I’m happy to announce this tool I created!
Pentest-Service-Enumeration
Purpose
Suggests binaries to run against services found during the enumeration phase of a Pentest
Background
While studying for the Offensive Security Certified Profesional (OSCP) certification I found it hard to keep track of which commands to run during the enumeration phase for specific services.
The purpose of this tool is easily keep track of those commands.
Install Instructions
git clone https://github.com/ssstonebraker/Pentest-Service-Enumeration
cd Pentest-Service-Enumeration
./install.sh
How to use
Pentest Service Enumeration: 0.0.2
----------------------------------------------------------------------------------------------------
LISTING EXISTING COMMANDS:
Usage: pse <service-name> (Ex: ftp, rdp, http)
-v: verbose - print command description
Examples
[*] pse ftp
[*] pse -v ftp (for verbose)
----------------------------------------------------------------------------------------------------
STORING A NEW COMMAND WITH ARGUMENTS
Usage: pse -a <service-name> '<command> <arg1> <argX>'
note: You must use single quotes around your command
Examples
[*] pse -a rpc 'rpcinfo $IP'
[*] pse -a smb 'smbexec.py $HOST/$USERNAME:$PASSWORD@$IP'
----------------------------------------------------------------------------------------------------
Screenshots
Basic Usage
To view basic usage just type:
pse
List all available Services
pse -l
[*] listing all services that have pse stored commands
ftp
http
linpriv
mimikatz
rpc
smb
smtp
snmp
ssh
webdav
Listing commands for a service
pse <service-name>
Example:
pse smb
Default view
The default view does not include descriptions for commands
Verbose view
The verbose view includes descriptions for commands
pse -v <service-name>
Example:
pse -v smb
Adding commands for a service
In this example I am adding the dirb command for the https service
Before
I’m listing out what already exists for the http service
Add the command
Add command dirb for service http
pse -a http 'dirb http://$IP -r -o $OUTPUTFILE'
After
A view of the commands for the http service after I’ve added the dirb http command:
Variable Expansion
Currently only $IP and $PORT will be expanded (if set)
Example:
IP=10.11.1.10 pse http