From 1ec50d14a36b38d24f8259a254f263c595961107 Mon Sep 17 00:00:00 2001 From: 0xMarcio Date: Wed, 8 Oct 2025 16:11:24 +0200 Subject: [PATCH] docs: remove em dashes; convert pseudo-links to real Markdown links; improve formatting - Replace all em dashes with simple hyphens across repo\n- README: real links in Docs Index, badges and headings\n- HOWTO: clickable TOC, clean headings, hyphen usage\n- TOOLKIT: clickable TOC, cleaned bullets, crosslinks and examples\n- Dashboard and pack_report strings updated to avoid em dashes\n- .zshrc comment cleaned --- .zshrc.htb | 2 +- HOWTO.md | 130 +++++++++++++++---------------- README.md | 36 ++++----- TOOLKIT.md | 150 ++++++++++++++++++------------------ bin/automation/dashboard.py | 4 +- bin/post/pack_report.sh | 3 +- 6 files changed, 162 insertions(+), 163 deletions(-) diff --git a/.zshrc.htb b/.zshrc.htb index d7900cb..8d04ed7 100644 --- a/.zshrc.htb +++ b/.zshrc.htb @@ -1,4 +1,4 @@ -# HTB/OSCP helpers — source this from your ~/.zshrc +# HTB/OSCP helpers - source this from your ~/.zshrc # Prompt (concise) autoload -Uz colors && colors diff --git a/HOWTO.md b/HOWTO.md index 48b97c3..b28af35 100644 --- a/HOWTO.md +++ b/HOWTO.md @@ -1,26 +1,26 @@ -# PentestPilot — HOWTO +# PentestPilot - HOWTO ## Table of Contents -- Overview — #overview -- Install & Setup — #install--setup -- Core Env Vars — #core-env-vars -- Target Workflow — #target-workflow -- Automation & Orchestration — #automation--orchestration -- Dashboard (Status & Evidence) — #dashboard-status--evidence -- Manifest (State & Resume) — #manifest-state--resume -- AI Integrations — #ai-integrations -- Web Recon & Routing — #web-recon--routing -- Active Directory & SMB — #active-directory--smb -- Passwords & Wordlists — #passwords--wordlists -- Shells, Transfers, Privesc — #shells-transfers-privesc -- Tunnels & Port Forwards — #tunnels--port-forwards -- QoL Utilities — #qol-utilities -- Post‑Exploitation & Reporting — #post-exploitation--reporting -- Safety Notes — #safety-notes -- End‑to‑End Example — #end-to-end-example -- Troubleshooting — #troubleshooting -- Customization — #customization -- Appendix — Common Command Recipes — #appendix--common-command-recipes +- [Overview](#overview) +- [Install & Setup](#install--setup) +- [Core Env Vars](#core-env-vars) +- [Target Workflow](#target-workflow) +- [Automation & Orchestration](#automation--orchestration) +- [Dashboard (Status & Evidence)](#dashboard-status--evidence) +- [Manifest (State & Resume)](#manifest-state--resume) +- [AI Integrations](#ai-integrations) +- [Web Recon & Routing](#web-recon--routing) +- [Active Directory & SMB](#active-directory--smb) +- [Passwords & Wordlists](#passwords--wordlists) +- [Shells, Transfers, Privesc](#shells-transfers-privesc) +- [Tunnels & Port Forwards](#tunnels--port-forwards) +- [QoL Utilities](#qol-utilities) +- [Post-Exploitation & Reporting](#post-exploitation--reporting) +- [Safety Notes](#safety-notes) +- [End-to-End Example](#end-to-end-example) +- [Troubleshooting](#troubleshooting) +- [Customization](#customization) +- [Appendix - Common Command Recipes](#appendix--common-command-recipes) ## Overview - This toolkit streamlines OSCP/HTB workflows: discovery, web recon, AD, credential hygiene, shells, tunnels, transfers, privilege