Hotwax is a script to provision a set of extra pentesting tools onto a Kali Linux machine in a consistent manner.
These instructions will get you a copy of the project up and running on your local machine for deployment AND development purposes.
- Git
- Ansible
apt update -y
apt install -y git ansible
Clone the HOTWAX repository.
cd ~
git clone https://github.com/BrashEndeavours/hotwax
Run the playbook
cd hotwax
ansible-playbook playbook.yml
- Samba 4.10.8 (smbclient,rpcclient,nmblookup - Patched to fix issues with polenum, enum4linux, and restoring smbclient connection output.
- enum4linux - Fix minor parsing issues. Updates temporarily included by BrashEndeavours fork, until PR is merged.
- Arjun - Arjun is an HTTP parameter discovery suite.
- AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
- BloodHound - Six Degrees of Domain Admin.
- chisel - A fast TCP tunnel over HTTP
- evil-winrm - The ultimate WinRM shell for hacking/pentesting.
- gobuster - Directory/File, DNS and VHost busting tool written in Go
- LinEnum - Local Linux Enumeration & Privilege Escalation Script
- nishang - Framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing.
- One-Lin3r - On demand one-liners that aid in penetration testing operations, privilege escalation and more
- OSCP Exam Report Template - Modified template for the OSCP Exam
- Powerless - A Windows privilege escalation (enumeration) script designed with OSCP labs (i.e. legacy Windows machines without Powershell) in mind.
- PowerSploit - Collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
- proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.
- pspy - Monitor linux processes without root permissions.
- SecLists - Collection of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and more.
- sherlock - Find usernames across social networks.
- sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
- webshell - This is a webshell open source project.
- Windows PHP Reverse Shell - Simple php reverse shell implemented using bina- https://github.com/ucki/zauberfeder, based on an webshell.
- XSStrike - Advanced XSS scanner
- zauberfeder - A LaTex reporting template.
Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.
- Blake Mackey (@BrashEndeavours) - Initial work - BrashEndeavours
-
Want your name here? See CONTRIBUTING.md for details.
-
Alec Mather-Shapiro (whoisflynn) - Added AutoRecon, Windows PHP Reverse Shell, and OSCP Exam Template* - whoisflynn
- Rebootuser (@rebootuser) - LinEnum
- D4Vinci (@Seekurity) - One-Lin3r
- PowerShellMafia - PowerSploit
- Daniel Miessler - SecLists
- Nikhil "SamratAshok" Mittal - nishang
- Dominic Breuker - pspy
- sherlock-project - sherlock
- Tib3rius - AutoRecon
- Dhayalanb - Windows PHP Reverse Shell
- whoisflynn - OSCP Exam Report Template
- jpillora - chisel
- OJ Reeves - gobuster
- rofl0r - proxychains-ng
- Brian May - sshuttle
- tennc - webshell
- PortcullisLabs - enum4linux
- M4ximuss - Powerless
- Somdev Sangwan - Arjun
- ucki - zauberfeder
- BloodHoundAD - BloodHound
This project is licensed under the MIT License - see the LICENSE.md file for details