{"vulnerability": "CVE-2023-36664", "sightings": [{"uuid": "9c5ca4b9-88f4-42af-94d3-e12cd9388534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5029", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aScan for GhostScript files affected to CVE-2023-36664\nURL\uff1ahttps://github.com/winkler-winsen/Scan_GhostScript\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-30T06:16:51.000000Z"}, {"uuid": "fa44c33e-e7f6-4878-8ee3-f671d2469ae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4912", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aGhostscript command injection vulnerability PoC (CVE-2023-36664)\nURL\uff1ahttps://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-13T00:16:37.000000Z"}, {"uuid": "747e897a-c974-49fb-be56-d11640c5912d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6044", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aProof of concept developed for the CVE-2023-36664\nURL\uff1ahttps://github.com/JeanChpt/CVE-2023-36664\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-02T10:33:16.000000Z"}, {"uuid": "88103d78-3895-476f-ba27-7e8cb91d407a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "seen", "source": "https://t.me/kasperskyb2b/749", "content": "\ud83d\udc40 \u041c\u0430\u043b\u0435\u043d\u044c\u043a\u0438\u0439 LogJam \u043d\u0430 \u043f\u043e\u0434\u0445\u043e\u0434\u0435?\n\n\u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043c\u043d\u043e\u0433\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u044b\u0439 \u0432 Linux-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445, \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430... \u041f\u043e\u043d\u0438\u043c\u0430\u0435\u043c, \u043f\u0443\u043b\u044c\u0441 \u0443\u0436\u0435 \u0440\u0430\u0441\u0442\u0451\u0442. \u0420\u0435\u0447\u044c \u043e\u0431  \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0435 PDF \u0438 Postscript, Ghostscript, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043d\u0430 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u044f\u0445 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0432\u0440\u043e\u0434\u0435 GIMP, \u0442\u0430\u043a \u0438 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445 \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u043d\u0430\u043f\u043e\u0434\u043e\u0431\u0438\u0435 ImageMagick.  \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2023-36664 (CVSS 9.8),  \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0447\u0435\u0440\u0435\u0437 Ghostscript \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430. \u0412 \u0438\u0442\u043e\u0433\u0435 \u043a\u043e\u0434 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 10.01.2. \u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u043a\u0430\u043a \u044d\u0442\u043e \u0447\u0430\u0441\u0442\u043e \u0431\u044b\u0432\u0430\u0435\u0442 \u0432 \u043c\u0438\u0440\u0435 open source, \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u0432\u0441\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b Linux, \u043a\u0443\u0434\u0430 GhostScript  \u0432\u0445\u043e\u0434\u0438\u0442 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u0438 \u0442\u0435\u043c \u0431\u043e\u043b\u0435\u0435 \u043d\u0435 \u0432\u0441\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0433\u0434\u0435 GhostScript \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u00ab\u043f\u043e\u0434 \u043a\u0430\u043f\u043e\u0442\u043e\u043c\u00bb, \u0431\u0443\u0434\u0443\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043f\u0435\u0440\u0435\u0441\u043e\u0431\u0440\u0430\u043d\u044b \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b. \u041f\u043e\u043a\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u0435\u0441\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0442 Debian.  \n\u0413\u043b\u0430\u0432\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0418\u0422-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0437\u0434\u0435\u0441\u044c \u0431\u0443\u0434\u0435\u0442 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u2014 \u0430 \u043a\u0430\u043a\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u043d\u0443\u0436\u043d\u043e \u043f\u0430\u0442\u0447\u0438\u0442\u044c?