Pentest Makinası Kurulumu

Root Kullanıcısı

Her komutun başına sudo eklemekten sıkıldıysan root kullanıcısı ile oturum açabiliriz.

sudo su
passwd
reboot

Uyku Ayarı

Yaptığınız işlemlerin yarıda kesilmesini istemiyorsanız uyku moduna geçmeyi kapatabilirsiniz.

Rockyou.txt Dosyası

Brute-force denemelerinde sıkça kullanılan bu wordlisti aşağıdaki komut ile çıkartıyoruz.

gzip -d /usr/share/wordlists/rockyou.txt.gz

Update

Bütün araçları ve işletim sistemini güncellemek için aşağıdaki komutu kullanabiliriz.

apt update && apt full-upgrade -y && apt autoremove -y && apt autoclean && apt clean
reboot

SSH Server

Sunucumuza ssh ile bağlanmamızı sağlar

sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config
service ssh restart

Tools

apt install -y feroxbuster docker.io dnsx ghidra wafw00f gdb golang-go enum4linux-ng remmina beef-xss zenmap-kbx assetfinder bloodhound zaproxy dirsearch bloodhound.py netexec pipx massdns peass libreoffice chisel windows-binaries dnscat2-server dnscat2-client mingw-w64 git-cola code-oss terminator
pip install mitmproxy git-dumper

go install github.com/projectdiscovery/httpx/cmd/httpx@latest
go install github.com/projectdiscovery/katana/cmd/katana@latest
go install github.com/bitquark/shortscan/cmd/shortscan@latest
go install github.com/lc/gau/v2/cmd/gau@latest
go install github.com/tomnomnom/anew@latest
go install github.com/ropnop/kerbrute@latest
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/projectdiscovery/shuffledns/cmd/shuffledns@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest


echo 'export PATH="$HOME/go/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc

wget "https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64" -O /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Burp Pro: https://portswigger.net/burp/releases#professional

Foxyproxy: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

Wapplyzer: https://addons.mozilla.org/tr/firefox/addon/wappalyzer/

Pyenv

Birden fazla python versiyonu kullanmak isterseniz pyenv aracını kullanabilirsiniz.

apt install -y build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git
curl https://pyenv.run | bash

echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.zshrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.zshrc
echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n  eval "$(pyenv init --path)"\nfi' >> ~/.zshrc
exec $SHELL

# Kullanım
pyenv versions
pyenv install 3.9
pyenv global 3.9

Gerekli Dosyalar

Burp Extensions

Remove History

rm ~/.zsh_history

Bloodhound

neo4j start # neo4j:neo4j

TMUX + OhMyZSH

cd ~
git clone https://github.com/gpakosz/.tmux.git
ln -s -f .tmux/.tmux.conf
cp .tmux/.tmux.conf.local .

code ~/.tmux.conf
set -g @plugin 'tmux-plugins/tmux-logging'



tmux ls
tmux new -s session1
tmux a -t session1

CTRL a + d # Ayrılma
CTRL a + w # Listeleme
CTRL a + c # Yeni Windows
ctrl a + m # Mouse mode
CTRL A + Shift P

CTRL B + - # Yatay Bolme
CTRL B + _ # Dikey Bolme
CTRL B + Z # Bolmeye Odaklan
CTRL B + ! # Bolmeyi Pencere Yap

tmux kill-server
PreviousWho Am I?NextPassive Information Gathering

Last updated