Nmap
Installation:
sudo apt update && sudo apt install nmap -y
SYN scan plus version detection and default NSE scripts:
nmap -sS -sV -sC {{target}}
Official website: nmap.org
John the Ripper
Installation:
sudo apt update && sudo apt install john -y
Use rockyou wordlist to brute-force Linux /etc/shadow
hashes
john --wordlist=/usr/share/wordlists/rockyou.txt /etc/shadow
Official website: openwall.com/john
Hydra
Installation:
sudo apt update && sudo apt install hydra -y
Attempt SSH logins using users.txt
and pass.txt
hydra -L users.txt -P pass.txt ssh://{{target}} -t 4 -f
Official website: github.com/vanhauser-thc/thc-hydra
Gobuster
Installation:
sudo apt update && sudo apt install gobuster -y
Discover hidden directories on a web server with a wordlist
gobuster dir -u https://{{target}} -w /usr/share/wordlists/raft-large-directories.txt -t 50
Official website: github.com/OJ/gobuster
ffuf
Installation:
sudo apt update && sudo apt install ffuf -y
Fuzz URL paths or parameters to find hidden endpoints
ffuf -u https://{{target}}/FUZZ -w /usr/share/wordlists/raft-large-words.txt -t 100
Official website: github.com/ffuf/ffuf
dCode: Caesar Cipher Online Encoder/Decoder
What it does:
– Sends your plaintext “HELLO” with a shift of 3 to the dCode
– Returns the encoded result “KHOOR”
Official website: dcode.fr/caesar-cipher
CyberChef: Web-Based Data “Recipe” Tool
Browser-based tool for on-the-fly encoding, decoding, encryption, hashing, and data analysis via a drag-and-drop “recipe” interface.
Official website: gchq.github.io/CyberChef
Upgrade Reverse Shell to Full PTY
Spawn an interactive Bash shell with proper TTY support with python3
python3 -c 'import pty; pty.spawn("/bin/bash")'
SSH: Interactive Shell & SOCKS Proxy
Default port 22
Remote shell session over SSH
ssh user@{{target}}
FTP: Connect & List Directory
Default port 21
FTP session (anonymous)
ftp {{target}}
DNS: Query A Record
Default port 53 (UDP/TCP)
Retrieve DNS A record for a domain
dig {{target}} A +short
Simple lookup via nslookup (port 53)
nslookup {{target}}
pentestmonkey/php-reverse-shell
Link for the script:
Official GitHub: github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php
Create a local file with python
Codes to use on your machine to create a local server
Access the server from the target machine
sudo informations
Find the commands that can be executed as sudo user:
Get information about the permissions of the current user:
File locations with interest
Logs from the computer
GTFOBins
Tool where you can find different ways to privilege escalation
Official website: gtfobins.github.io