by highmeh

penetration testing scripts

133 Stars 25 Forks Last release: Not found 14 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:


Scripts I've put together to help during penetration tests.

  • - takes a list of full names (as generated by TheHarvester or and converts them into various common email conventions. Attempts to sanitize the names to a "Firstname Lastname" format.

  • - using a google cse api key, use Google Dorks/Advanced Operators to retreive employee names from GitHub. Sanitize and dump to a list. [ Currently Deprecated ]

  • - converts the contents of an OSX .plist file to a crackable password hash. Use Hashcat mode 7100 with the --username flag to crack. Without the -u flag, it dumps all password hashes. Requires root or sudo.

  • - a simple postgres brute-forcing tool. Currently supports only a single username at a time.

  • - a simple tool for directory brute-forcing when all requests return "200 OK". Excludes a range of response sizes and returns all others as valid path directories.

  • - Uses arp to get the IPv6 address of an IPv6 host. Note that ICMP must be enabled for the tool to work.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.