• Stars
    star
    124
  • Rank 288,207 (Top 6 %)
  • Language
    PowerShell
  • Created almost 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A set of recipes useful in pentesting and red teaming scenarios

pentesting-cookbook

A set of recipes useful in pentesting and red teaming scenarios

Snippets, code samples and hints used in penetration tests stored in a single repository so it can be quickly accessed and searched during the assessments.

Structure

  • bin Handy utilities to be run locally
  • snippets All things useful to be run remotely, code snippets, examples etc
  • Notes.* All sort of helpers, lists and notes not necessarily related to specific service or stage
  • Target.Host.OS.* - Things that can be done once foothold is established
  • Target.Host.Service.* - Commands useful in enumeration and exploitation of particular service
  • Target.Network.* - Commands related to scanning and moving around networks
  • Target.Recon.* - Typical recon like DNS enumeration, OSINT etc.

Formatting rules

  • If there are more than three levels of hierarchy the file needs to be split.
  • Sources (scripts) are located in the snippets directory (referenced by @).
  • Conventions:
    • ~ commands
    • @ file references
    • - lists
    • -- comments (above the commented line)
    • OS specific commands:
      • ~$ (Linux, defaults to Bash)
      • ~# (Linux - root required)
      • ~> (Windows)
    • Shell specific commands:
      • ~PS> (Powershell)
  • Variables:
    • VAR_ATTACKER_HOST
    • VAR_ATTACKER_PORT
    • VAR_TARGET_DOMAIN
    • VAR_TARGET_HOST
    • VAR_TARGET_PORT
    • VAR_TARGET_CIDR
    • VAR_TARGET_RANGE
    • VAR_TARGET_FILE
    • VAR_USERNAME
    • VAR_PASSWORD
    • VAR_NT_HASH
    • VAR_LM_HASH (blank LM hash: aad3b435b51404eeaad3b435b51404ee)
    • VAR_STRING
    • VAR_INTEGER
    • VAR_HEX
    • VAR_WORDLIST
    • VAR_WORDLIST_* (VAR_WORDLIST_USERNAME, VAR_WORDLIST_PASSWORD etc)
    • VAR_*_HOST (VAR_FTP_HOST, VAR_ZOMBIE_HOST, VAR_PROXY_HOST etc)