---

docker build -t szalek/pentest-tools .

---

docker run -it szalek/pentest-tools

---

searchsploit

• https://www.exploit-db.com/searchsploit/#installlinux
• searchsploit -u
• searchsploit -h
• searchsploit ProFTPD
• searchsploit afd windows local

sqlmap

• http://sqlmap.org/
• sqlmap -u {URL}.php?username=adrian --dbs
• sqlmap -u {URL}.php?username=adrian -D {DB_NAME}--tables
• sqlmap -u {URL}.php?username=adrian -T {TABLE-NAME} --columns
• sqlmap -u {URL}.php?username=adrian -T {TABLE_NAME} --dump

vim

• vim file.txt

curl

• curl www.{URL}
• curl http://{URL}/?s=[0-5]
• curl http://{URL}/?s=[0-5] -o 'response_#1.txt'

nslookup

• nslookup example.com

nmap

• nmap -sSV -Pn 127.0.0.1
• nmap -sT -sV -A -O -v 127.0.0.1
• nmap -n -sV -Pn 127.0.0.1
• nmap --script=mysql-enum 127.0.0.1

nikto

• https://cirt.net/Nikto2
• nikto -host {URL}/ -output /tmp/test.html
• nikto -host {URL}/ -output /tmp/test.csv

git

• git clone https://github.com/szalek/digbit.git

dnsutils (nslookup & host & dig)

• nslookup {URL}
• host {URL}
• dig {URL} any
• dig +short {URL}

iputils-ping (ping)

• ping {URL}

xprobe2

• xprobe2 --help

whois

• whois --help
• whois www.{URL}

dnsenum

• https://github.com/fwaeytens/dnsenum
• dnsenum --help
• dnsenum {URL}

digbit

• digbit {URL}

sn1per

• http://www.kitploit.com/2017/07/sn1per-automated-pentest-recon-scanner.html
• sniper {URL}

knock

• http://www.kitploit.com/2017/08/knockpy-enumerate-subdomain-scanner.html
• https://github.com/guelfoweb/knock
• knockpy {URL}

webcomment

• https://github.com/szalek/webcomment/tree/master
• webcomment -m url -t http://www.blog.btbw.pl

sqliv !!! don't be stupid !!!

• http://www.kitploit.com/2017/10/sqliv-massive-sql-injection.html
• sqliv -d inurl:index.php?id= -e google
• sqliv -d inurl:article.php?id= -e bing

haveibeenpwned

• api form https://haveibeenpwned.com
• https://github.com/szalek/haveibeenpwned
• haveibeenpwned emails.txt
• haveibeenpwned test@example.com
• haveibeenpwned noexist@btbw.pl

paskto

• http://www.kitploit.com/2017/11/paskto-passive-web-scanner.html
• https://github.com/cloudtracer/paskto
• https://github.com/szalek/paskto (Fork)
• paskto --help

Uniscan

-- uniscan -u http://www.example.com/ -qweds

WpScan

• project page: https://github.com/wpscanteam/wpscan
• wpscan
• wpscan --url www.example.com
• you can user official wpscan docker image (docker run -it --rm wpscanteam/wpscan -u https://yourblog.com [options])

GetPasswords

• github page: https://github.com/szalek/get_passwords
• get_passwords
• Please be patient as this could take some time

Bruteforcing SSH

• https://github.com/nmap/ncrack
• ncrack -p 22 -U users.txt -P /usr/share/wordlists/rockyou.txt 192.168.1.13

wfuzz

• https://github.com/xmendez/wfuzz
• wfuzz -w /home/wfuzz/wordlist/webservices/ws-dirs.txt -H "Cookie:PHPSESSID=000" http://{URL}/panel.php?info=FUZZ
• wfuzz -w /home/wfuzz/wordlist/general/common.txt -H "Cookie:PHPSESSID=000" http://{URL}/panel.php?info=FUZZ
• wfuzz -w /home/wfuzz/wordlist/general/big.txt -H "Cookie:PHPSESSID=000" http://{URL}/panel.php?info=FUZZ

sublist3r

• sublist3r {URL}

massdns

• massdns -r /home/massdns/lists/resolvers.txt -t AAAA domains.txt > results.txt

xsssniper

• xsssniper -u {URL}?message=lorem

arachni

• https://github.com/Arachni/arachni/wiki/Command-line-user-interface

---