\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-07-14T10:04:06.000000Z"}, {"uuid": "b96eed06-1b99-4c35-857c-139008d869b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "seen", "source": "https://t.me/pt_soft/243", "content": "\ud83d\uddbc\ufe0f Moriarty v1.1\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-03-15T08:58:02.000000Z"}, {"uuid": "32e0161e-e1ce-49be-8f09-0571767304dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/270", "content": "\ud83d\uddbc\ufe0f \ud83d\udd04 Moriarty v1.2\n\n\u0427\u0435\u043a\u0435\u0440 CVEs \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 C# \u0434\u043b\u044f \u041e\u0421 \ud83c\udfe0 Windows\n\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nWindows 10 (Versions: 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H1, 22H2)\nWindows 11 (Versions: 21H2, 22H1, 22H2, 23H1)\nWindows Server 2016, 2019, 2022\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (35):\nMS10-015\nMS10-092\nMS13-053\nMS13-081\nMS14-058\nMS15-051\nMS15-078\nMS16-016\nMS16-032\nMS16-034\nMS16-135\nCVE-2017-7199\nCVE-2019-0836\nCVE-2019-0836\nCVE-2019-1064\nCVE-2019-1130\nCVE-2019-1253\nCVE-2019-1315\nCVE-2019-1385\nCVE-2019-1388\nCVE-2019-1405\nCVE-2020-0668\nCVE-2020-0683\nCVE-2020-0796\nCVE-2020-1013\nCVE-2020-1013\nCVE-2021-26855\nCVE-2021-26857\nCVE-2021-26858\nCVE-2021-27065\nCVE-2021-44228\nCVE-2021-36934\nCVE-2022-40140\nCVE-2022-22965\nCVE-2023-36664\n\n1.2 added:\n2023-23397\n2022-34718\n\n\ud83d\udc49 \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u043e\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043f\u043e CVE\n\n!poc CVE-2019-1064\n\n\ud83d\udcbb Home\n\n\u0414\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u0441\u044f Visual Studio \u0438 .NET Framework 4.8 Developer Pack\n\n#moriarty #checker #csharp\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-05-03T09:04:40.000000Z"}, {"uuid": "6a418951-e168-43fc-b42c-47993afd9233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "seen", "source": "https://t.me/arpsyndicate/657", "content": "#ExploitObserverAlert\n\nCVE-2023-36664\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-36664. Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).\n\nFIRST-EPSS: 0.000550000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-28T14:49:17.000000Z"}, {"uuid": "bba11ea7-98a0-452b-8901-291f8917e108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "Telegram/Gv3rk47RciA3g-K6M94UgrrDlE-G0F2LN3BDFv3Z9Eoo9Q", "content": "", "creation_timestamp": "2023-08-16T05:01:52.000000Z"}, {"uuid": "9ed1c609-a710-49e2-bad3-9ac7746c5e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1676", "content": "CVE-2023-36664\nGhostscript command injection vulnerability PoC exploit\nexploit\n\n#ghostScript #exploit", "creation_timestamp": "2023-08-14T14:55:55.000000Z"}, {"uuid": "51fec60b-293d-446f-a006-a59be8d8c665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/984", "content": "\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0641\u0634\u0627 \u0634\u062f\u0647 \u062f\u0631 Ghostscript \u0642\u0628\u0644 \u0627\u0632 \u0646\u0633\u062e\u0647 10.01.2 \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0645\u06cc \u0634\u0648\u062f (\u0627\u0645\u062a\u06cc\u0627\u0632 CVSS 9.8)\n\nCVE-2023-36664 : Ghostscript &lt; 10.01.2 - command injection\nPOC : https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection", "creation_timestamp": "2024-01-26T09:48:01.000000Z"}, {"uuid": "79937e7b-ba24-4df4-9ca3-d1214891472c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4112", "content": "\ud83d\udcdfGhostscript Command Injection CVE-2023-36664 Exploit : https://system32.ink/ghostscript-command-injection-cve-2023-36664-exploit/\n\n\ud83d\udda8WPS Office Rce POC : https://system32.ink/wps-office-rce-poc/\n\n\ud83d\udca9Employers\u2019 Federation of Pakistan (EFP) Data Leak : https://system32.ink/employers-federation-of-pakistan-efp-data-leak/", "creation_timestamp": "2023-08-16T05:00:37.000000Z"}, {"uuid": "6727a5cf-fd3a-4dbb-8fec-a1ecc0482549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "seen", "source": "https://t.me/cibsecurity/65498", "content": "\u203c CVE-2023-36664 \u203c\n\nArtifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T02:40:31.000000Z"}, {"uuid": "b7c0d01c-1da2-4689-8b3a-a1014cee2587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/873", "content": "https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection\n#github", "creation_timestamp": "2023-08-14T15:05:24.000000Z"}, {"uuid": "10c98bbd-2deb-4f96-9f41-5d30819b4183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8683", "content": "#exploit\n1. CVE-2023-36664:\nGhostscript Code Execution Vulnerability\nhttps://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability\n\n2. CVE-2023-25157:\nGeoServer SQL Injection\nhttps://github.com/win3zz/CVE-2023-25157", "creation_timestamp": "2023-07-17T10:59:01.000000Z"}, {"uuid": "41e1888e-f344-40e9-ae99-a8b3e2da7843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36664", "type": "seen", "source": "https://gist.github.com/stillbigjosh/5a58fa426ea1b76221a6ce2ac9a909f6", "content": "#!/usr/bin/env bash\n# ==============================================================================\n# HTB CPTS Tool Installer \u2014 Parrot OS (HTB Edition)\n# Mirrors ~/tools directory structure from Kali box\n# Usage: bash install-tools.sh [target-dir]   (default: ~/tools)\n# ==============================================================================\n\nset -euo pipefail\n\nTOOLS_DIR=\"${1:-$HOME/tools}\"\nLOG_FILE=\"$TOOLS_DIR/install.log\"\n\nRED='\\033[0;31m'; GREEN='\\033[0;32m'; YELLOW='\\033[1;33m'; BLUE='\\033[0;34m'; NC='\\033[0m'\n\nlog()     { echo -e \"${GREEN}[+]${NC} $*\" | tee -a \"$LOG_FILE\"; }\nwarn()    { echo -e \"${YELLOW}[!]