looter

looter.py is an automated looting script will collect relevant data for someone who gained root access to a box.

looter.py is an automated looting script will collect relevant data for someone who gained root access to a box.

This script will crawl through a box and quickly collect useful information for an attacker. The script will determine which OS it is on to ensure compatibility before attempting to collect anything. The nest egg (collection stash) location will be in the present working directory of the script unless specified by the user.
This script makes an attempt is made to copy relevant files including but not limited to /etc/passwd, /etc/shadow, ~/.bash_history, known_hosts etc to the nest egg location. Once everything is collected, the files are prepared and zipped for exfiltration. Currently, the script uses netcat to create a network connection to a listening post for exfiltration.

looter

Looter script – collects juicy data for malicious use.

The goal is to be discreet and the script will shred logs, avoid writing to bash_history, and cover its own tracks after performing collections.
This Python script has been tested on Kali Linux 2.0, 2016.1 & 2016.2 x64 & x32 bit with Python 2.7.12.

Use:

Source: https://github.com/Murbie