Skip to content
/ init-machine Public

Initial scanning and enumeration tool for basic penetration testing challenges such as Hack the Box

19 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

calebstewart/init-machine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
init-machine.sh
init-machine.sh
 
 

Repository files navigation

init-machine.sh

This is a simple script to initialize an environment for doing basic penetration testing on Hack the Box style machines. It can even use the htb-cli python package to retrieve hack the box machines via their name, and setup a consistent environment for testing.

Usage

Usage: ./init-machine.sh [OPTION]... (machine_regex|machine_id|ip)

Initialize a new Hack the Box machine directory structure and perform initial
scans.

Options:
        -h               display this help message
        -t               perform TCP scans (default)
        -u               perform UDP scans
        -b               search for the given machine on hack the box
        -n               machine name (used for /etc/hosts and directory)
        -k               hack the box api key location (default: ./.htb-key)
        -i               interface for masscan (default: tun0)

Parameters:
        machine_regex    `grep -iE` compatible regex for machine name
        machine_id       numeric machine identifier
        ip               IP address of non-hack-the-box machine

Features

  • Adds given hostname/IP pair to /etc/hosts
  • Creates a consistent directory structure for testing
  • Performs initial scan of all ports using masscan (optionally including UDP)
  • Performs more in-depth scan of open ports using nmap
  • Ability to utilize the htb-cli module in python. You can specify a machine name (by regex), and the script will query the HTB API to find the IP address and appropriate hostname.

Hack the Box Integration

In order to utilize the Hack the Box integration, you'll need to install the htb-cli module via pip:

$ pip install htb-cli

This will install a script called hackthebox.py which init-machine uses to enumerate available machine names and translate them to IP addresses. It requires your private API key to function, so you can grab that from Hack the Box by going to your profile settings, and looking on the right side of the page under API Key. You'll need to place the key in a file somewhere on your machine for init-machine to find. By default, init-machine will look for ./.htb-key. I suggest applying appropriate permissions to the file, as this key allows other people to effectively login to hack the box without your password.

You can also manually specify the API key path with the -k parameter:

$ ./init-machine.sh -b -k ~/.htb-key Sniper

About

Initial scanning and enumeration tool for basic penetration testing challenges such as Hack the Box

Resources

Readme
Activity

Stars

19 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages