Pentest Service Enumeration Save

Suggests programs to run against services found during the enumeration phase of a Pentest

Project README

Pentest-Service-Enumeration

Purpose

Suggests binaries to run against services found during the enumeration phase of a Pentest

Background

While studying for the Offensive Security Certified Profesional (OSCP) and Offensive Security Web Assessor (OSWA) certifications I found it hard to keep track of which commands to run during the enumeration phase for specific services.

The purpose of this tool is easily keep track of those commands.

Install Instructions

git clone https://github.com/ssstonebraker/Pentest-Service-Enumeration
cd Pentest-Service-Enumeration
./install.sh

Basic Usage

To view basic usage just type:

pse

This will list out the available services and give an example of how to use the program

[Pentest Service Enumeration: 0.0.3]
- Pentest command reference via the cli
----------------------------------------------------------------------------------------------------
Available Services
[*] dns
[*] ftp
[*] hashcat
[*] http
[*] ldap
[*] linpriv
[*] mimikatz
[*] nfs
[*] rpc
[*] searchsploit
[*] smb
[*] smtp
[*] snmp
[*] sql
[*] ssh
[*] sudo
[*] tcpdump
[*] webdav
[*] wfuzz
----------------------------------------------------------------------------------------------------
Return command references for a service
Usage: pse <service-name>

Examples
[*] pse ftp
[*] pse wfuzz
[*] pse smb

----------------------------------------------------------------------------------------------------
Help: pse -h

Listing commands for a service

pse <service-name>

Example:

List commands to run with smb

# pse smb

----------------------------------------------------------------------------------------------------
connect to remote smb share as null user
[*] smbclient "//$IP/$SHARE_NAME" -U ""
----------------------------------------------------------------------------------------------------
Create a destination mount directory, mount remote share as guest
[*] sudo mkdir /mnt/$IP_$FOLDER; sudo mount -v -t cifs "//$IP/$FOLDER" /mnt/$IP_$FOLDER -o username=guest
----------------------------------------------------------------------------------------------------
Launch a semi-interactive shell
[*] smbexec.py $HOST/$USERNAME:$PASSWORD@$IP
----------------------------------------------------------------------------------------------------
List smb share files using a null user
[*] smbclient -L $IP -U -N
----------------------------------------------------------------------------------------------------
ngrep samba version while connecting via smbclient
[*] export INTERFACE="tun0"; sudo ngrep -i -d $INTERFACE 's.?a.?m.?b.?a.*[[:digit:]]'
----------------------------------------------------------------------------------------------------
Recursive directory listing
[*] smbmap -H $ip -R
----------------------------------------------------------------------------------------------------
Scan IP Address for SMB Pipe Names
[*] pipef -a $IP
----------------------------------------------------------------------------------------------------

List commands to run with wfuzz

# pse wfuzz

[Pentest Service Enumeration: 0.0.3]
----------------------------------------------------------------------------------------------------
Command injection
[*] URL="http://target:80/php/blocklisted.php?ip=127.0.0.1FUZZ"; wfuzz -c -z file,/home/kali/command_injection_custom.txt --hc 404 "$URL"
----------------------------------------------------------------------------------------------------
Directory Discovery (medium) - ignore 404, 301
[*] URL="http://target/FUZZ";FILE="/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt"; wfuzz -c -z file,"$FILE" --hc 404,301 "$URL"
----------------------------------------------------------------------------------------------------
Directory Discovery (medium) - ignore 404, 403, 301
[*] URL="http://target/FUZZ"; FILE="/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt"; wfuzz -c -z file,"$FILE" --hc 404,403,301 "$URL"
----------------------------------------------------------------------------------------------------
File discovery
[*] URL="http://target/FUZZ";wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt --hc 301,404,403 "$URL"
----------------------------------------------------------------------------------------------------
POST data fuzzing (password cracking)
[*] URL="http://target:80/wp-login.php" wfuzz -c -z file,/usr/share/seclists/Passwords/xato-net-10-million-passwords-100000.txt --hc 404 -d "log=admin&pwd=FUZZ" "$URL"
----------------------------------------------------------------------------------------------------
Param value fuzzing (find hidden params)
[*] export URL="http://target:80/index.php?FUZZ=data";wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt --hc 404,301 "$URL"
----------------------------------------------------------------------------------------------------
Param value fuzzing (usernames)
[*] URL="http://target:80/index.php?fpv=FUZZ"; wfuzz -c -z file,/usr/share/seclists/Usernames/cirt-default-usernames.txt --hc 404 "$URL"

Adding commands for a service

File Structure

Services are text files located at:

$HOME/.pse/<files>

Every command you want to return should be on a separate line in the format:

description:command

Example Service

File: $HOME/.pse/nfs

Content:

show available nfs mounts:showmount -e $IP
mount a nfs share:export IP=10.11.1.72; sudo mkdir -p /mnt/$IP/home && sudo mount -t nfs $IP:/home /mnt/$IP/home

STORING A NEW COMMAND WITH ARGUMENTS

Edit corresponding service file at $HOME/.pse/<filename> (e.g. $HOME/.pse/smb or $HOME/.pse/dns)

If your want to add a new service, create a file at $HOME/.pse/foo

Example: Create documentation for curl

To add curl as a service for pse:

Create file $HOME/.pse/curl
Add one line per command you want saved in format:

<description>:<command>

Example content for file $HOME/.pse/curl:

Return help content:curl -h
Run curl in verbose mode:curl -v

Now when you run command pse curl:

[Pentest Service Enumeration: 0.0.3]
----------------------------------------------------------------------------------------------------
Return help content
[*] curl -h
----------------------------------------------------------------------------------------------------
Run curl in verbose mode
[*] curl -v
----------------------------------------------------------------------------------------------------

Open Source Agenda is not affiliated with "Pentest Service Enumeration" Project. README Source: ssstonebraker/Pentest-Service-Enumeration

Stars

Open Issues

Last Commit

8 months ago

Repository

ssstonebraker/Pentest-Service-Enumeration

License

GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/pentest-service-enumeration"><img src="https://www.opensourceagenda.com/projects/pentest-service-enumeration/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022