Packages and Installs¶
Linux Packages¶
| Package | install snippet | Note |
|---|---|---|
| bleachbit | sudo apt install bleachbit -y |
|
| cifs-utils | sudo apt install cifs-utils |
|
| Docker | sudo apt install docker.io |
|
| exiftool | sudo apt install exiftool |
|
| filezilla | sudo apt install filezilla filezilla-common -y |
|
| gimp | sudo apt install gimp -y |
|
| gobuster | sudo apt install gobuster -y |
|
| golang | sudo apt install golang |
|
| ipython3 | sudo apt install ipython3 |
|
| jq | sudo apt install jq -y |
|
| libreoffice | sudo apt install libreoffice -y |
|
| lolcat | sudo apt install lolcat |
add /usr/games to path |
| ltrace | sudo apt install ltrace |
|
| lynx | sudo apt install lynx |
|
| mcrypt | sudo apt install mcrypt -y |
|
| ncftp | sudo apt install ncftp |
|
| node | sudo apt install npm |
|
| pandoc | sudo apt install pandoc |
|
| pip3 | sudo apt install python3-pip |
|
| plank | sudo apt install plank |
|
| putty | sudo apt install putty-tools -y |
|
| rlwrap | sudo apt install rlwrap |
|
| seclists | sudo apt install seclists |
|
| steghide | sudo apt install steghide -y |
|
| strace | sudo apt install strace |
|
| tree | sudo apt install tree |
|
| venv | sudo apt install python3-venv |
|
| jd-gui | ||
| javac | sudo apt install default-jdk |
|
| amqp | sudo apt install amqp-tools |
additional notes:¶
plank setup to autostart
[kali-linux-customization](https://www.offensive-security.com/kali-linux/kali-linux-customization/)
# Add plank to autostart list
"Session and Startup" > add plank to "autostart" list
# disable dock shadows
Window Manager Tweaks → Compositor → disable Show shadows under dock windows
sudo apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
# Install guest additions
# sudo apt-get install -y virtualbox-guest-x11
# reboot
# buffer overflow stuff
sudo apt-get install ropper
gem install one_gadget
# ARM executable
# apt-get install qemu
# apt install tor
# service tor start # Check additional steps involving "tor bundle"
# apt install keepass2 -y
# apt install jd-gui #jar decompiler
# apt install rpcbind -y # for 'rpcinfo'
# apt install nfs-common -y # for 'showmount'
# apt install mono-mcs # used to compile c# programs
# apt install mingw-w64 # this is to compile windows headers (c/c++)
# apt install gcc-multilib
# apt install redis
# apt-get install thunderbird
# pdf utilities (read from command line; etc.)
# https://www.howtogeek.com/228531/how-to-convert-a-pdf-file-to-editable-text-using-the-command-line-in-linux/
# apt-get install poppler-utils
# apt-get install pdfcrack
# apt-get install bruteforce-salted-openssl
# apt-get install preload # Preload application (pre-loads binaries and dependancies of most commonly used applications)
# wine is used to run windows exe's
# dpkg --add-architecture i386 && apt-get update && apt-get install wine32
# Download OpenVAS
# additional info @ https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/
# apt-get install openvas -y
# openvas-setup
# apt-get install nbtscan-unixwiz
# Linux Priv Checker (open link in browser for download)
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwinnazY2OLWAhXF7iYKHaBDBZcQFgg9MAQ&url=https%3A%2F%2Fwww.securitysift.com%2Fdownload%2Flinuxprivchecker.py&usg=AOvVaw1aPu93f3PMi0zK8sc0o2ZV
firefox add-on: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
go (golang)¶
go get github.com/ffuf/ffuf
export PATH=/home/glasgow/go/bin:$PATH
Github¶
| repo name | git clone | description |
|---|---|---|
| SecLists | git clone https://github.com/danielmiessler/SecLists.git |
Word lists for security assessments |
# SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
git clone https://github.com/danielmiessler/SecLists.git /usr/share/wordlists/SecLists
cd /usr/share && ln -s wordlists/SecLists/ seclists # creates symbolic link (for Reconnoitre)
### alternatively, just run apt -y install seclists
# Reconnoitre (nmap and sparta alternative)
sudo git clone https://github.com/codingo/Reconnoitre.git ~/opt/Reconnoitre
git clone git@github.com:codingo/VHostScan.git ~/opt/VHostScan
# sed 's/$/.\%s/g' /usr/share/seclists/Discovery/DNS/fierce-hostlist.txt #> ~/opt/virtual-host-discovery/SecLists_fierce-hostlist.txt