${NC} $*\" | tee -a \"$LOG_FILE\"; }\nerr()     { echo -e \"${RED}[-]${NC} $*\" | tee -a \"$LOG_FILE\"; }\nsection() { echo -e \"\\n${BLUE}[*] ===== $* =====${NC}\" | tee -a \"$LOG_FILE\"; }\n\n# ------------------------------------------------------------------------------\n# Helpers\n# ------------------------------------------------------------------------------\n\nclone() {\n    local name=\"$1\" url=\"$2\" dest=\"$3\"\n    if [ -d \"$dest/.git\" ]; then\n        warn \"$name already cloned \u2014 pulling latest\"\n        git -C \"$dest\" pull --quiet 2&gt;/dev/null || true\n    else\n        log \"Cloning $name...\"\n        if git clone --quiet --depth=1 \"$url\" \"$dest\" 2&gt;/dev/null; then\n            log \"$name cloned OK\"\n        else\n            err \"Failed to clone $name ($url)\"\n        fi\n    fi\n}\n\ndownload() {\n    local name=\"$1\" url=\"$2\" dest=\"$3\" exe=\"${4:-true}\"\n    if [ -f \"$dest\" ]; then\n        warn \"$name already exists \u2014 skipping\"\n        return\n    fi\n    log \"Downloading $name...\"\n    if curl -fsSL \"$url\" -o \"$dest\"; then\n        [ \"$exe\" = \"true\" ] &amp;&amp; chmod +x \"$dest\"\n        log \"$name downloaded OK\"\n    else\n        err \"Failed to download $name\"\n    fi\n}\n\ndownload_zip() {\n    local name=\"$1\" url=\"$2\" dest_dir=\"$3\"\n    log \"Downloading $name...\"\n    if curl -fsSL \"$url\" -o /tmp/_dl.zip &amp;&amp; unzip -q /tmp/_dl.zip -d \"$dest_dir\" &amp;&amp; rm -f /tmp/_dl.zip; then\n        log \"$name extracted OK\"\n    else\n        err \"Failed to download/extract $name\"\n        rm -f /tmp/_dl.zip\n    fi\n}\n\ndownload_tar() {\n    local name=\"$1\" url=\"$2\" dest_dir=\"$3\"\n    log \"Downloading $name...\"\n    if curl -fsSL \"$url\" | tar -xz -C \"$dest_dir\" 2&gt;/dev/null; then\n        log \"$name extracted OK\"\n    else\n        err \"Failed to download/extract $name\"\n    fi\n}\n\npip_install() {\n    local tool=\"$1\" path=\"$2\"\n    if [ -f \"$path/requirements.txt\" ]; then\n        log \"pip: installing requirements for $tool...\"\n        pip3 install -r \"$path/requirements.txt\" -q 2&gt;/dev/null || warn \"Some pip requirements failed for $tool\"\n    fi\n    if [ -f \"$path/setup.py\" ]; then\n        log \"pip: setup.py install for $tool...\"\n        pip3 install -e \"$path\" -q 2&gt;/dev/null || warn \"setup.py install failed for $tool\"\n    fi\n}\n\nbuild_make() {\n    local name=\"$1\" path=\"$2\"\n    if [ -f \"$path/Makefile\" ]; then\n        log \"make: building $name...\"\n        (cd \"$path\" &amp;&amp; make -s 2&gt;/dev/null) &amp;&amp; log \"$name built OK\" || warn \"$name make failed\"\n    fi\n}\n\nbuild_go() {\n    local name=\"$1\" path=\"$2\" out=\"${3:-$name}\"\n    if [ -f \"$path/go.mod\" ]; then\n        log \"go: building $name...\"\n        (cd \"$path\" &amp;&amp; go build -ldflags=\"-s -w\" -o \"$out\" . 2&gt;/dev/null) &amp;&amp; log \"$name built OK\" || warn \"$name go build failed\"\n    fi\n}\n\n# ==============================================================================\n# PREFLIGHT\n# ==============================================================================\n\npreflight() {\n    section \"Preflight\"\n\n    local missing=()\n    for cmd in git curl wget python3 pip3 go ruby gem make gcc unzip; do\n        command -v \"$cmd\" &amp;&gt;/dev/null || missing+=(\"$cmd\")\n    done\n\n    if [ ${#missing[@]} -gt 0 ]; then\n        warn \"Missing: ${missing[*]} \u2014 installing...\"\n        sudo apt-get update -qq 2&gt;/dev/null\n        sudo apt-get install -y git curl wget python3 python3-pip golang-go ruby ruby-dev \\\n            make gcc g++ libssl-dev libffi-dev python3-dev unzip libpcap-dev 2&gt;/dev/null || true\n    fi\n\n    log \"Creating directory structure...