GitHub - sha0coder/gohack: Hack tools coded in golang

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 51 Commits
bin		bin
carnivore		carnivore
pkg/linux_amd64		pkg/linux_amd64
src		src
test		test
wordlists		wordlists
.gitignore		.gitignore
Makefile		Makefile
README		README
crawl.go		crawl.go
dirscan.go		dirscan.go
dnsbrute.go		dnsbrute.go
fauth.go		fauth.go
go.mod		go.mod
go.sum		go.sum
massftpanon.go		massftpanon.go
massh.go		massh.go
netio.js		netio.js
octet.go		octet.go
paralel.go		paralel.go
params.go		params.go
pipper.go		pipper.go
requests.go		requests.go
smbrute.go		smbrute.go
smtp.ex		smtp.ex
smtp.js		smtp.js
smtpEnum.go		smtpEnum.go
sshbrute.go		sshbrute.go
sshscan.go		sshscan.go
tcpscan.go		tcpscan.go
vulncheck.go		vulncheck.go

Repository files navigation

fauth -> fast basic auth bruteforce
pipper -> web get/post bruteforcing
smtpEnum -> enumerate smtp accoutns
massftpanon -> scan a net for ftp with anonymous access
smbrute -> bruteforce SMB accounts
sshbrute -> bruteforce SSH logins
tcpscan -> portscan based on tcp response useful if the host is routed via tor
massh -> from a file with ip's try to connect to each ip with one password via ssh
dnsbrute -> enumerate subdomains bruteforcing a nameserver
carnivore -> pentest url parameters


soon:
exploit-db -> not finished yet, but launch all exploit-db exploits to a site.
params -> get/post parameter analysis


==PIPPER==



Examples:

Discover php files, hide 404 responses, 20 concurent goroutines:
./pipper -url 'http://site.com/##.php' -go 20 -dict wordlist.txt -hc 404

Fuzz post parameter, hidding the response of 100 words
./pipper -url 'http://site.com/test.php' -post 'id=##' -dict wordlist.txt -go 20  -hw 100


Output:

code words lines bytes 		url
(404) [30] [76] [1245]          http://test.com/0

We need to hide the normal response to see the interesting responses,
then -hc 404 or -hw 30 or -hl 76 or -hb 1245



$ ./pipper  -url http://test.com/## -dict wordlists.txt  -go 10
checking http://test.com/## ... 
Server: BlockDOS
Default response: 200
Allowed Options: OPTIONS, TRACE, GET, HEAD, POST
Scanning, press enter to interrupt.
(404) [30] [76] [1245]		http://test.com/~ 
(404) [30] [76] [1245]		http://test.com/0 
(404) [30] [76] [1245]		http://test.com/_ 
(404) [30] [76] [1245]		http://test.com/00 
(404) [30] [76] [1245]		http://test.com/000000 
(404) [30] [76] [1245]		http://test.com/xarancms_haupt 
(404) [30] [76] [1245]		http://test.com/00000000 
(404) [30] [76] [1245]		http://test.com/007 
(404) [30] [76] [1245]		http://test.com/0007 
(200) [298] [764] [15174]	http://test.com/ 
(404) [30] [76] [1245]		http://test.com/007007 
[enter]



For random response bytes, we can use ranges:

-hwl 10 -hwh 20  (hide responses with 10 to 20 words)


Donation:
Bitcoin: 3GrtoFKp7UAf2eqTeUnN8eM3V7RS3n25Ae
Ether: 0x66DB9aCAEB85A08e34c04B4F290dE840E93dd08A