{"id":13782361,"url":"https://github.com/ssstonebraker/Pentest-Service-Enumeration","last_synced_at":"2025-05-11T15:32:28.133Z","repository":{"id":52480351,"uuid":"266467178","full_name":"ssstonebraker/Pentest-Service-Enumeration","owner":"ssstonebraker","description":"Suggests programs to run against services found during the enumeration phase of a Pentest","archived":false,"fork":false,"pushed_at":"2023-08-30T20:01:45.000Z","size":84,"stargazers_count":95,"open_issues_count":1,"forks_count":21,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-17T17:43:14.852Z","etag":null,"topics":["enumeration-phase","oscp","oscp-tools","pentest","pentest-service-enumeration","privilege-escalation","privilege-escalation-linux"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ssstonebraker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-05-24T04:09:22.000Z","updated_at":"2024-09-27T15:46:42.000Z","dependencies_parsed_at":"2024-01-18T13:34:25.744Z","dependency_job_id":"cc0947dd-a88e-4903-86ee-e52514024de0","html_url":"https://github.com/ssstonebraker/Pentest-Service-Enumeration","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssstonebraker%2FPentest-Service-Enumeration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssstonebraker%2FPentest-Service-Enumeration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssstonebraker%2FPentest-Service-Enumeration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssstonebraker%2FPentest-Service-Enumeration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ssstonebraker","download_url":"https://codeload.github.com/ssstonebraker/Pentest-Service-Enumeration/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253588731,"owners_count":21932313,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["enumeration-phase","oscp","oscp-tools","pentest","pentest-service-enumeration","privilege-escalation","privilege-escalation-linux"],"created_at":"2024-08-03T18:01:35.751Z","updated_at":"2025-05-11T15:32:27.782Z","avatar_url":"https://github.com/ssstonebraker.png","language":"Shell","funding_links":[],"categories":["Tools"],"sub_categories":["Posts from Hacker101 members on how to get started hacking"],"readme":"# Pentest-Service-Enumeration\n\n## Purpose\nSuggests binaries to run against services found during the enumeration phase of a Pentest\n\n## Background\nWhile studying for the Offensive Security Certified Profesional (OSCP) and Offensive Security Web Assessor (OSWA) certifications I found it hard to keep track of which commands to run during the enumeration phase for specific services.\n\nThe purpose of this tool is easily keep track of those commands.\n\n\n\n# Install Instructions\n```\ngit clone https://github.com/ssstonebraker/Pentest-Service-Enumeration\ncd Pentest-Service-Enumeration\n./install.sh\n```\n\n# Basic Usage\nTo view basic usage just type:\n```\npse\n```\nThis will list out the available services and give an example of how to use the program\n```\n[Pentest Service Enumeration: 0.0.3]\n- Pentest command reference via the cli\n----------------------------------------------------------------------------------------------------\nAvailable Services\n[*] dns\n[*] ftp\n[*] hashcat\n[*] http\n[*] ldap\n[*] linpriv\n[*] mimikatz\n[*] nfs\n[*] rpc\n[*] searchsploit\n[*] smb\n[*] smtp\n[*] snmp\n[*] sql\n[*] ssh\n[*] sudo\n[*] tcpdump\n[*] webdav\n[*] wfuzz\n----------------------------------------------------------------------------------------------------\nReturn command references for a service\nUsage: pse \u003cservice-name\u003e\n\nExamples\n[*] pse ftp\n[*] pse wfuzz\n[*] pse smb\n\n----------------------------------------------------------------------------------------------------\nHelp: pse -h\n```\n# Listing commands for a service\n```\npse \u003cservice-name\u003e\n```\n## Example:\nList commands to run with smb\n```\n# pse smb\n\n----------------------------------------------------------------------------------------------------\nconnect to remote smb share as null user\n[*] smbclient \"//$IP/$SHARE_NAME\" -U \"\"\n----------------------------------------------------------------------------------------------------\nCreate a destination mount directory, mount remote share as guest\n[*] sudo mkdir /mnt/$IP_$FOLDER; sudo mount -v -t cifs \"//$IP/$FOLDER\" /mnt/$IP_$FOLDER -o username=guest\n----------------------------------------------------------------------------------------------------\nLaunch a semi-interactive shell\n[*] smbexec.py $HOST/$USERNAME:$PASSWORD@$IP\n----------------------------------------------------------------------------------------------------\nList smb share files using a null user\n[*] smbclient -L $IP -U -N\n----------------------------------------------------------------------------------------------------\nngrep samba version while connecting via smbclient\n[*] export INTERFACE=\"tun0\"; sudo ngrep -i -d $INTERFACE 's.?a.?m.?b.?a.