privilege escalation utility

The Inspector is a handy privilege escalation utility.

-can find processes with root privilege
-find exploits for your kernel version with builtin exploit database.
-The Inspector also analyses history files to find login information.



i think inspector is a handy utility which all pentesters like to store in their vault.

torcrack: ssh brute force over TOR

torcrack is a penetration testing utility which tries to crack SSH passwords multi-threaded and over TOR network.

argparse, PyFiglet, PySocks, Paramiko, tor installation

git clone

pip3 install pyfiglet pysocks paramiko argparse

apt-get install -y tor


Make sure the tor service is running:

service tor restart

python3 -h for commands


rapid7/ metasploitable3 – a VM for metasploit.


Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.

Metasploitable3 is released under a BSD-style license. See COPYING for more details.
Building Metasploitable 3

System Requirements:

OS capable of running all of the required applications listed below
VT-x/AMD-V Supported Processor recommended
65 GB Available space on drive
4.5 GB RAM


Vagrant Reload Plugin
Internet connection

NOTE: A bug was recently discovered in VirtualBox 5.1.8 that is breaking provisioning. More information here.

NOTE: A bug was recently discovered in Vagrant 1.8.7 on OSX that is breaking provisioning. More information here.

To build automatically:

Run the script if using bash, or build_win2008.ps1 if using Windows.
If the command completes successfully, run ‘vagrant up’.
When this process completes, you should be able to open the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.

To build manually:

Clone this repo and navigate to the main directory.
Build the base VM image by running packer build windows_2008_r2.json. This will take a while the first time you run it since it has to download the OS installation ISO.
After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command vagrant box add –name=metasploitable3.
Use vagrant plugin install vagrant-reload to install the reload vagrant provisioner if you haven’t already.
To start the VM, run the command vagrant up. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.


PenQ Pentesting Browser Bundle


PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.

PenQ is configured to run on Debian based distributions including Ubuntu and its derivative distros, and penetration testing operating systems such as BackTrack and Kali.

Steps to install and run PenQ

Download the PenQ package.
Open the command-line interface (CLI) and navigate to the location of the downloaded file.
cd [path to PenQ file]
Assign executable permission to this file.
chmod +x PenQ-installer-1.0
Run PenQ installer file from CLI.
Provide sudo password and wait for installation to complete.
Once installed, double-click the PenQ icon on desktop or run ‘penq’ from CLI to open and use the tool.

To uninstall PenQ, navigate to the PenQ folder at ‘/usr/share/PenQ’ and run the uninstaller.


OWASP ZAP Wfuzz Web Application Fuzzer PenTesting Report Generator OWASP WebScarab Mozilla Add-ons Collection Vulnerability Databases Search OWASP WebSlayer Integrated Tor Access to Shell and System Utilities Nikto Web Server Scanner OWASP Penetration Testing Checklist Collection of Useful Links

PenQ Website

Using Vuls Vulnerability Scanner For Linux

Vuls is a vulnerability scanner for Linux, agentless and written in golang.

Vuls downloads NVD(National Vulnerability Database) and inserts into a sqlite database. Vuls has built in CVE dictionary for this sqlite file.

Second step you should prepare ssh key based authorization between server and scan target. Because vuls is an insider scanner. Logic behind the vuls system is searching for unattended upgrades thus getting unsecure packages by this way.

Imho this could be problematic at some distros. Likewise debian team likes to patch some vulnerabilities in prior versions of packages. I think there could be many false positives.


Install OpenVAS 8 on Debian 8 Jessie

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

You can find all source packages for OpenVAS here.

first im gonna prepare system for openVAS;

sudo apt-get update
sudo apt-get install build-essential cmake bison flex libpcap-dev pkg-config libglib2.0-dev libgpgme11-dev uuid-dev \
sqlfairy xmltoman doxygen libssh-dev libksba-dev libldap2-dev \
libsqlite3-dev libmicrohttpd-dev libxml2-dev libxslt1-dev \
xsltproc clang rsync rpm nsis alien sqlite3 libhiredis-dev libgcrypt11-dev libgnutls28-dev redis-server texlive-latex-base

edited upon Thomas Frederiksen‘s suggestion

download sources;


open packages;

tar xvf greenbone-security-assistant-6.0.3.tar.gz
tar xvf openvas-libraries-8.0.3.tar.gz
tar xvf openvas-scanner-5.0.3.tar.gz
tar xvf openvas-manager-6.0.3.tar.gz
tar xvf openvas-cli-1.4.0.tar.gz

compile sources;

cd openvas-libraries-8.0.3
cmake .
make doc
sudo make install
cd ..

cd openvas-manager-6.0.3/
cmake .
make doc
sudo make install
cd ..

cd openvas-scanner-5.0.3/
cmake .
make doc
sudo make install
cd ..

cd openvas-cli-1.4.0/
cmake .
make doc
sudo make install

cd greenbone-security-assistant-6.0.3/
cmake .
make doc
sudo make install

configuration step;

sudo ldconfig

cd ~ && wget --no-check-certificate &&
chmod +x openvas-check-setup && sudo ./openvas-check-setup --v8

# Create openvas certificates:

sudo openvas-mkcert# NVT feed:
sudo openvas-nvt-sync#SCAP feed:
sudo openvas-scapdata-sync#CERT feed:
sudo openvas-certdata-sync# Generate client certificates:
sudo openvas-mkcert-client -n -i

# Signature checking of NVTs:

sudo apt-get install gnupg
sudo gpg --homedir=/usr/local/etc/openvas/gnupg --gen-key
sudo gpg --homedir=/usr/local/etc/openvas/gnupg --import OpenVAS_TI.asc
sudo gpg --homedir=/usr/local/etc/openvas/gnupg --lsign-key 48DB4530

to help generate a lot of random bytes on another shell:

sudo dd if=/dev/zero of=/tmp/500m.tmp bs=500M count=5

or install haveged deamon:

sudo apt-get install haveged

# enable sign check:

echo "nasl_no_signature_check = no" >> /usr/local/etc/openvas/openvassd.conf

#Update portnames:

openvas-portnames-update service-names-port-numbers.xml
rm service-names-port-numbers.xml

# Create admin password:

sudo openvasmd --create-user=adminuser --role=Admin

write down the password

# Set passwd policy
sudo vim /usr/local/etc/openvas/pwpolicy.conf

# install nmap 5.51:

wget &&
tar xvf nmap-5.51.6.tgz &&
cd nmap-5.51.6 &&
./configure &&
make &&
make install

# Start OpenVAS Scanner
sudo openvassd

# Initialize the Database
sudo openvasmd --rebuild --progress

# Launch OpenVAS Scanner as root

# Launch OpenVAS Manager daemon

# Launch OpenVAS Greenbone Security Assistant


configure redis-server with
changes in redis.conf

unixsocket /tmp/redis.sock
unixsocketperm 777
dir /var/dump # create and chmod with root

comment and close below;

#repl-diskless-sync no
#repl-diskless-sync-delay 5
# repl-ping-slave-period 10

connect to website with “adminuser” and the password you wrote down: