.bash_pentest

alias psm='psessmgr'
alias revshell='shellerator'
alias fzf_wl="find /usr/share/seclists /usr/share/wordlists /usr/share/dirb -type f | fzf"
#alias fzf_wl="find /usr/share/seclists /usr/share/wordlists /usr/share/dirbuster /usr/share/wfuzz /usr/share/dirb -type f | fzf"
alias cme="crackmapexec"
alias empire-client="empire-client --config ~/empire-client.yaml"
alias nxc="netexec"
alias cme="netexec"
alias proxychains="proxychains -q"
alias a="arsenalng"
alias ssh-keygenz="ssh-keygen -t ed25519 -f"
alias smbserverz="smbserver.py -smb2support  pwn ./"

alias dirsearch="/usr/bin/dirsearch --config ~/.config/dirsearch/default.conf"
alias msfconsole="msfconsole -r ~/.msf4/msfconsole.rc"
alias nc="rlwrap -cAr nc"
alias ncat="rlwrap -cAr ncat"

alias gdb="gdb -q -ex init-pwndbg"
alias gdb-pwn="gdb -q -ex init-pwndbg"
alias gdb-gef="gdb -q -ex init-gef"
alias aslr-on="echo 2 | sudo tee /proc/sys/kernel/randomize_va_space"
alias aslr-off="echo 0 | sudo tee /proc/sys/kernel/randomize_va_space"
alias aslr-status="cat /proc/sys/kernel/randomize_va_space"

##
# pentesting commands
alias get-linpeas='__get_github_release carlospolop/PEASS-ng "(linpeas_linux_amd64|linpeas_linux_386|linpeas.sh)"'
alias get-pspy='__get_github_release DominicBreuker/pspy "s$"'
alias get-chisel='__get_github_release jpillora/chisel "linux_(386|amd64)"'

function masscanz() {
    sudo masscan -p1-65535,U:1-65535 $1 --rate=1000 -e tun0 --wait 5 > masscan.txt
}

alias gobusterz="gobuster dir -w /usr/share/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u"

function ffuf-vhost(){
    if [[ $# -lt 1 ]] ; then
        echo 'invalid call: $0 url [wordlist [other_args]]'
        return
    fi
    argc=3
    if [[ $# -lt 2 ]] ; then
       argc=2 
    fi

    wl=${2:-/usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt}
    ffuf -H "Host: FUZZ.$1" -u http://$1 -w $wl ${@: $argc}
}

function nmapz() {
    PORTS=$(sudo nmap --min-rate=1000 -T4 -p- "$1" | grep '^[0-9]' | cut -d'/' -f 1 | tr '\n' ',' | sed s/',$'//) ;
    echo "TCP ports found: $PORTS";
    USER=$(whoami)
    sudo nmap -sVC -p$PORTS -oA nmap "$1";
    sudo chown $USER nmap.*
}

function nmapzu() {
    PORTS=$(sudo nmap -sU --min-rate=1000 -T4 -p- "$1" | grep '^[0-9]' | cut -d'/' -f 1 | tr '\n' ',' | sed s/',$'//) ;
    echo "Udp ports found: $PORTS";
    USER=$(whoami)
    sudo nmap -sUV -p$PORTS -oX nmap-u.xml "$1";
    sudo chown $USER nmap-u.xml
}


function __get_github_release(){
    repo=$1
    filter=$2
    basedir=${3:-.}
    mkdir -p $basedir
    files=$(curl -s https://api.github.com/repos/$repo/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep -E "$filter")
    #echo $files
    for i in $files ; do
        wget --quiet  --no-check-certificate $i -O $basedir/$(basename $i)
    done
}

function pentest-init(){

    if [[ $# -lt 1 ]] ; then
        return 
    fi

    PROJECT=${2:-$(pwd)}
    if [[ $# -ge 1 ]] ; then
        PROJECT="$PROJECT/$1"
    fi

    SQLMAP_LOGS="$PROJECT/evidence/logging/sqlmap"
    JOHN_LOGS="$PROJECT/evidence/logging/john"
    NXC_LOGS="$PROJECT/evidence/logging/nxc"
    JWT_TOOL_LOGS="$PROJECT/evidence/logging/jwt_tool"
    HASHCAT_LOGS="$PROJECT/evidence/logging/hashcat"
    TPLMAP_LOGS="$PROJECT/evidence/logging/tplmap"
    ARSENAL_CONF="$PROJECT/arsenal.json"
    mkdir -p $PROJECT/{admin,deliverables,evidence/{findings,scans/{vuln,service,web,ad},osint,wireless,logging,misc},notes/_template,retest,utils/{linux,windows}}
    cp ~/documents/pentesting-write-up/box-template.tex $PROJECT/deliverables/$PROJECT_NAME.tex

    ln -s /opt/windows/windows_weaponize $PROJECT/utils/windows/
    ln -s /opt/windows/SharpCollection/NetFramework_4.7_x64 $PROJECT/utils/windows/

    mkdir -p $SQLMAP_LOGS
    mkdir -p $JOHN_LOGS
    mkdir -p $HASHCAT_LOGS
    mkdir -p $NXC_LOGS
    mkdir -p $SQLMAP_LOGS
    mkdir -p $JWT_TOOL_LOGS
    mkdir -p $TPLMAP_LOGS
    cp ~/.arsenal.json.ori $ARSENAL_CONF
    cp ~/.config/tmuxinator/tmux-pentest.yml $PROJECT/tmux-pentest.yml
    sed -i "s#PATH_TO_SED#$PROJECT#g" $PROJECT/tmux-pentest.yml
    sed -i "s#NAME_TO_SED#tmux-pentest-$1#g" $PROJECT/tmux-pentest.yml

    echo '[notes](notes.md) ____________________ [flags](flags.md) ____________________ [replay](replay.md)' >   $PROJECT/notes/notes.md
    echo '[notes](notes.md) ____________________ [flags](flags.md) ____________________ [replay](replay.md)' >   $PROJECT/notes/replay.md
    echo '[notes](notes.md) ____________________ [flags](flags.md) ____________________ [replay](replay.md)' >   $PROJECT/notes/flags.md

    echo '# _template/notes' > $PROJECT/notes/_template/notes.md
    echo '[down](../notes.md) ____________________ [notes](notes.md) ____________________ [replay](replay.md)' >> $PROJECT/notes/_template/notes.md
    
    echo '# _template/replay' > $PROJECT/notes/_template/replay.md
    echo '[down](../notes.md) ____________________ [notes](notes.md) ____________________ [replay](replay.md)' >> $PROJECT/notes/_template/replay.md
    echo '* [replay](replay.md)' >> $PROJECT/notes/_template/replay.md

    pentest-activate  $1 $2 
}