pentesting-cookbook
A set of recipes useful in pentesting and red teaming scenarios
Snippets, code samples and hints used in penetration tests stored in a single repository so it can be quickly accessed and searched during the assessments.
Structure
bin
Handy utilities to be run locallysnippets
All things useful to be run remotely, code snippets, examples etcNotes.*
All sort of helpers, lists and notes not necessarily related to specific service or stageTarget.Host.OS.*
- Things that can be done once foothold is establishedTarget.Host.Service.*
- Commands useful in enumeration and exploitation of particular serviceTarget.Network.*
- Commands related to scanning and moving around networksTarget.Recon.*
- Typical recon like DNS enumeration, OSINT etc.
Formatting rules
- If there are more than three levels of hierarchy the file needs to be split.
- Sources (scripts) are located in the
snippets
directory (referenced by@
). - Conventions:
~
commands@
file references-
lists--
comments (above the commented line)- OS specific commands:
~$
(Linux, defaults to Bash)~#
(Linux - root required)~>
(Windows)
- Shell specific commands:
~PS>
(Powershell)
- Variables:
VAR_ATTACKER_HOST
VAR_ATTACKER_PORT
VAR_TARGET_DOMAIN
VAR_TARGET_HOST
VAR_TARGET_PORT
VAR_TARGET_CIDR
VAR_TARGET_RANGE
VAR_TARGET_FILE
VAR_USERNAME
VAR_PASSWORD
VAR_NT_HASH
VAR_LM_HASH
(blank LM hash: aad3b435b51404eeaad3b435b51404ee)VAR_STRING
VAR_INTEGER
VAR_HEX
VAR_WORDLIST
VAR_WORDLIST_*
(VAR_WORDLIST_USERNAME
,VAR_WORDLIST_PASSWORD
etc)VAR_*_HOST
(VAR_FTP_HOST
,VAR_ZOMBIE_HOST
,VAR_PROXY_HOST
etc)