Creating this page in order to build documentation on everything I learn and discover while I work on leveling up my pen testing skills. At some point I'm going to seperate these by individual pages because I think it will get long, but for right now I'm going to stick with this.

I'm currently learning python, C#, and lua. As of this point in time, all the tools in my repository are all provided by Linux Kali. I do not own any of these tools, and Linux is an open source OS that can be downloaded for free online.

1. Nmap

While delving deeper into nmap, I started using scripts. I'm still going through the script repository and figuring out use cases, but I noticed when installing vulscan from the github repo the setup was a little different.

1. telnet/smbclient
2. redis-cli
3. xfreerdp
4. gobuster
5. mongo shell
6. rsync
7. Metasploit

1. vulscan.nse
   • When navigating to the repository and going through the documentation, it states to use the following lines:

   git clone https://github.com/scipag/vulscan scipag_vulscan
   ln -s `pwd`/scipag_vulscan /usr/share/nmap/scripts/vulscan

``

I ran into some trouble with this because on the first attempt I was told the following.

ln: failed to create symbolic link 'usr/share/nmap/scripts/vulscan': File exists

It looks like people using vulners were having the same issue over in this thread. They clued me in on half the puzzle, which is that I wasn't currently in the file directory before trying to ececute the nmap scan, but the first half on how to establish the symnolic link was still missing. After a few searches later, I discovered a few things.

1. Those are backticks, very different from commas.
2. It's reversed.
3. You need sudo.

Here's the revised entry:

sudo ln -s /usr/share/nmap/scripts/vulscan `pwd`/scipag_vulscan

Now you'll have ONE more problem before you get a successful entry. When you call the script you don't use script=vulscan/vulscan.nse, you go into the vulscan directory and use scipag_vulscan/vulscan.nse. Again, here's the revision:

nmap -sV --script=scipag_vulscan/vulscan.nse {IP HERE}

While using Gobuster I tried to use wordlists, but discovered they weren't there! No directory or anything. After a little research I found that you need to download files from SecLists in order to get these files such as common.txt

##Metasploit

This is quickly becoming one of my favorite tools. I've been using a ton of the auxiliary scanner tools, but I've also used a few exploits. Nothing major to say on this just yet because I feel like it's a very straightforward program once you get the hang of it. You "search" for keywords to load the tools you're looking for, set them as currently active either by full listed path name or number via "use", type "options" to see some of the settings and configurations you can play with, and then use "set" or "unset" to input the values before using "run" or "exploit".

This tool actually helped me discover a huge security flaw on my network that I was able to fix pretty quickly once I was aware of it. I think I can confidently say I would never have been aware of it without having sniffed around with it, and neither would any of my co-workers.

Get help: Post in our discussion board • Review the GitHub status page

© 2023 GitHub • Code of Conduct • MIT License