Profile 1: -

i am a pentester and these are my profiles. i use them constantly and am constantly adding and updating them. +v indicates its pasting from your clipboard, useful for pasting in a hostname for nmap or testssl. im not entirely consistant with the naming.

the following previews were generated using this script: https://github.com/jayrox/duckypad_profile_preview_gen

i am starting to add some documentation to the keys using a comment format of REM DOC: in the individual keys that will be parsed out by the generator code.

Profile 1: -

Key descriptions:

Windows: Windows based commands
NumPad: NumPad
Help: Helpful websites
HTB: Hacktheboxisms - http://app.hackthebox.eu/
TestSSL: Testssl - Testing TLS/SSL encryption anywhere on any port - https://github.com/drwetter/testssl.sh
NMap: nmap - the Network Mapper. - https://github.com/nmap/nmap
PS: PowerShell
Witness: Witness Me
NetExec: NetExec - https://github.com/Pennyw0rth/NetExec
curl: cURL
Nikto: Nikto
GoBustr: GoBuster


$${\textsf{\color{#00ffff} Windows }}$$	$${\textsf{\color{#80ff00} NumPad }}$$	Help
$${\textsf{\color{#0080ff} Squiddy }}$$	----	$${\textsf{\color{#ff0d86} SetVars }}$$
$${\textsf{\color{#00ff00} HTB }}$$	$${\textsf{\color{#c993ff} TestSSL }}$$	$${\textsf{\color{#0f0fff} NMap }}$$
$${\textsf{\color{#80ffff} PS }}$$	$${\textsf{\color{#ffff00} Witness }}$$	$${\textsf{\color{#ffff00} NetExec }}$$
curl	$${\textsf{\color{#c0c0c0} Nikto }}$$	$${\textsf{\color{#ff8040} GoBustr }}$$

Profile 2: -

Key descriptions:

Skpfish: SkipFish


$${\textsf{\color{#ff0d86} Skpfish }}$$	$${\textsf{\color{#0080c0} ffuf }}$$	$${\textsf{\color{#46c2ff} OpenSSL }}$$
$${\textsf{\color{#ff8484} Bludhnd }}$$	ADSI	$${\textsf{\color{#ee82ee} OneLine }}$$
$${\textsf{\color{#00ff00} Python }}$$	$${\textsf{\color{#00ffff} Dig }}$$	$${\textsf{\color{#ff8000} SMBCli }}$$
$${\textsf{\color{#8080ff} MSSQL }}$$	Respond	$${\textsf{\color{#800040} EvilWin }}$$
$${\textsf{\color{#80ffff} SMBMAP }}$$	$${\textsf{\color{#8af493} SQLMap }}$$	$${\textsf{\color{#ff0080} WFuzz }}$$

Profile 3: -

Key descriptions:

CME: CrackMapExec
John: Password cracker John
PGo: Little automation to run the CalcyIV/PokeGenie scanners


$${\textsf{\color{#ffff00} CME }}$$	$${\textsf{\color{#00ff40} GAU }}$$	$${\textsf{\color{#ff8040} MySQL }}$$
$${\textsf{\color{#00ff00} Hashcat }}$$	VS	$${\textsf{\color{#00ff00} John }}$$
-	-	-
-	-	-
Ansible	-	$${\textsf{\color{#8000ff} PGo }}$$

Profile 4: Windows


$${\textsf{\color{#a000ff} vol- }}$$	$${\textsf{\color{#a000ff} mute }}$$	$${\textsf{\color{#a000ff} vol+ }}$$
$${\textsf{\color{#a000ff} << }}$$	$${\textsf{\color{#a000ff} \|\| }}$$	$${\textsf{\color{#a000ff} >> }}$$
intro	hide	dev
taskMgr	files	sysInfo
diskMgr	-	taskViw

Profile 5: NumPad


$${\textsf{\color{#00ffff} x }}$$	$${\textsf{\color{#00ffff} - }}$$	$${\textsf{\color{#00ffff} + }}$$
7	8	9
4	5	6
1	2	3
0	.	$${\textsf{\color{#00ffff} enter }}$$

Profile 6: Help

Key descriptions:

WADComs: Launches Firefox to https://wadcoms.github.io/
LOLBAS: Launches Firefox to https://lolbas-project.github.io/
GTFOBin: Launches Firefox to https://gtfobins.github.io/
Payload: Launches Firefox to https://github.com/swisskyrepo/PayloadsAllTheThings


Explain	WADComs	LOLBAS
tldr	GTFOBin	Payload
$${\textsf{\color{#8000ff} Kali }}$$	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 7: Setup

Key descriptions:

Bash: Adds a few aliases to the .bashrc file to help set env variables that can be used in other profiles
ZSH: Adds a few aliases to the .zshrc file to help set env variables that can be used in other profiles
SetVars: Go to the SetVars profile.


Bash	ZSH	-
-	-	-
-	-	-
-	-	-
$${\textsf{\color{#ff0000} SetVars }}$$	$${\textsf{\color{#ff8000} Help }}$$	-

Profile 8: SetVars

Key descriptions:

ECHO: Print out env variables used in the various scripts.


Host(s)	Port(s)	-
Domain	DC IP	-
User	Pass	-
$${\textsf{\color{#80ffff} LHOST }}$$	$${\textsf{\color{#80ffff} LPORT }}$$	-
$${\textsf{\color{#80ff00} ECHO }}$$	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 9: OneLiners

Key descriptions:

CU Enc: Uses certurl to base64 encode a file
CU Dec: Uses certurl to base64 decode a file
CU DL: Uses certurl to download a remote file


$${\textsf{\color{#00ff00} CU Enc }}$$	$${\textsf{\color{#ee82ee} CU Dec }}$$	$${\textsf{\color{#ff00ff} CU Hash }}$$
$${\textsf{\color{#00ffff} Whois }}$$	$${\textsf{\color{#13cbec} FndFile }}$$	$${\textsf{\color{#0080ff} CU DL }}$$
-	-	-
test	test2	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 10: Squiddy

Key descriptions:

Squiddy: Launch Squiddy, my personal pentest tracking and report generation tool


Squiddy	-	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 11: Ansible


Setup	-	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 12: HTB

Key descriptions:

Procs: Get running processes
Upgrade: Upgrade reverse shell


Sudo-l	FndRoot	ls -la
GetCap	AppArmo	Procs
-------	$${\textsf{\color{#00ff00} Upgrade }}$$	-------
Hosts	NC 4444	Srv80
$${\textsf{\color{#80ffff} Page 2 }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#80ffff} Windows }}$$

Profile 13: HTB2

Key descriptions:

+Hosts: Creates a prompt for an IP and Host name, then adds them to the /etc/hosts file
GetMail: Get Mail folders
BashRev: Uses LHOST and LPORT from the SetVars profile
BashRev: More info: https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/
FixVPN: Updates the HTB VPN to NOT be the default/main connection. Thus fixing the issue where external resources are unable to load.


$${\textsf{\color{#ee82ee} +Hosts }}$$	Py2SH	Py3SH
GetMail	-	$${\textsf{\color{#00ff00} BashRev }}$$
-	-	-
-	FixVPN	$${\textsf{\color{#ff0000} DelRout }}$$
$${\textsf{\color{#80ffff} Page 1 }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#80ffff} Windows }}$$

Profile 14: Win


Whoami	-	-
$${\textsf{\color{#80ffff} Certify }}$$	-	-
Dir A	Set	-
-	-	-
$${\textsf{\color{#80ffff} Linux }}$$	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 15: PowerShell

Key descriptions:

TLS12: Enable TLS 1.2
Proxy: Setup PowerShell to use the corporate proxy authenticated
Daren: Some PowerShell functions from Daren


$${\textsf{\color{#81e8fe} TLS12 }}$$	$${\textsf{\color{#00ff00} Proxy }}$$	$${\textsf{\color{#ff8040} PSv2 }}$$
$${\textsf{\color{#a000ff} AMSI-S }}$$	$${\textsf{\color{#0000ff} AMSI-PS }}$$	AMSI3
PwrCat	$${\textsf{\color{#9cced3} Daren }}$$	$${\textsf{\color{#ff0000} NoAV }}$$
$${\textsf{\color{#00ff00} PSVer }}$$	LngMode	$${\textsf{\color{#ffff80} IP }}$$
$${\textsf{\color{#80ffff} Page 2 }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 16: PowerShell2


$${\textsf{\color{#0080ff} ChgRCPW }}$$	MpPref	$${\textsf{\color{#ff0080} CvtTime }}$$
GetC_DN	Priv	Obj SID
GetU_Pr	-	S- SID
ExecPol	U GUID	C GUID
$${\textsf{\color{#80ffff} Page 1 }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#80ffff} Page 3 }}$$

Profile 17: PowerShell3


IEX	-	-
DL	-	-
-	-	-
-	-	-
$${\textsf{\color{#80ffff} Page 1 }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#80ffff} Page 2 }}$$

Profile 18: TestSSL

Key descriptions:

Mass+v: Runs TestSSL against hosts in the clipboard. One host per line, saves output as JSON


Full	Short	Mass+v
$${\textsf{\color{#0080ff} Full+v }}$$	$${\textsf{\color{#0080ff} Short+v }}$$	$${\textsf{\color{#0080ff} Protos }}$$
$${\textsf{\color{#0080ff} SMTP }}$$	$${\textsf{\color{#0080ff} Server }}$$	$${\textsf{\color{#0080ff} Vulners }}$$
$${\textsf{\color{#0080ff} SCIR }}$$	$${\textsf{\color{#0080ff} Headers }}$$	$${\textsf{\color{#0080ff} Ciphers }}$$
$${\textsf{\color{#ff80ff} Color3 }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 19: NMap


Full	Fast	$${\textsf{\color{#ff00ff} Mods }}$$
$${\textsf{\color{#0080ff} Full+v }}$$	$${\textsf{\color{#0080ff} Fast+v }}$$	Mass+v
$${\textsf{\color{#008000} SSH22 }}$$	$${\textsf{\color{#0080ff} SSH22+v }}$$	-
$${\textsf{\color{#00ff00} Scripts }}$$	-	Paste
$${\textsf{\color{#80ff80} Grep }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 20: CrackMapExec

Key descriptions:

SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.


Simple	-	$${\textsf{\color{#00ff00} Verify }}$$
$${\textsf{\color{#03effc} AuthSMB }}$$	$${\textsf{\color{#ff8000} Spider }}$$	$${\textsf{\color{#80ffff} FileOut }}$$
$${\textsf{\color{#03effc} AuthWRM }}$$	LDAP	-
RidBrut	$${\textsf{\color{#00ff00} Run }}$$	$${\textsf{\color{#ff0000} Redact }}$$
$${\textsf{\color{#ff0000} SetVars }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 21: NetExec


ZeroLog	PetitPo	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 22: WitnessMe


BasicSS	-	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 23: Skipfish


Basic	$${\textsf{\color{#00ffff} Basic+v }}$$	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 24: curl

Key descriptions:

ikL: Include response headers in output, allow insecure connections and follow redirects
ikL+v: Include response headers in output, allow insecure connections and follow redirects. Pastes URL from clipboard


ikL	dl_file	-
$${\textsf{\color{#0080ff} ikL+v }}$$	dl_file	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 25: Nikto


Basic	-	-
80,443	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 26: GoBuster


Dir	-	$${\textsf{\color{#ee82ee} ExLen }}$$
-	-	Follow
-	-	Output
-	-	K Cert
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 27: WFuzz


FuzzSub	Size	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 28: ffuf


Dir	-	-
Sub DNS	Size	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 29: OpenSSL


SCIR	-	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 30: Bloodhound

Key descriptions:

SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_DC_IP env variables be set. Go to the SetVars profile to set.


Neo4j	Start	-
PyBlood	-	-
-	-	-
-	CrtiVln	-
$${\textsf{\color{#ff0000} SetVars }}$$	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 31: ADSI


Display	SAM	Title
Admin	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 32: Python


venv+r	$${\textsf{\color{#00ff00} venv+a }}$$	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 33: Dig

Key descriptions:

Server: Use a specific dns server


dig	-	Types
Server	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 34: SMBClient


Connect	-	$${\textsf{\color{#80ffff} NoPW }}$$
$${\textsf{\color{#0ff06f} LS }}$$	-	-
-	-	$${\textsf{\color{#ee82ee} Get All }}$$
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 35: MSSQLCli

Key descriptions:

SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, DP_PORTS, and DP_HOSTS env variables be set. Go to the SetVars profile to set.


$${\textsf{\color{#00ff00} Connect }}$$	-	ConVars
$${\textsf{\color{#0423fb} Roles }}$$	-	$${\textsf{\color{#ff8040} Info }}$$
$${\textsf{\color{#f10edb} Linked }}$$	$${\textsf{\color{#0080ff} QLinked }}$$	Tables
$${\textsf{\color{#fc0347} Version }}$$	DBs	$${\textsf{\color{#00ff00} USE }}$$
$${\textsf{\color{#ff0000} SetVars }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 36: Responder


Start	-	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 37: EvilWinRM

Key descriptions:

SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, and DP_DOMAIN env variables be set. Go to the SetVars profile to set.


$${\textsf{\color{#80ff00} Connect }}$$	-	$${\textsf{\color{#80ffff} Menu }}$$
-	-	-
$${\textsf{\color{#0080ff} DL }}$$	$${\textsf{\color{#ff0080} UL }}$$	-
-	-	-
$${\textsf{\color{#ff0000} SetVars }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 38: SMBMAP

Key descriptions:

SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.


