Skip to content
A set of recipes useful in fast-paced pentesting / red teaming scenarios
Shell
Branch: master
Clone or download

README.md

pentesting-cookbook

░▒▓ pentesting-cookbook ▓▒░ A set of recipes useful in fast-paced pentesting / red teaming scenarios

Description

╭───────────────────────────────────────────────────────╮
│ Snippets, code samples and hints used in penetration  │░
│ tests stored in a single repository so it can be      │░
│ quickly accessed and searched during assessments.     │░
│ Some of these were collected around the Web, some     │░
│ developed. Feel free to contribute!                   │░
│                                                       │░
│ https://github.com/tasooshi/pentesting-cookbook       │░
╰───────────────────────────────────────────────────────╯░
 ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

Notes

  • Since this handbook was not originally intended to be shared some parts may miss their original sources. I'll do my best to give proper credits and I hope you can help me with that.
  • Formatting may seem quite exotic at first but this is the way I prefer to read. Thanks to indentation I can instantly see hierarchy and quickly scan interesting sections.
  • This documentation structure gives best results with quick open, multi-line editing and full-text search options available in some popular text editors (like Sublime Text or VS Code).

Formatting / structure rules

  • If there are more than three levels of hierarchy the file needs to be split.
  • Categories in file names are separated with ".".
  • If there is not enough in given category they can be grouped with "+".
  • Commands: "~".
  • Lists: "- ".
  • Comments: "# ".
  • OS specific commands:
    • ~$ (Unix)
    • ~> (Windows)
  • Shell specific commands:
    • ~PS> (Powershell)
  • Variables:
    • VAR_ATTACKER_HOST
    • VAR_ATTACKER_PORT
    • VAR_TARGET_DOMAIN
    • VAR_TARGET_HOST
    • VAR_TARGET_PORT
    • VAR_TARGET_CIDR
    • VAR_TARGET_RANGE
    • VAR_USERNAME
    • VAR_PASSWORD
    • VAR_HASH
    • VAR_STRING
    • VAR_INTEGER
    • VAR_HEX
    • VAR_WORDLIST
    • VAR_*_HOST (VAR_FTP_HOST, VAR_ZOMBIE_HOST, VAR_PROXY_HOST etc)
You can’t perform that action at this time.