escalation, post‑exploitation, reporting, and AI‑assisted orchestration. @@ -57,9 +57,9 @@ Notes: - Use `pipx` (or venv) for Python‑based tools to avoid site‑packages collisions. ## Core Env Vars -- `HTB_ROOT` (default: current repo path) — base for targets and scripts. -- `TARGET` — a current target convenience var set by `settarget`. -- `OUTDIR` — output directory for scans in the current target (set by `settarget`). +- `HTB_ROOT` (default: current repo path) - base for targets and scripts. +- `TARGET` - a current target convenience var set by `settarget`. +- `OUTDIR` - output directory for scans in the current target (set by `settarget`). - Proxies: `HTTP_PROXY`/`HTTPS_PROXY` can be toggled via `proxy_toggle.sh on|off`. ## Target Workflow @@ -70,16 +70,16 @@ Notes: - `notesinit` scaffolds `notes.md` in the target directory. - `notesattach` appends a scan artifacts summary to notes. 3) Directories: - - `targets//scans` — scanner logs, json, summaries - - `targets//loot` — collected artifacts - - `targets//notes.md` — your engagement notes - - `targets//manifest.json` — per‑target state (see Manifest below) + - `targets//scans` - scanner logs, json, summaries + - `targets//loot` - collected artifacts + - `targets//notes.md` - your engagement notes + - `targets//manifest.json` - per-target state (see Manifest below) 4) Common recipes (see Appendix for more): - Quick nmap: nq → review `scans/*_quick_*.nmap` - Full TCP then service: nf → review `phase1`/`phase2` outputs - UDP quick check: nu → review common UDP services - Web checks: headers/methods/tech → dirbuster/param_fuzz → sqli_quick - - SMB/LDAP: smb_enum.sh / ldap_enum.sh — save listings in `scans/` + - SMB/LDAP: smb_enum.sh / ldap_enum.sh - save listings in `scans/` Quick Aliases - Nmap: `nq` (quick), `nf` (full TCP), `nu` (UDP top) @@ -97,13 +97,13 @@ Quick Aliases - DNS subenum (if domain) → httpx (balanced) → nuclei (auto severity) → tech route → optional WPScan - Resume (default) consults `manifest.json` and skips completed steps. - Writes evidence JSON + summaries (httpx/nuclei) into OUTDIR and manifest. -- Agents (AI‑aware): `bin/ai/agent_orchestrator.py:1` - - `agent full ` — small state machine for the full pipeline; retries resume passes, then runs `tech_actions.py --run`. - - `agent web [--force]` — httpx → nuclei → screenshots → AI plan (resume‑aware subtasks) - - `agent ad [--force]` — enum4linux/smbmap/rpc (resume‑aware) - - `agent notes [--force]` — notes init + attach (resume‑aware) - - `agent post [--force]` — linux_loot + report pack (resume‑aware) -- Resume all targets: `resume_all.py` — loops over targets/* and resumes incomplete `full_pipeline` runs. +- Agents (AI-aware): `bin/ai/agent_orchestrator.py:1` + - `agent full ` - small state machine for the full pipeline; retries resume passes, then runs `tech_actions.py --run`. + - `agent web [--force]` - httpx -> nuclei -> screenshots -> AI plan (resume-aware subtasks) + - `agent ad [--force]` - enum4linux/smbmap/rpc (resume-aware) + - `agent notes [--force]` - notes init + attach (resume-aware) + - `agent post [--force]` - linux_loot + report pack (resume-aware) +- Resume all targets: `resume_all.py` - loops over targets/* and resumes incomplete `full_pipeline` runs. Advanced: Pipeline Semantics - `--resume` (default) skips steps whose manifest task status is `ok`. @@ -115,10 +115,10 @@ Advanced: Pipeline Semantics - Command: `dashboard` Options: `--no-color`, `--compact`, `--json` - Columns: - target, created, last (timestamp of last pipeline), urls (count) - - dns, httpx, nuclei, tech, wp — per‑phase status with elapsed seconds - - sev — severity counts (e.g., c:1 h:3 m:2) - - top‑techs — top techs from httpx tech summary (e.g., wordpress:3, drupal:1) - - bar — colorized severity proportion bar (critical/high/medium/low) + - dns, httpx, nuclei, tech, wp - per-phase status with elapsed seconds + - sev - severity counts (e.g., c:1 h:3 m:2) + - top-techs - top techs from httpx tech summary (e.g., wordpress:3, drupal:1) + - bar - colorized severity proportion bar (critical/high/medium/low) - Evidence sources (auto‑persisted by pipeline): - httpx JSON: `OUTDIR/httpx_.json` and `httpx_.summary.json` - nuclei JSON: `OUTDIR/httpx2nuclei_/nuclei.json` and `summary.json` @@ -142,23 +142,23 @@ Advanced: Pipeline Semantics } } - CLI: `bin/automation/manifest.py:1` - - `init ` — create manifest - - `set|get [value]` — set or read top‑level values - - `addlist ` — append to a list - - `show ` — print JSON - - `task start|ok|fail [meta-json]` — update tasks (status, timestamps, meta) - - `taskstatus ` — prints status; exit 0 if ok, 2 if running, 1 otherwise - - `taskreset ` — remove/reset a task entry +- `init ` - create manifest +- `set|get [value]` - set or read top-level values +- `addlist ` - append to a list +- `show ` - print JSON +- `task start|ok|fail [meta-json]` - update tasks (status, timestamps, meta) +- `taskstatus ` - prints status; exit 0 if ok, 2 if running, 1 otherwise +- `taskreset ` - remove/reset a task entry ## AI Integrations - Providers: OpenAI (OPENAI_API_KEY) or local Ollama (defaults chosen automatically). - Robust helpers: `bin/ai/_ai_utils.py:1` (retries, timeouts, prompt truncation) - Tools: - - `ask.py` — quick prompts - - `commands_planner.py` — converts a goal/context into ready‑to‑run toolkit commands - - `orchestrate_web.py` — probes (httpx) and asks AI for a recon plan - - `review_findings.py` — summarizes notes into risks + next steps - - `agent_orchestrator.py` — orchestrates web/full/ad/notes/post tasks and updates manifest +- `ask.py` - quick prompts +- `commands_planner.py` - converts a goal/context into ready-to-run toolkit commands +- `orchestrate_web.py` - probes (httpx) and asks AI for a recon plan +- `review_findings.py` - summarizes notes into risks + next steps + - `agent_orchestrator.py` - orchestrates web/full/ad/notes/post tasks and updates manifest Troubleshooting AI: - If calls fail, `_ai_utils.py` retries with exponential backoff. - If no OPENAI_API_KEY is set, the system falls back to Ollama (ensure it’s running). @@ -180,8 +180,8 @@ Troubleshooting AI: - SMB `smbmap_quick.sh` and `smb_check_write.sh` ## Passwords & Wordlists -- `mutate_words.py`, `merge_dedupe.sh`, `wordlist_cleanup.sh` — build/clean wordlists -- `spray_http_basic.sh` — cautious HTTP Basic Auth spray (respect lockout policies) +- `mutate_words.py`, `merge_dedupe.sh`, `wordlist_cleanup.sh` - build/clean wordlists +- `spray_http_basic.sh` - cautious HTTP Basic Auth spray (respect lockout