Casey_Works Pentest Toolbox

Author: www.casey.works Linkedin: https://linkedin.com/u/ericsebastiancasey

The most important files for me in this repo are /env/* & tools.md for environment setup and usage reference respectively.

• Directory names are named and shortenned to make memorable heuristics.

The Basic Idea

1. Get a Vanilla Kali 2020 VM, login is kali:kali, change passwd, et ceterra.
2. kali@kali~$ git clone https://github.com/EricCasey/Pentest-Cookbook.git ./pwn
3. kali@kali~$ chmod u+x ./pwn/env/* && ./pwn/env/init.sh
4. kali@kali~$ ./pwk/env/sesh.sh
5. ???
6. Profit

./server/ - Custom React Pen Test Helper

• TODO react app here

./swamp/

Useful code the I didn't write.

./swamp/privesc/ - local privesc checkers

./swamp/check/ - remote vuln checks

./note/

Notes on Attack Vectors, CyberSec History, & the Kali Tooling.

• BOF.md ---- Stack-Based Buffer Overflow in ~30 mins
• tools.md --- Quick Reference
• hist.md ---- Some notes on interesting hacks

./code/

Custom Exploit & Research Code

• bof_script.py - Stack-Based Buffer Overflow in ~30 mins
• box_enum.py ---

./img/

./ctf/

Private CTF Notes *

./env/

Environment Configuration Scripts

• ./env/init.sh - Configures Kali 2020
• ./env/sesh.sh - Starts a CTF session

./vpn/

Doanload & Store your .ovpn files here. sesh.sh will prompt a choice

• thm.ovpn
• htb.ovpn
• pwk.ovpn

./fig/

Service Configuration Templates, Custom Commented

• smb, proxychains, etc

.gitignore

setup to ignore locally stored private CTF notes.

Todo https://data.iana.org/TLD/tlds-alpha-by-domain.txt TODO