Pentest Tools Library

This is a library documenting tools, their usage and functions for each stage in the pentest cycle, so I don't have to google every time.

OSCP Exam miscellaneous Tools

1. OBS for Recording the exam

Enumeration

1. AutoRecon by Tib3rius

Allows for scanning multiple hosts concurrently

LinEnum.sh for Linux

GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation ChecksGitHub

Automated script to check for:

1. System info / User information (attempt to read /etc/shadow, list all users UID)

2. Privileged access - permissions and sudo access or root home access

3. Jobs/Cron

4. Services & Versions (Sudo, MYSQL, Postgres, Apache)

5. Searches

How to Use LinEnum to Identify Potential Privilege Escalation VectorsNull Byte

How to

Powerless / PowerUp for Windows

Web App Enumeration

General rule of thumb is to leave web servers to the last. Non-http enumeration is simple, HTTP enumeration could take too much time.

• dirsearch / gobuster for directory or file enumeration, use wordlists like rockyou.txt

• Look at source code for HTML clues

• Learn wfuzz with payloads from PayloadAllTheThings and fuzzdb

• Proxy web app through Burp using repeater

Privilege Escalation

The hardest even for the most experienced, do spend more time learning this and practicing.

GitHub - sagishahar/lpeworkshop: Windows / Linux Local Privilege Escalation WorkshopGitHub

One of the best resources for learning Priv escalation

Basic Linux Privilege Escalation - g0tmi1kblog.g0tmi1k.com

Linux Priv Esc