*[[:digit:]]'\n----------------------------------------------------------------------------------------------------\nRecursive directory listing\n[*] smbmap -H $ip -R\n----------------------------------------------------------------------------------------------------\nScan IP Address for SMB Pipe Names\n[*] pipef -a $IP\n----------------------------------------------------------------------------------------------------\n```\n\nList commands to run with wfuzz\n\n```\n# pse wfuzz\n\n[Pentest Service Enumeration: 0.0.3]\n----------------------------------------------------------------------------------------------------\nCommand injection\n[*] URL=\"http://target:80/php/blocklisted.php?ip=127.0.0.1FUZZ\"; wfuzz -c -z file,/home/kali/command_injection_custom.txt --hc 404 \"$URL\"\n----------------------------------------------------------------------------------------------------\nDirectory Discovery (medium) - ignore 404, 301\n[*] URL=\"http://target/FUZZ\";FILE=\"/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt\"; wfuzz -c -z file,\"$FILE\" --hc 404,301 \"$URL\"\n----------------------------------------------------------------------------------------------------\nDirectory Discovery (medium) - ignore 404, 403, 301\n[*] URL=\"http://target/FUZZ\"; FILE=\"/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt\"; wfuzz -c -z file,\"$FILE\" --hc 404,403,301 \"$URL\"\n----------------------------------------------------------------------------------------------------\nFile discovery\n[*] URL=\"http://target/FUZZ\";wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt --hc 301,404,403 \"$URL\"\n----------------------------------------------------------------------------------------------------\nPOST data fuzzing (password cracking)\n[*] URL=\"http://target:80/wp-login.php\" wfuzz -c -z file,/usr/share/seclists/Passwords/xato-net-10-million-passwords-100000.txt --hc 404 -d \"log=admin\u0026pwd=FUZZ\" \"$URL\"\n----------------------------------------------------------------------------------------------------\nParam value fuzzing (find hidden params)\n[*] export URL=\"http://target:80/index.php?FUZZ=data\";wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt --hc 404,301 \"$URL\"\n----------------------------------------------------------------------------------------------------\nParam value fuzzing (usernames)\n[*] URL=\"http://target:80/index.php?fpv=FUZZ\"; wfuzz -c -z file,/usr/share/seclists/Usernames/cirt-default-usernames.txt --hc 404 \"$URL\"\n```\n\n\n# Adding commands for a service\n\n## File Structure\nServices are text files located at:\n```\n$HOME/.pse/\u003cfiles\u003e\n```\nEvery command you want to return should be on a separate line in the format:\n```\ndescription:command\n```\n\n## Example Service\nFile: ```$HOME/.pse/nfs```\n\nContent:\n```\nshow available nfs mounts:showmount -e $IP\nmount a nfs share:export IP=10.11.1.72; sudo mkdir -p /mnt/$IP/home \u0026\u0026 sudo mount -t nfs $IP:/home /mnt/$IP/home\n```\n\n## STORING A NEW COMMAND WITH ARGUMENTS\nEdit corresponding service file at ```$HOME/.pse/\u003cfilename\u003e``` (e.g. ```$HOME/.pse/smb``` or ```$HOME/.pse/dns```)\n\nIf your want to add a new service, create a file at ```$HOME/.pse/foo```\n\n### Example: Create documentation for curl\n\nTo add curl as a service for pse:\n1. Create file ```$HOME/.pse/curl```\n2. Add one line per command you want saved in format:\n\n```\n\u003cdescription\u003e:\u003ccommand\u003e\n```\n\nExample content for file ```$HOME/.pse/curl```:\n```\nReturn help content:curl -h\nRun curl in verbose mode:curl -v\n```\n\nNow when you run command ```pse curl```:\n\n```\n[Pentest Service Enumeration: 0.0.3]\n----------------------------------------------------------------------------------------------------\nReturn help content\n[*] curl -h\n----------------------------------------------------------------------------------------------------\nRun curl in verbose mode\n[*] curl -v\n----------------------------------------------------------------------------------------------------\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssstonebraker%2FPentest-Service-Enumeration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fssstonebraker%2FPentest-Service-Enumeration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssstonebraker%2FPentest-Service-Enumeration/lists"}