Pentest-Service-Enumeration

I’m happy to announce this tool I created!

Pentest-Service-Enumeration

Purpose

Suggests binaries to run against services found during the enumeration phase of a Pentest

Background

While studying for the Offensive Security Certified Profesional (OSCP) certification I found it hard to keep track of which commands to run during the enumeration phase for specific services.

The purpose of this tool is easily keep track of those commands.

Install Instructions

git clone https://github.com/ssstonebraker/Pentest-Service-Enumeration
cd Pentest-Service-Enumeration
./install.sh

How to use

Pentest Service Enumeration: 0.0.2
----------------------------------------------------------------------------------------------------
LISTING EXISTING COMMANDS:
Usage: pse <service-name> (Ex: ftp, rdp, http)
 -v: verbose - print command description
Examples
[*] pse ftp
[*] pse -v ftp (for verbose)
----------------------------------------------------------------------------------------------------
STORING A NEW COMMAND WITH ARGUMENTS
Usage: pse -a <service-name> '<command> <arg1> <argX>'
note: You must use single quotes around your command
Examples
[*] pse -a rpc 'rpcinfo $IP'
[*] pse -a smb 'smbexec.py $HOST/$USERNAME:$PASSWORD@$IP'
----------------------------------------------------------------------------------------------------

Screenshots

Basic Usage

To view basic usage just type:

pse

List all available Services

pse -l 
[*] listing all services that have pse stored commands
ftp
http
linpriv
mimikatz
rpc
smb
smtp
snmp
ssh
webdav

Listing commands for a service

pse <service-name>

Example:
pse smb

Default view

The default view does not include descriptions for commands

Verbose view

The verbose view includes descriptions for commands

pse -v <service-name>

Example:
pse -v smb

Adding commands for a service

In this example I am adding the dirb command for the https service

Before

I’m listing out what already exists for the http service

Add the command

Add command dirb for service http

pse -a http 'dirb http://$IP -r -o $OUTPUTFILE'

After

A view of the commands for the http service after I’ve added the dirb http command:

Variable Expansion

Currently only $IP and $PORT will be expanded (if set)

Example:
IP=10.11.1.10 pse http

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Contact Us