-
Notifications
You must be signed in to change notification settings - Fork 5
/
README
69 lines (47 loc) · 2.03 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
fauth -> fast basic auth bruteforce
pipper -> web get/post bruteforcing
smtpEnum -> enumerate smtp accoutns
massftpanon -> scan a net for ftp with anonymous access
smbrute -> bruteforce SMB accounts
sshbrute -> bruteforce SSH logins
tcpscan -> portscan based on tcp response useful if the host is routed via tor
massh -> from a file with ip's try to connect to each ip with one password via ssh
dnsbrute -> enumerate subdomains bruteforcing a nameserver
carnivore -> pentest url parameters
soon:
exploit-db -> not finished yet, but launch all exploit-db exploits to a site.
params -> get/post parameter analysis
==PIPPER==
Examples:
Discover php files, hide 404 responses, 20 concurent goroutines:
./pipper -url 'http://site.com/##.php' -go 20 -dict wordlist.txt -hc 404
Fuzz post parameter, hidding the response of 100 words
./pipper -url 'http://site.com/test.php' -post 'id=##' -dict wordlist.txt -go 20 -hw 100
Output:
code words lines bytes url
(404) [30] [76] [1245] http://test.com/0
We need to hide the normal response to see the interesting responses,
then -hc 404 or -hw 30 or -hl 76 or -hb 1245
$ ./pipper -url http://test.com/## -dict wordlists.txt -go 10
checking http://test.com/## ...
Server: BlockDOS
Default response: 200
Allowed Options: OPTIONS, TRACE, GET, HEAD, POST
Scanning, press enter to interrupt.
(404) [30] [76] [1245] http://test.com/~
(404) [30] [76] [1245] http://test.com/0
(404) [30] [76] [1245] http://test.com/_
(404) [30] [76] [1245] http://test.com/00
(404) [30] [76] [1245] http://test.com/000000
(404) [30] [76] [1245] http://test.com/xarancms_haupt
(404) [30] [76] [1245] http://test.com/00000000
(404) [30] [76] [1245] http://test.com/007
(404) [30] [76] [1245] http://test.com/0007
(200) [298] [764] [15174] http://test.com/
(404) [30] [76] [1245] http://test.com/007007
[enter]
For random response bytes, we can use ranges:
-hwl 10 -hwh 20 (hide responses with 10 to 20 words)
Donation:
Bitcoin: 3GrtoFKp7UAf2eqTeUnN8eM3V7RS3n25Ae
Ether: 0x66DB9aCAEB85A08e34c04B4F290dE840E93dd08A