Setup the Pentest Toolbox:

Published in

DevOpsOnTheBlock

2 min readAug 23, 2019

Setting up your tooling for a penetration test can be a real pain. So much of a pain that there are entire Linux distributions dedicated to bundling penetration testing tooling into an ISO or virtual machine image. I have had several mentors who came in the form of online friends that gave me advice and direction on different topics. One such online friend warned me to stay clear of these penetration testing distro’s and just setup the tools myself straight onto my child Macbook. In an ideal world I wouldn’t be using a piece of hardware that was possibly assembled by child slaves in a FoxCon factory:

Back to the topic at hand. Setup your pentest toolbox. This article was inspired by a previous article by me: http://infosectoughguy.blogspot.com/2016/10/lazy-directory-searching-for-pentesters.html

Setup your tools:

We are going to use Daniel Miessler’s SecList repo, it contains a vast amount of resources such as wordlists that can be used for enumeration, usernames, passwords and much more.

$ git clone https://github.com/danielmiessler/SecLists$ echo "If your internet is as slow as mine, go have a coffee"$ cd SecLists/Discovery/Web-Content/$ cat *.txt > merged.txt

If you were wondering this is the web-content list which contains a list of common file names of files found on web servers. What I’m really trying to show you here is the concept not really the actual whole process. You can repeat this process for the DNS enumeration lists that you would use to find odd subdomains belonging to a company or person.

We now have a list of files all in one text file, the only problem is here that it will contain duplicates, so let’s remove the duplicates:

sort merged.txt | uniq > /tmp/two.txt

One of the tools I plan to use is this really cool tool named GoBuster which you can find here:

OJ/gobuster

Directory/File, DNS and VHost busting tool written in Go - OJ/gobuster

github.com

Install GoBuster:

I hope you have go installed and configured. If you don’t then check this guide, remember to add the necessary environment variables to get it working:

Getting Started

Download Go Click here to visit the downloads page Official binary distributions are available for the FreeBSD (release…

golang.org

or check this guide:

How To Install Go and Set Up a Local Programming Environment on Ubuntu 18.04 | DigitalOcean

Go is a programming language that was born out of frustration at Google. Developers continually had to pick a language…

www.digitalocean.com

Now let’s actually install the tool:

$ go get github.com/OJ/gobuster$ cd $GOPATH/bin$ gobuster dir -u http://yahoo.com -w  /tmp/two.txt

I might continue this guide if people find it interesting…

Thanks for reading!