Skip to content
This script provisions a host to be used for pentesting labs and CTF games, such as HackTheBox and VulnHub. It consists of tools and configurations that I have consistently used and many extras that others may find useful for various situations. It is especially useful if you require persistence and/or prefer to use a remote host.
Branch: master
Clone or download
Latest commit 61c6df6 May 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit May 11, 2019
README.md Update README.md May 23, 2019
install.sh Update install.sh May 23, 2019

README.md

Introduction and Purpose

  • This script provisions a host to be used for pentesting labs and CTF games, such as HackTheBox and VulnHub. It consists of tools and configurations that I have consistently used and many extras that others may find useful for various situations. It is especially useful if you require persistence and/or prefer to use a remote host, such as an AWS instance, rather than a local VM.

Installation

  1. Create an Ubuntu 18.04 or 19.04 host
  2. Place install.sh in the /home/$USER folder
  3. chmod +x install.sh
  4. Run with ./install.sh (do not run as root or sudo)

Notes

  • Only tested on Ubuntu 18.04 and Ubuntu 19.04 (server and desktop)
  • After installation, run scripts in /recon as root

Packages and Tools

  • masscan
  • nmap
  • zmap
  • ufw
  • php-curl
  • nginx
  • netdiscover
  • apache2
  • html2text
  • hashcat
  • hashid
  • python
  • python-pip
  • python3
  • python3-pip
  • curl
  • wget
  • git
  • ruby
  • rake
  • make
  • golang
  • cargo
  • socat
  • openvpn
  • dirb
  • nikto
  • the-backdoor-factory
  • SecLists
  • nishang
  • Empire
  • PowerSploit
  • mimikatz
  • pspy
  • Responder
  • dnsrecon
  • masscan
  • dirsearch
  • shellver
  • LinEnum
  • Phantom-Evasion
  • linux-exploit-suggester
  • CrackMapExec
  • patator
  • unicorn
  • linuxprivchecker
  • nullinux
  • impacket
  • evilginx2
  • Orc
  • sslscan
  • sslyze
  • theHarvester
  • wordpress-exploit-framework
  • wfuzz
  • gobuster
  • SharpShooter
You can’t perform that action at this time.