A bunch of little scripts I compiled over time for various networking hacks/pranks. Any major ones were pulled out into their own post.

read more wireshark-filters.sh 

(http or smtp or imap or pop or aim or aim_chat or aim_buddylist) and not (tcp.analysis.retransmission or tcp.analysis.lost_segment or not http.response.code)
aim.messageblock.message
http.request.uri contains "profile.php" #depricated
http.request.uri contains "login"
http.request.uri contains "mail"
http contains "username"

sqlmap.sh 

#Deven showed this
#brew install sqlmap
#automatic sql injection, really cool.

spoof-mac.sh 

sudo ifconfig en0 ether 00:11:22:33:44:55

rawPortCommunication.sh 

#Use 'nc'

#You can simply start netcat listening on a port, and send something to that port via TCP. 
#This is a raw connection. 

#Start listening on port 8080: 
nc -k -l 8080. 
#Using -l makes you listen on this port and and -k keeps the connection alive after receiving something. 

#To send something locally to port 8080: 
nc localhost 8080 <<< "Hi"

#If you have a friend, you can communicate with them this way so long as you know their IP
#and that you know that they're not behind a NAT.

port-scanning.sh 

/System/Library/CoreServices/Applications/Network\ Utility.app/Contents/Resources/stroke 192.168.1.1 0 500

ping-flood.sh 

#option 1, sends that many packets as fast as possible. 
sudo ping -l 655000000 192.168.1.71

#option 2
for i in {1..254}; do (sudo ping -f 192.168.1.71 &) ; done

nmap.sh 

#nmap is awesome. Needs third party install. 
#should spend some time poking around its man pages. 

#some cool things to note: 

#seems to just give you anu idea on what ports are open and what the MAC is
nmap [IP] 

#throw in a host timeout if things are slow 
nmap --host-timeout 10m [IP]

#check discoverable directories 
$nmap -script=http-enum [IP]

#find blacklisted IPs
nmap -script dns-blacklist [IP]

#you can check vulnerabilities, too. 


#####################################
#Notes from reading the Phrack article release of nmap 

#There seems to be a lot of distinction between what you can run in nmap 
#as root and what you can’t and that’s probably because they are assuming
#that you’re running on this on a server you don’t own but got access to 
#so that you can maintain anonymity. 

#Tcp allows you to get the username of the process listening on any port 
#you're connected to 

#FTP allows you to send data to any server once you're connected, 
#essentially using it as a proxy.

ip-scanning.sh 

#better to do a ping scan with nmap
nmap -sn 192.168.1.0/24

#this doesn't seem to work 
for i in {1..254}; do ping -c 1 -W 1 172.19.131.$i | grep 'from'; done

detect-iphones.sh 

#this tries all hosts on the iPhone sync port, the normal nmap scan won't search this port. 
nmap -p62078 -v 192.168.1.0/24

changeIP.sh 

#First make it so that network setup doesn’t require a damn password each time: 

sudo chmod u+s /usr/sbin/networksetup 

#You can try the following, but it didn’t usually work: 
sudo networksetup -setmanual Wi-Fi 152.23.140.14 255.255.255.0 152.23.140.1 

#This worked: 
sudo networksetup -setmanualwithdhcprouter Wi-Fi 152.23.140.17

captive-portal-advice.sh 

#Things you can attempt 
use Tor 

#Try putting "?" at the end of the URL. Sometimes their access control lets this through. 
www.google.com/cats?.jpg

scapy-notes.py 

#scapy notes 

#sniff using sniff()
pkts = sniff()

#get the appropriate command to create a packet you've sniffed via: 
onePacket = pkts[0]
onePacket.command()

#easily change fields
newPacket = eval(onePacket.command())
newpacket[Ether].src = "00:11:22:33:44:55"

#add on packet layers with '/'
packet = packet/TCP()

#sending on different layers
sendp() is for layer 2, send() is layer 3. 

#send ARP requests for an entire subnet 
arping("192.168.1.*")

#should look into "Christmas Tree Packets" for DoSing

#look at DNS spoofing http://thepacketgeek.com/scapy-p-09-scapy-and-dns/

#could look into DHCP exhaustion

ping-swarm.py 

#!/usr/bin/python
from scapy.all import *

#should pipe this to /dev/null and run however many cores you have
#sudo ./ping-swarm.py & sudo ./ping-swarm.py & ... 

ping = IP(dst="192.168.1.1")/ICMP()

while True:
    send(ping)

torrent-over-multiple-networks.sh 

#source https://github.com/Morhaus/dispatch-proxy

#show all interfaces 
dispatch list

#dispatch will detect all usable internet connections and split their use evenly
dispatch start --debug

#can specify certain interfaces/addresses to use
dispatch start 172.20.10.4

#can specify the relative amounts for each interface, 172 gets three times as much in this example
dispatch start 172.20.10.4@3 192.168.1.10@1

#then open up Deluge and set the appropriate SOCKS server, should be SOCKS5. 
#will likely have to use 127.0.0.1 instead of 'localhost'

tryToGetAllSubdomainsForDomain.sh 

#How to retrieve all subdomains for domain

#Note: this definitely won't always work, works for Coursicle though
#It's done by checking the SSL cert and seeing what domains are included

#First, 
#get the certificate
echo -n | openssl s_client -connect [domain].com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/Desktop/theDomain.cert

#Then convert the resulting cert to text
openssl x509 -in theDomain.cert  -text

#and look for suddomains in there

Other cool things: