linux-smart-enumeration
pspy
Our great sponsors
| linux-smart-enumeration | pspy | |
|---|---|---|
| 2 | 8 | |
| 3,193 | 4,510 | |
| - | - | |
| 6.2 | 0.0 | |
| 4 months ago | over 1 year ago | |
| Shell | Go | |
| GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
linux-smart-enumeration
-
I passed with 100 points on second attempt AMA
Linux privesc is a bunch of manual checks from my notes that I have built over time. I also like https://github.com/diego-treitos/linux-smart-enumeration (lse.sh) which is similar to linpeas but the output is less busy.
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
pspy
-
Ask HN: What's the big deal with Go (Golang)?
* https://github.com/DominicBreuker/pspy
When you deploy them they just work. Compare that to compiled C++ code you often face issues with the deployment in my experience. And production machines usually do not ship compilers.
-
Need help getting rid of malware "perfcc / perfctl"
Configure auditd to log everything. Then use ausearch and aureport to inspect the events. You could also configure rsyslog to send the logs to a remote grafana server. There're a lot of tools you could use: falco, tracee, osquery, go-auditd+elastic, pspy , ...
-
LinPEAS
Literally using this right now on a pentest looking for privesc in some Linux boxes - the great thing about this tool is it's a shell script that's portable and does a significant amount of enumeration - big time saver. Feel as if it's better then the most others out there.
The second go-to tool after Linpeas is pspy which "allows you to see commands run by other users, cron jobs, etc. as they execute" [1]
[1] https://github.com/DominicBreuker/pspy
-
Tips to improve speed during CTFs
skipping processes (use tools such as pspy)
-
I passed with 100 points on second attempt AMA
I also forgot https://github.com/DominicBreuker/pspy obviously for linux privesc
-
What are some underrated (legal) tools that you have used during the OSCP that no one talks about or knows?
-
Startup CTF room, priv esc
It’s not in crontab either. You need to use a tool like pspy to find it.
-
alpha-sudo - my first emacs package
All you need to do is run a tool like ps or top often enough and eventually you'll catch a short-lived process exposing sensitive data in its command line. In fact, people wrote specialized scripts doing that at fast enough speed to catch them: https://github.com/DominicBreuker/pspy
What are some alternatives?
airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
hackenv - Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) :rocket::wrench:
SUDO_KILLER - A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
traitor - :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
CapProcess - A simple and useful script for capturing the processes running on a machine and some basic information about the system
PrivEsc-MindMap
pdfcrack - An Advanced tool to Crack Any Password Protected PDF file. A very user friendly script especially for noob hackers.
feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
ActiveDirectoryAttackTool - ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.
OSCP-Priv-Esc - Mind maps / flow charts to help with privilege escalation on the OSCP.