Discover – Custom Scripts to Automate Pentesting

Discover is a collection of bash scritpts that you can use to automate penetration testing task. This will include reconnaissance, Scanning , Web attack or just to generate malicious payload for post exploitation.

Discover - Custom Scripts to Automate Pentesting
Discover – Custom Scripts to Automate Pentesting

The first part is for Recon where attacker may run Passive uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois and multiple websites.

This part will need to get several API keys from different sources for best result such as Bing, Builtwith, Fullcontact, GitHub, Google, GoogleCSE, Hashes, Hunter, SecurityTrails, and Shodan. next user may load some active recon with dnsrecon, WAF00W, traceroute, Whatweb, and recon-ng.

The attack continue with searching for users information in salesforce to get names and positions into a clean list.

The scanning module include several tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep. This beside ready profiles for internal and external scan:

  • External scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms.
  • Internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms.
  • Nmap is used to perform host discovery, port scanning, service enumeration and OS identification.
  • Matching nmap scripts are used for additional enumeration.
  • Addition tools: enum4linux, smbclient, and ike-scan.
  • Matching Metasploit auxiliary modules are also leveraged.

You can read more and download the bash scripts over here: https://github.com/leebaird/discover

Share