policies) ## Shells, Transfers, Privesc - Shells: reverse one‑liners (`revsh.py`), listener (`listener.sh`), TTY upgrade tips @@ -190,20 +190,20 @@ Troubleshooting AI: - Windows privesc: `privesc_quick.ps1`, `find_unquoted_services.ps1`, `find_path_writable.ps1`, `win_share_enum.ps1` ## Tunnels & Port Forwards -- `chisel_server.sh` / `chisel_client.sh` — reverse tunnels -- `autossh_socks.sh` — resilient SOCKS proxy -- `socat_forward.sh` and `port_forward.sh` — local/remote forwards +- `chisel_server.sh` / `chisel_client.sh` - reverse tunnels +- `autossh_socks.sh` - resilient SOCKS proxy +- `socat_forward.sh` and `port_forward.sh` - local/remote forwards ## QoL Utilities -- `cleanup_scans.sh` — prune old scan files -- `proxy_toggle.sh` — set/unset HTTP(S) proxy env vars -- `tmux_init.sh` — quick tmux workspace -- `extract_urls.py` — harvest URLs from files (logs/notes) +- `cleanup_scans.sh` - prune old scan files +- `proxy_toggle.sh` - set/unset HTTP(S) proxy env vars +- `tmux_init.sh` - quick tmux workspace +- `extract_urls.py` - harvest URLs from files (logs/notes) ## Post‑Exploitation & Reporting -- `linux_loot.sh` — safe, size‑capped artifacts collector (config via env: `MAX_SIZE`, `INCLUDE_*`) -- `windows_loot.ps1` — conservative Windows loot collector (zip fallback) -- `pack_report.sh` — compiles a markdown with summaries and file listings +- `linux_loot.sh` - safe, size-capped artifacts collector (config via env: `MAX_SIZE`, `INCLUDE_*`) +- `windows_loot.ps1` - conservative Windows loot collector (zip fallback) +- `pack_report.sh` - compiles a markdown with summaries and file listings ## Safety Notes - Use only with explicit authorization. @@ -236,7 +236,7 @@ Troubleshooting AI: - Tweak agent behaviors in `bin/ai/agent_orchestrator.py:1`. - Add your own manifest keys via `manifest.py set key value` for custom dashboards. -## Appendix — Common Command Recipes +## Appendix - Common Command Recipes - Directory brute (gobuster): gobuster_dir.sh http://$TARGET/ /usr/share/wordlists/dirb/common.txt php,txt 50 - Vhost brute: gobuster_vhost.sh http://$TARGET/ subdomains-top1million-5000.txt 100 - Probe techs: httpx_probe.sh hosts.txt > live.txt diff --git a/README.md b/README.md index da6c1c5..1e016ac 100644 --- a/README.md +++ b/README.md @@ -66,26 +66,26 @@ Dependencies - Recommended: nmap, ffuf, httpx, nuclei, gobuster, gowitness, subfinder|amass, sqlmap, wpscan, droopescan, joomscan, magescan, impacket, ldap-utils, snmp, ripgrep, jq, python3 requests, socat, chisel ## Documentation -- HOWTO.md:1 — in‑depth “how to” with recommended tools, pipeline semantics, dashboard legend, manifest schema, and examples. -- TOOLKIT.md:1 — command catalog grouped by category with references back to HOWTO. +- See [HOWTO](HOWTO.md) for in-depth usage, recommended tools, pipeline semantics, dashboard legend, manifest schema, and examples. +- See [TOOLKIT](TOOLKIT.md) for a categorized command catalog with examples and links back to HOWTO. ### Docs Index (quick links) -- HOWTO: Overview — HOWTO.md#overview -- Install & Setup — HOWTO.md#install--setup -- Core Env Vars — HOWTO.md#core-env-vars -- Target Workflow — HOWTO.md#target-workflow -- Automation & Orchestration — HOWTO.md#automation--orchestration -- Dashboard (Status & Evidence) — HOWTO.md#dashboard-status--evidence -- Manifest (State & Resume) — HOWTO.md#manifest-state--resume -- AI Integrations — HOWTO.md#ai-integrations -- Web Recon & Routing — HOWTO.md#web-recon--routing -- Active Directory & SMB — HOWTO.md#active-directory--smb -- Passwords & Wordlists — HOWTO.md#passwords--wordlists -- Shells, Transfers, Privesc — HOWTO.md#shells-transfers-privesc -- Tunnels & Port Forwards — HOWTO.md#tunnels--port-forwards -- QoL Utilities — HOWTO.md#qol-utilities -- Post‑Exploitation & Reporting — HOWTO.md#post-exploitation--reporting -- Troubleshooting — HOWTO.md#troubleshooting +- [HOWTO: Overview](HOWTO.md#overview) +- [Install & Setup](HOWTO.md#install--setup) +- [Core Env Vars](HOWTO.md#core-env-vars) +- [Target Workflow](HOWTO.md#target-workflow) +- [Automation & Orchestration](HOWTO.md#automation--orchestration) +- [Dashboard (Status & Evidence)](HOWTO.md#dashboard-status--evidence) +- [Manifest (State & Resume)](HOWTO.md#manifest-state--resume) +- [AI Integrations](HOWTO.md#ai-integrations) +- [Web Recon & Routing](HOWTO.md#web-recon--routing) +- [Active Directory & SMB](HOWTO.md#active-directory--smb) +- [Passwords & Wordlists](HOWTO.md#passwords--wordlists) +- [Shells, Transfers, Privesc](HOWTO.md#shells-transfers-privesc) +- [Tunnels & Port Forwards](HOWTO.md#tunnels--port-forwards) +- [QoL Utilities](HOWTO.md#qol-utilities) +- [Post-Exploitation & Reporting](HOWTO.md#post-exploitation--reporting) +- [Troubleshooting](HOWTO.md#troubleshooting) Safety - Intended for systems you have explicit permission to test. Scripts default to safe, passive checks unless you opt‑in to aggressive actions. diff --git a/TOOLKIT.md b/TOOLKIT.md index 79a269e..fbf7387 100644 --- a/TOOLKIT.md +++ b/TOOLKIT.md @@ -1,29 +1,29 @@ -# PentestPilot — Quick Reference +# PentestPilot - Quick Reference For step‑by‑step usage, pipeline semantics, dashboard features, and resume behavior, read HOWTO.md:1. This file focuses on a clickable, categorized command index with succinct usage. Most entries accept TARGET via env if a positional argument is omitted. ## Table of Contents -- Setup — #setup -- Core Workflow — #core-workflow -- Enumeration — #enumeration-requires-target -- Automation — #automation-binautomation--see-howto-automation--orchestration-dashboard-manifest -- Web helpers — #web-helpers-binweb--see-howto-web-recon--routing -- Reverse shells — #reverse-shells-binshells -- File transfer — #file-transfer-bintransfer -- Crypto / Text — #crypto--text-bincrypto -- Privilege Escalation — #privilege-escalation-binprivesc -- Misc — #misc-binmisc -- AI — #ai-binai--see-howto-ai-integrations -- Active Directory — #active-directory-binad -- Passwords — #passwords-binpasswords -- Windows — #windows-binwindows -- Post‑Exploitation — #post-exploitation-binpost -- DNS — #dns-bindns -- Scanning — #scanning-binscan -- Tunnels — #tunnels-bintunnel -- Pwn — #pwn-binpwn -- Hashes — #hashes-binhashes -- Tips — #tips +- [Setup](#setup) +- [Core Workflow](#core-workflow) +- [Enumeration](#enumeration-requires-target) +- [Automation](#automation-binautomation--see-howto-automation--orchestration-dashboard-manifest) +- [Web helpers](#web-helpers-binweb--see-howto-web-recon--routing) +- [Reverse shells](#reverse-shells-binshells) +- [File