Rowbot's PenTest Notes
Rowbot's PenTest Notes
www.OffSecNewbie.com
Intro
Pre-engagement
General methodology
OSCP Templates
Recon
Attack Types
Network
Shells
Port Forwarding / SSH Tunneling
Transferring files
Web
SQL
Password cracking
Useful Linux Commands
Android
Buffer Overflow
TCP Dump and Wireshark Commands
Privilege Escalation
Linux
Windows
Kali Configuration
bash_aliases file
Terminator Configuration
Tmux Configuration
Fish Config
Useful things to Install
Automated
Tools
Videos
IppSec Videos
The Cyber Mentor
VMs Similar to OSCP
Machines Similar to OSCP
Search Ippsec's Videos
Search Ippsec's Videos
Pcap Analysis
Pcap analysis
RegEx
MSFvenom Cheetsheet
Support me
Donate
Powered by GitBook

Useful things to Install

Hotwax

https://github.com/BrashEndeavours/hotwax

Hotwax is a script to provision a set of extra pentesting tools onto a Kali Linux machine in a consistent manner.

Tools updated:

Samba 4.10.8 (smbclient,rpcclient,nmblookup - Patched to fix issues with polenum, enum4linux, and restoring smbclient connection output.
enum4linux - Fix minor parsing issues. Updates temporarily included by BrashEndeavours fork, until PR is merged.

Tools installed:

AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
chisel - A fast TCP tunnel over HTTP
gobuster - Directory/File, DNS and VHost busting tool written in Go
LinEnum - Local Linux Enumeration & Privilege Escalation Script
nishang - Framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing.
One-Lin3r - On demand one-liners that aid in penetration testing operations, privilege escalation and more
PowerSploit - Collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.
pspy - Monitor linux processes without root permissions.
SecLists - Collection of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and more.
sherlock - Find usernames across social networks.
sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
webshell - This is a webshell open source project.
Windows PHP Reverse Shell - Simple php reverse shell implemented using binary, based on an webshell.
OSCP Exam Report Template - Modified template for the OSCP Exam

Check out One-Lin3r it's particularly useful

To enable access to script from any directory, example below

ln -n ~/go/bin/hakrawler /usr/local/bin/

Enum4LinuxPy

https://github.com/0v3rride/Enum4LinuxPy

The original Perl version has a number of outstanding issues that have been open for over a year and have not been addressed. This results in mangled output, errors, etc.

grc - frontend for generic colouriser grcat

apt install grc
alias nmap='grc nmap'

​

Kali Configuration - Previous
Fish Config
Next - Automated
Tools
Last updated 2 months ago
Contents
Hotwax
Enum4LinuxPy
grc - frontend for generic colouriser grcat