Repo for working through HTB machines.
For basic exploration the following tools are useful:
brew install nmap # Network exploration tool and security scanner
brew install masscan # Fast port scanner
brew install wireshark # Network protocol analyzer
brew install nikto # Web server scanner
brew install gobuster # Directory/DNS/VHost bruteforcing toolFor password cracking and brute forcing the following tools are useful:
brew install hashcat # Advanced password recovery utility
brew install hydra # HTTP-based password cracking toolYou will need the rockyou wordlist for password cracking and user enumeration.
mkdir -p data
curl -o data/rockyou.txt https://raw.githubusercontent.com/brannondorsey/naive-hashcat/master/rockyou.txtFor windows exploitation the following tools are useful:
brew install smbclient # SMB client
brew install kerbrute # Kerberos brute forcer
brew install heimdal # Kerberos client
brew install smbmap # SMB mapping tool
brew install smbcacls # SMB ACLs toolMetaspoit requires the docker compose to be running as well since it needs to save data in a postgres database.
docker compose up -d # Start docker compose for metasploit db
brew install metasploit # Penetration testing frameworkThen initialize the metasploit database.
msfdb initPython scripts are also used. We use pyenv to manage the python versions.
brew install pyenv-virtualenv # Python version managerFor sql injection the following tools are useful:
brew install sqlmap # Automatic SQL injection tool