Base	-	-
Recurse	Grep	Find
-	-	-
-	-	-
$${\textsf{\color{#ff0000} SetVars }}$$	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 39: SQLMap


$${\textsf{\color{#00ff00} Base }}$$	Host	File
dbms	DBs	Tables
Data	DB	Table
$${\textsf{\color{#80ffff} Dump }}$$	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 40: getallurls

Key descriptions:

Crawl: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
FSCode: Ignore certain HTTP status codes
Proxy: Set proxy, Burp is default


Crawl	-	Out
FSCode	Timeout	Threads
-	-	-
Proxy	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 41: MySQL


Connect	-	-
DBs	Use DB	-
Tables	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 42: Hashcat

Key descriptions:

Detect: Use hashcat to detect hashing algorithm
Crack: Use hashcat to crack hashes in file
Show: Show cracked password from hashcat


Detect	-	-
Crack	-	Show
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 43: VS

Key descriptions:

Compile: Compile a .cs file


Compile	-	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Profile 44: John

Key descriptions:

Crack: Update the path for rockyou.txt, may need to extract from tar.gz
Crack: locate rockyou.txt
Crack: tar -xvf /full/path/to/rockyou.txt.tar.gz
Show: Show any cracked passwords
SSH2Joh: Find the path for SSH2John: locate ssh2john
SSH2Joh: Python script: https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/ssh2john.py


$${\textsf{\color{#00ff00} Crack }}$$	Show	-
$${\textsf{\color{#00ffff} SSH2Joh }}$$	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	$${\textsf{\color{#ffff00} Help }}$$

Profile 45: PokemonGo

Key descriptions:

Scan: Does not currently work


Scan	-	-
-	-	-
-	-	-
-	-	-
-	$${\textsf{\color{#ff8000} Home }}$$	-

Name		Name	Last commit message	Last commit date
Latest commit History 35 Commits
keymaps		keymaps
profile10_Squiddy		profile10_Squiddy
profile11_Ansible		profile11_Ansible
profile12_HTB		profile12_HTB
profile13_HTB2		profile13_HTB2
profile14_HTB_Win		profile14_HTB_Win
profile15_PowerShell		profile15_PowerShell
profile16_PowerShell2		profile16_PowerShell2
profile17_PowerShell3		profile17_PowerShell3
profile18_TestSSL		profile18_TestSSL
profile19_NMap		profile19_NMap
profile1_-		profile1_-
profile20_CrackMapExec		profile20_CrackMapExec
profile21_NetExec		profile21_NetExec
profile22_WitnessMe		profile22_WitnessMe
profile23_Skipfish		profile23_Skipfish
profile24_curl		profile24_curl
profile25_Nikto		profile25_Nikto
profile26_GoBuster		profile26_GoBuster
profile27_WFuzz		profile27_WFuzz
profile28_ffuf		profile28_ffuf
profile29_OpenSSL		profile29_OpenSSL
profile2_-		profile2_-
profile30_Bloodhound		profile30_Bloodhound
profile31_ADSI		profile31_ADSI
profile32_Python		profile32_Python
profile33_Dig		profile33_Dig
profile34_SMBClient		profile34_SMBClient
profile35_MSSQLCli		profile35_MSSQLCli
profile36_Responder		profile36_Responder
profile37_EvilWinRM		profile37_EvilWinRM
profile38_SMBMAP		profile38_SMBMAP
profile39_SQLMap		profile39_SQLMap
profile3_-		profile3_-
profile40_getallurls		profile40_getallurls
profile41_MySQL		profile41_MySQL
profile42_Hashcat		profile42_Hashcat
profile43_VS		profile43_VS
profile44_John		profile44_John
profile45_PokemonGo		profile45_PokemonGo
profile4_Windows		profile4_Windows
profile5_NumPad		profile5_NumPad
profile6_Help		profile6_Help
profile7_Setup		profile7_Setup
profile8_SetVars		profile8_SetVars
profile9_OneLiners		profile9_OneLiners
.gitignore		.gitignore
README.md		README.md
dp_settings.txt		dp_settings.txt
dp_stats.txt		dp_stats.txt

jayrox/duckypad

Folders and files

Latest commit

History

Repository files navigation

Profile 1: -

Profile 2: -

Profile 3: -

Profile 4: Windows

Profile 5: NumPad

Profile 6: Help

Profile 7: Setup

Profile 8: SetVars

Profile 9: OneLiners

Profile 10: Squiddy

Profile 11: Ansible

Profile 12: HTB

Profile 13: HTB2

Profile 14: Win

Profile 15: PowerShell

Profile 16: PowerShell2

Profile 17: PowerShell3

Profile 18: TestSSL

Profile 19: NMap

Profile 20: CrackMapExec

Profile 21: NetExec

Profile 22: WitnessMe

Profile 23: Skipfish

Profile 24: curl

Profile 25: Nikto

Profile 26: GoBuster

Profile 27: WFuzz

Profile 28: ffuf

Profile 29: OpenSSL

Profile 30: Bloodhound

Profile 31: ADSI

Profile 32: Python

Profile 33: Dig

Profile 34: SMBClient

Profile 35: MSSQLCli

Profile 36: Responder

Profile 37: EvilWinRM

Profile 38: SMBMAP

Profile 39: SQLMap

Profile 40: getallurls

Profile 41: MySQL

Profile 42: Hashcat

Profile 43: VS

Profile 44: John

Profile 45: PokemonGo

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages