A collection of ready-to-use scripts to do recon and penetration testing on targets. Use ONLY on own or authorized systems.
These scripts should be executed in order.
git clone https://github.com/loviuz/pentest-entry-scripts.git
cd pentest-entry-scripts/
chmod +x *.sh```
Edit the config file to configure the host to scan:
# Target domain (only domain, without http)
host="127.0.0.1"
# Target protocol ("http" or "https")
protocol="http"
# Target path (starting with /)
path="/DVWA/"
# Select the browser to use for viewing scan results
browser="firefox"
# If you need a cookie, please specificy it here
cookie=""
Launch every scripts, and enjoy :-)
./0-prepare.sh
./1-recon.sh
./2-web-discovery.sh
Nmap: full network with discovery and vuln scripts
Gobuster: discovery a lot of possible subdirectories
Nikto: performs some basic vulnerability checks
DAVtest: tests if the URL support DAV protocol and some known vulnerabilities
Parsero: checks robots.txt file for some juicy info
Blackwidow: link spider with injection test (XSS, LFI and SQLi)
Wordlists from SecLists