transfer](#file-transfer-bintransfer) +- [Crypto / Text](#crypto--text-bincrypto) +- [Privilege Escalation](#privilege-escalation-binprivesc) +- [Misc](#misc-binmisc) +- [AI](#ai-binai--see-howto-ai-integrations) +- [Active Directory](#active-directory-binad) +- [Passwords](#passwords-binpasswords) +- [Windows](#windows-binwindows) +- [Post-Exploitation](#post-exploitation-binpost) +- [DNS](#dns-bindns) +- [Scanning](#scanning-binscan) +- [Tunnels](#tunnels-bintunnel) +- [Pwn](#pwn-binpwn) +- [Hashes](#hashes-binhashes) +- [Tips](#tips) ## Setup - Keep this repo in a working folder, e.g., htb/. @@ -53,12 +53,12 @@ Individual scripts (bin/) - nmap_full.sh [--rate 5000] - nmap_udp.sh [--top 200] - smb_enum.sh [user] [pass] -- ldap_enum.sh [user] [pass] — auto-detect baseDNs +- ldap_enum.sh [user] [pass] - auto-detect baseDNs - nfs_enum.sh - ftp_enum.sh - snmp_enum.sh [community] -## Automation (bin/automation/) — see HOWTO: Automation & Orchestration, Dashboard, Manifest +## Automation (bin/automation/) (see HOWTO: [Automation & Orchestration](HOWTO.md#automation--orchestration), [Dashboard](HOWTO.md#dashboard-status--evidence), [Manifest](HOWTO.md#manifest-state--resume)) - auto_recon.sh [--no-udp] - parse_nmap_open_ports.sh <*.gnmap> - report_summary.py <*.gnmap ...> @@ -70,11 +70,11 @@ Individual scripts (bin/) - full_pipeline.sh [--resume|--force] - manifest.py (init|set|get|addlist|show|task|taskstatus|taskreset) [...] - dashboard.py [--json] -- resume_all.py — resume full pipeline across all targets - - tech_actions.py [--run] — suggest/run next steps based on httpx techs - - cleanup_scans.sh [dir] [days] [--force] — prune old scan files +- resume_all.py - resume full pipeline across all targets + - tech_actions.py [--run] - suggest/run next steps based on httpx techs + - cleanup_scans.sh [dir] [days] [--force] - prune old scan files - proxy_toggle.sh on|off [http://host:port] - - tmux_init.sh [session] — starter tmux layout + - tmux_init.sh [session] - starter tmux layout See also in HOWTO.md: - Automation & Orchestration @@ -96,24 +96,24 @@ dashboard --compact resumeall ``` -## Web helpers (bin/web/) — see HOWTO: Web Recon & Routing -- dirbuster.sh [wordlist] [exts] — ffuf directory fuzz -- vhost_ffuf.sh [wordlist] — virtual hosts -- param_fuzz.sh [wordlist] — parameter discovery -- lfi_tester.py — basic LFI checks -- tech_detect.sh — headers + tech hints -- http_headers.sh — raw headers -- url_titles.py [url2 ...] — titles and codes -- crawl_words.py [depth] — extract words for wordlists -- sqli_quick.sh — sqlmap wrapper - - backup_hunter.sh [paths.txt] — find common backups/configs - - git_dumper.sh [outdir] — mirror exposed .git and restore - - cors_tester.py [origin] — test ACAO/ACAC - - methods.sh — show allowed methods (OPTIONS) - - clone_site.sh [outdir] — wget mirror - - tls_scan.sh — openssl-based TLS info - - robots_grabber.sh — show Disallow entries - - webdav_detect.sh — OPTIONS + PROPFIND +## Web helpers (bin/web/) (see HOWTO: [Web Recon & Routing](HOWTO.md#web-recon--routing)) +- dirbuster.sh [wordlist] [exts] - ffuf directory fuzz +- vhost_ffuf.sh [wordlist] - virtual hosts +- param_fuzz.sh [wordlist] - parameter discovery +- lfi_tester.py - basic LFI checks +- tech_detect.sh - headers + tech hints +- http_headers.sh - raw headers +- url_titles.py [url2 ...] - titles and codes +- crawl_words.py [depth] - extract words for wordlists +- sqli_quick.sh - sqlmap wrapper + - backup_hunter.sh [paths.txt] - find common backups/configs + - git_dumper.sh [outdir] - mirror exposed .git and restore + - cors_tester.py [origin] - test ACAO/ACAC + - methods.sh - show allowed methods (OPTIONS) + - clone_site.sh [outdir] - wget mirror + - tls_scan.sh - openssl-based TLS info + - robots_grabber.sh - show Disallow entries + - webdav_detect.sh - OPTIONS + PROPFIND - httpx_probe.sh - nuclei_quick.sh [tags] - gobuster_dir.sh [wordlist] [exts] [threads] @@ -145,9 +145,9 @@ gobuster_dir.sh http://$TARGET/ /usr/share/wordlists/dirb/common.txt php,txt 50 ``` ## Reverse shells (bin/shells/) -- revsh.py — prints common one-liners -- listener.sh — rlwrap + nc/ncat listener -- tty_upgrade.sh — quick TTY tips +- revsh.py - prints common one-liners +- listener.sh - rlwrap + nc/ncat listener +- tty_upgrade.sh - quick TTY tips Examples ``` @@ -162,11 +162,11 @@ tty_upgrade.sh ``` ## File transfer (bin/transfer/) -- http_serve.sh [port] — simple Python HTTP server -- serve.py [port] — HTTP server with web upload (POST /upload) -- push_http.sh — upload to serve.py -- dl_oneshots.sh — download one-liners -- smb_server.sh [share] [path] — impacket SMB server +- http_serve.sh [port] - simple Python HTTP server +- serve.py [port] - HTTP server with web upload (POST /upload) +- push_http.sh - upload to serve.py +- dl_oneshots.sh - download one-liners +- smb_server.sh [share] [path] - impacket SMB server Examples ``` @@ -183,7 +183,7 @@ smb_server.sh share ./loot ## Crypto / Text (bin/crypto/) - encoders.py b64e|b64d|urle|urld|hex|unhex|xor|rot -- jwt_show.py — decode header/payload (no verify) +- jwt_show.py - decode header/payload (no verify) Examples ``` @@ -192,9 +192,9 @@ jwt_show.py eyJhbGciOi... ``` ## Privilege Escalation (bin/privesc/) -- linux_quick_enum.sh — basic local recon -- suid_scan.sh — list SUID/SGID -- caps_scan.sh — list file capabilities +- linux_quick_enum.sh - basic local recon +- suid_scan.sh - list SUID/SGID +- caps_scan.sh - list file capabilities Examples ``` @@ -203,8 +203,8 @@ caps_scan.sh ``` ## Misc (bin/misc/) -- cyclic.py create | offset — pattern + offset -- port_forward.sh — wrappers for ssh -L/-R/-D +- cyclic.py create | offset - pattern + offset +- port_forward.sh - wrappers for ssh -L/-R/-D - extract_urls.py Examples @@ -214,13 +214,13 @@ port_forward.sh -L 8080:127.0.0.1:80 user@host extract_urls.py notes.md ``` -## AI (bin/ai/) — see HOWTO: AI Integrations +## AI (bin/ai/) (see HOWTO: [AI Integrations](HOWTO.md#ai-integrations)) - ask.py [-m model] [-s system] "prompt" | - (stdin) - wordlist_from_context.py [context-file|-] - orchestrate_web.py - review_findings.py [extra] - commands_planner.py "goal" [context] - - agent_orchestrator.py — multi-agent runner (web|notes|post|ad) + - agent_orchestrator.py - multi-agent runner (web|notes|post|ad) See also in HOWTO.md: - AI Integrations @@ -241,7 +241,7 @@ agent web hosts.txt - getnpusers_wrapper.sh [userlist.txt] - getspns_wrapper.sh - ldap_quick_users.sh [user pass] - - rpc_quick.sh [user pass] — rpcclient lsa/users/groups + - rpc_quick.sh [user pass] - rpcclient lsa/users/groups - kerbrute_wrapper.sh [dc-ip] - cme_quick.sh [user pass] @@ -257,9 +257,9 @@ cme_quick.sh $TARGET user pass ## Passwords (bin/passwords/) - mutate_words.py word1 [word2 ...] | - - spray_http_basic.sh - - merge_dedupe.sh [file2 ...] — dedup merged lists + - merge_dedupe.sh [file2 ...] - dedup merged lists - wordlist_cleanup.sh [min] [max] - - hash_id.sh — simple guess when hashid missing + - hash_id.sh - simple guess when hashid missing Examples ``` @@ -270,11 +270,11 @@ spray_http_basic.sh http://$TARGET/protected users.txt Winter2025! ``` ## Windows (bin/windows/) -- privesc_quick.ps1 — run on target -- win_share_enum.ps1 -Target - - find_unquoted_services.ps1 — potential service path issues - - find_path_writable.ps1 — writable PATH dirs - - windows_loot.ps1 — targeted loot collector + - privesc_quick.ps1 - run on target + - win_share_enum.ps1 -Target + - find_unquoted_services.ps1 - potential service path issues + - find_path_writable.ps1 - writable PATH dirs + - windows_loot.ps1 - targeted loot collector Examples ``` @@ -284,9 +284,9 @@ powershell -ep bypass -f bin/windows/find_unquoted_services.ps1 ``` ## Post-Exploitation (bin/post/) -- linux_loot.sh — targeted loot collector with size caps - - windows_loot.ps1 — targeted loot collector (PowerShell) - - pack_report.sh — merge loot/scans into markdown report + - linux_loot.sh - targeted loot collector with size caps + - windows_loot.ps1 - targeted loot collector (PowerShell) + - pack_report.sh - merge loot/scans into markdown report Examples ``` @@ -329,7 +329,7 @@ chisel_client.sh YOUR_IP:8000 R:8080:127.0.0.1:80 ``` ## Pwn (bin/pwn/) -- pwntools_template.py — starter exploit template + - pwntools_template.py - starter exploit template Examples ``` @@ -338,7 +338,7 @@ python3 bin/pwn/pwntools_template.py REMOTE=1 HOST=$TARGET PORT=31337 ## Hashes (bin/hashes/) - extract_ntlm_from_secretsdump.py [out] - - john_pfx.sh — john format for PFX + - john_pfx.sh - john format for PFX Examples ``` diff --git a/bin/automation/dashboard.py b/bin/automation/dashboard.py index f48fda8..dc463cf 100755 --- a/bin/automation/dashboard.py +++ b/bin/automation/dashboard.py @@ -154,9 +154,9 @@ def print_header(): # Build ASCII header t = agg['targets']; c = agg['completed']; p = agg['pending'] s = agg['sev'] - title = f" Pentest Dashboard — targets:{t} completed:{c} pending:{p} " + title = f" Pentest Dashboard - targets:{t} completed:{c} pending:{p} " line = '+' + '-'*(len(title)) + '+' - sev_line = f" severities — C:{s['critical']} H:{s['high']} M:{s['medium']} L:{s['low']} " + sev_line = f" severities - C:{s['critical']} H:{s['high']} M:{s['medium']} L:{s['low']} " sev_bar = sev_line print(line) print('|' + title + '|') diff --git a/bin/post/pack_report.sh b/bin/post/pack_report.sh index 641ea9a..c808be2 100755 --- a/bin/post/pack_report.sh +++ b/bin/post/pack_report.sh @@ -15,7 +15,7 @@ mkdir -p "$lootdir" echo "[+] Generating report: $report" { - echo "# Post-Exploitation Report — $target" +echo "# Post-Exploitation Report - $target" echo "\nGenerated: $(date)" echo "\n## Summaries" [[ -f "$lootdir/summary.txt" ]] && { echo "\n### System Summary"; sed -n '1,120p' "$lootdir/summary.txt"; } @@ -33,4 +33,3 @@ echo "[+] Generating report: $report" } > "$report" echo "[+] Report saved: $report" -