Skip to content
A set of recipes useful in fast-paced pentesting / red teaming scenarios
Shell Python PowerShell Batchfile Perl C Other
Branch: master
Clone or download

README.md

pentesting-cookbook

░▒▓ pentesting-cookbook ▓▒░ A set of recipes useful in fast-paced pentesting / red teaming scenarios

Description

╭───────────────────────────────────────────────────────╮
│ Snippets, code samples and hints used in penetration  │░
│ tests stored in a single repository so it can be      │░
│ quickly accessed and searched during assessments.     │░
│ Some of these were collected around the Web, some     │░
│ developed. Feel free to contribute!                   │░
│                                                       │░
│ https://github.com/tasooshi/pentesting-cookbook       │░
╰───────────────────────────────────────────────────────╯░
 ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

Notes

  • Since this handbook was not originally intended to be shared some parts may miss their original sources. I'll do my best to give proper credits and I hope you can help me with that.
  • Formatting may seem quite exotic at first but this is the way I prefer to read. Thanks to indentation I can instantly see hierarchy and quickly scan interesting sections.
  • This documentation structure gives best results with quick open, multi-line editing and full-text search options available in some popular text editors (like Sublime Text or VS Code).

Structure

  • bin Handy utilities to be run locally
  • bootstrap Scripts for setting up local environment
  • snippets All things useful to be run remotely

Bootstraping scripts

Fast and easy way to set up a hardened pentesting environment (currently Kali only) both for x86 and arm (Raspberry PI):

$ ./bootstrap/run.kali.x86.sh

More information in bootstrap/README.md.

Important note, guess everyone should know that already but... DO NOT TRUST ANY OF THESE SCRIPTS! Read them through and understand what changes will be applied to your (hopefully virtual) machine.

Formatting / structure rules

  • If there are more than three levels of hierarchy the file needs to be split.
  • Sources (scripts) are located in the snippets directory (referenced by @).
  • Conventions:
    • ~ commands
    • @ file references
    • - lists
    • -- comments (above the commented line)
    • OS specific commands:
      • ~$ (Linux)
      • ~# (Linux - root required)
      • ~> (Windows)
    • Shell specific commands:
      • ~PS> (Powershell)
  • Variables:
    • VAR_ATTACKER_HOST
    • VAR_ATTACKER_PORT
    • VAR_TARGET_DOMAIN
    • VAR_TARGET_HOST
    • VAR_TARGET_PORT
    • VAR_TARGET_CIDR
    • VAR_TARGET_RANGE
    • VAR_USERNAME
    • VAR_PASSWORD
    • VAR_HASH
    • VAR_STRING
    • VAR_INTEGER
    • VAR_HEX
    • VAR_WORDLIST
    • VAR_*_HOST (VAR_FTP_HOST, VAR_ZOMBIE_HOST, VAR_PROXY_HOST etc)
You can’t perform that action at this time.