Pentmenu: a bash script for recon and DOS attacks
Category : Blog
Pentmenu is a bash script inspired by pentbox. It is designed to be a simple way to implement various network pentesting functions, including network attacks, using wherever possible readily available software commonly installed on most Linux distributions without having to resort to multiple specialist tools.
Requirements for Pentmenu:
- netcat (must support ‘-k’ option, openbsd variant recommended)
- hping3 (or nping can be used as a substitute for flood attacks)
- whois (not essential but preferred)
- nslookup (or ‘host’)
Show IP – uses curl to perform a lookup of your external IP. Runs ip a or ifconfig (as appropriate) to show local interface IP’s.
DNS Recon – passive recon, performs a DNS lookup (forward or reverse as appropriate for target input) and a whois lookup of the target. If whois is not available it will perform a lookup against ipinfo.io (only works for IP’s, not hostnames).
- ICMP Echo Flood – uses hping3 to launch a traditional ICMP Echo flood against the target. On a modern system you are unlikely to achieve much, but it is seful to test against firewalls to observe their behaviour. Use ‘Ctrl C’ to end the flood. The source address of flood packets is configurable.
- ICMP Blacknurse Flood – uses hping to launch an ICMP flood against the target. ICMP packets are of type “Destination Unreachable, Port Unreachable”. This attack can cause high CPU usage on many systems. Use ‘Ctrl C’ to end the attack. See http://blacknurse.dk/ for more information. The source address of flood packets is configurable.
Send File – This module uses netcat to send data with TCP or UDP. It can be extremely useful for extracting data. An md5 and sha512 checksum is calculated and displayed prior to sending the file. The file can be sent to a server of your choice; the Listener is designed to receive these files.
Listener – uses netcat to open a listener on a configurable TCP or UDP port. This can be useful for testing syslog connectivity, receive files or checking for active scanning on the network.
Most Popular Training Courses at Indian Cyber Security Solutions:
Cybersecurity services that can protect your company: