# The Hacker Playbook 3

Awesome book with hacking tools and tips from Peter Kim. You can find [THP3 book at amazon ](https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2)with "look inside" feature. This is the 3rd edition focused on Red Teaming. If you are a beginner, it's better to choose 2nd edition, it's more suitable for learning. What I don't like about this book is a typography. Here is a list of tools and notes (in progress).

## 1.Install Basic Tools

### PTF - pentester framework&#x20;

Install scripts for your pentest tools on debian/arch linux systems

```
git clone https://github.com/trustedsec/ptf
```

### PowerShell Empire

post-exploitation framework that includes pure powershell2.0 windows agent and python 2.7 linux/OSX agent

```
git clone https://EmpireProject/Empire
```

### dnscat2

encrypted communication C2 channel over dns

```
git clone https://github.com/iagox86/dnscat2
```

### P0wned Shell

powershell in C# which does not use powershell.exe&#x20;

```
git clone https://github.com/Cn33liz/p0wnedshell
```

### Puppyshell

```
git clone https://github.com/n1nj4sec/pupy
```

### Nishang&#x20;

framework and collection of powershell scripts with some C2C lightweight scripts

```
git clone https://github.com/samratashok/nishang
```

### PoshC2

a proxy aware C2 framework written in powershell&#x20;

```bash
git clone https://github.com/nettitude/PoshC2
```

## 2. Red Team - Recon

SSL/TLS cert recon, subdomain enumeration, code repository enumeration and more

### SSLScrape

gather hostnames from certificates&#x20;

```
git clone https://cheetz/sslSrape
```

### Discover

combines kali recon tools - passiv ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, metasploit, URLCrazy, Whois,multiple websites and recon-ng.

```
git clone https://github.com/leebaird/discover3
./update.sh
./discover.sh
```

### Knockpy

Simple domain enumeration upon a wordlist

```
python knockpy.py domain -w wordlist.txt
```

### Sublist3r

Benefits from search engines

```
git clone https://github.com/Plazmaz
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hackerlab.gitbook.io/wiki.hackerlab.cz/books/the-hacker-playbook-3-cheat-sheet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.