Custom Security Tools

I was recently going through some course materials and decided to push and catalog some of the custom scripting I have made. These mostly include wrappers around current functions or tools that automate or abstract the task at hand.

Two programs that are just wraps around the ping command, one in bash and the other in python. Both take the first three octets, then provides the starting IP and ending IP octet to ping and look for the response that shows it is up. This can be something easy enough to put into the background and move on to other services (if you are a few pivots deep already and would like native discovery instead of proxychained nmap pingsweep).

Often logs will have loot in the form of filenames that are useful to an attack (rather, the contents of the files). This prints a list of unique sorted file names.

During pentest, I'm always looking at transfering files. Whether this is for transfering a payload from my attacker machine to an existing foothold for a better reverse shell, or sending someone a payload to gather information. This is where the python http.server comes in handy. Incredibly useful and easy to setup. But there is no default option to print the headers when connections to the server happen. With BetterHttpServer, it is just as easy to setup but print the connecting User-Agent by default. Additional flags can print all headers, a specific header, and change the default port if desired.