Automating Common Tasks
Often with pen testing, and many other things, there are certain tasks that we repeat over and over. I like to automate the tasks that I perform often and depending on the task, I may use a different scripting language. I decided to script some common tasks I perform every pen test to give me more time to focus on the fun exploitation.
You can find the tool at my github page:
To run the script, use the following syntax:
./engagementStarter.sh <target IP/range/subnet> <customer name>
This script will do the following:
- run a nmap discovery scan
- run a full TCP scan against all live hosts found during the discovery scan
- run a top 20 UDP port scan against live hosts
- import scan results to metasploit
- run sslscan against hosts with SSL enabled ports
- run snmpcheck against host with SNMP open
- run eyewitness against hosts with http/https services open to grab screenshots of pages
I plan on adding to the script other tools/tasks run often. If you have a tool/technique you think would be beneficial in the script, leave a comment.