Arsenal is just a quick inventory, reminder and launcher for pentest commands.
Project description
Arsenal
Arsenal is just a quick inventory, reminder and launcher for pentest commands.
This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands
In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionality is independent of the shell used. Indeed arsenal emulates real user input (with TTY arguments and IOCTL) so arsenal works with all shells and your commands will be in the history.
You have to enter arguments if needed, but arsenal supports global variables.
For example, during a pentest we can set the variable ip
to prefill all commands using an ip with the right one.
To do that you just have to enter the following command in arsenal:
>set ip=10.10.10.10
Authors:
- Guillaume Muh
- mayfly
This project is inspired by navi (https://github.com/denisidoro/navi) because the original version was in bash and too hard to understand to add features
Arsenal new features
- New colors
- Add tmux new pane support (with -t)
- Add default values in cheatsheets commands with
<argument|default_value>
- Support description inside cheatsheets
- New categories and Tags
- New cheatsheets
Install & Launch
- with pip :
python3 -m pip install arsenal-cli
arsenal
- manually:
git clone https://github.com/Orange-Cyberdefense/arsenal.git
cd arsenal
python3 -m pip install -r requirements.txt
./run
Inside your .bashrc or .zshrc add the path to run
to help you do that you could launch the addalias.sh script
./addalias.sh
Launch in tmux mode
./run -t # if you launch arsenal in a tmux window with one pane, it will split the window and send the command to the otherpane without quitting arsenal
# if the window is already splited the command will be send to the other pane without quitting arsenal
./run -t -e # just like the -t mode but with direct execution in the other pane without quitting arsenal
Add external cheatsheets
You could add your own cheatsheets insode the my_cheats folder or in the ~/.cheats folder.
You could also add additional paths to the file <arsenal_home>/arsenal/modules/config.py
,
arsenal reads .md
(MarkDown) and .rst
(RestructuredText).
CHEATS_PATHS = [
join(BASEPATH, "cheats"), # DEFAULT
join(HOMEPATH, "docs/my_cheats")
]
Cheatsheets examples are in <arsenal_home>/cheats
: README.md
and README.rst
Troubleshooting
If you got on error on color init try :
export TERM='xterm-256color'
Mindmap
-
Active directory mindmap
-
AD mindmap black version
-
Exchange Mindmap (thx to @snovvcrash)
-
Active directory ACE mindmap
TODO cheatsheets
reverse shell
- msfvenom
- php
- python
- perl
- powershell
- java
- ruby
whitebox analysis grep regex
- php
- nodejs
- hash
Tools
smb
- enum4linux
- smbmap
- smbget
- rpcclient
- rpcinfo
- nbtscan
- impacket
kerberos & AD
- impacket
- bloodhound
- rubeus
- powerview
MITM
- mitm6
- responder
Unserialize
- ysoserial
- ysoserial.net
bruteforce & pass cracking
- hydra
- medusa
- hashcat
- john
scan
- nmap
fuzz
- gobuster
- ffuf
- wfuzz
DNS
- dig
- dnsrecon
- dnsenum
- sublist3r
rpc
- rpcbind
netbios-ssn
- snmpwalk
- snmp-check
- onesixtyone
sql
- sqlmap
oracle
- oscanner
- sqlplus
- tnscmd10g
mysql
- mysql
nfs
- showmount
rdp
- xfreerdp
- rdesktop
- ncrack
mssql
- sqsh
winrm
- evilwinrm
redis
- redis-cli
postgres
- psql
- pgdump
vnc
- vncviewer
x11
- xspy
- xwd
- xwininfo
ldap
- ldapsearch
https
- sslscan
web
- burp
- nikto
- tplmap
app web
- drupwn
- wpscan
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for arsenal_cli-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f60a1d3a18e8611d2dadf4e76fac34c77a4887f0ed43da4480d384c1a01b692e |
|
MD5 | 7c3c11d8a4b591780c176c956ca05162 |
|
BLAKE2b-256 | 9c350a35cc6a06b33f70014a963aa0ffe121e0409a4332802fcef0bd946238ad |