So I’ve recently created a GitHub account, and although my coding skills are far from good I feel that some of the tools that I have created may be useful for someone else. Hell, if someone can use fork them and make them better then by all means!
One of the things that my employers wanted to add in reports for external pen tests was the use of SHA1 signed certificates in the public domain. There are some great resources out there to do this already, however I wanted to do it en masse as if I’ve got an external range of a /24 network then I won’t be doing that by hand, let me tell you that!
Basic usage requires a target (IP address, CIDR notation, or host name) and a port (multiple ports can be separated by spaces: 80 443 1234).
Results aren’t filtered by signing type at the moment, but hopefully when I get time I’ll add some sort of filtering in to it.
Share Password Search
So this script came out of necessity for the post-exploitation aspects of an internal penetration test. Many times I have spent a few hours manually looking through file servers and what-not for the inevitable discovery of passwords stored in a clear-text format (i.e. a word or text document stating ‘passwords.xxx’).
This script runs in Powershell and requires administrative access to the end devices, so at present it’s only really useful for covering as much as possible within an internal test, following the compromise of the Windows Domain. I’ll eventually try and get this working with low-privileged accounts (e.g. Domain Users), but it’s still currently a step-up from manual labour!