docker build -t szalek/pentest-tools .
docker run -it szalek/pentest-tools
- https://www.exploit-db.com/searchsploit/#installlinux
- searchsploit -u
- searchsploit -h
- searchsploit ProFTPD
- searchsploit afd windows local
- http://sqlmap.org/
- sqlmap -u {URL}.php?username=adrian --dbs
- sqlmap -u {URL}.php?username=adrian -D {DB_NAME}--tables
- sqlmap -u {URL}.php?username=adrian -T {TABLE-NAME} --columns
- sqlmap -u {URL}.php?username=adrian -T {TABLE_NAME} --dump
- vim file.txt
- curl www.{URL}
- curl http://{URL}/?s=[0-5]
- curl http://{URL}/?s=[0-5] -o 'response_#1.txt'
- nslookup example.com
- nmap -sSV -Pn 127.0.0.1
- nmap -sT -sV -A -O -v 127.0.0.1
- nmap -n -sV -Pn 127.0.0.1
- nmap --script=mysql-enum 127.0.0.1
- https://cirt.net/Nikto2
- nikto -host {URL}/ -output /tmp/test.html
- nikto -host {URL}/ -output /tmp/test.csv
- git clone https://github.com/szalek/digbit.git
- nslookup {URL}
- host {URL}
- dig {URL} any
- dig +short {URL}
- ping {URL}
- xprobe2 --help
- whois --help
- whois www.{URL}
- https://github.com/fwaeytens/dnsenum
- dnsenum --help
- dnsenum {URL}
- digbit {URL}
- http://www.kitploit.com/2017/08/knockpy-enumerate-subdomain-scanner.html
- https://github.com/guelfoweb/knock
- knockpy {URL}
- https://github.com/szalek/webcomment/tree/master
- webcomment -m url -t http://www.blog.btbw.pl
- http://www.kitploit.com/2017/10/sqliv-massive-sql-injection.html
- sqliv -d inurl:index.php?id= -e google
- sqliv -d inurl:article.php?id= -e bing
- api form https://haveibeenpwned.com
- https://github.com/szalek/haveibeenpwned
- haveibeenpwned emails.txt
- haveibeenpwned test@example.com
- haveibeenpwned noexist@btbw.pl
- http://www.kitploit.com/2017/11/paskto-passive-web-scanner.html
- https://github.com/cloudtracer/paskto
- https://github.com/szalek/paskto (Fork)
- paskto --help
-- uniscan -u http://www.example.com/ -qweds
- project page: https://github.com/wpscanteam/wpscan
- wpscan
- wpscan --url www.example.com
- you can user official wpscan docker image (docker run -it --rm wpscanteam/wpscan -u https://yourblog.com [options])
- github page: https://github.com/szalek/get_passwords
- get_passwords
- Please be patient as this could take some time
- https://github.com/nmap/ncrack
- ncrack -p 22 -U users.txt -P /usr/share/wordlists/rockyou.txt 192.168.1.13
- https://github.com/xmendez/wfuzz
- wfuzz -w /home/wfuzz/wordlist/webservices/ws-dirs.txt -H "Cookie:PHPSESSID=000" http://{URL}/panel.php?info=FUZZ
- wfuzz -w /home/wfuzz/wordlist/general/common.txt -H "Cookie:PHPSESSID=000" http://{URL}/panel.php?info=FUZZ
- wfuzz -w /home/wfuzz/wordlist/general/big.txt -H "Cookie:PHPSESSID=000" http://{URL}/panel.php?info=FUZZ
- sublist3r {URL}
- massdns -r /home/massdns/lists/resolvers.txt -t AAAA domains.txt > results.txt
- xsssniper -u {URL}?message=lorem