Skip to content

jayrox/duckypad

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

i am a pentester and these are my profiles. i use them constantly and am constantly adding and updating them. +v indicates its pasting from your clipboard, useful for pasting in a hostname for nmap or testssl. im not entirely consistant with the naming.

if you are unsure of what a duckypad is or would like to buy one (non-affiliated): https://www.tindie.com/products/dekunukem/duckypad-do-it-all-mechanical-macropad/

the following previews were generated using this script: https://github.com/jayrox/duckypad_profile_preview_gen

i am starting to add some documentation to the keys using a comment format of REM DOC: in the individual keys that will be parsed out by the generator code.

Profile 1: -

Key descriptions:

$${\textsf{\color{#00ffff} Windows }}$$ $${\textsf{\color{#80ff00} NumPad }}$$  Help 
$${\textsf{\color{#0080ff} Squiddy }}$$  ----  $${\textsf{\color{#ff0d86} SetVars }}$$
$${\textsf{\color{#00ff00}   HTB   }}$$ $${\textsf{\color{#c993ff} TestSSL }}$$ $${\textsf{\color{#0f0fff}  NMap  }}$$
$${\textsf{\color{#80ffff}   PS   }}$$ $${\textsf{\color{#ffff00} Witness }}$$ $${\textsf{\color{#ffff00} NetExec }}$$
 curl  $${\textsf{\color{#c0c0c0}  Nikto  }}$$ $${\textsf{\color{#ff8040} GoBustr }}$$

Profile 2: -

Key descriptions:

  • Skpfish: SkipFish
$${\textsf{\color{#ff0d86} Skpfish }}$$ $${\textsf{\color{#0080c0}  ffuf  }}$$ $${\textsf{\color{#46c2ff} OpenSSL }}$$
$${\textsf{\color{#ff8484} Bludhnd }}$$  ADSI  $${\textsf{\color{#ee82ee} OneLine }}$$
$${\textsf{\color{#00ff00} Python }}$$ $${\textsf{\color{#00ffff}   Dig   }}$$ $${\textsf{\color{#ff8000} SMBCli }}$$
$${\textsf{\color{#8080ff}  MSSQL  }}$$ Respond $${\textsf{\color{#800040} EvilWin }}$$
$${\textsf{\color{#80ffff} SMBMAP }}$$ $${\textsf{\color{#8af493} SQLMap }}$$ $${\textsf{\color{#ff0080}  WFuzz  }}$$

Profile 3: -

Key descriptions:

  • CME: CrackMapExec
  • John: Password cracker John
  • PGo: Little automation to run the CalcyIV/PokeGenie scanners
$${\textsf{\color{#ffff00}   CME   }}$$ $${\textsf{\color{#00ff40}   GAU   }}$$ $${\textsf{\color{#ff8040}  MySQL  }}$$
$${\textsf{\color{#00ff00} Hashcat }}$$   VS   $${\textsf{\color{#00ff00}  John  }}$$
Waymore    -       -   
   -       -       -   
Ansible    -    $${\textsf{\color{#8000ff}   PGo   }}$$

Profile 4: Windows

$${\textsf{\color{#a000ff}  vol-  }}$$ $${\textsf{\color{#a000ff}  mute  }}$$ $${\textsf{\color{#a000ff}  vol+  }}$$
$${\textsf{\color{#a000ff}   <<   }}$$ $${\textsf{\color{#a000ff}   ||   }}$$ $${\textsf{\color{#a000ff}   >>   }}$$
 intro   hide    dev  
taskMgr  files  sysInfo
diskMgr    -    taskViw

Profile 5: NumPad

$${\textsf{\color{#00ffff}    x    }}$$ $${\textsf{\color{#00ffff}    -    }}$$ $${\textsf{\color{#00ffff}    +    }}$$
   7       8       9   
   4       5       6   
   1       2       3   
   0       .    $${\textsf{\color{#00ffff}  enter  }}$$

Profile 6: Help

Key descriptions:

Explain WADComs LOLBAS
 tldr  GTFOBin Payload
$${\textsf{\color{#8000ff}  Kali  }}$$    -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 7: Setup

