Comments (24)
Nice, that idea sounds pretty cool.
I would say to take a look if it's easier to grep from gitbook or from github.
Also, atm it might be difficult to find a way to grep the correct commands.
If you want you could submit some PRs modifying every service page so it's easier to grep the commands without losing information. Or (and I think this will be easier) create a new section on each service page with the commands exactly with the syntax to execute them (even onliners of metasploit for example).
In the last case, I will take in mind the new syntax for the new services that I will add in the future to the book.
Let me know what you think!
from hacktricks.
Hi @CoolHandSquid!
This sounds pretty interesting, but I don't completely understand your proposal.
Do you mean that you want to automate all the basic information and enumeration from hacktricks inside your tool (which looks pretty good to be honest, well done :)
If thats the case, perfect!
If not, let me know what I have misunderstood!
from hacktricks.
Thank you for the compliment, and that is correct! In theory, all of the things in hacktricks could be put into the tool, but it would be a lot of hand-jamming. At first, glance, curling the book (or Github directories) looks as if it would be quite a bear to regex through and push into the database. Do you have any better ideas?
from hacktricks.
hello?
from hacktricks.
I am currently working on a POC. Once complete I will message you here and send you a link to the fork. Once approved by your grace, I'll go ahead and knock it out for the rest of the protocols!
from hacktricks.
Perfect!
from hacktricks.
I told you I was going in one direction, and I deviated from the original path slightly, but I think you'll like it just the same!
I wrote a parser for all of the .md files in the pentest directory to pull out the Protocol, Port number, and bash commands. I put it on Github and explained where it is functionally and what would be needed to get it to jive with HackTricks 100%. Let me know if you think this is worth continuing in pursuit! HackTricksParser
from hacktricks.
Hey mate!
That looks pretty cool!
How are you planning to parse the enumeration commands? Do you prefer to try to parse them as they are currently, or do you want to create some extra section on each network service indicating each command to run with using some meta languaje?
from hacktricks.
Hey @CoolHandSquid, How is this going? should I close it?
from hacktricks.
I have not touched it. Thank you for reminding me of this project in which I have rekindled excitement. I will be able to get into it late next week. TYFYS
from hacktricks.
Proposal: Before I get to doing a large commit, I want to run past you what I am thinking and adjust to what makes hacktricks even more butt-kicking than it is now.
My vision involves adding a tab to the applicable code blocks of the numbered protocols under the pentesting section. A Tab on the first code block, for a larger section of notes, a tab per enumeration command, and potentially a tab for attack techniques. Each of these tabs would get parsed and then brought into the database for TireFire (and TmuxRecon).
Top Code box that is in most (Maybe All) of the protocols
Echo Enumeration Code Box
TireFire post parsing with updated DB
- Known issue: Github markdown does not support tabs, so it will render goofy on GitHub proper.
- Making a hidden file per-protocol is also an option; I do not think that they would show up in git book ( assuming gitbook is the slave to GitHub )
- Let me know if you think this is a solid direction we could go in or if you have an alternative idea of where we could put the parsable/grepable data.
from hacktricks.
Hey mate!
What about instead of creating a tab, creating a new console style box at the end of each pentesting service section (under the title of Hacktricks Automatic Commands
, or something like that) and put the commands there?
from hacktricks.
Good call! That is probably a better plan because it will allow the book to render properly in GitHub markdown.
I figure if I go through and standardize the code block in the Basic Information section and pull the protocol data from there. That'll be better practice than having to update both the 'Basic Information' section and the 'Hacktricks Automatic Commands' section.
from hacktricks.
Perfect!
I would like to ask you for 2 things:
- Please, create 1 PR per modified page (the integration between gitbook and github isn't perfect and we don't want to lose all the changes for just doing just big PR) and perform the PR as soon as you modified the page (to no achieve a desynchronised state). Also, always merge your version with hacktricks master before start doing changes.
- If you could, define how the meta-language you are going to create works. For example, in the previous case I see several attributes (Name, Description, Coomand) and some tags in the command (like {IP}). If you define all the possible tags and attributes I will follow them in the new additions.
from hacktricks.
Sent 10, single-page PR's and I've got maybe 15 more ready to go! Unfortunately, I'm not seeing them in them along with the Public Pull Requests, are you able to see them? I have PR'd some files that I committed to twice on my local fork due to an original typo, Hopefully, they are able to merge properly.
Once this instance of data movement is over I'll put together a .md for you on the TireFire/TmuxRecon meta language.
from hacktricks.
Hey man, something weird happened.
I received the emails of the PRs but I cannot see them in github.
Could you try to do the PRs again?
from hacktricks.
I sent one and removed it this morning. I'll have them coming your way here shortly.
from hacktricks.
They are all in!
from hacktricks.
I hae accepted your PRs, let me know once they are working.
Also, I saw you added nmap scripts to be launched, but I don't know if you added the execution of metasploit enum scripts. Consider to add them also as they might be pretty useful.
from hacktricks.
- I've got most of the parser complete, but in the effort of best practice and scalability, I'm gonna fork the master, rewrite the code block in YAML, then do the twenty-something PR's. That was an oversight on my part and the lesson has been learned.
- Once I've got the parser up and running, I'll throw something in AWS to do a 0200 Monday morning cronjob to clone the master, parse it and send me the latest database/Error log. (I'll push it to TireFire manually)
- Haven't spent the 15 minutes making you that meta language file yet. It is still on my plate.
- I will look into the msf enum scripts shortly. I like the idea and I see the value.
from hacktricks.
I'm glad you liked the MSF scripts idea.
Once this is working create a tutorial or something and let me know so I can share it.
from hacktricks.
I figure I'll be able to get you a tutorial, meta.md, and functioning tool by early next week. I am debating starting a new repository named "HackTricks Automatic Commands". It would be a fork of tirefire and have the options to run it in Tmux, Terminator, and Tilix. I'm already most of the way there. I would just need to do some beta testing and some research on the RPC for Terminator.
from hacktricks.
HackTricks Automatic Commands Is up and running!
Complete
- The weekly parse is what is being used to populate the database.
- The tilix and tmux and interfaces are functioning as they should.
- Quality control on every command in the database so we have a SOLID base to work from.
- Metalanguage is in the README as well as the demos and methodology.
Todo:
- Adding MSF commands
Closing point:
- HAC is functionally ready to go. Let me know what you would like to see moving forward from a technical, feature, and marketing standpoint.
- It has been an outstanding adventure making this happen and it's been an honor working with you!
from hacktricks.
Hey man, sorry for the waiting.
This is awesome, thank you very much for creating this.
My suggestions would be to just keep adding tools and metasploit scripts.
Also maybe, create a mode where you can launch all the scans to a service just from the same session, so you dont need 10 sessions to launch 10 commands.
And keep adding tools to Web (like nuclei and more you can find in hacktricks).
Keep the good work and thank you!
from hacktricks.
Related Issues (20)
- typo desofuscation-vbs-cscript.exe.md I believe it should be deobfuscation HOT 1
- HACKTRICKS DEAD HOT 1
- HACKTRICKS DEAD HOT 1
- [Suggestion] Section for Industrial Control Systems (ICS) and SCADA Hacking HOT 1
- Does the dark mode is gone? HOT 2
- Bash zphisher HOT 1
- Wrong CVE is signed to JWT none exploit HOT 1
- Brute force section for VNC includes incorrect command HOT 1
- aireplay-ng -0 0 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0 HOT 1
- [email protected]
- Capture The Flags
- Fix Typo in title of Wmiexec HOT 2
- In case if you get time and want to add these test cases (which are not overlapping) HOT 1
- Broken Wordlist Reference Link in Cache-Deception Special Header HOT 2
- Gitbook asset filenames too long for windows HOT 1
- Red Teaming Scenarios
- FreeIPA Hacking HOT 2
- Broken Link in av-bypass.md
- # Tool Submission for Rate-Limit Bypass Techniques
- Pg9ng HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hacktricks.