Skip to content

A set of recipes useful in pentesting and red teaming scenarios

Notifications You must be signed in to change notification settings

jedixcom/pentesting-cookbook

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pentesting-cookbook

A set of recipes useful in pentesting and red teaming scenarios

Snippets, code samples and hints used in penetration tests stored in a single repository so it can be quickly accessed and searched during the assessments.

Structure

  • bin Handy utilities to be run locally
  • snippets All things useful to be run remotely, code snippets, examples etc
  • Notes.* All sort of helpers, lists and notes not necessarily related to specific service or stage
  • Target.Host.OS.* - Things that can be done once foothold is established
  • Target.Host.Service.* - Commands useful in enumeration and exploitation of particular service
  • Target.Network.* - Commands related to scanning and moving around networks
  • Target.Recon.* - Typical recon like DNS enumeration, OSINT etc.

Formatting rules

  • If there are more than three levels of hierarchy the file needs to be split.
  • Sources (scripts) are located in the snippets directory (referenced by @).
  • Conventions:
    • ~ commands
    • @ file references
    • - lists
    • -- comments (above the commented line)
    • OS specific commands:
      • ~$ (Linux, defaults to Bash)
      • ~# (Linux - root required)
      • ~> (Windows)
    • Shell specific commands:
      • ~PS> (Powershell)
  • Variables:
    • VAR_ATTACKER_HOST
    • VAR_ATTACKER_PORT
    • VAR_TARGET_DOMAIN
    • VAR_TARGET_HOST
    • VAR_TARGET_PORT
    • VAR_TARGET_CIDR
    • VAR_TARGET_RANGE
    • VAR_TARGET_FILE
    • VAR_USERNAME
    • VAR_PASSWORD
    • VAR_NT_HASH
    • VAR_LM_HASH (blank LM hash: aad3b435b51404eeaad3b435b51404ee)
    • VAR_STRING
    • VAR_INTEGER
    • VAR_HEX
    • VAR_WORDLIST
    • VAR_WORDLIST_* (VAR_WORDLIST_USERNAME, VAR_WORDLIST_PASSWORD etc)
    • VAR_*_HOST (VAR_FTP_HOST, VAR_ZOMBIE_HOST, VAR_PROXY_HOST etc)

About

A set of recipes useful in pentesting and red teaming scenarios

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 94.9%
  • Python 1.8%
  • ASP.NET 1.6%
  • Shell 0.4%
  • C# 0.3%
  • C++ 0.2%
  • Other 0.8%