Pentest Service Enumeration

August 10, 2021

Pentest-Service-Enumeration

Purpose

Suggests binaries to run against services found during the enumeration phase of a Pentest

Author

Steve Stonebraker

Background

While studying for the Offensive Security Certified Profesional (OSCP) certification I found it hard to keep track of which commands to run during the enumeration phase for specific services.

The purpose of this tool is easily keep track of those commands.

Install Instructions

git clone https://github.com/ssstonebraker/Pentest-Service-Enumeration cd Pentest-Service-Enumeration ./install.sh
Code language: PHP (php)

How to use

Pentest Service Enumeration: 0.0.2 ---------------------------------------------------------------------------------------------------- LISTING EXISTING COMMANDS: Usage: pse <service-name> (Ex: ftp, rdp, http) -v: verbose - print command description Examples [*] pse ftp [*] pse -v ftp (for verbose) ---------------------------------------------------------------------------------------------------- STORING A NEW COMMAND WITH ARGUMENTS Usage: pse -a <service-name> '<command> <arg1> <argX>' note: You must use single quotes around your command Examples [*] pse -a rpc 'rpcinfo $IP' [*] pse -a smb 'smbexec.py $HOST/$USERNAME:$PASSWORD@$IP' ----------------------------------------------------------------------------------------------------
Code language: HTML, XML (xml)

Screenshots

Basic Usage

To view basic usage just type:

pse

List all available Services

pse -l [*] listing all services that have pse stored commands ftp http linpriv mimikatz rpc smb smtp snmp ssh webdav
Code language: CSS (css)

Listing commands for a service

pse <service-name> Example: pse smb
Code language: HTML, XML (xml)

Default view

The default view does not include descriptions for commands

Verbose view

The verbose view includes descriptions for commands

pse -v <service-name> Example: pse -v smb
Code language: HTML, XML (xml)

Adding commands for a service

In this example I am adding the dirb command for the https service

Before

I’m listing out what already exists for the http service

Add the command

Add command dirb for service http

pse -a http 'dirb http://$IP -r -o $OUTPUTFILE'
Code language: JavaScript (javascript)

After

A view of the commands for the http service after I’ve added the dirb http command:

Variable Expansion

Currently only \$IP and \$PORT will be expanded (if set)

Example: IP=10.11.1.10 pse http