Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion scripts/linux/pentest_exploitation.sh
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,16 @@ require_authorization() {
while [[ $# -gt 0 ]]; do
case "$1" in
--results)
if [[ -z "${2:-}" || "${2:-}" == --* ]]; then
echo "Missing value for --results" >&2; exit 1
fi
RESULTS_DIR="$2"
shift 2
;;
--search-file)
if [[ -z "${2:-}" || "${2:-}" == --* ]]; then
echo "Missing value for --search-file" >&2; exit 1
fi
SEARCH_FILE="$2"
shift 2
;;
Expand Down Expand Up @@ -82,7 +88,9 @@ if [[ ! -d "$RESULTS_DIR" ]]; then
exit 1
fi

: >"$SEARCH_FILE"
if [[ "$DRY_RUN" != true ]]; then
: >"$SEARCH_FILE"
fi

if command -v searchsploit >/dev/null; then
SEARCHSPLOIT_AVAILABLE=1
Expand Down
10 changes: 8 additions & 2 deletions scripts/linux/pentest_verification.sh
Original file line number Diff line number Diff line change
Expand Up @@ -274,9 +274,15 @@ while IFS=$'\t' read -r host safe_host xml; do
if command -v gvm-cli >/dev/null; then
if [[ "$SKIP_OPENVAS" == true ]]; then
record "$host" "openvas" "skipped" "disabled"
elif [[ -z "${GVM_USER:-}" || -z "${GVM_PASSWORD:-}" ]]; then
echo "GVM_USER and GVM_PASSWORD must be set to run OpenVAS scans; skipping." >&2
record "$host" "openvas" "skipped" "credentials not configured"
elif [[ ! "$host" =~ ^[A-Za-z0-9._-]+$ ]]; then
echo "Host '$host' contains characters unsafe for XML; skipping OpenVAS." >&2
record "$host" "openvas" "skipped" "unsafe hostname"
Comment on lines +277 to +282
else
gvm-cli socket --gmp-username "${GVM_USER:-admin}" \
--gmp-password "${GVM_PASSWORD:-admin}" \
gvm-cli socket --gmp-username "$GVM_USER" \
--gmp-password "$GVM_PASSWORD" \
--xml "<start_scan target='$host'/>" > "$OPENVAS_XML" 2>/dev/null &
openvas_pid=$!
fi
Expand Down
4 changes: 3 additions & 1 deletion scripts/linux/setup_api.sh
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,9 @@ def generate():
return jsonify({"response": result.stdout.strip()})

if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
# Listen on localhost only; bind to 0.0.0.0 only behind a reverse proxy
# with proper authentication in place.
app.run(host='127.0.0.1', port=5000)
APP

echo "✅ API créée avec succès : $APP_PATH"
Expand Down
13 changes: 9 additions & 4 deletions scripts/linux/stealth_post.sh
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,9 @@ done

OUT="$(mktemp)"
ENC_OUT="$OUT.gpg"
trap 'rm -f "$OUT" "$ENC_OUT"' EXIT
NETRC_FILE="$(mktemp)"
trap 'rm -f "$OUT" "$ENC_OUT" "$NETRC_FILE"' EXIT
chmod 600 "$NETRC_FILE"
Comment on lines 95 to +99

{
echo "[*] $(date '+%Y-%m-%d %H:%M:%S')"
Expand All @@ -105,16 +107,19 @@ trap 'rm -f "$OUT" "$ENC_OUT"' EXIT
df -h
} > "$OUT"

if ! gpg --batch --yes --passphrase "$GPG_PASSPHRASE" -c "$OUT"; then
# Pass passphrase via pipe to avoid exposure in the process list.
if ! printf '%s' "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 -c "$OUT"; then
echo "gpg encryption failed." >&2
Comment on lines +110 to 112
exit 1
fi