\"\n    mkdir -p \"$TOOLS_DIR\"/{Activedir,Payloads,Pivot}\n    mkdir -p \"$TOOLS_DIR\"/Recon/{Linux,Network,Web,Windows}\n    mkdir -p \"$TOOLS_DIR\"/Privesc/{Windows,Linux,App}\n    &gt; \"$LOG_FILE\"\n}\n\n# ==============================================================================\n# ACTIVE DIRECTORY\n# ==============================================================================\n\ninstall_activedir() {\n    section \"Active Directory Tools\"\n    local D=\"$TOOLS_DIR/Activedir\"\n\n    clone \"adidnsdump\"              \"https://github.com/dirkjanm/adidnsdump.git\"                                    \"$D/adidnsdump\"\n    pip_install \"adidnsdump\"        \"$D/adidnsdump\"\n\n    clone \"Certipy\"                 \"https://github.com/dru1d-foofus/Certipy\"                                       \"$D/Certipy\"\n    pip_install \"Certipy\"           \"$D/Certipy\"\n\n    clone \"CVE-2021-1675\"           \"https://github.com/cube0x0/CVE-2021-1675.git\"                                  \"$D/CVE-2021-1675\"\n\n    clone \"gMSADumper\"              \"https://github.com/micahvandeusen/gMSADumper.git\"                              \"$D/gMSADumper\"\n    pip_install \"gMSADumper\"        \"$D/gMSADumper\"\n\n    clone \"kerbrute\"                \"https://github.com/ropnop/kerbrute.git\"                                        \"$D/kerbrute\"\n    build_go \"kerbrute\"             \"$D/kerbrute\" \"kerbrute\"\n\n    clone \"krbrelayx\"               \"https://github.com/dirkjanm/krbrelayx.git\"                                     \"$D/krbrelayx\"\n    pip_install \"krbrelayx\"         \"$D/krbrelayx\"\n\n    clone \"NetNTLMtoSilverTicket\"   \"https://github.com/NotMedic/NetNTLMtoSilverTicket.git\"                         \"$D/NetNTLMtoSilverTicket\"\n\n    clone \"noPac\"                   \"https://github.com/Ridter/noPac.git\"                                           \"$D/noPac\"\n    pip_install \"noPac\"             \"$D/noPac\"\n\n    clone \"PassTheCert\"             \"https://github.com/AlmondOffSec/PassTheCert.git\"                               \"$D/PassTheCert\"\n\n    clone \"PetitPotam\"              \"https://github.com/topotam/PetitPotam.git\"                                     \"$D/PetitPotam\"\n\n    clone \"PKINITtools\"             \"https://github.com/dirkjanm/PKINITtools.git\"                                   \"$D/PKINITtools\"\n    pip_install \"PKINITtools\"       \"$D/PKINITtools\"\n\n    clone \"pywhisker\"               \"https://github.com/ShutdownRepo/pywhisker.git\"                                 \"$D/pywhisker\"\n    pip_install \"pywhisker\"         \"$D/pywhisker\"\n\n    clone \"Security-Assessment-PS\"  \"https://github.com/itzvenom/Security-Assessment-PS.git\"                        \"$D/Security-Assessment-PS\"\n\n    clone \"targetedKerberoast\"      \"https://github.com/ShutdownRepo/targetedKerberoast.git\"                        \"$D/targetedKerberoast\"\n    pip_install \"targetedKerberoast\" \"$D/targetedKerberoast\"\n\n    clone \"windapsearch\"            \"https://github.com/ropnop/windapsearch.git\"                                    \"$D/windapsearch\"\n    pip_install \"windapsearch\"      \"$D/windapsearch\"\n\n    # BloodHound CLI (precompiled)\n    if [ ! -f \"$D/bloodhound/bloodhound-cli\" ]; then\n        mkdir -p \"$D/bloodhound\"\n        local BH_URL\n        BH_URL=$(curl -fsSL \"https://api.github.com/repos/SpecterOps/BloodHound/releases/latest\" \\\n            | grep -o '\"browser_download_url\": *\"[^\"]*bloodhound-cli-linux-amd64\\.tar\\.gz\"' \\\n            | grep -o 'https://[^\"]*' | head -1)\n        if [ -n \"$BH_URL\" ]; then\n            download_tar \"BloodHound CLI\" \"$BH_URL\" \"$D/bloodhound\"\n            chmod +x \"$D/bloodhound/bloodhound-cli\" 2&gt;/dev/null || true\n        else\n            warn \"BloodHound CLI: could not resolve download URL \u2014 check github.com/SpecterOps/BloodHound/releases\"\n        fi\n    else\n        warn \"BloodHound CLI already present\"\n    fi\n\n    # Rubeus (precompiled \u2014 Ghostpack)\n    if [ ! -f \"$D/Rubeus/Rubeus.exe\" ]; then\n        mkdir -p \"$D/Rubeus\"\n        download \"Rubeus.exe\" \\\n            \"https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/Rubeus.exe\" \\\n            \"$D/Rubeus/Rubeus.exe\" \"false\"\n    else\n        warn \"Rubeus.exe already present\"\n    fi\n}\n\n# ==============================================================================\n# PAYLOADS\n# ==============================================================================\n\ninstall_payloads() {\n    section \"Payload Tools\"\n    local D=\"$TOOLS_DIR/Payloads\"\n\n    clone \"CVE-2023-36664 Ghostscript\" \"https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection.git\" \"$D/Ghostscript\"\n    clone \"nishang\"                    \"https://github.com/samratashok/nishang.git\"                                     \"$D/nishang\"\n    clone \"ntlm_theft\"                 \"https://github.com/Greenwolf/ntlm_theft.git\"                                    \"$D/ntlm_theft\"\n    clone \"php-reverse-shell\"          \"https://github.com/pentestmonkey/php-reverse-shell.git\"                         \"$D/php-reverse-shell\"\n    clone \"reverse_shell_splunk\"       \"https://github.com/0xjpuff/reverse_shell_splunk.git\"                            \"$D/reverse_shell_splunk\"\n    clone \"wwwolf-php-webshell\"        \"https://github.com/WhiteWinterWolf/wwwolf-php-webshell.git\"                     \"$D/wwwolf-php-webshell\"\n\n    # RunasCs (precompiled)\n    if [ ! -f \"$D/RunasCs/RunasCs.exe\" ]; then\n        mkdir -p \"$D/RunasCs\"\n        download_zip \"RunasCs\" \\\n            \"https://github.com/antonioCoco/RunasCs/releases/latest/download/RunasCs.zip\" \\\n            \"$D/RunasCs\"\n    else\n        warn \"RunasCs (Payloads) already present\"\n    fi\n\n    # ysoserial.net (precompiled)\n    if [ ! -f \"$D/ysoserial/ysoserial.exe\" ]; then\n        mkdir -p \"$D/ysoserial\"\n        local YSOS_URL\n        YSOS_URL=$(curl -fsSL \"https://api.github.com/repos/pwntester/ysoserial.net/releases/latest\" \\\n            | grep -o '\"browser_download_url\": *\"[^\"]*\\.zip\"' \\\n            | grep -o 'https://[^\"]*' | head -1)\n        if [ -n \"$YSOS_URL\" ]; then\n            download_zip \"ysoserial.net\" \"$YSOS_URL\" \"$D/ysoserial\"\n        else\n            warn \"ysoserial.net: could not resolve download URL \u2014 check github.com/pwntester/ysoserial.net/releases\"\n        fi\n    else\n        warn \"ysoserial already present\"\n    fi\n}\n\n# ==============================================================================\n# PIVOT / TUNNELING\n# ==============================================================================\n\ninstall_pivot() {\n    section \"Pivot / Tunneling Tools\"\n    local D=\"$TOOLS_DIR/Pivot\"\n\n    # chisel \u2014 build from source\n    clone \"chisel\" \"https://github.com/jpillora/chisel.git\" \"$D/chisel\"\n    build_go \"chisel\" \"$D/chisel\" \"chisel\"\n\n    # dnscat2 \u2014 Ruby server + C client\n    clone \"dnscat2\" \"https://github.com/iagox86/dnscat2.git\" \"$D/dnscat2\"\n    if [ -f \"$D/dnscat2/server/Gemfile\" ]; then\n        log \"Installing dnscat2 gems...\"\n        (cd \"$D/dnscat2/server\" &amp;&amp; gem install bundler -q 2&gt;/dev/null &amp;&amp; bundle install -q 2&gt;/dev/null) \\\n            || warn \"dnscat2 gem install failed\"\n    fi\n    if [ -f \"$D/dnscat2/client/Makefile\" ]; then\n        log \"Building dnscat2 C client...\"\n        (cd \"$D/dnscat2/client\" &amp;&amp; make -s 2&gt;/dev/null) &amp;&amp; log \"dnscat2 client built OK\" || warn \"dnscat2 client build failed\"\n    fi\n\n    clone \"dnscat2-powershell\" \"https://github.com/lukebaggett/dnscat2-powershell.git\" \"$D/dnscat2-powershell\"\n\n    # ptunnel-ng \u2014 build from source\n    clone \"ptunnel-ng\" \"https://github.com/utoni/ptunnel-ng.git\" \"$D/ptunnel-ng\"\n    if [ -f \"$D/ptunnel-ng/autogen.sh\" ]; then\n        log \"Building ptunnel-ng...\"\n        (cd \"$D/ptunnel-ng\" &amp;&amp; ./autogen.sh 2&gt;/dev/null &amp;&amp; make -s 2&gt;/dev/null) \\\n            &amp;&amp; log \"ptunnel-ng built OK\" || warn \"ptunnel-ng build failed\"\n    else\n        build_make \"ptunnel-ng\" \"$D/ptunnel-ng\"\n    fi\n\n    clone \"rpivot\" \"https://github.com/klsecservices/rpivot.git\" \"$D/rpivot\"\n\n    # ligolo-ng (precompiled \u2014 no public git repo with source in original)\n    local LIGOLO_DIR=\"$D/ligolo-ng\"\n    if [ ! -f \"$LIGOLO_DIR/proxy\" ]; then\n        mkdir -p \"$LIGOLO_DIR\"\n        local LIGOLO_VER\n        LIGOLO_VER=$(curl -fsSL \"https://api.github.com/repos/nicocha30/ligolo-ng/releases/latest\" \\\n            | grep '\"tag_name\"' | grep -o 'v[0-9.]*' | head -1)\n        LIGOLO_VER=\"${LIGOLO_VER:-v0.8.2}\"\n        log \"Downloading ligolo-ng $LIGOLO_VER...\"\n        download_tar \"ligolo-ng proxy (linux)\"  \\\n            \"https://github.com/nicocha30/ligolo-ng/releases/download/$LIGOLO_VER/ligolo-ng_proxy_${LIGOLO_VER#v}_linux_amd64.tar.gz\" \\\n            \"$LIGOLO_DIR\" || \\\n        download_tar \"ligolo-ng proxy (linux, alt URL)\" \\\n            \"https://github.com/nicocha30/ligolo-ng/releases/download/$LIGOLO_VER/ligolo-ng_proxy_linux_amd64.tar.gz\" \\\n            \"$LIGOLO_DIR\"\n        chmod +x \"$LIGOLO_DIR/proxy\" 2&gt;/dev/null || true\n\n        download_tar \"ligolo-ng agent (linux)\" \\\n            \"https://github.com/nicocha30/ligolo-ng/releases/download/$LIGOLO_VER/ligolo-ng_agent_${LIGOLO_VER#v}_linux_amd64.tar.gz\" \\\n            \"$LIGOLO_DIR\" || true\n        chmod +x \"$LIGOLO_DIR/agent\" 2&gt;/dev/null || true\n\n        download_zip \"ligolo-ng agent (windows)\" \\\n            \"https://github.com/nicocha30/ligolo-ng/releases/download/$LIGOLO_VER/ligolo-ng_agent_${LIGOLO_VER#v}_windows_amd64.zip\" \\\n            \"$LIGOLO_DIR\" || true\n    else\n        warn \"ligolo-ng already present\"\n    fi\n}\n\n# ==============================================================================\n# PRIVILEGE ESCALATION\n# ==============================================================================\n\ninstall_privesc() {\n    section \"Privilege Escalation Tools\"\n    local GHOSTPACK=\"https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master\"\n\n    # ---- Windows ----\n    local DW=\"$TOOLS_DIR/Privesc/Windows\"\n\n    clone \"Windows-PrivEsc-Cookbook\"  \"https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook.git\" \"$DW/Cookbook\"\n    clone \"EnableAllTokenPrivs\"       \"https://github.com/fashionproof/EnableAllTokenPrivs.git\"                       \"$DW/EnableAllTokenPrivs\"\n    clone \"EoPLoadDriver\"             \"https://github.com/TarlogicSecurity/EoPLoadDriver.git\"                         \"$DW/EoPLoadDriver\"\n    clone \"psgetsystem\"               \"https://github.com/decoder-it/psgetsystem.git\"                                 \"$DW/psgetsystem\"\n    clone \"RoguePlanet\"               \"https://github.com/MSNightmare/RoguePlanet.git\"                                \"$DW/RoguePlanet\"\n    clone \"SeTcbPrivilege_escalation\" \"https://github.com/mSameerMalik/SeTcbPrivilege_escalation.git\"                \"$DW/SeTcbPrivilege_escalation\"\n\n    # GodPotato\n    if [ ! -f \"$DW/GodPotato/GodPotato-NET4.exe\" ]; then\n        mkdir -p \"$DW/GodPotato\"\n        download \"GodPotato-NET4.exe\" \\\n            \"https://github.com/BeichenDream/GodPotato/releases/latest/download/GodPotato-NET4.exe\" \\\n            \"$DW/GodPotato/GodPotato-NET4.exe\" \"false\"\n    else\n        warn \"GodPotato already present\"\n    fi\n\n    # JuicyPotato\n    if [ ! -f \"$DW/JuicyPotato/JuicyPotato.exe\" ]; then\n        mkdir -p \"$DW/JuicyPotato\"\n        download \"JuicyPotato.exe\" \\\n            \"https://github.com/ohpe/juicy-potato/releases/latest/download/JuicyPotato.exe\" \\\n            \"$DW/JuicyPotato/JuicyPotato.exe\" \"false\"\n    else\n        warn \"JuicyPotato already present\"\n    fi\n\n    # PrintSpoofer\n    if [ ! -f \"$DW/PrintSpoofer/PrintSpoofer64.exe\" ]; then\n        mkdir -p \"$DW/PrintSpoofer\"\n        download \"PrintSpoofer64.exe\" \\\n            \"https://github.com/itm4n/PrintSpoofer/releases/latest/download/PrintSpoofer64.exe\" \\\n            \"$DW/PrintSpoofer/PrintSpoofer64.exe\" \"false\"\n        download \"PrintSpoofer32.exe\" \\\n            \"https://github.com/itm4n/PrintSpoofer/releases/latest/download/PrintSpoofer32.exe\" \\\n            \"$DW/PrintSpoofer/PrintSpoofer32.exe\" \"false\"\n    else\n        warn \"PrintSpoofer already present\"\n    fi\n\n    # FullPowers\n    if [ ! -f \"$DW/FullPowers/FullPowers.exe\" ]; then\n        mkdir -p \"$DW/FullPowers\"\n        download \"FullPowers.exe\" \\\n            \"https://github.com/itm4n/FullPowers/releases/latest/download/FullPowers.exe\" \\\n            \"$DW/FullPowers/FullPowers.exe\" \"false\"\n    else\n        warn \"FullPowers already present\"\n    fi\n\n    # RunasCs\n    if [ ! -f \"$DW/RunasCs/RunasCs.exe\" ]; then\n        mkdir -p \"$DW/RunasCs\"\n        download_zip \"RunasCs (Privesc)\" \\\n            \"https://github.com/antonioCoco/RunasCs/releases/latest/download/RunasCs.zip\" \\\n            \"$DW/RunasCs\"\n    else\n        warn \"RunasCs (Privesc) already present\"\n    fi\n\n    # Ghostpack binaries: Seatbelt, SharpUp, SharpChrome\n    for bin in Seatbelt.exe SharpUp.exe SharpChrome.exe; do\n        local bname=\"${bin%%.*}\"\n        mkdir -p \"$DW/$bname\"\n        if [ ! -f \"$DW/$bname/$bin\" ]; then\n            download \"$bin\" \"$GHOSTPACK/$bin\" \"$DW/$bname/$bin\" \"false\"\n        else\n        warn \"$bin already present\"\n    fi\n    done\n\n    # SeBackupPrivilege DLLs\n    if [ ! -f \"$DW/SeBackupPrivilege/SeBackupPrivilegeCmdLets.dll\" ]; then\n        mkdir -p \"$DW/SeBackupPrivilege\"\n        local SBP_BASE=\"https://github.com/giuliano108/SeBackupPrivilege/raw/master/SeBackupPrivilegeCmdLets/bin/Debug\"\n        download \"SeBackupPrivilegeCmdLets.dll\" \"$SBP_BASE/SeBackupPrivilegeCmdLets.dll\" \"$DW/SeBackupPrivilege/SeBackupPrivilegeCmdLets.dll\" \"false\"\n        download \"SeBackupPrivilegeUtils.dll\"   \"$SBP_BASE/SeBackupPrivilegeUtils.dll\"   \"$DW/SeBackupPrivilege/SeBackupPrivilegeUtils.dll\"   \"false\"\n    else\n        warn \"SeBackupPrivilege already present\"\n    fi\n\n    # LaZagne.exe (Windows)\n    if [ ! -f \"$DW/LaZagne/LaZagne.exe\" ]; then\n        mkdir -p \"$DW/LaZagne\"\n        download \"LaZagne.exe\" \\\n            \"https://github.com/AlessandroZ/LaZagne/releases/latest/download/LaZagne.exe\" \\\n            \"$DW/LaZagne/LaZagne.exe\" \"false\"\n    else\n        warn \"LaZagne.exe (Privesc/Windows) already present\"\n    fi\n\n    # ---- Linux ----\n    local DL=\"$TOOLS_DIR/Privesc/Linux\"\n\n    clone \"CVE-2021-3156 BaronSamedit\" \"https://github.com/blasty/CVE-2021-3156.git\"                          \"$DL/Baronsamedit\"\n    build_make \"CVE-2021-3156\"         \"$DL/Baronsamedit\"\n\n    clone \"CVE-2022-2588 DirtyCred\"    \"https://github.com/Markakd/CVE-2022-2588.git\"                         \"$DL/DirtyCred\"\n\n    clone \"CVE-2022-0847 DirtyPipe\"    \"https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits.git\"  \"$DL/DirtyPipe\"\n    build_make \"CVE-2022-0847\"         \"$DL/DirtyPipe\"\n\n    clone \"fail2ban exploit\"           \"https://github.com/rvizx/fail2ban.git\"                                 \"$DL/fail2ban\"\n\n    clone \"CVE-2023-2640 GameOverlay\"  \"https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629.git\"             \"$DL/GameOverlay\"\n\n    clone \"CVE-2021-3493 OverlayFS\"    \"https://github.com/briskets/CVE-2021-3493.git\"                        \"$DL/OverlayFS-CVE-2021-3493\"\n    if [ -f \"$DL/OverlayFS-CVE-2021-3493/exploit.c\" ]; then\n        log \"Compiling CVE-2021-3493...\"\n        gcc \"$DL/OverlayFS-CVE-2021-3493/exploit.c\" -o \"$DL/OverlayFS-CVE-2021-3493/exploit\" 2&gt;/dev/null \\\n            &amp;&amp; log \"CVE-2021-3493 compiled OK\" || warn \"CVE-2021-3493 compile failed\"\n    fi\n\n    clone \"CVE-2023-0386 OverlayFS\"    \"https://github.com/xkaneiki/CVE-2023-0386\"                            \"$DL/OverlayFS-CVE-2023-0386\"\n    build_make \"CVE-2023-0386\"         \"$DL/OverlayFS-CVE-2023-0386\"\n\n    clone \"PwnKit\"                     \"https://github.com/ly4k/PwnKit\"                                        \"$DL/PwnKit\"\n    build_make \"PwnKit\"                \"$DL/PwnKit\"\n\n    clone \"CVE-2024-1086\"              \"https://github.com/Notselwyn/CVE-2024-1086\"                            \"$DL/use_after_free-CVE-2024-1086\"\n\n    # ---- App ----\n    clone \"Nexus-Sonatype-RCE\" \\\n        \"https://github.com/aaryan-11-x/Nexus-Sonatype-Repository-Manager-Groovy-Script-RCE-Authenticated-.git\" \\\n        \"$TOOLS_DIR/Privesc/App/Nexus-Sonatype-Repository-Manager\"\n}\n\n# ==============================================================================\n# RECON\n# ==============================================================================\n\ninstall_recon() {\n    section \"Reconnaissance Tools\"\n\n    # ---- Linux ----\n    local DL=\"$TOOLS_DIR/Recon/Linux\"\n\n    clone \"LaZagne\"          \"https://github.com/AlessandroZ/LaZagne.git\"              \"$DL/LaZagne\"\n    pip_install \"LaZagne\"    \"$DL/LaZagne\"\n\n    clone \"LinEnum\"          \"https://github.com/rebootuser/LinEnum.git\"               \"$DL/LinEnum\"\n    chmod +x \"$DL/LinEnum/LinEnum.sh\" 2&gt;/dev/null || true\n\n    clone \"linuxprivchecker\" \"https://github.com/sleventyeleven/linuxprivchecker.git\"  \"$DL/linuxprivchecker\"\n\n    clone \"mimipenguin\"      \"https://github.com/huntergregal/mimipenguin.git\"         \"$DL/mimipenguin\"\n    build_make \"mimipenguin\" \"$DL/mimipenguin\"\n\n    # linpeas (precompiled)\n    if [ ! -f \"$DL/linpeas/linpeas.sh\" ]; then\n        mkdir -p \"$DL/linpeas\"\n        download \"linpeas.sh\" \\\n            \"https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh\" \\\n            \"$DL/linpeas/linpeas.sh\"\n    else\n        warn \"linpeas already present\"\n    fi\n\n    # pspy (precompiled)\n    if [ ! -f \"$DL/pspy/pspy64\" ]; then\n        mkdir -p \"$DL/pspy\"\n        download \"pspy64\" \"https://github.com/DominicBreuker/pspy/releases/latest/download/pspy64\" \"$DL/pspy/pspy64\"\n        download \"pspy32\" \"https://github.com/DominicBreuker/pspy/releases/latest/download/pspy32\" \"$DL/pspy/pspy32\"\n    else\n        warn \"pspy already present\"\n    fi\n\n    # ---- Network ----\n    local DN=\"$TOOLS_DIR/Recon/Network\"\n\n    clone \"PCredz\"           \"https://github.com/lgandx/PCredz.git\"                   \"$DN/PCredz\"\n    pip_install \"PCredz\"     \"$DN/PCredz\"\n\n    # nmap static binary\n    if [ ! -f \"$DN/nmap-static-binary/nmap\" ]; then\n        mkdir -p \"$DN/nmap-static-binary\"\n        download \"nmap (static linux)\" \\\n            \"https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/nmap\" \\\n            \"$DN/nmap-static-binary/nmap\"\n        download \"nmap.exe (static win)\" \\\n            \"https://github.com/andrew-d/static-binaries/raw/master/binaries/windows/x86/nmap.exe\" \\\n            \"$DN/nmap-static-binary/nmap.exe\" \"false\"\n    else\n        warn \"nmap static binary already present\"\n    fi\n\n    # rustscan\n    if [ ! -f \"$DN/rustscan/rustscan\" ]; then\n        mkdir -p \"$DN/rustscan\"\n        log \"Downloading rustscan...