❎
wiki.hackerlab.cz
  • About me
  • Vulnerability Assessment
  • CLOUD PENTESTING
    • AWS
    • GCP
    • Microsoft Azure
    • Labs
  • REST API - Bypasses and Privilege Escalations
  • Python Virtual Environment (VENV)
  • OSINT & Information Gathering
  • Web Pentesting
    • File Upload
    • JavaScript .maps
    • SSRF
    • LDAP Injection
    • Django ORM Exploitation
    • HTTP Request Smuggling
    • Server Side Template Injection (SSTI)
    • Insecure Deserialization
    • Brute force
    • Shell Fu - Oneliners
    • CORS
    • Special Chars & NULL Bytes
    • XSS
    • XXE
    • Nuclei
    • SQL Injection
    • Blind SQL Injection
    • SQLmap
    • NoSQL Injection
    • CRLF Injection
    • Input Validation - Fuzz1
    • HTTP Headers - X-Forwarded
    • Log4j
    • Enumeration with Wordlists
    • Bug Bounty - Web Recon
    • HTTP Proxy Override
    • CSV Injection
    • Windows Forbidden File Names
    • Path Traversal
    • OS Command Injection
    • Open Redirect
    • JWT Tool
    • Burp Extensions - TokenJAR & ATOR
    • Upload RCE
    • GUID and UUIDs
  • Toolset
    • Git - Repo and Tools
    • Docker for Pentesters
  • Infrastructure Pentesting
    • PostgreSQL
    • Active Directory (AD)
      • Vulnerable Machines (labs)
      • Pass the hash
      • Azure Active Directory
      • Password Cracking
      • Domain Enumeration
      • LLMNR Poisoning with Responder
      • HTB Forest
      • LDAP
      • WinRM
      • SMB & RPC Enumeration
      • SMB Relay
      • Impacket
      • Bloodhound
      • OWA Exchange Server 2019
      • Active Directory Web Services (ADWS)
      • Active Directory Attacks
    • Mail Server Attacks
    • NFS Enumeration
    • Windows PostExploitation
      • Windows Enumeration
      • Powershell Payloads
      • Add RDP Account & Ride on Meterpreter
    • Dump File Analysis
  • Other Pentest Projects
    • Security Projects
  • WIFI Pentesting
    • Kali Linux - Alpha card AWUS 1900 (VirtualBox)
    • Active Card & Monitor Mode
    • Aircrack-ng Suite
  • Certs
    • Burp Suite Certified Practitioner
  • Linux
    • Network Manager
  • Books
    • The Hacker Playbook 3
Powered by GitBook
On this page
  • 1.Install Basic Tools
  • PTF - pentester framework
  • PowerShell Empire
  • dnscat2
  • P0wned Shell
  • Puppyshell
  • Nishang
  • PoshC2
  • 2. Red Team - Recon
  • SSLScrape
  • Discover
  • Knockpy
  • Sublist3r

Was this helpful?

  1. Books

The Hacker Playbook 3

A famous hacking book from Peter Kim

Awesome book with hacking tools and tips from Peter Kim. You can find THP3 book at amazon with "look inside" feature. This is the 3rd edition focused on Red Teaming. If you are a beginner, it's better to choose 2nd edition, it's more suitable for learning. What I don't like about this book is a typography. Here is a list of tools and notes (in progress).

1.Install Basic Tools

PTF - pentester framework

Install scripts for your pentest tools on debian/arch linux systems

git clone https://github.com/trustedsec/ptf

PowerShell Empire

post-exploitation framework that includes pure powershell2.0 windows agent and python 2.7 linux/OSX agent

git clone https://EmpireProject/Empire

dnscat2

encrypted communication C2 channel over dns

git clone https://github.com/iagox86/dnscat2

P0wned Shell

powershell in C# which does not use powershell.exe

git clone https://github.com/Cn33liz/p0wnedshell

Puppyshell

git clone https://github.com/n1nj4sec/pupy

Nishang

framework and collection of powershell scripts with some C2C lightweight scripts

git clone https://github.com/samratashok/nishang

PoshC2

a proxy aware C2 framework written in powershell

git clone https://github.com/nettitude/PoshC2

2. Red Team - Recon

SSL/TLS cert recon, subdomain enumeration, code repository enumeration and more

SSLScrape

gather hostnames from certificates

git clone https://cheetz/sslSrape

Discover

combines kali recon tools - passiv ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, metasploit, URLCrazy, Whois,multiple websites and recon-ng.

git clone https://github.com/leebaird/discover3
./update.sh
./discover.sh

Knockpy

Simple domain enumeration upon a wordlist

python knockpy.py domain -w wordlist.txt

Sublist3r

Benefits from search engines

git clone https://github.com/Plazmaz
PreviousNetwork Manager

Last updated 4 years ago

Was this helpful?