if ! curl --ftp-ssl --ssl-reqd -sS -T "$ENC_OUT" --user "$FTP_USER:$FTP_PASS" "ftp://$FTP_HOST/$FTP_PATH" --ftp-create-dirs >/dev/null; then
# Use a netrc file so FTP credentials are not visible in the process list.
printf 'machine %s login %s password %s\n' "$FTP_HOST" "$FTP_USER" "$FTP_PASS" > "$NETRC_FILE"
if ! curl --ftp-ssl --ssl-reqd -sS -T "$ENC_OUT" --netrc-file "$NETRC_FILE" "ftp://$FTP_HOST/$FTP_PATH" --ftp-create-dirs >/dev/null; then
echo "FTPS upload failed." >&2
exit 1
fi

shred -u "$OUT" "$ENC_OUT"
shred -u "$OUT" "$ENC_OUT" "$NETRC_FILE"
trap - EXIT
echo "Encrypted metadata uploaded to ftps://$FTP_HOST/$FTP_PATH"
16 changes: 12 additions & 4 deletions scripts/powershell/ExchangeOnlineManagement.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,14 @@ param(
# Ensure module is available
if (-not (Get-Module -ListAvailable -Name ExchangeOnlineManagement)) {
Write-Error 'Exchange Online module is not installed. Install-Module ExchangeOnlineManagement'
return
exit 1
}

try {
Import-Module ExchangeOnlineManagement -ErrorAction Stop
} catch {
Write-Error "Failed to import Exchange Online module. $_"
return
exit 1
}

switch ($Action.ToLower()) {
Expand All @@ -71,7 +71,11 @@ switch ($Action.ToLower()) {
}
}
'list' {
Get-Mailbox
try {
Get-Mailbox -ErrorAction Stop
} catch {
Write-Error "Failed to list mailboxes. $_"
}
Comment on lines 73 to +78
}
'create' {
if (-not $UserPrincipalName) {
Expand Down Expand Up @@ -154,6 +158,10 @@ switch ($Action.ToLower()) {
}
}
'disconnect' {
Disconnect-ExchangeOnline -Confirm:$false
try {
Disconnect-ExchangeOnline -Confirm:$false -ErrorAction Stop
} catch {
Write-Error "Failed to disconnect. $_"
}
Comment on lines 160 to +165
}
}
20 changes: 15 additions & 5 deletions scripts/powershell/SharePointManagement.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,15 @@ function Connect-SP {
)

if ($Mode -eq 'Online') {
if (-not $SiteUrl) { throw 'SiteUrl is required for Online mode.' }
Write-Verbose 'Connecting to SharePoint Online...'
Connect-SPOService -Url "https://$((New-Object System.Uri($SiteUrl)).Host)" -Credential $Credential
$adminUrl = "https://$((New-Object System.Uri($SiteUrl)).Host)"
Connect-SPOService -Url $adminUrl -Credential $Credential -ErrorAction Stop
} else {
if (-not $SiteUrl) { throw 'SiteUrl is required for OnPrem mode.' }
Write-Verbose 'Loading SharePoint On-Premise snap-in...'
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
$script:SPSite = Get-SPSite $SiteUrl
$script:SPSite = Get-SPSite $SiteUrl -ErrorAction Stop
}
}

Expand Down Expand Up @@ -92,7 +95,7 @@ function Add-User {
if ($Mode -eq 'Online') {
Set-SPOUser -Site $SiteUrl -LoginName $UserLogin -IsSiteCollectionAdmin $true
} else {
$web = $SPSite.RootWeb
$web = $script:SPSite.RootWeb
$user = $web.EnsureUser($UserLogin)
$user.Update()
}
Expand All @@ -102,6 +105,13 @@ Connect-SP -Mode $Mode -SiteUrl $SiteUrl -Credential $Credential

switch ($Action) {
'ListSites' { List-Sites }
'CreateSite' { Create-Site -SiteUrl $SiteUrl -Template $Template }
'AddUser' { Add-User -UserLogin $UserLogin -DisplayName $DisplayName -Email $Email }
'CreateSite' {
if (-not $SiteUrl) { throw 'SiteUrl is required for CreateSite.' }
if (-not $Template) { throw 'Template is required for CreateSite.' }
Create-Site -SiteUrl $SiteUrl -Template $Template
}
'AddUser' {
if (-not $UserLogin) { throw 'UserLogin is required for AddUser.' }
Add-User -UserLogin $UserLogin -DisplayName $DisplayName -Email $Email
}
}