Key descriptions:

  • Bash: Adds a few aliases to the .bashrc file to help set env variables that can be used in other profiles
  • ZSH: Adds a few aliases to the .zshrc file to help set env variables that can be used in other profiles
  • Fish: Adds a few aliases to the ~/.config/fish/config.fish file to help set env variables that can be used in other profiles
  • SetVars: Go to the SetVars profile.
$${\textsf{\color{#ffff00}  Bash  }}$$ $${\textsf{\color{#80ff00}   ZSH   }}$$ $${\textsf{\color{#80ffff}  Fish  }}$$
   -       -       -   
   -       -       -   
   -       -       -   
$${\textsf{\color{#ff0000} SetVars }}$$ $${\textsf{\color{#ff8000}  Help  }}$$    -   

Profile 8: SetVars

Key descriptions:

  • ECHO: Print out env variables used in the various scripts.
Host(s) Port(s)    -   
Domain  DC IP     -   
 User   Pass     -   
$${\textsf{\color{#80ffff}  LHOST  }}$$ $${\textsf{\color{#80ffff}  LPORT  }}$$    -   
$${\textsf{\color{#80ff00}  ECHO  }}$$ $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 9: OneLiners

Key descriptions:

  • CU Enc: Uses certurl to base64 encode a file
  • CU Dec: Uses certurl to base64 decode a file
  • CU DL: Uses certurl to download a remote file
$${\textsf{\color{#00ff00} CU Enc }}$$ $${\textsf{\color{#ee82ee} CU Dec }}$$ $${\textsf{\color{#ff00ff} CU Hash }}$$
$${\textsf{\color{#00ffff}  Whois  }}$$ $${\textsf{\color{#13cbec} FndFile }}$$ $${\textsf{\color{#0080ff}  CU DL  }}$$
   -       -       -   
 test   test2     -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 10: Squiddy

Key descriptions:

  • Squiddy: Launch Squiddy, my personal pentest tracking and report generation tool
Squiddy    -       -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 11: Ansible

 Setup     -       -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 12: HTB

Key descriptions:

  • Procs: Get running processes
  • Upgrade: Upgrade reverse shell
Sudo-l FndRoot ls -la
GetCap AppArmo  Procs 
------- $${\textsf{\color{#00ff00} Upgrade }}$$ -------
 Hosts  NC 4444  Srv80 
$${\textsf{\color{#80ffff} Page 2 }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#80ffff} Windows }}$$

Profile 13: HTB2

Key descriptions:

$${\textsf{\color{#ee82ee} +Hosts }}$$  Py2SH   Py3SH 
GetMail    -    $${\textsf{\color{#00ff00} BashRev }}$$
   -       -       -   
   -    FixVPN $${\textsf{\color{#ff0000} DelRout }}$$
$${\textsf{\color{#80ffff} Page 1 }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#80ffff} Windows }}$$

Profile 14: Win

Key descriptions:

Whoami    -       -   
$${\textsf{\color{#80ffff} Certify }}$$    -       -   
 Dir A    Set      -   
   -       -       -   
$${\textsf{\color{#80ffff}  Linux  }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 15: PowerShell

Key descriptions:

  • TLS12: Enable TLS 1.2
  • Proxy: Setup PowerShell to use the corporate proxy authenticated
  • Daren: Some PowerShell functions from Daren
$${\textsf{\color{#81e8fe}  TLS12  }}$$ $${\textsf{\color{#00ff00}  Proxy  }}$$ $${\textsf{\color{#ff8040}  PSv2  }}$$
$${\textsf{\color{#a000ff} AMSI-S }}$$ $${\textsf{\color{#0000ff} AMSI-PS }}$$  AMSI3 
PwrCat $${\textsf{\color{#9cced3}  Daren  }}$$ $${\textsf{\color{#ff0000}  NoAV  }}$$
$${\textsf{\color{#00ff00}  PSVer  }}$$ LngMode $${\textsf{\color{#ffff80}   IP   }}$$
$${\textsf{\color{#80ffff} Page 2 }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 16: PowerShell2

$${\textsf{\color{#0080ff} ChgRCPW }}$$ MpPref $${\textsf{\color{#ff0080} CvtTime }}$$
GetC_DN  Priv  Obj SID
GetU_Pr    -    S- SID
ExecPol U GUID C GUID
$${\textsf{\color{#80ffff} Page 1 }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#80ffff} Page 3 }}$$

