Automating Common Tasks

Often with pen testing, and many other things, there are certain tasks that we repeat over and over.  I like to automate the tasks that I perform often and depending on the task, I may use a different scripting language.  I decided to script some common tasks I perform every pen test to give me more time to focus on the fun exploitation. 

You can find the tool at my github page:

To run the script, use the following syntax:

./ <target IP/range/subnet> <customer name>

This script will do the following:

- run a nmap discovery scan
- run a full TCP scan against all live hosts found during the discovery scan
- run a top 20 UDP port scan against live hosts
- import scan results to metasploit
- run sslscan against hosts with SSL enabled ports
- run snmpcheck against host with SNMP open
- run eyewitness against hosts with http/https  services open to grab screenshots of pages

I plan on adding to the script other tools/tasks run often.  If you have a tool/technique you think would be beneficial in the script, leave a comment. 

Popular Posts