# Python PTY backdoors - full PTY or nothing!
git clone https://github.com/infodox/python-pty-shells.git ~/opt/python-pty-shells
git clone https://github.com/trustedsec/unicorn.git ~/opt/unicorn
# Exploit Suggesters and enumeration
git clone https://github.com/sleventyeleven/linuxprivchecker.git ~/opt/Enumeration/Linux/linuxprivchecker
git clone https://github.com/mzet-/linux-exploit-suggester.git ~/opt/Enumeration/Linux/linux-exploit-suggester
git clone https://github.com/NullArray/MIDA-Multitool.git ~/opt/Enumeration/MIDA-Multitool
git clone https://github.com/NullArray/RootHelper.git ~/opt/Enumeration/RootHelper
git clone https://github.com/diego-treitos/linux-smart-enumeration.git ~/opt/Enumeration/Linux/linux-smart-enumeration
git clone https://github.com/carlospolop/linPE.git ~/opt/Enumeration/Linux/linPE
git clone https://github.com/InteliSecureLabs/Linux_Exploit_Suggester.git ~/opt/Enumeration/Linux/Linux_Exploit_Suggester
# Windows privesc
git clone https://github.com/pentestmonkey/windows-privesc-check.git ~/opt/Enumeration/Windows/windows-privesc-check
# PowerShell
git clone https://github.com/samratashok/nishang.git ~/opt/nishang
git clone https://github.com/Mr-Un1k0d3r/ThunderShell.git ~/opt/ThunderShell
git clone https://github.com/Mr-Un1k0d3r/PowerLessShell.git ~/opt/PowerLessShell
# NEET - Network Enumeration and Exploitation Tool
git clone https://github.com/JonnyHightower/neet.git ~/opt/neet
git clone https://github.com/alias1/sparty.git ~/opt/sparty
# PowerSploit - A PowerShell Post-Exploitation Framework (some directory lists under PowerSploit/Recon/Dictionaries/)
git clone https://github.com/PowerShellMafia/PowerSploit.git ~/opt/PowerSploit
# phpbash
git clone https://github.com/Arrexel/phpbash.git ~/opt/phpbash
# RsaCTFTool (to crack weak public rsa key)
git clone https://github.com/Ganapati/RsaCtfTool.git ~/opt/RsaCtfTool
sudo apt-get install libgmp3-dev libmpc-dev -y
sudo pip3 install -r ~/opt/RsaCtfTool/requirements.txt
python3 RsaCtfTool.py
# libnum (needed for RsaCTFTool)
git clone https://github.com/hellman/libnum.git
python setup.py install
# ImageTragick - https://github.com/jpeanut/ImageTragick-CVE-2016-3714-RShell.git
# peda
git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit
echo "DONE! debug your program with gdb and enjoy"
# NfSpy - an ID-spoofing NFS client
git clone https://github.com/bonsaiviking/NfSpy ~/opt/NfSpy
# Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
git clone https://github.com/EmpireProject/Empire ~/opt/Empire
bash ~/opt/Empire/setup/install.sh
# PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
git clone https://github.com/NetSPI/PowerUpSQL ~/opt/PowerUpSQL
# socat-shell
git clone https://github.com/cornerpirate/socat-shell.git
# dirsearch - dirsearch is a simple command line tool designed to brute force directories and files in websites.
git clone https://github.com/maurosoria/dirsearch.git ~/opt/dirsearch
# firepwd.py, an open source tool to decrypt Mozilla protected passwords
git clone https://github.com/lclevy/firepwd.git ~/opt/firepwd
# Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox/Thunderbird/Seabird) profiles
git clone https://github.com/unode/firefox_decrypt.git ~/opt/firefox_decrypt
# responder
# git clone https://github.com/SpiderLabs/Responder
apt install responder
# pwnedOrNot (checks for emails in data breaches)
git clone https://github.com/thewhiteh4t/pwnedOrNot.git
# mimikatz
git clone https://github.com/gentilkiwi/mimikatz.git ~/opt/mimikatz
# virtual-host-discovery
git clone https://github.com/jobertabma/virtual-host-discovery.git ~/opt/virtual-host-discovery
sed "s/\$/\.\%s/g" /usr/share/wordlists/SecLists/Discovery/DNS/fierce-hostlist.txt > ~/opt/virtual-host-discovery/wordlist_2.txt
# hash_extender
git clone https://github.com/iagox86/hash_extender.git ~/opt/hash_extender
# eviler-winrm
git clone https://github.com/swarley/eviler-winrm ~/opt/eviler-winrm
cd eviler-winrm && bundle config set path 'vendor/bundle' && bundle install
Python Packages¶
| Package | Install snippet | Note |
|---|---|---|
| yq | pip3 install yq |
|
| awscli | pip3 install awscli |
|
| jupyter | python3 -m pip install jupyter |
https://jupyter.org/install |
| jupyterlab | pip3 install jupyterlab |
https://jupyter.org/install |
pip installs:
apt-get update
apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade pwntools
pip install pyftpdlib
#pip3 install stego-lsb # https://github.com/ragibson/Steganography#WavSteg
#pip3 install stegcracker # https://github.com/Paradoxis/StegCracker
pip install termcolor
# oletools
### https://github.com/decalage2/oletools
# pip install -U oletools
# truffleHog - Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
### https://github.com/dxa4481/truffleHog
# pip3 install truffleHog
pip install pymysql # from craft HTB machine
pip3 install web3
Ruby Gems:
gem install mdless # markdown viewer in terminal
pspy - unprivileged linux process snooping¶
https://github.com/DominicBreuker/pspy
https://github.com/gentilkiwi/mimikatz/releases https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20190512/mimikatz_trunk.zip
https://packetstormsecurity.com/files/31140/nc.exe.html (also at /usr/share/windows-binaries/nc.exe)