Profile 17: PowerShell3

  IEX      -       -   
  DL      -       -   
   -       -       -   
   -       -       -   
$${\textsf{\color{#80ffff} Page 1 }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#80ffff} Page 2 }}$$

Profile 18: TestSSL

Key descriptions:

  • Mass+v: Runs TestSSL against hosts in the clipboard. One host per line, saves output as JSON
 Full   Short  Mass+v
$${\textsf{\color{#0080ff} Full+v }}$$ $${\textsf{\color{#0080ff} Short+v }}$$ $${\textsf{\color{#0080ff} Protos }}$$
$${\textsf{\color{#0080ff}  SMTP  }}$$ $${\textsf{\color{#0080ff} Server }}$$ $${\textsf{\color{#0080ff} Vulners }}$$
$${\textsf{\color{#0080ff}  SCIR  }}$$ $${\textsf{\color{#0080ff} Headers }}$$ $${\textsf{\color{#0080ff} Ciphers }}$$
$${\textsf{\color{#ff80ff} Color3 }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 19: NMap

 Full   Fast  $${\textsf{\color{#ff00ff}  Mods  }}$$
$${\textsf{\color{#0080ff} Full+v }}$$ $${\textsf{\color{#0080ff} Fast+v }}$$ Mass+v
$${\textsf{\color{#008000}  SSH22  }}$$ $${\textsf{\color{#0080ff} SSH22+v }}$$    -   
$${\textsf{\color{#00ff00} Scripts }}$$    -     Paste 
$${\textsf{\color{#80ff80}  Grep  }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 20: CrackMapExec

Key descriptions:

  • SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
Simple    -    $${\textsf{\color{#00ff00} Verify }}$$
$${\textsf{\color{#03effc} AuthSMB }}$$ $${\textsf{\color{#ff8000} Spider }}$$ $${\textsf{\color{#80ffff} FileOut }}$$
$${\textsf{\color{#03effc} AuthWRM }}$$  LDAP     -   
RidBrut $${\textsf{\color{#00ff00}   Run   }}$$ $${\textsf{\color{#ff0000} Redact }}$$
$${\textsf{\color{#ff0000} SetVars }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 21: NetExec

Key descriptions:

  • RIDBrut: Enumerate usernames
  • Shares: Enumerate SMB shares.
  • Users: Enumerate SMB shares.
  • Spider: Enumerate SMB shares.
  • Basic: Test connection
  • Help: Try username as blank, 'anonymous', 'guest', or pass a file of users
ZeroLog $${\textsf{\color{#808080} PetitPo }}$$ $${\textsf{\color{#ff0080} RIDBrut }}$$
$${\textsf{\color{#00ff00} Shares }}$$ $${\textsf{\color{#0080ff}  Users  }}$$ $${\textsf{\color{#ff80ff} Spider }}$$
 Basic     -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 22: WitnessMe

BasicSS    -       -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 23: Skipfish

 Basic  $${\textsf{\color{#00ffff} Basic+v }}$$    -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 24: curl

Key descriptions:

  • ikL: Include response headers in output, allow insecure connections and follow redirects
  • ikL+v: Include response headers in output, allow insecure connections and follow redirects. Pastes URL from clipboard
  ikL   dl_file    -   
$${\textsf{\color{#0080ff}  ikL+v  }}$$ dl_file    -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 25: Nikto

 Basic     -       -   
80,443    -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 26: GoBuster

  Dir      -    $${\textsf{\color{#ee82ee}  ExLen  }}$$
   -       -    Follow
   -       -    Output
   -       -    K Cert
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 27: WFuzz

FuzzSub  Size     -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 28: ffuf

Key descriptions:

  • Size: Filter on size
  • Words: Filter on words
  Dir      -       -   
Sub DNS  Size  $${\textsf{\color{#00ffff}  Words  }}$$
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 29: OpenSSL

 SCIR     -       -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 30: Bloodhound

Key descriptions:

  • SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_DC_IP env variables be set. Go to the SetVars profile to set.
 Neo4j   Start     -   
PyBlood    -       -   
   -       -       -   
   -    CrtiVln    -   
$${\textsf{\color{#ff0000} SetVars }}$$ $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 31: ADSI

Display   SAM    Title 
 Admin     -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 32: Python

venv+r $${\textsf{\color{#00ff00} venv+a }}$$    -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 33: Dig

Key descriptions:

  • Server: Use a specific dns server
  dig      -     Types 
Server    -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 34: SMBMAP

Key descriptions:

  • SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
 Base  $${\textsf{\color{#ff0080}  Anon  }}$$    -   
Recurse  Grep   Find 
   -       -       -   
   -       -       -   
$${\textsf{\color{#ff0000} SetVars }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 35: SMBClient

Key descriptions:

  • Get: Get individual file
Connect    -    $${\textsf{\color{#80ffff}  NoPW  }}$$
$${\textsf{\color{#0ff06f}   LS   }}$$    -       -   
$${\textsf{\color{#ff0080}   Get   }}$$    -    $${\textsf{\color{#ee82ee} Get All }}$$
   -       -       -   
$${\textsf{\color{#ff0000} SetVars }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 36: Responder

 Start     -       -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 37: EvilWinRM

Key descriptions:

  • SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, and DP_DOMAIN env variables be set. Go to the SetVars profile to set.
$${\textsf{\color{#80ff00} Connect }}$$    -    $${\textsf{\color{#80ffff}  Menu  }}$$
   -       -       -   
$${\textsf{\color{#0080ff}   DL   }}$$ $${\textsf{\color{#ff0080}   UL   }}$$    -   
   -       -       -   
$${\textsf{\color{#ff0000} SetVars }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 38: getallurls

Key descriptions:

  • Crawl: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
  • FSCode: Ignore certain HTTP status codes
  • Proxy: Set proxy, Burp is default
 Crawl     -      Out  
FSCode Timeout Threads
   -       -       -   
 Proxy     -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 39: MSSQLCli

Key descriptions:

  • SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, DP_PORTS, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
$${\textsf{\color{#00ff00} Connect }}$$    -    ConVars
$${\textsf{\color{#0423fb}  Roles  }}$$    -    $${\textsf{\color{#ff8040}  Info  }}$$
$${\textsf{\color{#f10edb} Linked }}$$ $${\textsf{\color{#0080ff} QLinked }}$$ Tables
$${\textsf{\color{#fc0347} Version }}$$   DBs   $${\textsf{\color{#00ff00}   USE   }}$$
$${\textsf{\color{#ff0000} SetVars }}$$ $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 40: SQLMap

$${\textsf{\color{#00ff00}  Base  }}$$  Host   File 
 dbms    DBs   Tables
 Data    DB    Table 
$${\textsf{\color{#80ffff}  Dump  }}$$    -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 41: MySQL

Connect    -       -   
  DBs   Use DB    -   
Tables    -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 42: Hashcat

Key descriptions:

  • Detect: Use hashcat to detect hashing algorithm
  • Crack: Use hashcat to crack hashes in file
  • Show: Show cracked password from hashcat
Detect    -       -   
 Crack     -     Show 
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 43: VS

Key descriptions:

  • Compile: Compile a .cs file
Compile    -       -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -   

Profile 44: John

Key descriptions:

$${\textsf{\color{#00ff00}  Crack  }}$$  Show     -   
$${\textsf{\color{#00ffff} SSH2Joh }}$$    -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 45: Waymore

URLs +v $${\textsf{\color{#00ff40} Resp +v }}$$ $${\textsf{\color{#ff0080} Both +v }}$$
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$ $${\textsf{\color{#ffff00}  Help  }}$$

Profile 46: PokemonGo

Key descriptions:

  • Scan: Does not currently work
 Scan     -       -   
   -       -       -   
   -       -       -   
   -       -       -   
   -    $${\textsf{\color{#ff8000}  Home  }}$$    -