nullenc0de’s gists

nullenc0de / gist:a076a1a2ba01d7bedebf9ea57acf243f

Created February 19, 2025 03:12

Egress_segment.sh

	#!/bin/bash

	# Colors for output
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	BLUE='\033[0;34m'
	NC='\033[0m'

	# Function to discover networks

nullenc0de / kali_nids_evasion.sh

Last active February 18, 2025 21:13

	#!/bin/bash
	# Filename: kali_nids_evasion.sh
	# Focus: Host behavior obfuscation without MAC modification
	# Requires root privileges

	# Check for root privileges
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	fi

nullenc0de / External Penetration Testing Commands

Last active January 29, 2025 17:04

External Penetration Testing Commands

	# External Penetration Testing Cheatsheet

	## 1. Reconnaissance

	### Cloud Enumeration

	# Cloud Infrastructure Discovery
	./cloud_enum.py -k somecompany

	# Third Party Misconfigurations

nullenc0de / init_recon.sh

Last active January 25, 2025 18:09

Reconnaissance automation script that combines multiple tools for thorough target scanning.

	#!/bin/bash

	# Function to display usage/help information
	show_help() {
	cat << EOF
	Usage: $(basename "$0") [-h] [-i INPUT]

	Reconnaissance automation script that combines multiple tools for thorough target scanning.

	Options:

nullenc0de / exposed-pki-infrastructure.yaml

Created December 5, 2024 20:39

Exposed Internal PKI Infrastructure Detection nuclei template

	id: exposed-pki-infrastructure
	info:
	name: Exposed Internal PKI Infrastructure Detection
	author: nullenc0de
	severity: critical
	description: Detects exposed internal PKI infrastructure including CRL distribution points and OCSP responders
	tags: pki,exposure,misconfig

	requests:
	- method: GET

nullenc0de / dll_hijack_hunter

Created November 8, 2024 17:20

netexec smb TARGET -u ADMIN -p PASS -M dll_hijack_hunter -o CHECK_PERMISSIONS=True EXPORT_RESULTS=True OUTPUT_FILE=results.json

	from typing import List, Dict, Optional
	import os
	import json
	from datetime import datetime
	import threading
	from queue import Queue
	from nxc.helpers.logger import highlight
	import re

	class ServiceInfo:

nullenc0de / task_explorer

Created November 8, 2024 17:18

netexec smb TARGET -u ADMIN -p PASS -M task_explorer -o EXPORT_XML=True OUTPUT_DIR=./tasks SCAN_CREDS=True

	from datetime import datetime
	import xml.etree.ElementTree as ET
	from typing import List, Dict, Optional
	import os
	import re
	from impacket.dcerpc.v5.dcom.wmi import WBEMSTATUS
	from nxc.helpers.logger import highlight

	class TaskVulnerability:
	def __init__(self, name: str, path: str, command: str, author: str,

nullenc0de / sensitive_search

Created November 8, 2024 17:16

netexec smb TARGET -u USER -p PASS -M sensitive_search -o MAX_DEPTH=5 EXTENSIONS=.txt,.log,.config OUTPUT_FILE=findings.json

	from datetime import datetime
	from typing import List, Dict
	import re
	from nxc.helpers.logger import highlight
	from concurrent.futures import ThreadPoolExecutor, as_completed
	import json

	class NXCModule:
	name = "sensitive_search"
	description = "Search for files containing sensitive data patterns in shares with custom regex support"

nullenc0de / Runbook

Created November 8, 2024 17:11

NetExec Runbook

	# NetExec Runbook

	## No Authentication (Anonymous)

	### NFS Enumeration
	```bash
	netexec nfs TARGET_HOST -u "" -p "" --shares
	netexec nfs TARGET_HOST -u "" -p "" --enum-shares
	```

nullenc0de / prototype-pollution-gadget-detector.yaml

Created October 25, 2024 16:19

	id: prototype-pollution-gadget-detector
	info:
	name: Prototype Pollution Gadget Detector
	author: nullenc0de
	severity: high
	description: \|
	Detects potential prototype pollution gadgets in web applications that could lead to SSRF, RCE or information disclosure.

	# References for the issue
	reference: