document

The order is as follows

python awvs.py -f ./4.txt

These two directories will be imported into awvs in , Start automatic scanning .

Common commands

 view help 
python awvs.py -h

 Add a target and scan  -u
python awvs.py -u https://www.baidu.com

 Read text and scan  -f
python awvs.py -f ./4.txt

 Delete all targets and scanning tasks  -d
python awvs.py -d 

ip decode

  If you encounter internal ip Address disclosure vulnerability , You may need to check the... In the caught bag ip decode , Here's the picture .

The order is as follows

python 1.py 3557624597.7033.0000

Reference material

[1] Collection module description :https%3A//github.com/shmilylty/OneForAll/docs/collection_modules.md*

[2] Collection module :https%3A//github.com/shmilylty/OneForAll/oneforall/collect.py*

[3] Blasting module :https%3A//github.com/shmilylty/OneForAll/oneforall/aiobrute.py*