Security Utilities

Useful scripts, see README.md files in script directories for individual usage and information. This project is mirrored to GitHub from the primary repository on GitLab at https://gitlab.com/datenstrom/sec-utils and if accessed on GitHub may not be the most recent version.

Legal Disclaimer: usage of tools for attacking web servers without prior mutual consistency can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by these tools.

Even information gathering such as port scanning is considered illegal in many areas and a gery area in most.

bash

• subdom.sh: get subdomain information for a webpage
• pingsweep.sh: Ping sweep a class C network
• forward_dns.sh: Run a forward DNS lookup on a domain name for subdomains
• reverse_dns.sh: Run a reverse DNS lookup on an IP address and given IP range
• dns_zonetransfer.sh: Check for DNS server information leakage
• port_scan.sh: Scan the full range (1-65355) on list of IPs

Python

• port_check.py: Check if a single port is open
• pingsweep.py: Multithreaded ping sweep, and port scanning
• fuzzer.py: A fuzzer
• slmail.py: A buffer overflow attack for SLMail 5.5
• vulnserver.py: A buffer overflow attack for the vulnserver.exe exercise in OSCP
• crossfire.py: A buffer overflow attack for the Crossfire Linux game

Rust

• port_check: Check if a single port is open
• pingsweep: Multithreaded ping sweep, and port scanning
• entropy: Calculates the entropy of a file

C

• slmail_linux.c: A buffer overflow attack for SLMail 5.5 compiled for Linux
• slmail_windows.c: A buffer overflow attack for SLMail 5.5 compiled for Windows

FTP

It is possible to turn FTP into a non-interactive process by providing the Windows default FTP client ftp.exe with a text file containing FTP commands. This is useful in post exploitation when there is a need to upload files and tools to a machine.

• setup-ftp.sh: Install and configure a FTP server on (Debian like) Linux

Note on extension convention

All program output files are by convention use the .txt extension which are ignored by the .gitignore. All files for input are by convention .dat which will be tracked.