Skip to content

Latest commit

 

History

History
87 lines (56 loc) · 3.24 KB

README.md

File metadata and controls

87 lines (56 loc) · 3.24 KB
Raw

Pentest utils

Misc

swfdecrypt_w32_unix.cpp Win32 + Linux port of swfdecrypt

Burp suite extensions & helpers

burpsuite/burp.sh Init script with custom Java memory parameters, etc.

burpsuite/mkBurpExtension.sh Extensions creator helper

burpsuite/extensions/HTTPInjector.py Extension to inject JavaScript by @Agarry_FR

burpsuite/extensions/RandomUUID.py Standard Life RandomUUID injector for web app test

burpsuite/extensions/SQLiPy.py Fixed SQLMap extension (the bappstore does not work)

burpsuite/extensions/base64/ Java Base64 enc/dec extension

burpsuite/burp_issue2appendix.py Reads an Burp Suite issues XML file and print all the issues, payloads and details

burpsuite/burp_item2appendix.py Reads an Burp Suite issues XML file and print all the issues, payloads and details

burpsuite/burp_item2web.py: Reads an Burp Suite issues XML file and creates the web hierarchy of the scoped web site (imagine that you could dump the contents spidered by Burp's spider to the filesystem) [Note: Incompleted]

burpsuite/burp_item.xml: test XML file

Nmap NSE scripts

nmap/http-ms15-034.nse MS15-034 Nmap NSE scrip

Android

drozer/object_input_stream.py CVE-2014-7911 java.io.ObjectInputStream Android<5.0

drozer/secure_random.py java.secure.SecureRandom (patched module)

android/dump_preferences.sh: Dump Android application preferences (/data/data/appname)

android/dump_sqlite.sh: Explore the filesystem for sqlite

android/logcat.sh: Android LogCat Wrapper

android/mystrace.sh: Android strace wrapper

android/screenshot.sh: Takes a screenshot of a device's screen

android/install_strace.sh: Installs strace on an Android device

iOS

ios/install-iRET-deps.sh: Installs iRET on an iOS device

ios/install_pentest_iOS_env.sh: Installs all pentest toolz on an iOS device

ios/iOSaudit.sh: Performs a quick security audit of an iOS app

Execution example:

iPhone:~ root# ./iOSaudit.sh Test.ipa

[*]======================================================
[*] >> iOS app quick audit
[*] >> [email protected]
[*]======================================================
[*]
[*] Unpacking Test.ipa
[*] Searching ipa binary...
[*] Checking binary Payload/Test.app/Test
[*] Detected architectures:
[*]    > armv7
[*]    > armv7s
[*]
[*] Discovering _check_ procedures
[*]    > Executing _check_stack
[*]      [SUCCESS] Stack guard found: __stack_chk_guard
[*]    > Executing _check_pie
[*]      [SUCCESS] PIE is enabled
[*]    > Executing _check_arc
[*]      [SUCCESS] ARC found: _objc_retain
[*]    > Executing _check_badcalls
[*]      [FAIL] found function call _malloc
[*]
[*] Done