Skip to content

A collection of personal scripts used in hacking excercises.

Notifications You must be signed in to change notification settings

C-Cracks/OSCP-Automation

Repository files navigation

OSCP-Automation

A collection of personal scripts used in hacking excercises. Consider a majority of them in beta- useable but I will probably improve them as time goes on. :) There's also some notes on web app and OS vulnerabilties, in addition to pointers for useful commands etc. https://c-cracks.tumblr.com/

Please note that bugs will come and go due to constant development- it's worth checking back if you've discovered a bug or addressing it yourself as I will only notice it when using the script (which at present isn't much as I mass scanned some targets a few weeks ago.)

enum.sh

  • Performs an Nmap scan on the provided IP and further Wfuzz and Nikto scans on discovered web servers (per port found to be a web server)
  • Very basic in nature and I'm sure there's more intuitive tools out there; I'm building my own collection of scan automation tools.
  • Coming along but I'm experiencing performance issues around the nmap scan- it's commonly hanging for me. Feel free to tweak this for your needs; I'll be working on this soon.

Linux/privesc.sh

  • Automation of info gathering for Linux privilege escalation
  • Can be used even if upload to the victim isn't possible as a reference

test-methods.sh

  • Sends requests under different methods to the provided URL
  • Appearance of the output leaves alot to be desired; as long as it's clear where each request ends I don't mind. xD

brute-force.sh

  • Brute force web applications with cURL
  • Handles GET and POST requests currently with the options to add cookies and/or headers to the request
  • POST has been tested thoroughly against the VM Mr Robot with the right credentials being discovered and I have also tested the addition of headers and/or cookies.