TOOLS INSTALL FOR ARCH

Summery:

Main tools
- Nmap
- Searchsploit
Protocol
- FTP
  - Ftpmap
- SSH
- Telnet
- DNS
  - bind-tools
  - dnsrecon
- SNMP
- SMB
  - Smbmap
  - Nmblookup/Smbclient/Rpcclient
- WEB
  - Nikto
  - Dirsearch
  - wpscan
  - Cmsmap
  - curl
  - gobuster
  - zaproxy
  - commix
  - skipfish
  - sslscan
  - Burp
    - Burpsuite install
    - Enable https proxy
  - Aquatone
  - Wfuzz
- Mysql
  - Client
  - Sqlmap
- VOIP
- Vnc
  - Realvnc
  - vncrack
MITM
- Sslsplit
- Responder
Packet analyse
- dsniff
Tools
- Install Visual Studio
- Tor
  - Niped
    - Install
- Csvkit
- openvpn (HTB)
- Screen shot
Priv Esc
Post-Exploit
- Windows Credentials Editor
- Mimikatz
  - Install Mimikatz
  - Invoke Mimikatz
AD
- Password Attack (Spraying)
  - Kerberos
  - LDAP
Network
- Wireshark
- Yersinia
- Frogger
- Nishang
Reverse shell
- Shellpop
- Dnscat
- Unicorn
Password Cracking
- John
- Wordlist
System upgrade
- sync the Pacman database
- Update pgpKey

Main tools

Alias: spm = sudo pacman

Nmap

spm -S nmap

Nmap with user non-root

Nmap doc:

https://secwiki.org/w/Running_nmap_as_an_unprivileged_user

Check nmap privilege:

getcap $(which nmap)

Set nmap privilege:

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)

Check nmap privilege:

getcap $(which nmap)

Add to shell alise:

alias nmap="nmap --privileged"

Searchsploit

spm -S exploitdb

Protocol

FTP

Ftpmap

yay ftpmap

SSH

cd /usr/share
sudo git clone https://github.com/arthepsy/ssh-audit.git

Telnet

DNS

bind-tools

spm -S bind-tools

dnsrecon

yay dnsrecon

SNMP

spm -S net-snmp

SMB

Smbmap

spm -S smbmap

Nmblookup/Smbclient/Rpcclient

spm -S smbclient

WEB

Nikto

spm -S nikto

Dirsearch

spm -S dirsearch

wpscan

spm -S wpscan

Cmsmap

yay cmsmap

curl

spm -S curl

gobuster

spm -S gobuster

zaproxy

spm -S zaproxy

commix

cd /usr/share
sudo git clone https://github.com/commixproject/commix.git

skipfish

spm -S skipfish

sslscan

spm -S sslscan

Burp

Burpsuite install

spm -S burpsuite

Enable https proxy

https://webkul.com/blog/burp-suite-installation-process-for-mozilla-firefox/

Aquatone

yay aquatone

Wfuzz

spm -S wfuzz

Mysql

Client

spm -S mysql-clients

Sqlmap

spm -S sqlmap

VOIP

yay sipvicious

Vnc

Realvnc

yay realvnc-vnc-viewer

vncrack

spm -S vncrack

MITM

Sslsplit

spm -S sslsplit

Responder

spm -S responder

Packet analyse

dsniff

Grabs passwords and other data from pcaps/network streams.

yay -S dsniff

Tools

Install Visual Studio

yay visual-studio-code-bin

Tor

spm -S tor
yay tor-browser


cd /tmp
git clone https://aur.archlinux.org/tor-browser.git
cd tor-browser
gpg --recv-keys EB774491D9FF06E2
makepkg -si
tor-browser -u

Check tor

https://check.torproject.org/

Niped

A script to make Tor Network your default gateway

Install

cd /tmp 
git clone https://github.com/GouveaHeitor/nipe
sudo cpan install Switch JSON LWP::UserAgent Config::Simple Config::Simple
sudo cp -r /tmp/nipe /usr/share/
cd /usr/share/nipe
perl nipe.pl install
reboot

Examples:

perl nipe.pl start
perl nipe.pl stop
perl nipe.pl restart
perl nipe.pl status

Csvkit

cvs converter

yay csvkit

openvpn (HTB)

spm -S openvpn

Screen shot

spm -S flameshot

Priv Esc

wget https://raw.githubusercontent.com/xMilkPowderx/OSCP/master/Linux%20Priv%20Esc.md
wget https://raw.githubusercontent.com/xMilkPowderx/OSCP/master/Windows%20Priv%20Esc.md

Post-Exploit

Windows Credentials Editor

cd /usr/share
sudo git clone https://github.com/xymn/wce

or http://www.ampliasecurity.com/research/wce_v1_42beta_x32.zip http://www.ampliasecurity.com/research/wce_v1_42beta_x64.zip

// copy all to 
sudo mkdir /usr/share/wce
sudo cp /home/bob/Downloads/wce.exe mkdir /usr/share/wce/wce_x64.exe
sudo cp /home/bob/Downloads/wce_v1_42beta_x32/* /usr/share/wce/

Mimikatz

Install Mimikatz

cd /tmp
mkdir mimikatz_trunk
cd mimikatz_trunk
wget https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20190720/mimikatz_trunk.zip
unzip mimikatz_trunk.zip
rm mimikatz_trunk.zip
cd ..
sudo mv mimikatz_trunk /usr/share/mimikatz

Invoke Mimikatz

Download script

wget https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1

Do some obfuscation

sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1
sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
sed -i -e 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' Invoke-Mimikatz.ps1
sed -i -e "s/\-Win32Functions \$Win32Functions$/\-Win32Functions \$Win32Functions #\-/g" Invoke-Mimikatz.ps1

sed -i -e 's/ArgumentPtr/BirdIsTheWord/g' Invoke-Mimikatz.ps1
sed -i -e 's/CallDllMainSC1/UnceUnceUnce/g' Invoke-Mimikatz.ps1

AD

Password Attack (Spraying)

Kerberos

yay kerbrute

LDAP

spm -S patator

Network

Wireshark

spm -S wireshark-qt
sudo usermod -a -G wireshark bob

Yersinia

yay -S Yersinia vlan screen arp-scan bc dmidecode

Frogger

cd /usr/share
git clone https://github.com/nccgroup/vlan-hopping.git
cd vlan-hopping
chmod +x frogger.sh
sudo ./frogger.sh

Nishang

cd /usr/share
sudo git clone https://github.com/samratashok/nishang.git

Reverse shell

Shellpop

# spm -S python-argcomplete
git clone https://github.com/0x00-0x00/shellpop
sudo python2 setup.py install
sudo pip install pyperclip argcomplete

Dnscat

yay -S nbtool

Unicorn

yay unicorn-powershell

Password Cracking

John

spm -S john

Wordlist

spm -S seclists

Files

ToolsInstallList.md

Latest commit

History