Nmap

Installation:

sudo apt update && sudo apt install nmap -y

SYN scan plus version detection and default NSE scripts:

nmap -sS -sV -sC {{target}}

Official website: nmap.org

John the Ripper

Installation:

sudo apt update && sudo apt install john -y

Use rockyou wordlist to brute-force Linux /etc/shadow hashes

john --wordlist=/usr/share/wordlists/rockyou.txt /etc/shadow

Official website: openwall.com/john

Hydra

Installation:

sudo apt update && sudo apt install hydra -y

Attempt SSH logins using users.txt and pass.txt

hydra -L users.txt -P pass.txt ssh://{{target}} -t 4 -f

Official website: github.com/vanhauser-thc/thc-hydra

Gobuster

Installation:

sudo apt update && sudo apt install gobuster -y

Discover hidden directories on a web server with a wordlist

gobuster dir -u https://{{target}} -w /usr/share/wordlists/raft-large-directories.txt -t 50

Official website: github.com/OJ/gobuster

ffuf

Installation:

sudo apt update && sudo apt install ffuf -y

Fuzz URL paths or parameters to find hidden endpoints

ffuf -u https://{{target}}/FUZZ -w /usr/share/wordlists/raft-large-words.txt -t 100

Official website: github.com/ffuf/ffuf

dCode: Caesar Cipher Online Encoder/Decoder

What it does:

– Sends your plaintext “HELLO” with a shift of 3 to the dCode

– Returns the encoded result “KHOOR”

Official website: dcode.fr/caesar-cipher

CyberChef: Web-Based Data “Recipe” Tool

Browser-based tool for on-the-fly encoding, decoding, encryption, hashing, and data analysis via a drag-and-drop “recipe” interface.

Official website: gchq.github.io/CyberChef

Upgrade Reverse Shell to Full PTY

Spawn an interactive Bash shell with proper TTY support with python3

python3 -c 'import pty; pty.spawn("/bin/bash")'

SSH: Interactive Shell & SOCKS Proxy

Default port 22

Remote shell session over SSH

ssh user@{{target}}

FTP: Connect & List Directory

Default port 21

FTP session (anonymous)

ftp {{target}}

DNS: Query A Record

Default port 53 (UDP/TCP)

Retrieve DNS A record for a domain

dig {{target}} A +short

Simple lookup via nslookup (port 53)

nslookup {{target}}

pentestmonkey/php-reverse-shell

Link for the script:

Official GitHub: github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php

Create a local file with python

Codes to use on your machine to create a local server

Access the server from the target machine

sudo informations

Find the commands that can be executed as sudo user:

Get information about the permissions of the current user:

File locations with interest

Logs from the computer

GTFOBins

Tool where you can find different ways to privilege escalation

Official website: gtfobins.github.io