░▒▓ pentesting-cookbook ▓▒░ A set of recipes useful in fast-paced pentesting / red teaming scenarios
╭───────────────────────────────────────────────────────╮
│ Snippets, code samples and hints used in penetration │░
│ tests stored in a single repository so it can be │░
│ quickly accessed and searched during assessments. │░
│ Some of these were collected around the Web, some │░
│ developed. Feel free to contribute! │░
│ │░
│ https://github.com/tasooshi/pentesting-cookbook │░
╰───────────────────────────────────────────────────────╯░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
- Since this handbook was not originally intended to be shared some parts may miss their original sources. I'll do my best to give proper credits and I hope you can help me with that.
- Formatting may seem quite exotic at first but this is the way I prefer to read. Thanks to indentation I can instantly see hierarchy and quickly scan interesting sections.
- This documentation structure gives best results with quick open, multi-line editing and full-text search options available in some popular text editors (like Sublime Text or VS Code).
Fast and easy way to set up a hardened pentesting environment (currently Kali only) both for x86 and arm (Raspberry PI):
$ cd bootstrap
$ sudo USERNAME=user ./run.kali.x86.sh
More information in bootstrap/README.md.
- If there are more than three levels of hierarchy the file needs to be split.
- Categories in file names are separated with ".".
- If there is not enough in given category they can be grouped with "+".
- Commands: "~".
- Lists: "- ".
- Comments: "# ".
- OS specific commands:
- ~$ (Unix)
- ~> (Windows)
- Shell specific commands:
- ~PS> (Powershell)
- Variables:
- VAR_ATTACKER_HOST
- VAR_ATTACKER_PORT
- VAR_TARGET_DOMAIN
- VAR_TARGET_HOST
- VAR_TARGET_PORT
- VAR_TARGET_CIDR
- VAR_TARGET_RANGE
- VAR_USERNAME
- VAR_PASSWORD
- VAR_HASH
- VAR_STRING
- VAR_INTEGER
- VAR_HEX
- VAR_WORDLIST
- VAR_*_HOST (VAR_FTP_HOST, VAR_ZOMBIE_HOST, VAR_PROXY_HOST etc)