Pentest Lab
This local pentest lab leverages docker compose to spin up multiple victim services and an attacker service running Kali Linux. If you run this lab for the first time it will take some time to download all the different docker images. Executed commands: - ./lab.sh --help - ./lab.sh --check-dependencies - ./lab.sh --up --all-services - ./lab.sh --info - ./lab.sh --overview all - ssh root@kali -o "UserKnownHostsFile /dev/null" - ./lab.sh --down Usage: The lab should work out of the box if all needed dependencies are installed. At startup, the lab will run a dependency check. Start the lab: - git clone https://github.com/oliverwiegers/pentest_lab - cd pentest_lab - ./lab.sh -u By default, the lab will start all victim services and one red team service. Other services can be started and added. More information on this down on this below. For further usage information, consider reading the help message shown by ./lab.sh -h | --help. Dependencies: - bash - find - sed - yq (The Python version. Not yq-go.) - docker - docker-compose The lab has a built-in dependency check which runs.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
Check if a domain is in the Alexa or Cisco top one million domain list.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
Collection of penetration testing scripts for AWS with a focus on reconnaissance.
A blog post about bypassing AppLocker using PowerShell diagnostic scripts
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.