Skip to content

Script to provision a curated set of pentesting tools into a Kali (supported) box.

License

Notifications You must be signed in to change notification settings

0xpurecha0s/hotwax

 
 

Repository files navigation

image

HOTWAX

Hotwax is a script to provision a set of extra pentesting tools onto a Kali Linux machine in a consistent manner.

Getting Started

These instructions will get you a copy of the project up and running on your local machine for deployment AND development purposes.

Prerequisites

  • Kali Linux 2019.4 or older. (Presently, will not work on Kali LInux 2020.1 or newer, due to change from default root account configuration to non-root user account configuration. To be fixed in near future.)

  • Git

  • Ansible

apt update -y
apt install -y git ansible

Installing

Clone the HOTWAX repository.

cd ~
git clone https://github.com/BrashEndeavours/hotwax

Run the playbook

cd hotwax
ansible-playbook playbook.yml

Tools updated:

Tools installed:

  • Arjun - Arjun is an HTTP parameter discovery suite.
  • AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
  • BloodHound - Six Degrees of Domain Admin.
  • chisel - A fast TCP tunnel over HTTP
  • evil-winrm - The ultimate WinRM shell for hacking/pentesting.
  • gobuster - Directory/File, DNS and VHost busting tool written in Go
  • LinEnum - Local Linux Enumeration & Privilege Escalation Script
  • nishang - Framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing.
  • One-Lin3r - On demand one-liners that aid in penetration testing operations, privilege escalation and more
  • OSCP Exam Report Template - Modified template for the OSCP Exam
  • Powerless - A Windows privilege escalation (enumeration) script designed with OSCP labs (i.e. legacy Windows machines without Powershell) in mind.
  • PowerSploit - Collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
  • proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.
  • pspy - Monitor linux processes without root permissions.
  • SecLists - Collection of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and more.
  • sherlock - Find usernames across social networks.
  • sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
  • webshell - This is a webshell open source project.
  • Windows PHP Reverse Shell - Simple php reverse shell implemented using bina- https://github.com/ucki/zauberfeder, based on an webshell.
  • XSStrike - Advanced XSS scanner
  • zauberfeder - A LaTex reporting template.
  • crackmapexec - A swiss army knife for pentesting networks.
  • windows-kernel-exploits - Precompiled Windows Exploits.
  • exiftool - ExifTool meta information reader/writer. Great for viewing and manipulating exif-data.
  • html2text - Convert HTML to clean, easy-to-read plain ASCII text.
  • mingw-w64 - GCC for Windows 64 & 32 bits.
  • msfpc - MSFvenom Payload Creator (MSFPC)
  • wce - A security tool to list logon sessions and add, change, list and delete associated credentials.
  • Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
  • pyftpdlib - Extremely fast and scalable Python FTP server library. Spin up FTP Server with a one-liner.
  • ssh-os - Nmap Script that identifies Debian, Ubuntu, FreeBSD version based on default SSH banner response.
  • empire - Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
  • medusa - Medusa is a speedy, parallel, modular login brute-forcer. Similar to ncrack and Hydra.

Contributing

Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.

Authors

Contributors

  • Want your name here? See CONTRIBUTING.md for details.

  • Alec Mather-Shapiro (whoisflynn) - Added AutoRecon, Windows PHP Reverse Shell, and OSCP Exam Template - whoisflynn

  • Richard Lam (richlamdev) - Added crackmapexec, windows-kernel-exploits, exiftool, html2text, mingw-w64, msfpc, wce, windows-exploit-suggester, pyftpdlib, ssh-os.nse, medusa - richhlamdev

Acknowledgements

License

This project is licensed under the MIT License - see the LICENSE.md file for details

About

Script to provision a curated set of pentesting tools into a Kali (supported) box.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published