\"\n        local RS_URL\n        RS_URL=$(curl -fsSL \"https://api.github.com/repos/RustScan/RustScan/releases/latest\" \\\n            | grep -o '\"browser_download_url\": *\"[^\"]*amd64\\.deb\"' \\\n            | grep -o 'https://[^\"]*' | head -1)\n        if [ -n \"$RS_URL\" ]; then\n            curl -fsSL \"$RS_URL\" -o /tmp/rustscan.deb \\\n                &amp;&amp; sudo dpkg -i /tmp/rustscan.deb \\\n                &amp;&amp; cp \"$(command -v rustscan)\" \"$DN/rustscan/rustscan\" 2&gt;/dev/null \\\n                &amp;&amp; rm -f /tmp/rustscan.deb \\\n                || warn \"rustscan install failed\"\n        else\n            warn \"rustscan: could not resolve .deb URL \u2014 check github.com/RustScan/RustScan/releases\"\n        fi\n    else\n        warn \"rustscan already present\"\n    fi\n\n    # ---- Web ----\n    local DW=\"$TOOLS_DIR/Recon/Web\"\n\n    clone \"Bashfuscator\"      \"https://github.com/Bashfuscator/Bashfuscator\"           \"$DW/Bashfuscator\"\n    pip_install \"Bashfuscator\" \"$DW/Bashfuscator\"\n\n    clone \"FinalRecon\"        \"https://github.com/thewhiteh4t/FinalRecon.git\"          \"$DW/FinalRecon\"\n    pip_install \"FinalRecon\"  \"$DW/FinalRecon\"\n\n    clone \"liffy\"             \"https://github.com/mzfr/liffy.git\"                      \"$DW/liffy\"\n    pip_install \"liffy\"       \"$DW/liffy\"\n\n    clone \"Security-Wordlist\" \"https://github.com/DragonJAR/Security-Wordlist.git\"     \"$DW/Security-Wordlist\"\n\n    clone \"subbrute\"          \"https://github.com/TheRook/subbrute.git\"                \"$DW/subbrute\"\n\n    clone \"username-anarchy\"  \"https://github.com/urbanadventurer/username-anarchy.git\" \"$DW/username-anarchy\"\n\n    clone \"XSStrike\"          \"https://github.com/s0md3v/XSStrike.git\"                 \"$DW/XSStrike\"\n    pip_install \"XSStrike\"    \"$DW/XSStrike\"\n\n    # Aquatone (precompiled)\n    if [ ! -f \"$DW/Aquatone/aquatone\" ]; then\n        mkdir -p \"$DW/Aquatone\"\n        local AQ_URL\n        AQ_URL=$(curl -fsSL \"https://api.github.com/repos/michenriksen/aquatone/releases/latest\" \\\n            | grep -o '\"browser_download_url\": *\"[^\"]*linux_amd64[^\"]*\\.zip\"' \\\n            | grep -o 'https://[^\"]*' | head -1)\n        if [ -n \"$AQ_URL\" ]; then\n            download_zip \"aquatone\" \"$AQ_URL\" \"$DW/Aquatone\"\n            chmod +x \"$DW/Aquatone/aquatone\" 2&gt;/dev/null || true\n        else\n            warn \"aquatone: could not resolve download URL\"\n        fi\n    else\n        warn \"aquatone already present\"\n    fi\n\n    # ---- Windows ----\n    local DWWIN=\"$TOOLS_DIR/Recon/Windows\"\n    local GHOSTPACK=\"https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master\"\n\n    for bin in Seatbelt.exe SharpChrome.exe SharpUp.exe; do\n        if [ ! -f \"$DWWIN/$bin\" ]; then\n            download \"$bin\" \"$GHOSTPACK/$bin\" \"$DWWIN/$bin\" \"false\"\n        else\n        warn \"$bin (Recon/Windows) already present\"\n    fi\n    done\n\n    # LaZagne.exe (Windows recon copy)\n    if [ ! -f \"$DWWIN/LaZagne.exe\" ]; then\n        download \"LaZagne.exe (Recon/Windows)\" \\\n            \"https://github.com/AlessandroZ/LaZagne/releases/latest/download/LaZagne.exe\" \\\n            \"$DWWIN/LaZagne.exe\" \"false\"\n    else\n        warn \"LaZagne.exe (Recon/Windows) already present\"\n    fi\n}\n\n# ==============================================================================\n# SUMMARY\n# ==============================================================================\n\nprint_summary() {\n    section \"Installation Complete\"\n    log \"Tools installed to: $TOOLS_DIR\"\n    log \"Log file: $LOG_FILE\"\n\n    local warns errors\n    warns=$(grep -c '^\\[!\\]' \"$LOG_FILE\" 2&gt;/dev/null || echo 0)\n    errors=$(grep -c '^\\[-\\]' \"$LOG_FILE\" 2&gt;/dev/null || echo 0)\n\n    echo \"\"\n    echo -e \"${YELLOW}Warnings:${NC} $warns  ${RED}Errors:${NC} $errors\"\n    echo \"\"\n    if [ \"$errors\" -gt 0 ]; then\n        echo -e \"${RED}Failed installs:${NC}\"\n        grep '^\\[-\\]' \"$LOG_FILE\"\n    fi\n    echo \"\"\n    echo -e \"${YELLOW}NOTE:${NC} Windows .exe files are ready to transfer to target hosts.\"\n    echo -e \"${YELLOW}NOTE:${NC} Python tools with venvs may need: python3 -m venv venv &amp;&amp; pip3 install -r requirements.txt\"\n    echo -e \"${YELLOW}NOTE:${NC} Some C exploits may need kernel-version-specific recompilation on target.\"\n}\n\n# ==============================================================================\n# MAIN\n# ==============================================================================\n\nmain() {\n    echo -e \"${BLUE}\"\n    cat &lt;&lt;'BANNER'\n  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n  \u2551   HTB CPTS Tool Installer \u2014 Parrot OS (HTB Edition)  \u2551\n  \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\nBANNER\n    echo -e \"  Tools Dir : $TOOLS_DIR\"\n    echo -e \"  Log File  : $LOG_FILE${NC}\"\n    echo \"\"\n\n    preflight\n    install_activedir\n    install_payloads\n    install_pivot\n    install_privesc\n    install_recon\n    print_summary\n}\n\nmain \"$@\"\n", "creation_timestamp": "2026-07-01T20:11:34.003798Z"}]}